diff --git a/Makefile b/Makefile index 5086a2eeb..ac9d6e163 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ PROJECT_NAME := provider-$(PROVIDER_NAME) PROJECT_REPO := github.com/upbound/$(PROJECT_NAME) export TERRAFORM_VERSION := 1.5.5 -export TERRAFORM_PROVIDER_VERSION := 4.77.0 +export TERRAFORM_PROVIDER_VERSION := 5.19.0 export TERRAFORM_PROVIDER_SOURCE := hashicorp/google export TERRAFORM_PROVIDER_REPO ?= https://github.com/hashicorp/terraform-provider-google export TERRAFORM_DOCS_PATH ?= website/docs/r diff --git a/apis/accesscontextmanager/v1beta1/zz_accesslevel_types.go b/apis/accesscontextmanager/v1beta1/zz_accesslevel_types.go index 8cbc6a673..95740bdef 100755 --- a/apis/accesscontextmanager/v1beta1/zz_accesslevel_types.go +++ b/apis/accesscontextmanager/v1beta1/zz_accesslevel_types.go @@ -214,6 +214,10 @@ type ConditionsInitParameters struct { // granted for the Condition to be true. // Format: accessPolicies/{policy_id}/accessLevels/{short_name} RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"` + + // The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + // Structure is documented below. + VPCNetworkSources []VPCNetworkSourcesInitParameters `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"` } type ConditionsObservation struct { @@ -261,6 +265,10 @@ type ConditionsObservation struct { // granted for the Condition to be true. // Format: accessPolicies/{policy_id}/accessLevels/{short_name} RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"` + + // The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + // Structure is documented below. + VPCNetworkSources []VPCNetworkSourcesObservation `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"` } type ConditionsParameters struct { @@ -314,6 +322,11 @@ type ConditionsParameters struct { // Format: accessPolicies/{policy_id}/accessLevels/{short_name} // +kubebuilder:validation:Optional RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"` + + // The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + // Structure is documented below. + // +kubebuilder:validation:Optional + VPCNetworkSources []VPCNetworkSourcesParameters `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"` } type CustomInitParameters struct { @@ -531,6 +544,57 @@ type OsConstraintsParameters struct { RequireVerifiedChromeOs *bool `json:"requireVerifiedChromeOs,omitempty" tf:"require_verified_chrome_os,omitempty"` } +type VPCNetworkSourcesInitParameters struct { + + // Sub networks within a VPC network. + // Structure is documented below. + VPCSubnetwork []VPCSubnetworkInitParameters `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"` +} + +type VPCNetworkSourcesObservation struct { + + // Sub networks within a VPC network. + // Structure is documented below. + VPCSubnetwork []VPCSubnetworkObservation `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"` +} + +type VPCNetworkSourcesParameters struct { + + // Sub networks within a VPC network. + // Structure is documented below. + // +kubebuilder:validation:Optional + VPCSubnetwork []VPCSubnetworkParameters `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"` +} + +type VPCSubnetworkInitParameters struct { + + // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // CIDR block IP subnetwork specification. Must be IPv4. + VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` +} + +type VPCSubnetworkObservation struct { + + // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // CIDR block IP subnetwork specification. Must be IPv4. + VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` +} + +type VPCSubnetworkParameters struct { + + // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + // +kubebuilder:validation:Optional + Network *string `json:"network" tf:"network,omitempty"` + + // CIDR block IP subnetwork specification. Must be IPv4. + // +kubebuilder:validation:Optional + VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` +} + // AccessLevelSpec defines the desired state of AccessLevel type AccessLevelSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/accesscontextmanager/v1beta1/zz_accesslevelcondition_types.go b/apis/accesscontextmanager/v1beta1/zz_accesslevelcondition_types.go index dfdc37bc6..75a38a3b3 100755 --- a/apis/accesscontextmanager/v1beta1/zz_accesslevelcondition_types.go +++ b/apis/accesscontextmanager/v1beta1/zz_accesslevelcondition_types.go @@ -177,6 +177,10 @@ type AccessLevelConditionInitParameters struct { // granted for the Condition to be true. // Format: accessPolicies/{policy_id}/accessLevels/{short_name} RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"` + + // The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + // Structure is documented below. + VPCNetworkSources []AccessLevelConditionVPCNetworkSourcesInitParameters `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"` } type AccessLevelConditionObservation struct { @@ -230,6 +234,10 @@ type AccessLevelConditionObservation struct { // granted for the Condition to be true. // Format: accessPolicies/{policy_id}/accessLevels/{short_name} RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"` + + // The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + // Structure is documented below. + VPCNetworkSources []AccessLevelConditionVPCNetworkSourcesObservation `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"` } type AccessLevelConditionParameters struct { @@ -297,6 +305,33 @@ type AccessLevelConditionParameters struct { // Format: accessPolicies/{policy_id}/accessLevels/{short_name} // +kubebuilder:validation:Optional RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"` + + // The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + // Structure is documented below. + // +kubebuilder:validation:Optional + VPCNetworkSources []AccessLevelConditionVPCNetworkSourcesParameters `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"` +} + +type AccessLevelConditionVPCNetworkSourcesInitParameters struct { + + // Sub networks within a VPC network. + // Structure is documented below. + VPCSubnetwork []VPCNetworkSourcesVPCSubnetworkInitParameters `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"` +} + +type AccessLevelConditionVPCNetworkSourcesObservation struct { + + // Sub networks within a VPC network. + // Structure is documented below. + VPCSubnetwork []VPCNetworkSourcesVPCSubnetworkObservation `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"` +} + +type AccessLevelConditionVPCNetworkSourcesParameters struct { + + // Sub networks within a VPC network. + // Structure is documented below. + // +kubebuilder:validation:Optional + VPCSubnetwork []VPCNetworkSourcesVPCSubnetworkParameters `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"` } type DevicePolicyOsConstraintsInitParameters struct { @@ -337,6 +372,35 @@ type DevicePolicyOsConstraintsParameters struct { OsType *string `json:"osType" tf:"os_type,omitempty"` } +type VPCNetworkSourcesVPCSubnetworkInitParameters struct { + + // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // CIDR block IP subnetwork specification. Must be IPv4. + VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` +} + +type VPCNetworkSourcesVPCSubnetworkObservation struct { + + // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // CIDR block IP subnetwork specification. Must be IPv4. + VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` +} + +type VPCNetworkSourcesVPCSubnetworkParameters struct { + + // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + // +kubebuilder:validation:Optional + Network *string `json:"network" tf:"network,omitempty"` + + // CIDR block IP subnetwork specification. Must be IPv4. + // +kubebuilder:validation:Optional + VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` +} + // AccessLevelConditionSpec defines the desired state of AccessLevelCondition type AccessLevelConditionSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/accesscontextmanager/v1beta1/zz_generated.deepcopy.go b/apis/accesscontextmanager/v1beta1/zz_generated.deepcopy.go index 31c491e80..81def0cf2 100644 --- a/apis/accesscontextmanager/v1beta1/zz_generated.deepcopy.go +++ b/apis/accesscontextmanager/v1beta1/zz_generated.deepcopy.go @@ -330,6 +330,13 @@ func (in *AccessLevelConditionInitParameters) DeepCopyInto(out *AccessLevelCondi } } } + if in.VPCNetworkSources != nil { + in, out := &in.VPCNetworkSources, &out.VPCNetworkSources + *out = make([]AccessLevelConditionVPCNetworkSourcesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLevelConditionInitParameters. @@ -443,6 +450,13 @@ func (in *AccessLevelConditionObservation) DeepCopyInto(out *AccessLevelConditio } } } + if in.VPCNetworkSources != nil { + in, out := &in.VPCNetworkSources, &out.VPCNetworkSources + *out = make([]AccessLevelConditionVPCNetworkSourcesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLevelConditionObservation. @@ -529,6 +543,13 @@ func (in *AccessLevelConditionParameters) DeepCopyInto(out *AccessLevelCondition } } } + if in.VPCNetworkSources != nil { + in, out := &in.VPCNetworkSources, &out.VPCNetworkSources + *out = make([]AccessLevelConditionVPCNetworkSourcesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLevelConditionParameters. @@ -576,6 +597,72 @@ func (in *AccessLevelConditionStatus) DeepCopy() *AccessLevelConditionStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessLevelConditionVPCNetworkSourcesInitParameters) DeepCopyInto(out *AccessLevelConditionVPCNetworkSourcesInitParameters) { + *out = *in + if in.VPCSubnetwork != nil { + in, out := &in.VPCSubnetwork, &out.VPCSubnetwork + *out = make([]VPCNetworkSourcesVPCSubnetworkInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLevelConditionVPCNetworkSourcesInitParameters. +func (in *AccessLevelConditionVPCNetworkSourcesInitParameters) DeepCopy() *AccessLevelConditionVPCNetworkSourcesInitParameters { + if in == nil { + return nil + } + out := new(AccessLevelConditionVPCNetworkSourcesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessLevelConditionVPCNetworkSourcesObservation) DeepCopyInto(out *AccessLevelConditionVPCNetworkSourcesObservation) { + *out = *in + if in.VPCSubnetwork != nil { + in, out := &in.VPCSubnetwork, &out.VPCSubnetwork + *out = make([]VPCNetworkSourcesVPCSubnetworkObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLevelConditionVPCNetworkSourcesObservation. +func (in *AccessLevelConditionVPCNetworkSourcesObservation) DeepCopy() *AccessLevelConditionVPCNetworkSourcesObservation { + if in == nil { + return nil + } + out := new(AccessLevelConditionVPCNetworkSourcesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessLevelConditionVPCNetworkSourcesParameters) DeepCopyInto(out *AccessLevelConditionVPCNetworkSourcesParameters) { + *out = *in + if in.VPCSubnetwork != nil { + in, out := &in.VPCSubnetwork, &out.VPCSubnetwork + *out = make([]VPCNetworkSourcesVPCSubnetworkParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLevelConditionVPCNetworkSourcesParameters. +func (in *AccessLevelConditionVPCNetworkSourcesParameters) DeepCopy() *AccessLevelConditionVPCNetworkSourcesParameters { + if in == nil { + return nil + } + out := new(AccessLevelConditionVPCNetworkSourcesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessLevelInitParameters) DeepCopyInto(out *AccessLevelInitParameters) { *out = *in @@ -1462,6 +1549,13 @@ func (in *ConditionsInitParameters) DeepCopyInto(out *ConditionsInitParameters) } } } + if in.VPCNetworkSources != nil { + in, out := &in.VPCNetworkSources, &out.VPCNetworkSources + *out = make([]VPCNetworkSourcesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsInitParameters. @@ -1533,6 +1627,13 @@ func (in *ConditionsObservation) DeepCopyInto(out *ConditionsObservation) { } } } + if in.VPCNetworkSources != nil { + in, out := &in.VPCNetworkSources, &out.VPCNetworkSources + *out = make([]VPCNetworkSourcesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsObservation. @@ -1604,6 +1705,13 @@ func (in *ConditionsParameters) DeepCopyInto(out *ConditionsParameters) { } } } + if in.VPCNetworkSources != nil { + in, out := &in.VPCNetworkSources, &out.VPCNetworkSources + *out = make([]VPCNetworkSourcesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsParameters. @@ -1953,6 +2061,18 @@ func (in *EgressFromInitParameters) DeepCopyInto(out *EgressFromInitParameters) *out = new(string) **out = **in } + if in.SourceRestriction != nil { + in, out := &in.SourceRestriction, &out.SourceRestriction + *out = new(string) + **out = **in + } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]SourcesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressFromInitParameters. @@ -1984,6 +2104,18 @@ func (in *EgressFromObservation) DeepCopyInto(out *EgressFromObservation) { *out = new(string) **out = **in } + if in.SourceRestriction != nil { + in, out := &in.SourceRestriction, &out.SourceRestriction + *out = new(string) + **out = **in + } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]SourcesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressFromObservation. @@ -2015,6 +2147,18 @@ func (in *EgressFromParameters) DeepCopyInto(out *EgressFromParameters) { *out = new(string) **out = **in } + if in.SourceRestriction != nil { + in, out := &in.SourceRestriction, &out.SourceRestriction + *out = new(string) + **out = **in + } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]SourcesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressFromParameters. @@ -2027,6 +2171,66 @@ func (in *EgressFromParameters) DeepCopy() *EgressFromParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressFromSourcesInitParameters) DeepCopyInto(out *EgressFromSourcesInitParameters) { + *out = *in + if in.AccessLevel != nil { + in, out := &in.AccessLevel, &out.AccessLevel + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressFromSourcesInitParameters. +func (in *EgressFromSourcesInitParameters) DeepCopy() *EgressFromSourcesInitParameters { + if in == nil { + return nil + } + out := new(EgressFromSourcesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressFromSourcesObservation) DeepCopyInto(out *EgressFromSourcesObservation) { + *out = *in + if in.AccessLevel != nil { + in, out := &in.AccessLevel, &out.AccessLevel + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressFromSourcesObservation. +func (in *EgressFromSourcesObservation) DeepCopy() *EgressFromSourcesObservation { + if in == nil { + return nil + } + out := new(EgressFromSourcesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressFromSourcesParameters) DeepCopyInto(out *EgressFromSourcesParameters) { + *out = *in + if in.AccessLevel != nil { + in, out := &in.AccessLevel, &out.AccessLevel + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressFromSourcesParameters. +func (in *EgressFromSourcesParameters) DeepCopy() *EgressFromSourcesParameters { + if in == nil { + return nil + } + out := new(EgressFromSourcesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EgressPoliciesEgressFromInitParameters) DeepCopyInto(out *EgressPoliciesEgressFromInitParameters) { *out = *in @@ -2046,6 +2250,18 @@ func (in *EgressPoliciesEgressFromInitParameters) DeepCopyInto(out *EgressPolici *out = new(string) **out = **in } + if in.SourceRestriction != nil { + in, out := &in.SourceRestriction, &out.SourceRestriction + *out = new(string) + **out = **in + } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]EgressFromSourcesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPoliciesEgressFromInitParameters. @@ -2077,6 +2293,18 @@ func (in *EgressPoliciesEgressFromObservation) DeepCopyInto(out *EgressPoliciesE *out = new(string) **out = **in } + if in.SourceRestriction != nil { + in, out := &in.SourceRestriction, &out.SourceRestriction + *out = new(string) + **out = **in + } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]EgressFromSourcesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPoliciesEgressFromObservation. @@ -2108,6 +2336,18 @@ func (in *EgressPoliciesEgressFromParameters) DeepCopyInto(out *EgressPoliciesEg *out = new(string) **out = **in } + if in.SourceRestriction != nil { + in, out := &in.SourceRestriction, &out.SourceRestriction + *out = new(string) + **out = **in + } + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]EgressFromSourcesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressPoliciesEgressFromParameters. @@ -2753,7 +2993,7 @@ func (in *IngressFromInitParameters) DeepCopyInto(out *IngressFromInitParameters } if in.Sources != nil { in, out := &in.Sources, &out.Sources - *out = make([]SourcesInitParameters, len(*in)) + *out = make([]IngressFromSourcesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2791,7 +3031,7 @@ func (in *IngressFromObservation) DeepCopyInto(out *IngressFromObservation) { } if in.Sources != nil { in, out := &in.Sources, &out.Sources - *out = make([]SourcesObservation, len(*in)) + *out = make([]IngressFromSourcesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2829,7 +3069,7 @@ func (in *IngressFromParameters) DeepCopyInto(out *IngressFromParameters) { } if in.Sources != nil { in, out := &in.Sources, &out.Sources - *out = make([]SourcesParameters, len(*in)) + *out = make([]IngressFromSourcesParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2854,16 +3094,6 @@ func (in *IngressFromSourcesInitParameters) DeepCopyInto(out *IngressFromSources *out = new(string) **out = **in } - if in.AccessLevelRef != nil { - in, out := &in.AccessLevelRef, &out.AccessLevelRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.AccessLevelSelector != nil { - in, out := &in.AccessLevelSelector, &out.AccessLevelSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.Resource != nil { in, out := &in.Resource, &out.Resource *out = new(string) @@ -2914,16 +3144,6 @@ func (in *IngressFromSourcesParameters) DeepCopyInto(out *IngressFromSourcesPara *out = new(string) **out = **in } - if in.AccessLevelRef != nil { - in, out := &in.AccessLevelRef, &out.AccessLevelRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.AccessLevelSelector != nil { - in, out := &in.AccessLevelSelector, &out.AccessLevelSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.Resource != nil { in, out := &in.Resource, &out.Resource *out = new(string) @@ -2962,7 +3182,7 @@ func (in *IngressPoliciesIngressFromInitParameters) DeepCopyInto(out *IngressPol } if in.Sources != nil { in, out := &in.Sources, &out.Sources - *out = make([]IngressFromSourcesInitParameters, len(*in)) + *out = make([]IngressPoliciesIngressFromSourcesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -3000,7 +3220,7 @@ func (in *IngressPoliciesIngressFromObservation) DeepCopyInto(out *IngressPolici } if in.Sources != nil { in, out := &in.Sources, &out.Sources - *out = make([]IngressFromSourcesObservation, len(*in)) + *out = make([]IngressPoliciesIngressFromSourcesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -3038,7 +3258,7 @@ func (in *IngressPoliciesIngressFromParameters) DeepCopyInto(out *IngressPolicie } if in.Sources != nil { in, out := &in.Sources, &out.Sources - *out = make([]IngressFromSourcesParameters, len(*in)) + *out = make([]IngressPoliciesIngressFromSourcesParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -3055,6 +3275,101 @@ func (in *IngressPoliciesIngressFromParameters) DeepCopy() *IngressPoliciesIngre return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressPoliciesIngressFromSourcesInitParameters) DeepCopyInto(out *IngressPoliciesIngressFromSourcesInitParameters) { + *out = *in + if in.AccessLevel != nil { + in, out := &in.AccessLevel, &out.AccessLevel + *out = new(string) + **out = **in + } + if in.AccessLevelRef != nil { + in, out := &in.AccessLevelRef, &out.AccessLevelRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.AccessLevelSelector != nil { + in, out := &in.AccessLevelSelector, &out.AccessLevelSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Resource != nil { + in, out := &in.Resource, &out.Resource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressPoliciesIngressFromSourcesInitParameters. +func (in *IngressPoliciesIngressFromSourcesInitParameters) DeepCopy() *IngressPoliciesIngressFromSourcesInitParameters { + if in == nil { + return nil + } + out := new(IngressPoliciesIngressFromSourcesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressPoliciesIngressFromSourcesObservation) DeepCopyInto(out *IngressPoliciesIngressFromSourcesObservation) { + *out = *in + if in.AccessLevel != nil { + in, out := &in.AccessLevel, &out.AccessLevel + *out = new(string) + **out = **in + } + if in.Resource != nil { + in, out := &in.Resource, &out.Resource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressPoliciesIngressFromSourcesObservation. +func (in *IngressPoliciesIngressFromSourcesObservation) DeepCopy() *IngressPoliciesIngressFromSourcesObservation { + if in == nil { + return nil + } + out := new(IngressPoliciesIngressFromSourcesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressPoliciesIngressFromSourcesParameters) DeepCopyInto(out *IngressPoliciesIngressFromSourcesParameters) { + *out = *in + if in.AccessLevel != nil { + in, out := &in.AccessLevel, &out.AccessLevel + *out = new(string) + **out = **in + } + if in.AccessLevelRef != nil { + in, out := &in.AccessLevelRef, &out.AccessLevelRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.AccessLevelSelector != nil { + in, out := &in.AccessLevelSelector, &out.AccessLevelSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Resource != nil { + in, out := &in.Resource, &out.Resource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressPoliciesIngressFromSourcesParameters. +func (in *IngressPoliciesIngressFromSourcesParameters) DeepCopy() *IngressPoliciesIngressFromSourcesParameters { + if in == nil { + return nil + } + out := new(IngressPoliciesIngressFromSourcesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressPoliciesIngressToInitParameters) DeepCopyInto(out *IngressPoliciesIngressToInitParameters) { *out = *in @@ -4386,11 +4701,6 @@ func (in *SourcesInitParameters) DeepCopyInto(out *SourcesInitParameters) { *out = new(string) **out = **in } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourcesInitParameters. @@ -4411,11 +4721,6 @@ func (in *SourcesObservation) DeepCopyInto(out *SourcesObservation) { *out = new(string) **out = **in } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourcesObservation. @@ -4436,11 +4741,6 @@ func (in *SourcesParameters) DeepCopyInto(out *SourcesParameters) { *out = new(string) **out = **in } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourcesParameters. @@ -5274,3 +5574,255 @@ func (in *VPCAccessibleServicesParameters) DeepCopy() *VPCAccessibleServicesPara in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCNetworkSourcesInitParameters) DeepCopyInto(out *VPCNetworkSourcesInitParameters) { + *out = *in + if in.VPCSubnetwork != nil { + in, out := &in.VPCSubnetwork, &out.VPCSubnetwork + *out = make([]VPCSubnetworkInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCNetworkSourcesInitParameters. +func (in *VPCNetworkSourcesInitParameters) DeepCopy() *VPCNetworkSourcesInitParameters { + if in == nil { + return nil + } + out := new(VPCNetworkSourcesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCNetworkSourcesObservation) DeepCopyInto(out *VPCNetworkSourcesObservation) { + *out = *in + if in.VPCSubnetwork != nil { + in, out := &in.VPCSubnetwork, &out.VPCSubnetwork + *out = make([]VPCSubnetworkObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCNetworkSourcesObservation. +func (in *VPCNetworkSourcesObservation) DeepCopy() *VPCNetworkSourcesObservation { + if in == nil { + return nil + } + out := new(VPCNetworkSourcesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCNetworkSourcesParameters) DeepCopyInto(out *VPCNetworkSourcesParameters) { + *out = *in + if in.VPCSubnetwork != nil { + in, out := &in.VPCSubnetwork, &out.VPCSubnetwork + *out = make([]VPCSubnetworkParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCNetworkSourcesParameters. +func (in *VPCNetworkSourcesParameters) DeepCopy() *VPCNetworkSourcesParameters { + if in == nil { + return nil + } + out := new(VPCNetworkSourcesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCNetworkSourcesVPCSubnetworkInitParameters) DeepCopyInto(out *VPCNetworkSourcesVPCSubnetworkInitParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.VPCIPSubnetworks != nil { + in, out := &in.VPCIPSubnetworks, &out.VPCIPSubnetworks + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCNetworkSourcesVPCSubnetworkInitParameters. +func (in *VPCNetworkSourcesVPCSubnetworkInitParameters) DeepCopy() *VPCNetworkSourcesVPCSubnetworkInitParameters { + if in == nil { + return nil + } + out := new(VPCNetworkSourcesVPCSubnetworkInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCNetworkSourcesVPCSubnetworkObservation) DeepCopyInto(out *VPCNetworkSourcesVPCSubnetworkObservation) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.VPCIPSubnetworks != nil { + in, out := &in.VPCIPSubnetworks, &out.VPCIPSubnetworks + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCNetworkSourcesVPCSubnetworkObservation. +func (in *VPCNetworkSourcesVPCSubnetworkObservation) DeepCopy() *VPCNetworkSourcesVPCSubnetworkObservation { + if in == nil { + return nil + } + out := new(VPCNetworkSourcesVPCSubnetworkObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCNetworkSourcesVPCSubnetworkParameters) DeepCopyInto(out *VPCNetworkSourcesVPCSubnetworkParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.VPCIPSubnetworks != nil { + in, out := &in.VPCIPSubnetworks, &out.VPCIPSubnetworks + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCNetworkSourcesVPCSubnetworkParameters. +func (in *VPCNetworkSourcesVPCSubnetworkParameters) DeepCopy() *VPCNetworkSourcesVPCSubnetworkParameters { + if in == nil { + return nil + } + out := new(VPCNetworkSourcesVPCSubnetworkParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSubnetworkInitParameters) DeepCopyInto(out *VPCSubnetworkInitParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.VPCIPSubnetworks != nil { + in, out := &in.VPCIPSubnetworks, &out.VPCIPSubnetworks + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSubnetworkInitParameters. +func (in *VPCSubnetworkInitParameters) DeepCopy() *VPCSubnetworkInitParameters { + if in == nil { + return nil + } + out := new(VPCSubnetworkInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSubnetworkObservation) DeepCopyInto(out *VPCSubnetworkObservation) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.VPCIPSubnetworks != nil { + in, out := &in.VPCIPSubnetworks, &out.VPCIPSubnetworks + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSubnetworkObservation. +func (in *VPCSubnetworkObservation) DeepCopy() *VPCSubnetworkObservation { + if in == nil { + return nil + } + out := new(VPCSubnetworkObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSubnetworkParameters) DeepCopyInto(out *VPCSubnetworkParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.VPCIPSubnetworks != nil { + in, out := &in.VPCIPSubnetworks, &out.VPCIPSubnetworks + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSubnetworkParameters. +func (in *VPCSubnetworkParameters) DeepCopy() *VPCSubnetworkParameters { + if in == nil { + return nil + } + out := new(VPCSubnetworkParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/accesscontextmanager/v1beta1/zz_serviceperimeter_types.go b/apis/accesscontextmanager/v1beta1/zz_serviceperimeter_types.go index 66abcb283..bc5778a28 100755 --- a/apis/accesscontextmanager/v1beta1/zz_serviceperimeter_types.go +++ b/apis/accesscontextmanager/v1beta1/zz_serviceperimeter_types.go @@ -34,6 +34,7 @@ type EgressFromInitParameters struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -41,6 +42,14 @@ type EgressFromInitParameters struct { // allowed access. // Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. IdentityType *string `json:"identityType,omitempty" tf:"identity_type,omitempty"` + + // Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + // Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + SourceRestriction *string `json:"sourceRestriction,omitempty" tf:"source_restriction,omitempty"` + + // Sources that this IngressPolicy authorizes access from. + // Structure is documented below. + Sources []SourcesInitParameters `json:"sources,omitempty" tf:"sources,omitempty"` } type EgressFromObservation struct { @@ -48,6 +57,7 @@ type EgressFromObservation struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -55,6 +65,14 @@ type EgressFromObservation struct { // allowed access. // Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. IdentityType *string `json:"identityType,omitempty" tf:"identity_type,omitempty"` + + // Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + // Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + SourceRestriction *string `json:"sourceRestriction,omitempty" tf:"source_restriction,omitempty"` + + // Sources that this IngressPolicy authorizes access from. + // Structure is documented below. + Sources []SourcesObservation `json:"sources,omitempty" tf:"sources,omitempty"` } type EgressFromParameters struct { @@ -63,6 +81,7 @@ type EgressFromParameters struct { // Should be in the format of email address. The email address should represent // individual user or service account only. // +kubebuilder:validation:Optional + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -71,6 +90,56 @@ type EgressFromParameters struct { // Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. // +kubebuilder:validation:Optional IdentityType *string `json:"identityType,omitempty" tf:"identity_type,omitempty"` + + // Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + // Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + // +kubebuilder:validation:Optional + SourceRestriction *string `json:"sourceRestriction,omitempty" tf:"source_restriction,omitempty"` + + // Sources that this IngressPolicy authorizes access from. + // Structure is documented below. + // +kubebuilder:validation:Optional + Sources []SourcesParameters `json:"sources,omitempty" tf:"sources,omitempty"` +} + +type EgressFromSourcesInitParameters struct { + + // An AccessLevel resource name that allow resources within the + // ServicePerimeters to be accessed from the internet. AccessLevels listed + // must be in the same policy as this ServicePerimeter. Referencing a nonexistent + // AccessLevel will cause an error. If no AccessLevel names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + // If * is specified, then all IngressSources will be allowed. + AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` +} + +type EgressFromSourcesObservation struct { + + // An AccessLevel resource name that allow resources within the + // ServicePerimeters to be accessed from the internet. AccessLevels listed + // must be in the same policy as this ServicePerimeter. Referencing a nonexistent + // AccessLevel will cause an error. If no AccessLevel names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + // If * is specified, then all IngressSources will be allowed. + AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` +} + +type EgressFromSourcesParameters struct { + + // An AccessLevel resource name that allow resources within the + // ServicePerimeters to be accessed from the internet. AccessLevels listed + // must be in the same policy as this ServicePerimeter. Referencing a nonexistent + // AccessLevel will cause an error. If no AccessLevel names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + // If * is specified, then all IngressSources will be allowed. + // +kubebuilder:validation:Optional + AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` } type EgressPoliciesEgressFromInitParameters struct { @@ -78,6 +147,7 @@ type EgressPoliciesEgressFromInitParameters struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -85,6 +155,14 @@ type EgressPoliciesEgressFromInitParameters struct { // allowed access. // Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. IdentityType *string `json:"identityType,omitempty" tf:"identity_type,omitempty"` + + // Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + // Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + SourceRestriction *string `json:"sourceRestriction,omitempty" tf:"source_restriction,omitempty"` + + // Sources that this IngressPolicy authorizes access from. + // Structure is documented below. + Sources []EgressFromSourcesInitParameters `json:"sources,omitempty" tf:"sources,omitempty"` } type EgressPoliciesEgressFromObservation struct { @@ -92,6 +170,7 @@ type EgressPoliciesEgressFromObservation struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -99,6 +178,14 @@ type EgressPoliciesEgressFromObservation struct { // allowed access. // Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. IdentityType *string `json:"identityType,omitempty" tf:"identity_type,omitempty"` + + // Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + // Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + SourceRestriction *string `json:"sourceRestriction,omitempty" tf:"source_restriction,omitempty"` + + // Sources that this IngressPolicy authorizes access from. + // Structure is documented below. + Sources []EgressFromSourcesObservation `json:"sources,omitempty" tf:"sources,omitempty"` } type EgressPoliciesEgressFromParameters struct { @@ -107,6 +194,7 @@ type EgressPoliciesEgressFromParameters struct { // Should be in the format of email address. The email address should represent // individual user or service account only. // +kubebuilder:validation:Optional + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -115,6 +203,16 @@ type EgressPoliciesEgressFromParameters struct { // Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. // +kubebuilder:validation:Optional IdentityType *string `json:"identityType,omitempty" tf:"identity_type,omitempty"` + + // Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + // Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + // +kubebuilder:validation:Optional + SourceRestriction *string `json:"sourceRestriction,omitempty" tf:"source_restriction,omitempty"` + + // Sources that this IngressPolicy authorizes access from. + // Structure is documented below. + // +kubebuilder:validation:Optional + Sources []EgressFromSourcesParameters `json:"sources,omitempty" tf:"sources,omitempty"` } type EgressPoliciesEgressToInitParameters struct { @@ -122,6 +220,7 @@ type EgressPoliciesEgressToInitParameters struct { // A list of external resources that are allowed to be accessed. A request // matches if it contains an external resource in this list (Example: // s3://bucket/path). Currently '*' is not allowed. + // +listType=set ExternalResources []*string `json:"externalResources,omitempty" tf:"external_resources,omitempty"` // A list of ApiOperations the sources specified in corresponding IngressFrom @@ -132,6 +231,7 @@ type EgressPoliciesEgressToInitParameters struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -140,6 +240,7 @@ type EgressPoliciesEgressToObservation struct { // A list of external resources that are allowed to be accessed. A request // matches if it contains an external resource in this list (Example: // s3://bucket/path). Currently '*' is not allowed. + // +listType=set ExternalResources []*string `json:"externalResources,omitempty" tf:"external_resources,omitempty"` // A list of ApiOperations the sources specified in corresponding IngressFrom @@ -150,6 +251,7 @@ type EgressPoliciesEgressToObservation struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -159,6 +261,7 @@ type EgressPoliciesEgressToParameters struct { // matches if it contains an external resource in this list (Example: // s3://bucket/path). Currently '*' is not allowed. // +kubebuilder:validation:Optional + // +listType=set ExternalResources []*string `json:"externalResources,omitempty" tf:"external_resources,omitempty"` // A list of ApiOperations the sources specified in corresponding IngressFrom @@ -171,6 +274,7 @@ type EgressPoliciesEgressToParameters struct { // Currently only projects are allowed. // Format: projects/{project_number} // +kubebuilder:validation:Optional + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -217,6 +321,7 @@ type EgressToInitParameters struct { // A list of external resources that are allowed to be accessed. A request // matches if it contains an external resource in this list (Example: // s3://bucket/path). Currently '*' is not allowed. + // +listType=set ExternalResources []*string `json:"externalResources,omitempty" tf:"external_resources,omitempty"` // A list of ApiOperations the sources specified in corresponding IngressFrom @@ -227,6 +332,7 @@ type EgressToInitParameters struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -235,6 +341,7 @@ type EgressToObservation struct { // A list of external resources that are allowed to be accessed. A request // matches if it contains an external resource in this list (Example: // s3://bucket/path). Currently '*' is not allowed. + // +listType=set ExternalResources []*string `json:"externalResources,omitempty" tf:"external_resources,omitempty"` // A list of ApiOperations the sources specified in corresponding IngressFrom @@ -245,6 +352,7 @@ type EgressToObservation struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -339,6 +447,7 @@ type EgressToParameters struct { // matches if it contains an external resource in this list (Example: // s3://bucket/path). Currently '*' is not allowed. // +kubebuilder:validation:Optional + // +listType=set ExternalResources []*string `json:"externalResources,omitempty" tf:"external_resources,omitempty"` // A list of ApiOperations the sources specified in corresponding IngressFrom @@ -351,6 +460,7 @@ type EgressToParameters struct { // Currently only projects are allowed. // Format: projects/{project_number} // +kubebuilder:validation:Optional + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -359,6 +469,7 @@ type IngressFromInitParameters struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -369,7 +480,7 @@ type IngressFromInitParameters struct { // Sources that this IngressPolicy authorizes access from. // Structure is documented below. - Sources []SourcesInitParameters `json:"sources,omitempty" tf:"sources,omitempty"` + Sources []IngressFromSourcesInitParameters `json:"sources,omitempty" tf:"sources,omitempty"` } type IngressFromObservation struct { @@ -377,6 +488,7 @@ type IngressFromObservation struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -387,7 +499,7 @@ type IngressFromObservation struct { // Sources that this IngressPolicy authorizes access from. // Structure is documented below. - Sources []SourcesObservation `json:"sources,omitempty" tf:"sources,omitempty"` + Sources []IngressFromSourcesObservation `json:"sources,omitempty" tf:"sources,omitempty"` } type IngressFromParameters struct { @@ -396,6 +508,7 @@ type IngressFromParameters struct { // Should be in the format of email address. The email address should represent // individual user or service account only. // +kubebuilder:validation:Optional + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -408,7 +521,7 @@ type IngressFromParameters struct { // Sources that this IngressPolicy authorizes access from. // Structure is documented below. // +kubebuilder:validation:Optional - Sources []SourcesParameters `json:"sources,omitempty" tf:"sources,omitempty"` + Sources []IngressFromSourcesParameters `json:"sources,omitempty" tf:"sources,omitempty"` } type IngressFromSourcesInitParameters struct { @@ -421,18 +534,8 @@ type IngressFromSourcesInitParameters struct { // with request origins within the perimeter. // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. // If * is specified, then all IngressSources will be allowed. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/accesscontextmanager/v1beta1.AccessLevel - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",false) AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` - // Reference to a AccessLevel in accesscontextmanager to populate accessLevel. - // +kubebuilder:validation:Optional - AccessLevelRef *v1.Reference `json:"accessLevelRef,omitempty" tf:"-"` - - // Selector for a AccessLevel in accesscontextmanager to populate accessLevel. - // +kubebuilder:validation:Optional - AccessLevelSelector *v1.Selector `json:"accessLevelSelector,omitempty" tf:"-"` - // A Google Cloud resource that is allowed to ingress the perimeter. // Requests from these resources will be allowed to access perimeter data. // Currently only projects are allowed. Format projects/{project_number} @@ -473,19 +576,9 @@ type IngressFromSourcesParameters struct { // with request origins within the perimeter. // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. // If * is specified, then all IngressSources will be allowed. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/accesscontextmanager/v1beta1.AccessLevel - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",false) // +kubebuilder:validation:Optional AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` - // Reference to a AccessLevel in accesscontextmanager to populate accessLevel. - // +kubebuilder:validation:Optional - AccessLevelRef *v1.Reference `json:"accessLevelRef,omitempty" tf:"-"` - - // Selector for a AccessLevel in accesscontextmanager to populate accessLevel. - // +kubebuilder:validation:Optional - AccessLevelSelector *v1.Selector `json:"accessLevelSelector,omitempty" tf:"-"` - // A Google Cloud resource that is allowed to ingress the perimeter. // Requests from these resources will be allowed to access perimeter data. // Currently only projects are allowed. Format projects/{project_number} @@ -501,6 +594,7 @@ type IngressPoliciesIngressFromInitParameters struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -511,7 +605,7 @@ type IngressPoliciesIngressFromInitParameters struct { // Sources that this IngressPolicy authorizes access from. // Structure is documented below. - Sources []IngressFromSourcesInitParameters `json:"sources,omitempty" tf:"sources,omitempty"` + Sources []IngressPoliciesIngressFromSourcesInitParameters `json:"sources,omitempty" tf:"sources,omitempty"` } type IngressPoliciesIngressFromObservation struct { @@ -519,6 +613,7 @@ type IngressPoliciesIngressFromObservation struct { // A list of identities that are allowed access through this ingress policy. // Should be in the format of email address. The email address should represent // individual user or service account only. + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -529,7 +624,7 @@ type IngressPoliciesIngressFromObservation struct { // Sources that this IngressPolicy authorizes access from. // Structure is documented below. - Sources []IngressFromSourcesObservation `json:"sources,omitempty" tf:"sources,omitempty"` + Sources []IngressPoliciesIngressFromSourcesObservation `json:"sources,omitempty" tf:"sources,omitempty"` } type IngressPoliciesIngressFromParameters struct { @@ -538,6 +633,7 @@ type IngressPoliciesIngressFromParameters struct { // Should be in the format of email address. The email address should represent // individual user or service account only. // +kubebuilder:validation:Optional + // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` // Specifies the type of identities that are allowed access from outside the @@ -550,7 +646,92 @@ type IngressPoliciesIngressFromParameters struct { // Sources that this IngressPolicy authorizes access from. // Structure is documented below. // +kubebuilder:validation:Optional - Sources []IngressFromSourcesParameters `json:"sources,omitempty" tf:"sources,omitempty"` + Sources []IngressPoliciesIngressFromSourcesParameters `json:"sources,omitempty" tf:"sources,omitempty"` +} + +type IngressPoliciesIngressFromSourcesInitParameters struct { + + // An AccessLevel resource name that allow resources within the + // ServicePerimeters to be accessed from the internet. AccessLevels listed + // must be in the same policy as this ServicePerimeter. Referencing a nonexistent + // AccessLevel will cause an error. If no AccessLevel names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + // If * is specified, then all IngressSources will be allowed. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/accesscontextmanager/v1beta1.AccessLevel + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",false) + AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` + + // Reference to a AccessLevel in accesscontextmanager to populate accessLevel. + // +kubebuilder:validation:Optional + AccessLevelRef *v1.Reference `json:"accessLevelRef,omitempty" tf:"-"` + + // Selector for a AccessLevel in accesscontextmanager to populate accessLevel. + // +kubebuilder:validation:Optional + AccessLevelSelector *v1.Selector `json:"accessLevelSelector,omitempty" tf:"-"` + + // A Google Cloud resource that is allowed to ingress the perimeter. + // Requests from these resources will be allowed to access perimeter data. + // Currently only projects are allowed. Format projects/{project_number} + // The project may be in any Google Cloud organization, not just the + // organization that the perimeter is defined in. * is not allowed, the case + // of allowing all Google Cloud resources only is not supported. + Resource *string `json:"resource,omitempty" tf:"resource,omitempty"` +} + +type IngressPoliciesIngressFromSourcesObservation struct { + + // An AccessLevel resource name that allow resources within the + // ServicePerimeters to be accessed from the internet. AccessLevels listed + // must be in the same policy as this ServicePerimeter. Referencing a nonexistent + // AccessLevel will cause an error. If no AccessLevel names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + // If * is specified, then all IngressSources will be allowed. + AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` + + // A Google Cloud resource that is allowed to ingress the perimeter. + // Requests from these resources will be allowed to access perimeter data. + // Currently only projects are allowed. Format projects/{project_number} + // The project may be in any Google Cloud organization, not just the + // organization that the perimeter is defined in. * is not allowed, the case + // of allowing all Google Cloud resources only is not supported. + Resource *string `json:"resource,omitempty" tf:"resource,omitempty"` +} + +type IngressPoliciesIngressFromSourcesParameters struct { + + // An AccessLevel resource name that allow resources within the + // ServicePerimeters to be accessed from the internet. AccessLevels listed + // must be in the same policy as this ServicePerimeter. Referencing a nonexistent + // AccessLevel will cause an error. If no AccessLevel names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + // If * is specified, then all IngressSources will be allowed. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/accesscontextmanager/v1beta1.AccessLevel + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",false) + // +kubebuilder:validation:Optional + AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` + + // Reference to a AccessLevel in accesscontextmanager to populate accessLevel. + // +kubebuilder:validation:Optional + AccessLevelRef *v1.Reference `json:"accessLevelRef,omitempty" tf:"-"` + + // Selector for a AccessLevel in accesscontextmanager to populate accessLevel. + // +kubebuilder:validation:Optional + AccessLevelSelector *v1.Selector `json:"accessLevelSelector,omitempty" tf:"-"` + + // A Google Cloud resource that is allowed to ingress the perimeter. + // Requests from these resources will be allowed to access perimeter data. + // Currently only projects are allowed. Format projects/{project_number} + // The project may be in any Google Cloud organization, not just the + // organization that the perimeter is defined in. * is not allowed, the case + // of allowing all Google Cloud resources only is not supported. + // +kubebuilder:validation:Optional + Resource *string `json:"resource,omitempty" tf:"resource,omitempty"` } type IngressPoliciesIngressToInitParameters struct { @@ -563,6 +744,7 @@ type IngressPoliciesIngressToInitParameters struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -576,6 +758,7 @@ type IngressPoliciesIngressToObservation struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -638,6 +821,7 @@ type IngressPoliciesIngressToParameters struct { // Currently only projects are allowed. // Format: projects/{project_number} // +kubebuilder:validation:Optional + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -692,6 +876,7 @@ type IngressToInitParameters struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -705,6 +890,7 @@ type IngressToObservation struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -805,6 +991,7 @@ type IngressToParameters struct { // Currently only projects are allowed. // Format: projects/{project_number} // +kubebuilder:validation:Optional + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` } @@ -1142,14 +1329,6 @@ type SourcesInitParameters struct { // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. // If * is specified, then all IngressSources will be allowed. AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` - - // A Google Cloud resource that is allowed to ingress the perimeter. - // Requests from these resources will be allowed to access perimeter data. - // Currently only projects are allowed. Format projects/{project_number} - // The project may be in any Google Cloud organization, not just the - // organization that the perimeter is defined in. * is not allowed, the case - // of allowing all Google Cloud resources only is not supported. - Resource *string `json:"resource,omitempty" tf:"resource,omitempty"` } type SourcesObservation struct { @@ -1163,14 +1342,6 @@ type SourcesObservation struct { // Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. // If * is specified, then all IngressSources will be allowed. AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` - - // A Google Cloud resource that is allowed to ingress the perimeter. - // Requests from these resources will be allowed to access perimeter data. - // Currently only projects are allowed. Format projects/{project_number} - // The project may be in any Google Cloud organization, not just the - // organization that the perimeter is defined in. * is not allowed, the case - // of allowing all Google Cloud resources only is not supported. - Resource *string `json:"resource,omitempty" tf:"resource,omitempty"` } type SourcesParameters struct { @@ -1185,15 +1356,6 @@ type SourcesParameters struct { // If * is specified, then all IngressSources will be allowed. // +kubebuilder:validation:Optional AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"` - - // A Google Cloud resource that is allowed to ingress the perimeter. - // Requests from these resources will be allowed to access perimeter data. - // Currently only projects are allowed. Format projects/{project_number} - // The project may be in any Google Cloud organization, not just the - // organization that the perimeter is defined in. * is not allowed, the case - // of allowing all Google Cloud resources only is not supported. - // +kubebuilder:validation:Optional - Resource *string `json:"resource,omitempty" tf:"resource,omitempty"` } type SpecInitParameters struct { @@ -1208,6 +1370,7 @@ type SpecInitParameters struct { // be empty. // Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} // +crossplane:generate:reference:type=AccessLevel + // +listType=set AccessLevels []*string `json:"accessLevels,omitempty" tf:"access_levels,omitempty"` // References to AccessLevel to populate accessLevels. @@ -1235,6 +1398,7 @@ type SpecInitParameters struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` // GCP services that are subject to the Service Perimeter @@ -1242,6 +1406,7 @@ type SpecInitParameters struct { // storage.googleapis.com is specified, access to the storage // buckets inside the perimeter must meet the perimeter's access // restrictions. + // +listType=set RestrictedServices []*string `json:"restrictedServices,omitempty" tf:"restricted_services,omitempty"` // Specifies how APIs are allowed to communicate within the Service @@ -1261,6 +1426,7 @@ type SpecObservation struct { // origins within the perimeter. For Service Perimeter Bridge, must // be empty. // Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} + // +listType=set AccessLevels []*string `json:"accessLevels,omitempty" tf:"access_levels,omitempty"` // List of EgressPolicies to apply to the perimeter. A perimeter may @@ -1280,6 +1446,7 @@ type SpecObservation struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` // GCP services that are subject to the Service Perimeter @@ -1287,6 +1454,7 @@ type SpecObservation struct { // storage.googleapis.com is specified, access to the storage // buckets inside the perimeter must meet the perimeter's access // restrictions. + // +listType=set RestrictedServices []*string `json:"restrictedServices,omitempty" tf:"restricted_services,omitempty"` // Specifies how APIs are allowed to communicate within the Service @@ -1308,6 +1476,7 @@ type SpecParameters struct { // Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} // +crossplane:generate:reference:type=AccessLevel // +kubebuilder:validation:Optional + // +listType=set AccessLevels []*string `json:"accessLevels,omitempty" tf:"access_levels,omitempty"` // References to AccessLevel to populate accessLevels. @@ -1338,6 +1507,7 @@ type SpecParameters struct { // Currently only projects are allowed. // Format: projects/{project_number} // +kubebuilder:validation:Optional + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` // GCP services that are subject to the Service Perimeter @@ -1346,6 +1516,7 @@ type SpecParameters struct { // buckets inside the perimeter must meet the perimeter's access // restrictions. // +kubebuilder:validation:Optional + // +listType=set RestrictedServices []*string `json:"restrictedServices,omitempty" tf:"restricted_services,omitempty"` // Specifies how APIs are allowed to communicate within the Service @@ -1446,6 +1617,7 @@ type StatusInitParameters struct { // be empty. // Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} // +crossplane:generate:reference:type=AccessLevel + // +listType=set AccessLevels []*string `json:"accessLevels,omitempty" tf:"access_levels,omitempty"` // References to AccessLevel to populate accessLevels. @@ -1473,6 +1645,7 @@ type StatusInitParameters struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` // GCP services that are subject to the Service Perimeter @@ -1500,6 +1673,7 @@ type StatusObservation struct { // origins within the perimeter. For Service Perimeter Bridge, must // be empty. // Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} + // +listType=set AccessLevels []*string `json:"accessLevels,omitempty" tf:"access_levels,omitempty"` // List of EgressPolicies to apply to the perimeter. A perimeter may @@ -1519,6 +1693,7 @@ type StatusObservation struct { // A list of GCP resources that are inside of the service perimeter. // Currently only projects are allowed. // Format: projects/{project_number} + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` // GCP services that are subject to the Service Perimeter @@ -1548,6 +1723,7 @@ type StatusParameters struct { // Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} // +crossplane:generate:reference:type=AccessLevel // +kubebuilder:validation:Optional + // +listType=set AccessLevels []*string `json:"accessLevels,omitempty" tf:"access_levels,omitempty"` // References to AccessLevel to populate accessLevels. @@ -1578,6 +1754,7 @@ type StatusParameters struct { // Currently only projects are allowed. // Format: projects/{project_number} // +kubebuilder:validation:Optional + // +listType=set Resources []*string `json:"resources,omitempty" tf:"resources,omitempty"` // GCP services that are subject to the Service Perimeter @@ -1638,6 +1815,7 @@ type VPCAccessibleServicesInitParameters struct { // The list of APIs usable within the Service Perimeter. // Must be empty unless enableRestriction is True. + // +listType=set AllowedServices []*string `json:"allowedServices,omitempty" tf:"allowed_services,omitempty"` // Whether to restrict API calls within the Service Perimeter to the @@ -1649,6 +1827,7 @@ type VPCAccessibleServicesObservation struct { // The list of APIs usable within the Service Perimeter. // Must be empty unless enableRestriction is True. + // +listType=set AllowedServices []*string `json:"allowedServices,omitempty" tf:"allowed_services,omitempty"` // Whether to restrict API calls within the Service Perimeter to the @@ -1661,6 +1840,7 @@ type VPCAccessibleServicesParameters struct { // The list of APIs usable within the Service Perimeter. // Must be empty unless enableRestriction is True. // +kubebuilder:validation:Optional + // +listType=set AllowedServices []*string `json:"allowedServices,omitempty" tf:"allowed_services,omitempty"` // Whether to restrict API calls within the Service Perimeter to the diff --git a/apis/activedirectory/v1beta1/zz_domain_types.go b/apis/activedirectory/v1beta1/zz_domain_types.go index 8d2605e6e..1a2331047 100755 --- a/apis/activedirectory/v1beta1/zz_domain_types.go +++ b/apis/activedirectory/v1beta1/zz_domain_types.go @@ -45,6 +45,8 @@ type DomainInitParameters struct { DomainName *string `json:"domainName,omitempty" tf:"domain_name,omitempty"` // Resource labels that can contain user-provided metadata + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -76,6 +78,9 @@ type DomainObservation struct { // https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. DomainName *string `json:"domainName,omitempty" tf:"domain_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The fully-qualified domain name of the exposed domain used by clients to connect to the service. // Similar to what would be chosen for an Active Directory set up on an internal network. Fqdn *string `json:"fqdn,omitempty" tf:"fqdn,omitempty"` @@ -84,6 +89,8 @@ type DomainObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // Resource labels that can contain user-provided metadata + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -101,6 +108,11 @@ type DomainObservation struct { // The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger. // Ranges must be unique and non-overlapping with existing subnets in authorizedNetworks ReservedIPRange *string `json:"reservedIpRange,omitempty" tf:"reserved_ip_range,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type DomainParameters struct { @@ -122,6 +134,8 @@ type DomainParameters struct { DomainName *string `json:"domainName,omitempty" tf:"domain_name,omitempty"` // Resource labels that can contain user-provided metadata + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/activedirectory/v1beta1/zz_generated.deepcopy.go b/apis/activedirectory/v1beta1/zz_generated.deepcopy.go index 28c4ad793..ef8f84b76 100644 --- a/apis/activedirectory/v1beta1/zz_generated.deepcopy.go +++ b/apis/activedirectory/v1beta1/zz_generated.deepcopy.go @@ -180,6 +180,22 @@ func (in *DomainObservation) DeepCopyInto(out *DomainObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Fqdn != nil { in, out := &in.Fqdn, &out.Fqdn *out = new(string) @@ -232,6 +248,22 @@ func (in *DomainObservation) DeepCopyInto(out *DomainObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainObservation. diff --git a/apis/alloydb/v1beta1/zz_backup_types.go b/apis/alloydb/v1beta1/zz_backup_types.go index e0419b687..9dd5e73b4 100755 --- a/apis/alloydb/v1beta1/zz_backup_types.go +++ b/apis/alloydb/v1beta1/zz_backup_types.go @@ -31,6 +31,11 @@ import ( type BackupInitParameters struct { + // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) @@ -47,30 +52,61 @@ type BackupInitParameters struct { // User-provided description of the backup. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // User-settable and human-readable display name for the Backup. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). // Structure is documented below. EncryptionConfig []EncryptionConfigInitParameters `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` - // User-defined labels for the alloydb backup. + // User-defined labels for the alloydb backup. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The backup type, which suggests the trigger for the backup. + // Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type BackupObservation struct { + // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` - // Time the Backup was created in UTC. + // Output only. The system-generated UID of the cluster which was used to create this resource. + ClusterUID *string `json:"clusterUid,omitempty" tf:"cluster_uid,omitempty"` + + // Output only. Create time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // Output only. Delete time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + DeleteTime *string `json:"deleteTime,omitempty" tf:"delete_time,omitempty"` + // User-provided description of the backup. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // User-settable and human-readable display name for the Backup. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // for all of the annotations present on the resource. + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). // Structure is documented below. EncryptionConfig []EncryptionConfigObservation `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` @@ -79,13 +115,22 @@ type BackupObservation struct { // Structure is documented below. EncryptionInfo []EncryptionInfoObservation `json:"encryptionInfo,omitempty" tf:"encryption_info,omitempty"` - // A hash of the resource. + // For Resource freshness validation (https://google.aip.dev/154) Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy. + // Once the expiry quantity is over retention, the backup is eligible to be garbage collected. + // Structure is documented below. + ExpiryQuantity []ExpiryQuantityObservation `json:"expiryQuantity,omitempty" tf:"expiry_quantity,omitempty"` + + // Output only. The time at which after the backup is eligible to be garbage collected. + // It is the duration specified by the backup's retention policy, added to the backup's createTime. + ExpiryTime *string `json:"expiryTime,omitempty" tf:"expiry_time,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{backup_id}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // User-defined labels for the alloydb backup. + // User-defined labels for the alloydb backup. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -99,21 +144,41 @@ type BackupObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // If true, indicates that the service is actively updating the resource. This can happen due to user-triggered updates or system actions like failover or maintenance. + // Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource. + // This can happen due to user-triggered updates or system actions like failover or maintenance. Reconciling *bool `json:"reconciling,omitempty" tf:"reconciling,omitempty"` - // The current state of the backup. + // Output only. The size of the backup in bytes. + SizeBytes *string `json:"sizeBytes,omitempty" tf:"size_bytes,omitempty"` + + // Output only. The current state of the backup. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + + // The backup type, which suggests the trigger for the backup. + // Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + // Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` - // Time the Backup was updated in UTC. + // Output only. Update time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } type BackupParameters struct { + // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) @@ -132,12 +197,16 @@ type BackupParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // User-settable and human-readable display name for the Backup. + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). // Structure is documented below. // +kubebuilder:validation:Optional EncryptionConfig []EncryptionConfigParameters `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` - // User-defined labels for the alloydb backup. + // User-defined labels for the alloydb backup. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -150,6 +219,11 @@ type BackupParameters struct { // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The backup type, which suggests the trigger for the backup. + // Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type EncryptionConfigInitParameters struct { @@ -188,6 +262,23 @@ type EncryptionInfoObservation struct { type EncryptionInfoParameters struct { } +type ExpiryQuantityInitParameters struct { +} + +type ExpiryQuantityObservation struct { + + // (Output) + // Output only. The backup's position among its backups with the same source cluster and type, by descending chronological order create time (i.e. newest first). + RetentionCount *float64 `json:"retentionCount,omitempty" tf:"retention_count,omitempty"` + + // (Output) + // Output only. The length of the quantity-based queue, specified by the backup's retention policy. + TotalRetentionCount *float64 `json:"totalRetentionCount,omitempty" tf:"total_retention_count,omitempty"` +} + +type ExpiryQuantityParameters struct { +} + // BackupSpec defines the desired state of Backup type BackupSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/alloydb/v1beta1/zz_cluster_types.go b/apis/alloydb/v1beta1/zz_cluster_types.go index e78826cae..0822a920e 100755 --- a/apis/alloydb/v1beta1/zz_cluster_types.go +++ b/apis/alloydb/v1beta1/zz_cluster_types.go @@ -205,15 +205,33 @@ type ClusterEncryptionInfoParameters struct { type ClusterInitParameters struct { + // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. // Structure is documented below. AutomatedBackupPolicy []AutomatedBackupPolicyInitParameters `json:"automatedBackupPolicy,omitempty" tf:"automated_backup_policy,omitempty"` + // The type of cluster. If not set, defaults to PRIMARY. + // Default value is PRIMARY. + // Possible values are: PRIMARY, SECONDARY. + ClusterType *string `json:"clusterType,omitempty" tf:"cluster_type,omitempty"` + // The continuous backup config for this cluster. // If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. // Structure is documented below. ContinuousBackupConfig []ContinuousBackupConfigInitParameters `json:"continuousBackupConfig,omitempty" tf:"continuous_backup_config,omitempty"` + // The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. + DatabaseVersion *string `json:"databaseVersion,omitempty" tf:"database_version,omitempty"` + + // Policy to determine if the cluster should be deleted forcefully. + // Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + // Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // User-settable and human-readable display name for the Cluster. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -221,11 +239,16 @@ type ClusterInitParameters struct { // Structure is documented below. EncryptionConfig []ClusterEncryptionConfigInitParameters `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` + // For Resource freshness validation (https://google.aip.dev/154) + Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // Initial user to setup during cluster creation. // Structure is documented below. InitialUser []InitialUserInitParameters `json:"initialUser,omitempty" tf:"initial_user,omitempty"` // User-defined labels for the alloydb cluster. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -235,6 +258,10 @@ type ClusterInitParameters struct { // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() Network *string `json:"network,omitempty" tf:"network,omitempty"` + // Metadata related to network configuration. + // Structure is documented below. + NetworkConfig []NetworkConfigInitParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // Reference to a Network in compute to populate network. // +kubebuilder:validation:Optional NetworkRef *v1.Reference `json:"networkRef,omitempty" tf:"-"` @@ -246,10 +273,27 @@ type ClusterInitParameters struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + // Structure is documented below. + RestoreBackupSource []RestoreBackupSourceInitParameters `json:"restoreBackupSource,omitempty" tf:"restore_backup_source,omitempty"` + + // The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + // Structure is documented below. + RestoreContinuousBackupSource []RestoreContinuousBackupSourceInitParameters `json:"restoreContinuousBackupSource,omitempty" tf:"restore_continuous_backup_source,omitempty"` + + // Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + // Structure is documented below. + SecondaryConfig []SecondaryConfigInitParameters `json:"secondaryConfig,omitempty" tf:"secondary_config,omitempty"` } type ClusterObservation struct { + // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. // Structure is documented below. AutomatedBackupPolicy []AutomatedBackupPolicyObservation `json:"automatedBackupPolicy,omitempty" tf:"automated_backup_policy,omitempty"` @@ -258,6 +302,11 @@ type ClusterObservation struct { // Structure is documented below. BackupSource []BackupSourceObservation `json:"backupSource,omitempty" tf:"backup_source,omitempty"` + // The type of cluster. If not set, defaults to PRIMARY. + // Default value is PRIMARY. + // Possible values are: PRIMARY, SECONDARY. + ClusterType *string `json:"clusterType,omitempty" tf:"cluster_type,omitempty"` + // The continuous backup config for this cluster. // If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. // Structure is documented below. @@ -267,12 +316,24 @@ type ClusterObservation struct { // Structure is documented below. ContinuousBackupInfo []ContinuousBackupInfoObservation `json:"continuousBackupInfo,omitempty" tf:"continuous_backup_info,omitempty"` - // The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. + // The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. DatabaseVersion *string `json:"databaseVersion,omitempty" tf:"database_version,omitempty"` + // Policy to determine if the cluster should be deleted forcefully. + // Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + // Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // User-settable and human-readable display name for the Cluster. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // for all of the annotations present on the resource. + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). // Structure is documented below. EncryptionConfig []ClusterEncryptionConfigObservation `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` @@ -281,6 +342,9 @@ type ClusterObservation struct { // Structure is documented below. EncryptionInfo []ClusterEncryptionInfoObservation `json:"encryptionInfo,omitempty" tf:"encryption_info,omitempty"` + // For Resource freshness validation (https://google.aip.dev/154) + Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -289,6 +353,8 @@ type ClusterObservation struct { InitialUser []InitialUserObservation `json:"initialUser,omitempty" tf:"initial_user,omitempty"` // User-defined labels for the alloydb cluster. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -306,27 +372,78 @@ type ClusterObservation struct { // "projects/{projectNumber}/global/networks/{network_id}". Network *string `json:"network,omitempty" tf:"network,omitempty"` + // Metadata related to network configuration. + // Structure is documented below. + NetworkConfig []NetworkConfigObservation `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Output only. Reconciling (https://google.aip.dev/128#reconciliation). + // Set to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them. + // This can happen due to user-triggered updates or system actions like failover or maintenance. + Reconciling *bool `json:"reconciling,omitempty" tf:"reconciling,omitempty"` + + // The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + // Structure is documented below. + RestoreBackupSource []RestoreBackupSourceObservation `json:"restoreBackupSource,omitempty" tf:"restore_backup_source,omitempty"` + + // The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + // Structure is documented below. + RestoreContinuousBackupSource []RestoreContinuousBackupSourceObservation `json:"restoreContinuousBackupSource,omitempty" tf:"restore_continuous_backup_source,omitempty"` + + // Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + // Structure is documented below. + SecondaryConfig []SecondaryConfigObservation `json:"secondaryConfig,omitempty" tf:"secondary_config,omitempty"` + + // Output only. The current serving state of the cluster. + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The system-generated UID of the resource. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` } type ClusterParameters struct { + // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. // Structure is documented below. // +kubebuilder:validation:Optional AutomatedBackupPolicy []AutomatedBackupPolicyParameters `json:"automatedBackupPolicy,omitempty" tf:"automated_backup_policy,omitempty"` + // The type of cluster. If not set, defaults to PRIMARY. + // Default value is PRIMARY. + // Possible values are: PRIMARY, SECONDARY. + // +kubebuilder:validation:Optional + ClusterType *string `json:"clusterType,omitempty" tf:"cluster_type,omitempty"` + // The continuous backup config for this cluster. // If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. // Structure is documented below. // +kubebuilder:validation:Optional ContinuousBackupConfig []ContinuousBackupConfigParameters `json:"continuousBackupConfig,omitempty" tf:"continuous_backup_config,omitempty"` + // The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. + // +kubebuilder:validation:Optional + DatabaseVersion *string `json:"databaseVersion,omitempty" tf:"database_version,omitempty"` + + // Policy to determine if the cluster should be deleted forcefully. + // Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + // Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + // +kubebuilder:validation:Optional + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // User-settable and human-readable display name for the Cluster. // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -336,12 +453,18 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional EncryptionConfig []ClusterEncryptionConfigParameters `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` + // For Resource freshness validation (https://google.aip.dev/154) + // +kubebuilder:validation:Optional + Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // Initial user to setup during cluster creation. // Structure is documented below. // +kubebuilder:validation:Optional InitialUser []InitialUserParameters `json:"initialUser,omitempty" tf:"initial_user,omitempty"` // User-defined labels for the alloydb cluster. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -357,6 +480,11 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional Network *string `json:"network,omitempty" tf:"network,omitempty"` + // Metadata related to network configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + NetworkConfig []NetworkConfigParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // Reference to a Network in compute to populate network. // +kubebuilder:validation:Optional NetworkRef *v1.Reference `json:"networkRef,omitempty" tf:"-"` @@ -369,6 +497,21 @@ type ClusterParameters struct { // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + // Structure is documented below. + // +kubebuilder:validation:Optional + RestoreBackupSource []RestoreBackupSourceParameters `json:"restoreBackupSource,omitempty" tf:"restore_backup_source,omitempty"` + + // The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + // Structure is documented below. + // +kubebuilder:validation:Optional + RestoreContinuousBackupSource []RestoreContinuousBackupSourceParameters `json:"restoreContinuousBackupSource,omitempty" tf:"restore_continuous_backup_source,omitempty"` + + // Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + // Structure is documented below. + // +kubebuilder:validation:Optional + SecondaryConfig []SecondaryConfigParameters `json:"secondaryConfig,omitempty" tf:"secondary_config,omitempty"` } type ContinuousBackupConfigEncryptionConfigInitParameters struct { @@ -520,6 +663,41 @@ type MigrationSourceObservation struct { type MigrationSourceParameters struct { } +type NetworkConfigInitParameters struct { + + // The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + // If set, the instance IPs for this cluster will be created in the allocated range. + AllocatedIPRange *string `json:"allocatedIpRange,omitempty" tf:"allocated_ip_range,omitempty"` + + // The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + // It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + Network *string `json:"network,omitempty" tf:"network,omitempty"` +} + +type NetworkConfigObservation struct { + + // The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + // If set, the instance IPs for this cluster will be created in the allocated range. + AllocatedIPRange *string `json:"allocatedIpRange,omitempty" tf:"allocated_ip_range,omitempty"` + + // The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + // It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + Network *string `json:"network,omitempty" tf:"network,omitempty"` +} + +type NetworkConfigParameters struct { + + // The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + // If set, the instance IPs for this cluster will be created in the allocated range. + // +kubebuilder:validation:Optional + AllocatedIPRange *string `json:"allocatedIpRange,omitempty" tf:"allocated_ip_range,omitempty"` + + // The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + // It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + // +kubebuilder:validation:Optional + Network *string `json:"network,omitempty" tf:"network,omitempty"` +} + type QuantityBasedRetentionInitParameters struct { // The number of backups to retain. @@ -539,6 +717,136 @@ type QuantityBasedRetentionParameters struct { Count *float64 `json:"count,omitempty" tf:"count,omitempty"` } +type RestoreBackupSourceInitParameters struct { + + // The name of the backup that this cluster is restored from. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Backup + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + BackupName *string `json:"backupName,omitempty" tf:"backup_name,omitempty"` + + // Reference to a Backup in alloydb to populate backupName. + // +kubebuilder:validation:Optional + BackupNameRef *v1.Reference `json:"backupNameRef,omitempty" tf:"-"` + + // Selector for a Backup in alloydb to populate backupName. + // +kubebuilder:validation:Optional + BackupNameSelector *v1.Selector `json:"backupNameSelector,omitempty" tf:"-"` +} + +type RestoreBackupSourceObservation struct { + + // The name of the backup that this cluster is restored from. + BackupName *string `json:"backupName,omitempty" tf:"backup_name,omitempty"` +} + +type RestoreBackupSourceParameters struct { + + // The name of the backup that this cluster is restored from. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Backup + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + BackupName *string `json:"backupName,omitempty" tf:"backup_name,omitempty"` + + // Reference to a Backup in alloydb to populate backupName. + // +kubebuilder:validation:Optional + BackupNameRef *v1.Reference `json:"backupNameRef,omitempty" tf:"-"` + + // Selector for a Backup in alloydb to populate backupName. + // +kubebuilder:validation:Optional + BackupNameSelector *v1.Selector `json:"backupNameSelector,omitempty" tf:"-"` +} + +type RestoreContinuousBackupSourceInitParameters struct { + + // The name of the source cluster that this cluster is restored from. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // Reference to a Cluster in alloydb to populate cluster. + // +kubebuilder:validation:Optional + ClusterRef *v1.Reference `json:"clusterRef,omitempty" tf:"-"` + + // Selector for a Cluster in alloydb to populate cluster. + // +kubebuilder:validation:Optional + ClusterSelector *v1.Selector `json:"clusterSelector,omitempty" tf:"-"` + + // The point in time that this cluster is restored to, in RFC 3339 format. + PointInTime *string `json:"pointInTime,omitempty" tf:"point_in_time,omitempty"` +} + +type RestoreContinuousBackupSourceObservation struct { + + // The name of the source cluster that this cluster is restored from. + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // The point in time that this cluster is restored to, in RFC 3339 format. + PointInTime *string `json:"pointInTime,omitempty" tf:"point_in_time,omitempty"` +} + +type RestoreContinuousBackupSourceParameters struct { + + // The name of the source cluster that this cluster is restored from. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // Reference to a Cluster in alloydb to populate cluster. + // +kubebuilder:validation:Optional + ClusterRef *v1.Reference `json:"clusterRef,omitempty" tf:"-"` + + // Selector for a Cluster in alloydb to populate cluster. + // +kubebuilder:validation:Optional + ClusterSelector *v1.Selector `json:"clusterSelector,omitempty" tf:"-"` + + // The point in time that this cluster is restored to, in RFC 3339 format. + // +kubebuilder:validation:Optional + PointInTime *string `json:"pointInTime" tf:"point_in_time,omitempty"` +} + +type SecondaryConfigInitParameters struct { + + // Name of the primary cluster must be in the format + // 'projects/{project}/locations/{location}/clusters/{cluster_id}' + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + PrimaryClusterName *string `json:"primaryClusterName,omitempty" tf:"primary_cluster_name,omitempty"` + + // Reference to a Cluster in alloydb to populate primaryClusterName. + // +kubebuilder:validation:Optional + PrimaryClusterNameRef *v1.Reference `json:"primaryClusterNameRef,omitempty" tf:"-"` + + // Selector for a Cluster in alloydb to populate primaryClusterName. + // +kubebuilder:validation:Optional + PrimaryClusterNameSelector *v1.Selector `json:"primaryClusterNameSelector,omitempty" tf:"-"` +} + +type SecondaryConfigObservation struct { + + // Name of the primary cluster must be in the format + // 'projects/{project}/locations/{location}/clusters/{cluster_id}' + PrimaryClusterName *string `json:"primaryClusterName,omitempty" tf:"primary_cluster_name,omitempty"` +} + +type SecondaryConfigParameters struct { + + // Name of the primary cluster must be in the format + // 'projects/{project}/locations/{location}/clusters/{cluster_id}' + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + PrimaryClusterName *string `json:"primaryClusterName,omitempty" tf:"primary_cluster_name,omitempty"` + + // Reference to a Cluster in alloydb to populate primaryClusterName. + // +kubebuilder:validation:Optional + PrimaryClusterNameRef *v1.Reference `json:"primaryClusterNameRef,omitempty" tf:"-"` + + // Selector for a Cluster in alloydb to populate primaryClusterName. + // +kubebuilder:validation:Optional + PrimaryClusterNameSelector *v1.Selector `json:"primaryClusterNameSelector,omitempty" tf:"-"` +} + type StartTimesInitParameters struct { // Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. diff --git a/apis/alloydb/v1beta1/zz_generated.deepcopy.go b/apis/alloydb/v1beta1/zz_generated.deepcopy.go index ebca7b70a..9b68260cd 100644 --- a/apis/alloydb/v1beta1/zz_generated.deepcopy.go +++ b/apis/alloydb/v1beta1/zz_generated.deepcopy.go @@ -332,6 +332,22 @@ func (in *Backup) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupInitParameters) DeepCopyInto(out *BackupInitParameters) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ClusterName != nil { in, out := &in.ClusterName, &out.ClusterName *out = new(string) @@ -352,6 +368,11 @@ func (in *BackupInitParameters) DeepCopyInto(out *BackupInitParameters) { *out = new(string) **out = **in } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = make([]EncryptionConfigInitParameters, len(*in)) @@ -380,6 +401,11 @@ func (in *BackupInitParameters) DeepCopyInto(out *BackupInitParameters) { *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupInitParameters. @@ -427,21 +453,84 @@ func (in *BackupList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupObservation) DeepCopyInto(out *BackupObservation) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ClusterName != nil { in, out := &in.ClusterName, &out.ClusterName *out = new(string) **out = **in } + if in.ClusterUID != nil { + in, out := &in.ClusterUID, &out.ClusterUID + *out = new(string) + **out = **in + } if in.CreateTime != nil { in, out := &in.CreateTime, &out.CreateTime *out = new(string) **out = **in } + if in.DeleteTime != nil { + in, out := &in.DeleteTime, &out.DeleteTime + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) **out = **in } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = make([]EncryptionConfigObservation, len(*in)) @@ -461,6 +550,18 @@ func (in *BackupObservation) DeepCopyInto(out *BackupObservation) { *out = new(string) **out = **in } + if in.ExpiryQuantity != nil { + in, out := &in.ExpiryQuantity, &out.ExpiryQuantity + *out = make([]ExpiryQuantityObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExpiryTime != nil { + in, out := &in.ExpiryTime, &out.ExpiryTime + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -502,11 +603,37 @@ func (in *BackupObservation) DeepCopyInto(out *BackupObservation) { *out = new(bool) **out = **in } + if in.SizeBytes != nil { + in, out := &in.SizeBytes, &out.SizeBytes + *out = new(string) + **out = **in + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -532,6 +659,22 @@ func (in *BackupObservation) DeepCopy() *BackupObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupParameters) DeepCopyInto(out *BackupParameters) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ClusterName != nil { in, out := &in.ClusterName, &out.ClusterName *out = new(string) @@ -552,6 +695,11 @@ func (in *BackupParameters) DeepCopyInto(out *BackupParameters) { *out = new(string) **out = **in } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = make([]EncryptionConfigParameters, len(*in)) @@ -585,6 +733,11 @@ func (in *BackupParameters) DeepCopyInto(out *BackupParameters) { *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupParameters. @@ -682,6 +835,87 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConnectionConfigInitParameters) DeepCopyInto(out *ClientConnectionConfigInitParameters) { + *out = *in + if in.RequireConnectors != nil { + in, out := &in.RequireConnectors, &out.RequireConnectors + *out = new(bool) + **out = **in + } + if in.SSLConfig != nil { + in, out := &in.SSLConfig, &out.SSLConfig + *out = make([]SSLConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnectionConfigInitParameters. +func (in *ClientConnectionConfigInitParameters) DeepCopy() *ClientConnectionConfigInitParameters { + if in == nil { + return nil + } + out := new(ClientConnectionConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConnectionConfigObservation) DeepCopyInto(out *ClientConnectionConfigObservation) { + *out = *in + if in.RequireConnectors != nil { + in, out := &in.RequireConnectors, &out.RequireConnectors + *out = new(bool) + **out = **in + } + if in.SSLConfig != nil { + in, out := &in.SSLConfig, &out.SSLConfig + *out = make([]SSLConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnectionConfigObservation. +func (in *ClientConnectionConfigObservation) DeepCopy() *ClientConnectionConfigObservation { + if in == nil { + return nil + } + out := new(ClientConnectionConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConnectionConfigParameters) DeepCopyInto(out *ClientConnectionConfigParameters) { + *out = *in + if in.RequireConnectors != nil { + in, out := &in.RequireConnectors, &out.RequireConnectors + *out = new(bool) + **out = **in + } + if in.SSLConfig != nil { + in, out := &in.SSLConfig, &out.SSLConfig + *out = make([]SSLConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnectionConfigParameters. +func (in *ClientConnectionConfigParameters) DeepCopy() *ClientConnectionConfigParameters { + if in == nil { + return nil + } + out := new(ClientConnectionConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Cluster) DeepCopyInto(out *Cluster) { *out = *in @@ -833,6 +1067,22 @@ func (in *ClusterEncryptionInfoParameters) DeepCopy() *ClusterEncryptionInfoPara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.AutomatedBackupPolicy != nil { in, out := &in.AutomatedBackupPolicy, &out.AutomatedBackupPolicy *out = make([]AutomatedBackupPolicyInitParameters, len(*in)) @@ -840,6 +1090,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ClusterType != nil { + in, out := &in.ClusterType, &out.ClusterType + *out = new(string) + **out = **in + } if in.ContinuousBackupConfig != nil { in, out := &in.ContinuousBackupConfig, &out.ContinuousBackupConfig *out = make([]ContinuousBackupConfigInitParameters, len(*in)) @@ -847,6 +1102,16 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DatabaseVersion != nil { + in, out := &in.DatabaseVersion, &out.DatabaseVersion + *out = new(string) + **out = **in + } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -859,6 +1124,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Etag != nil { + in, out := &in.Etag, &out.Etag + *out = new(string) + **out = **in + } if in.InitialUser != nil { in, out := &in.InitialUser, &out.InitialUser *out = make([]InitialUserInitParameters, len(*in)) @@ -887,6 +1157,13 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(string) **out = **in } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = make([]NetworkConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NetworkRef != nil { in, out := &in.NetworkRef, &out.NetworkRef *out = new(v1.Reference) @@ -902,6 +1179,27 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(string) **out = **in } + if in.RestoreBackupSource != nil { + in, out := &in.RestoreBackupSource, &out.RestoreBackupSource + *out = make([]RestoreBackupSourceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RestoreContinuousBackupSource != nil { + in, out := &in.RestoreContinuousBackupSource, &out.RestoreContinuousBackupSource + *out = make([]RestoreContinuousBackupSourceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecondaryConfig != nil { + in, out := &in.SecondaryConfig, &out.SecondaryConfig + *out = make([]SecondaryConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInitParameters. @@ -949,6 +1247,22 @@ func (in *ClusterList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.AutomatedBackupPolicy != nil { in, out := &in.AutomatedBackupPolicy, &out.AutomatedBackupPolicy *out = make([]AutomatedBackupPolicyObservation, len(*in)) @@ -963,6 +1277,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ClusterType != nil { + in, out := &in.ClusterType, &out.ClusterType + *out = new(string) + **out = **in + } if in.ContinuousBackupConfig != nil { in, out := &in.ContinuousBackupConfig, &out.ContinuousBackupConfig *out = make([]ContinuousBackupConfigObservation, len(*in)) @@ -982,13 +1301,50 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) **out = **in } - if in.EncryptionConfig != nil { - in, out := &in.EncryptionConfig, &out.EncryptionConfig + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EncryptionConfig != nil { + in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = make([]ClusterEncryptionConfigObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) @@ -1001,6 +1357,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Etag != nil { + in, out := &in.Etag, &out.Etag + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1051,11 +1412,65 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = make([]NetworkConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) **out = **in } + if in.Reconciling != nil { + in, out := &in.Reconciling, &out.Reconciling + *out = new(bool) + **out = **in + } + if in.RestoreBackupSource != nil { + in, out := &in.RestoreBackupSource, &out.RestoreBackupSource + *out = make([]RestoreBackupSourceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RestoreContinuousBackupSource != nil { + in, out := &in.RestoreContinuousBackupSource, &out.RestoreContinuousBackupSource + *out = make([]RestoreContinuousBackupSourceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecondaryConfig != nil { + in, out := &in.SecondaryConfig, &out.SecondaryConfig + *out = make([]SecondaryConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -1076,6 +1491,22 @@ func (in *ClusterObservation) DeepCopy() *ClusterObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.AutomatedBackupPolicy != nil { in, out := &in.AutomatedBackupPolicy, &out.AutomatedBackupPolicy *out = make([]AutomatedBackupPolicyParameters, len(*in)) @@ -1083,6 +1514,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ClusterType != nil { + in, out := &in.ClusterType, &out.ClusterType + *out = new(string) + **out = **in + } if in.ContinuousBackupConfig != nil { in, out := &in.ContinuousBackupConfig, &out.ContinuousBackupConfig *out = make([]ContinuousBackupConfigParameters, len(*in)) @@ -1090,6 +1526,16 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DatabaseVersion != nil { + in, out := &in.DatabaseVersion, &out.DatabaseVersion + *out = new(string) + **out = **in + } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -1102,6 +1548,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Etag != nil { + in, out := &in.Etag, &out.Etag + *out = new(string) + **out = **in + } if in.InitialUser != nil { in, out := &in.InitialUser, &out.InitialUser *out = make([]InitialUserParameters, len(*in)) @@ -1135,6 +1586,13 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(string) **out = **in } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = make([]NetworkConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NetworkRef != nil { in, out := &in.NetworkRef, &out.NetworkRef *out = new(v1.Reference) @@ -1150,6 +1608,27 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(string) **out = **in } + if in.RestoreBackupSource != nil { + in, out := &in.RestoreBackupSource, &out.RestoreBackupSource + *out = make([]RestoreBackupSourceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RestoreContinuousBackupSource != nil { + in, out := &in.RestoreContinuousBackupSource, &out.RestoreContinuousBackupSource + *out = make([]RestoreContinuousBackupSourceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecondaryConfig != nil { + in, out := &in.SecondaryConfig, &out.SecondaryConfig + *out = make([]SecondaryConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters. @@ -1608,6 +2087,61 @@ func (in *EncryptionInfoParameters) DeepCopy() *EncryptionInfoParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExpiryQuantityInitParameters) DeepCopyInto(out *ExpiryQuantityInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpiryQuantityInitParameters. +func (in *ExpiryQuantityInitParameters) DeepCopy() *ExpiryQuantityInitParameters { + if in == nil { + return nil + } + out := new(ExpiryQuantityInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExpiryQuantityObservation) DeepCopyInto(out *ExpiryQuantityObservation) { + *out = *in + if in.RetentionCount != nil { + in, out := &in.RetentionCount, &out.RetentionCount + *out = new(float64) + **out = **in + } + if in.TotalRetentionCount != nil { + in, out := &in.TotalRetentionCount, &out.TotalRetentionCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpiryQuantityObservation. +func (in *ExpiryQuantityObservation) DeepCopy() *ExpiryQuantityObservation { + if in == nil { + return nil + } + out := new(ExpiryQuantityObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExpiryQuantityParameters) DeepCopyInto(out *ExpiryQuantityParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpiryQuantityParameters. +func (in *ExpiryQuantityParameters) DeepCopy() *ExpiryQuantityParameters { + if in == nil { + return nil + } + out := new(ExpiryQuantityParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InitialUserInitParameters) DeepCopyInto(out *InitialUserInitParameters) { *out = *in @@ -1720,6 +2254,13 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.ClientConnectionConfig != nil { + in, out := &in.ClientConnectionConfig, &out.ClientConnectionConfig + *out = make([]ClientConnectionConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DatabaseFlags != nil { in, out := &in.DatabaseFlags, &out.DatabaseFlags *out = make(map[string]*string, len(*in)) @@ -1751,6 +2292,16 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.InstanceTypeRef != nil { + in, out := &in.InstanceTypeRef, &out.InstanceTypeRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.InstanceTypeSelector != nil { + in, out := &in.InstanceTypeSelector, &out.InstanceTypeSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -1774,6 +2325,13 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.QueryInsightsConfig != nil { + in, out := &in.QueryInsightsConfig, &out.QueryInsightsConfig + *out = make([]QueryInsightsConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ReadPoolConfig != nil { in, out := &in.ReadPoolConfig, &out.ReadPoolConfig *out = make([]ReadPoolConfigInitParameters, len(*in)) @@ -1849,6 +2407,13 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.ClientConnectionConfig != nil { + in, out := &in.ClientConnectionConfig, &out.ClientConnectionConfig + *out = make([]ClientConnectionConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Cluster != nil { in, out := &in.Cluster, &out.Cluster *out = new(string) @@ -1880,6 +2445,38 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.GceZone != nil { in, out := &in.GceZone, &out.GceZone *out = new(string) @@ -1928,6 +2525,13 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.QueryInsightsConfig != nil { + in, out := &in.QueryInsightsConfig, &out.QueryInsightsConfig + *out = make([]QueryInsightsConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ReadPoolConfig != nil { in, out := &in.ReadPoolConfig, &out.ReadPoolConfig *out = make([]ReadPoolConfigObservation, len(*in)) @@ -1945,6 +2549,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -1991,6 +2611,13 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.ClientConnectionConfig != nil { + in, out := &in.ClientConnectionConfig, &out.ClientConnectionConfig + *out = make([]ClientConnectionConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Cluster != nil { in, out := &in.Cluster, &out.Cluster *out = new(string) @@ -2037,6 +2664,16 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.InstanceTypeRef != nil { + in, out := &in.InstanceTypeRef, &out.InstanceTypeRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.InstanceTypeSelector != nil { + in, out := &in.InstanceTypeSelector, &out.InstanceTypeSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -2060,6 +2697,13 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.QueryInsightsConfig != nil { + in, out := &in.QueryInsightsConfig, &out.QueryInsightsConfig + *out = make([]QueryInsightsConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ReadPoolConfig != nil { in, out := &in.ReadPoolConfig, &out.ReadPoolConfig *out = make([]ReadPoolConfigParameters, len(*in)) @@ -2235,30 +2879,105 @@ func (in *MigrationSourceParameters) DeepCopy() *MigrationSourceParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *QuantityBasedRetentionInitParameters) DeepCopyInto(out *QuantityBasedRetentionInitParameters) { +func (in *NetworkConfigInitParameters) DeepCopyInto(out *NetworkConfigInitParameters) { *out = *in - if in.Count != nil { - in, out := &in.Count, &out.Count - *out = new(float64) + if in.AllocatedIPRange != nil { + in, out := &in.AllocatedIPRange, &out.AllocatedIPRange + *out = new(string) + **out = **in + } + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuantityBasedRetentionInitParameters. -func (in *QuantityBasedRetentionInitParameters) DeepCopy() *QuantityBasedRetentionInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigInitParameters. +func (in *NetworkConfigInitParameters) DeepCopy() *NetworkConfigInitParameters { if in == nil { return nil } - out := new(QuantityBasedRetentionInitParameters) + out := new(NetworkConfigInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *QuantityBasedRetentionObservation) DeepCopyInto(out *QuantityBasedRetentionObservation) { +func (in *NetworkConfigObservation) DeepCopyInto(out *NetworkConfigObservation) { *out = *in - if in.Count != nil { - in, out := &in.Count, &out.Count + if in.AllocatedIPRange != nil { + in, out := &in.AllocatedIPRange, &out.AllocatedIPRange + *out = new(string) + **out = **in + } + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigObservation. +func (in *NetworkConfigObservation) DeepCopy() *NetworkConfigObservation { + if in == nil { + return nil + } + out := new(NetworkConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigParameters) DeepCopyInto(out *NetworkConfigParameters) { + *out = *in + if in.AllocatedIPRange != nil { + in, out := &in.AllocatedIPRange, &out.AllocatedIPRange + *out = new(string) + **out = **in + } + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigParameters. +func (in *NetworkConfigParameters) DeepCopy() *NetworkConfigParameters { + if in == nil { + return nil + } + out := new(NetworkConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuantityBasedRetentionInitParameters) DeepCopyInto(out *QuantityBasedRetentionInitParameters) { + *out = *in + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuantityBasedRetentionInitParameters. +func (in *QuantityBasedRetentionInitParameters) DeepCopy() *QuantityBasedRetentionInitParameters { + if in == nil { + return nil + } + out := new(QuantityBasedRetentionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuantityBasedRetentionObservation) DeepCopyInto(out *QuantityBasedRetentionObservation) { + *out = *in + if in.Count != nil { + in, out := &in.Count, &out.Count *out = new(float64) **out = **in } @@ -2294,6 +3013,111 @@ func (in *QuantityBasedRetentionParameters) DeepCopy() *QuantityBasedRetentionPa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueryInsightsConfigInitParameters) DeepCopyInto(out *QueryInsightsConfigInitParameters) { + *out = *in + if in.QueryPlansPerMinute != nil { + in, out := &in.QueryPlansPerMinute, &out.QueryPlansPerMinute + *out = new(float64) + **out = **in + } + if in.QueryStringLength != nil { + in, out := &in.QueryStringLength, &out.QueryStringLength + *out = new(float64) + **out = **in + } + if in.RecordApplicationTags != nil { + in, out := &in.RecordApplicationTags, &out.RecordApplicationTags + *out = new(bool) + **out = **in + } + if in.RecordClientAddress != nil { + in, out := &in.RecordClientAddress, &out.RecordClientAddress + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryInsightsConfigInitParameters. +func (in *QueryInsightsConfigInitParameters) DeepCopy() *QueryInsightsConfigInitParameters { + if in == nil { + return nil + } + out := new(QueryInsightsConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueryInsightsConfigObservation) DeepCopyInto(out *QueryInsightsConfigObservation) { + *out = *in + if in.QueryPlansPerMinute != nil { + in, out := &in.QueryPlansPerMinute, &out.QueryPlansPerMinute + *out = new(float64) + **out = **in + } + if in.QueryStringLength != nil { + in, out := &in.QueryStringLength, &out.QueryStringLength + *out = new(float64) + **out = **in + } + if in.RecordApplicationTags != nil { + in, out := &in.RecordApplicationTags, &out.RecordApplicationTags + *out = new(bool) + **out = **in + } + if in.RecordClientAddress != nil { + in, out := &in.RecordClientAddress, &out.RecordClientAddress + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryInsightsConfigObservation. +func (in *QueryInsightsConfigObservation) DeepCopy() *QueryInsightsConfigObservation { + if in == nil { + return nil + } + out := new(QueryInsightsConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueryInsightsConfigParameters) DeepCopyInto(out *QueryInsightsConfigParameters) { + *out = *in + if in.QueryPlansPerMinute != nil { + in, out := &in.QueryPlansPerMinute, &out.QueryPlansPerMinute + *out = new(float64) + **out = **in + } + if in.QueryStringLength != nil { + in, out := &in.QueryStringLength, &out.QueryStringLength + *out = new(float64) + **out = **in + } + if in.RecordApplicationTags != nil { + in, out := &in.RecordApplicationTags, &out.RecordApplicationTags + *out = new(bool) + **out = **in + } + if in.RecordClientAddress != nil { + in, out := &in.RecordClientAddress, &out.RecordClientAddress + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryInsightsConfigParameters. +func (in *QueryInsightsConfigParameters) DeepCopy() *QueryInsightsConfigParameters { + if in == nil { + return nil + } + out := new(QueryInsightsConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReadPoolConfigInitParameters) DeepCopyInto(out *ReadPoolConfigInitParameters) { *out = *in @@ -2354,6 +3178,321 @@ func (in *ReadPoolConfigParameters) DeepCopy() *ReadPoolConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreBackupSourceInitParameters) DeepCopyInto(out *RestoreBackupSourceInitParameters) { + *out = *in + if in.BackupName != nil { + in, out := &in.BackupName, &out.BackupName + *out = new(string) + **out = **in + } + if in.BackupNameRef != nil { + in, out := &in.BackupNameRef, &out.BackupNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BackupNameSelector != nil { + in, out := &in.BackupNameSelector, &out.BackupNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreBackupSourceInitParameters. +func (in *RestoreBackupSourceInitParameters) DeepCopy() *RestoreBackupSourceInitParameters { + if in == nil { + return nil + } + out := new(RestoreBackupSourceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreBackupSourceObservation) DeepCopyInto(out *RestoreBackupSourceObservation) { + *out = *in + if in.BackupName != nil { + in, out := &in.BackupName, &out.BackupName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreBackupSourceObservation. +func (in *RestoreBackupSourceObservation) DeepCopy() *RestoreBackupSourceObservation { + if in == nil { + return nil + } + out := new(RestoreBackupSourceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreBackupSourceParameters) DeepCopyInto(out *RestoreBackupSourceParameters) { + *out = *in + if in.BackupName != nil { + in, out := &in.BackupName, &out.BackupName + *out = new(string) + **out = **in + } + if in.BackupNameRef != nil { + in, out := &in.BackupNameRef, &out.BackupNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BackupNameSelector != nil { + in, out := &in.BackupNameSelector, &out.BackupNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreBackupSourceParameters. +func (in *RestoreBackupSourceParameters) DeepCopy() *RestoreBackupSourceParameters { + if in == nil { + return nil + } + out := new(RestoreBackupSourceParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreContinuousBackupSourceInitParameters) DeepCopyInto(out *RestoreContinuousBackupSourceInitParameters) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } + if in.ClusterRef != nil { + in, out := &in.ClusterRef, &out.ClusterRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterSelector != nil { + in, out := &in.ClusterSelector, &out.ClusterSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PointInTime != nil { + in, out := &in.PointInTime, &out.PointInTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreContinuousBackupSourceInitParameters. +func (in *RestoreContinuousBackupSourceInitParameters) DeepCopy() *RestoreContinuousBackupSourceInitParameters { + if in == nil { + return nil + } + out := new(RestoreContinuousBackupSourceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreContinuousBackupSourceObservation) DeepCopyInto(out *RestoreContinuousBackupSourceObservation) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } + if in.PointInTime != nil { + in, out := &in.PointInTime, &out.PointInTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreContinuousBackupSourceObservation. +func (in *RestoreContinuousBackupSourceObservation) DeepCopy() *RestoreContinuousBackupSourceObservation { + if in == nil { + return nil + } + out := new(RestoreContinuousBackupSourceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreContinuousBackupSourceParameters) DeepCopyInto(out *RestoreContinuousBackupSourceParameters) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } + if in.ClusterRef != nil { + in, out := &in.ClusterRef, &out.ClusterRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterSelector != nil { + in, out := &in.ClusterSelector, &out.ClusterSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PointInTime != nil { + in, out := &in.PointInTime, &out.PointInTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreContinuousBackupSourceParameters. +func (in *RestoreContinuousBackupSourceParameters) DeepCopy() *RestoreContinuousBackupSourceParameters { + if in == nil { + return nil + } + out := new(RestoreContinuousBackupSourceParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSLConfigInitParameters) DeepCopyInto(out *SSLConfigInitParameters) { + *out = *in + if in.SSLMode != nil { + in, out := &in.SSLMode, &out.SSLMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLConfigInitParameters. +func (in *SSLConfigInitParameters) DeepCopy() *SSLConfigInitParameters { + if in == nil { + return nil + } + out := new(SSLConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSLConfigObservation) DeepCopyInto(out *SSLConfigObservation) { + *out = *in + if in.SSLMode != nil { + in, out := &in.SSLMode, &out.SSLMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLConfigObservation. +func (in *SSLConfigObservation) DeepCopy() *SSLConfigObservation { + if in == nil { + return nil + } + out := new(SSLConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSLConfigParameters) DeepCopyInto(out *SSLConfigParameters) { + *out = *in + if in.SSLMode != nil { + in, out := &in.SSLMode, &out.SSLMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLConfigParameters. +func (in *SSLConfigParameters) DeepCopy() *SSLConfigParameters { + if in == nil { + return nil + } + out := new(SSLConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryConfigInitParameters) DeepCopyInto(out *SecondaryConfigInitParameters) { + *out = *in + if in.PrimaryClusterName != nil { + in, out := &in.PrimaryClusterName, &out.PrimaryClusterName + *out = new(string) + **out = **in + } + if in.PrimaryClusterNameRef != nil { + in, out := &in.PrimaryClusterNameRef, &out.PrimaryClusterNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrimaryClusterNameSelector != nil { + in, out := &in.PrimaryClusterNameSelector, &out.PrimaryClusterNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryConfigInitParameters. +func (in *SecondaryConfigInitParameters) DeepCopy() *SecondaryConfigInitParameters { + if in == nil { + return nil + } + out := new(SecondaryConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryConfigObservation) DeepCopyInto(out *SecondaryConfigObservation) { + *out = *in + if in.PrimaryClusterName != nil { + in, out := &in.PrimaryClusterName, &out.PrimaryClusterName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryConfigObservation. +func (in *SecondaryConfigObservation) DeepCopy() *SecondaryConfigObservation { + if in == nil { + return nil + } + out := new(SecondaryConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryConfigParameters) DeepCopyInto(out *SecondaryConfigParameters) { + *out = *in + if in.PrimaryClusterName != nil { + in, out := &in.PrimaryClusterName, &out.PrimaryClusterName + *out = new(string) + **out = **in + } + if in.PrimaryClusterNameRef != nil { + in, out := &in.PrimaryClusterNameRef, &out.PrimaryClusterNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrimaryClusterNameSelector != nil { + in, out := &in.PrimaryClusterNameSelector, &out.PrimaryClusterNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryConfigParameters. +func (in *SecondaryConfigParameters) DeepCopy() *SecondaryConfigParameters { + if in == nil { + return nil + } + out := new(SecondaryConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StartTimesInitParameters) DeepCopyInto(out *StartTimesInitParameters) { *out = *in diff --git a/apis/alloydb/v1beta1/zz_generated.resolvers.go b/apis/alloydb/v1beta1/zz_generated.resolvers.go index 5ccc4a93f..533d11f35 100644 --- a/apis/alloydb/v1beta1/zz_generated.resolvers.go +++ b/apis/alloydb/v1beta1/zz_generated.resolvers.go @@ -107,12 +107,75 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error } mg.Spec.ForProvider.Network = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.NetworkRef = rsp.ResolvedReference + + for i3 := 0; i3 < len(mg.Spec.ForProvider.RestoreBackupSource); i3++ { + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Backup", "BackupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RestoreBackupSource[i3].BackupName), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.RestoreBackupSource[i3].BackupNameRef, + Selector: mg.Spec.ForProvider.RestoreBackupSource[i3].BackupNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RestoreBackupSource[i3].BackupName") + } + mg.Spec.ForProvider.RestoreBackupSource[i3].BackupName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RestoreBackupSource[i3].BackupNameRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.RestoreContinuousBackupSource); i3++ { + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RestoreContinuousBackupSource[i3].Cluster), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.RestoreContinuousBackupSource[i3].ClusterRef, + Selector: mg.Spec.ForProvider.RestoreContinuousBackupSource[i3].ClusterSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RestoreContinuousBackupSource[i3].Cluster") + } + mg.Spec.ForProvider.RestoreContinuousBackupSource[i3].Cluster = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RestoreContinuousBackupSource[i3].ClusterRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.SecondaryConfig); i3++ { + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SecondaryConfig[i3].PrimaryClusterName), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.SecondaryConfig[i3].PrimaryClusterNameRef, + Selector: mg.Spec.ForProvider.SecondaryConfig[i3].PrimaryClusterNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SecondaryConfig[i3].PrimaryClusterName") + } + mg.Spec.ForProvider.SecondaryConfig[i3].PrimaryClusterName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SecondaryConfig[i3].PrimaryClusterNameRef = rsp.ResolvedReference + + } { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Network), Extract: resource.ExtractResourceID(), @@ -127,6 +190,70 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.InitProvider.Network = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.NetworkRef = rsp.ResolvedReference + for i3 := 0; i3 < len(mg.Spec.InitProvider.RestoreBackupSource); i3++ { + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Backup", "BackupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RestoreBackupSource[i3].BackupName), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.InitProvider.RestoreBackupSource[i3].BackupNameRef, + Selector: mg.Spec.InitProvider.RestoreBackupSource[i3].BackupNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RestoreBackupSource[i3].BackupName") + } + mg.Spec.InitProvider.RestoreBackupSource[i3].BackupName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RestoreBackupSource[i3].BackupNameRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.RestoreContinuousBackupSource); i3++ { + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RestoreContinuousBackupSource[i3].Cluster), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.InitProvider.RestoreContinuousBackupSource[i3].ClusterRef, + Selector: mg.Spec.InitProvider.RestoreContinuousBackupSource[i3].ClusterSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RestoreContinuousBackupSource[i3].Cluster") + } + mg.Spec.InitProvider.RestoreContinuousBackupSource[i3].Cluster = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RestoreContinuousBackupSource[i3].ClusterRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.SecondaryConfig); i3++ { + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SecondaryConfig[i3].PrimaryClusterName), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.InitProvider.SecondaryConfig[i3].PrimaryClusterNameRef, + Selector: mg.Spec.InitProvider.SecondaryConfig[i3].PrimaryClusterNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SecondaryConfig[i3].PrimaryClusterName") + } + mg.Spec.InitProvider.SecondaryConfig[i3].PrimaryClusterName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SecondaryConfig[i3].PrimaryClusterNameRef = rsp.ResolvedReference + + } + return nil } @@ -157,6 +284,44 @@ func (mg *Instance) ResolveReferences(ctx context.Context, c client.Reader) erro } mg.Spec.ForProvider.Cluster = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ClusterRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.InstanceType), + Extract: resource.ExtractParamPath("cluster_type", false), + Reference: mg.Spec.ForProvider.InstanceTypeRef, + Selector: mg.Spec.ForProvider.InstanceTypeSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.InstanceType") + } + mg.Spec.ForProvider.InstanceType = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.InstanceTypeRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("alloydb.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.InstanceType), + Extract: resource.ExtractParamPath("cluster_type", false), + Reference: mg.Spec.InitProvider.InstanceTypeRef, + Selector: mg.Spec.InitProvider.InstanceTypeSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.InstanceType") + } + mg.Spec.InitProvider.InstanceType = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.InstanceTypeRef = rsp.ResolvedReference return nil } diff --git a/apis/alloydb/v1beta1/zz_instance_types.go b/apis/alloydb/v1beta1/zz_instance_types.go index e82dbfd69..bd31db608 100755 --- a/apis/alloydb/v1beta1/zz_instance_types.go +++ b/apis/alloydb/v1beta1/zz_instance_types.go @@ -29,9 +29,43 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type ClientConnectionConfigInitParameters struct { + + // Configuration to enforce connectors only (ex: AuthProxy) connections to the database. + RequireConnectors *bool `json:"requireConnectors,omitempty" tf:"require_connectors,omitempty"` + + // SSL config option for this instance. + // Structure is documented below. + SSLConfig []SSLConfigInitParameters `json:"sslConfig,omitempty" tf:"ssl_config,omitempty"` +} + +type ClientConnectionConfigObservation struct { + + // Configuration to enforce connectors only (ex: AuthProxy) connections to the database. + RequireConnectors *bool `json:"requireConnectors,omitempty" tf:"require_connectors,omitempty"` + + // SSL config option for this instance. + // Structure is documented below. + SSLConfig []SSLConfigObservation `json:"sslConfig,omitempty" tf:"ssl_config,omitempty"` +} + +type ClientConnectionConfigParameters struct { + + // Configuration to enforce connectors only (ex: AuthProxy) connections to the database. + // +kubebuilder:validation:Optional + RequireConnectors *bool `json:"requireConnectors,omitempty" tf:"require_connectors,omitempty"` + + // SSL config option for this instance. + // Structure is documented below. + // +kubebuilder:validation:Optional + SSLConfig []SSLConfigParameters `json:"sslConfig,omitempty" tf:"ssl_config,omitempty"` +} + type InstanceInitParameters struct { // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + // Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + // Please refer to the field effective_annotations for all of the annotations present on the resource. // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -44,6 +78,10 @@ type InstanceInitParameters struct { // Possible values are: AVAILABILITY_TYPE_UNSPECIFIED, ZONAL, REGIONAL. AvailabilityType *string `json:"availabilityType,omitempty" tf:"availability_type,omitempty"` + // Client connection specific configurations. + // Structure is documented below. + ClientConnectionConfig []ClientConnectionConfigInitParameters `json:"clientConnectionConfig,omitempty" tf:"client_connection_config,omitempty"` + // Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary. // +mapType=granular DatabaseFlags map[string]*string `json:"databaseFlags,omitempty" tf:"database_flags,omitempty"` @@ -54,11 +92,27 @@ type InstanceInitParameters struct { // The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity. GceZone *string `json:"gceZone,omitempty" tf:"gce_zone,omitempty"` - // The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - // Possible values are: PRIMARY, READ_POOL. + // The type of the instance. + // If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + // If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + // Example: {instance_type = google_alloydb_cluster.. + // Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + // Possible values are: PRIMARY, READ_POOL, SECONDARY. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("cluster_type",false) InstanceType *string `json:"instanceType,omitempty" tf:"instance_type,omitempty"` + // Reference to a Cluster in alloydb to populate instanceType. + // +kubebuilder:validation:Optional + InstanceTypeRef *v1.Reference `json:"instanceTypeRef,omitempty" tf:"-"` + + // Selector for a Cluster in alloydb to populate instanceType. + // +kubebuilder:validation:Optional + InstanceTypeSelector *v1.Selector `json:"instanceTypeSelector,omitempty" tf:"-"` + // User-defined labels for the alloydb instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -66,7 +120,11 @@ type InstanceInitParameters struct { // Structure is documented below. MachineConfig []MachineConfigInitParameters `json:"machineConfig,omitempty" tf:"machine_config,omitempty"` - // Read pool specific config. + // Configuration for query insights. + // Structure is documented below. + QueryInsightsConfig []QueryInsightsConfigInitParameters `json:"queryInsightsConfig,omitempty" tf:"query_insights_config,omitempty"` + + // Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. // Structure is documented below. ReadPoolConfig []ReadPoolConfigInitParameters `json:"readPoolConfig,omitempty" tf:"read_pool_config,omitempty"` } @@ -74,6 +132,8 @@ type InstanceInitParameters struct { type InstanceObservation struct { // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + // Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + // Please refer to the field effective_annotations for all of the annotations present on the resource. // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -86,6 +146,10 @@ type InstanceObservation struct { // Possible values are: AVAILABILITY_TYPE_UNSPECIFIED, ZONAL, REGIONAL. AvailabilityType *string `json:"availabilityType,omitempty" tf:"availability_type,omitempty"` + // Client connection specific configurations. + // Structure is documented below. + ClientConnectionConfig []ClientConnectionConfigObservation `json:"clientConnectionConfig,omitempty" tf:"client_connection_config,omitempty"` + // Identifies the alloydb cluster. Must be in the format // 'projects/{project}/locations/{location}/clusters/{cluster_id}' Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` @@ -100,6 +164,12 @@ type InstanceObservation struct { // User-settable and human-readable display name for the Instance. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity. GceZone *string `json:"gceZone,omitempty" tf:"gce_zone,omitempty"` @@ -109,11 +179,17 @@ type InstanceObservation struct { // The IP address for the Instance. This is the connection endpoint for an end-user application. IPAddress *string `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` - // The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - // Possible values are: PRIMARY, READ_POOL. + // The type of the instance. + // If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + // If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + // Example: {instance_type = google_alloydb_cluster.. + // Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + // Possible values are: PRIMARY, READ_POOL, SECONDARY. InstanceType *string `json:"instanceType,omitempty" tf:"instance_type,omitempty"` // User-defined labels for the alloydb instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -124,7 +200,11 @@ type InstanceObservation struct { // The name of the instance resource. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // Read pool specific config. + // Configuration for query insights. + // Structure is documented below. + QueryInsightsConfig []QueryInsightsConfigObservation `json:"queryInsightsConfig,omitempty" tf:"query_insights_config,omitempty"` + + // Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. // Structure is documented below. ReadPoolConfig []ReadPoolConfigObservation `json:"readPoolConfig,omitempty" tf:"read_pool_config,omitempty"` @@ -134,6 +214,11 @@ type InstanceObservation struct { // The current state of the alloydb instance. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The system-generated UID of the resource. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` @@ -144,6 +229,8 @@ type InstanceObservation struct { type InstanceParameters struct { // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + // Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + // Please refer to the field effective_annotations for all of the annotations present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -158,6 +245,11 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional AvailabilityType *string `json:"availabilityType,omitempty" tf:"availability_type,omitempty"` + // Client connection specific configurations. + // Structure is documented below. + // +kubebuilder:validation:Optional + ClientConnectionConfig []ClientConnectionConfigParameters `json:"clientConnectionConfig,omitempty" tf:"client_connection_config,omitempty"` + // Identifies the alloydb cluster. Must be in the format // 'projects/{project}/locations/{location}/clusters/{cluster_id}' // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster @@ -186,12 +278,28 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional GceZone *string `json:"gceZone,omitempty" tf:"gce_zone,omitempty"` - // The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - // Possible values are: PRIMARY, READ_POOL. + // The type of the instance. + // If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + // If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + // Example: {instance_type = google_alloydb_cluster.. + // Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + // Possible values are: PRIMARY, READ_POOL, SECONDARY. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/alloydb/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("cluster_type",false) // +kubebuilder:validation:Optional InstanceType *string `json:"instanceType,omitempty" tf:"instance_type,omitempty"` + // Reference to a Cluster in alloydb to populate instanceType. + // +kubebuilder:validation:Optional + InstanceTypeRef *v1.Reference `json:"instanceTypeRef,omitempty" tf:"-"` + + // Selector for a Cluster in alloydb to populate instanceType. + // +kubebuilder:validation:Optional + InstanceTypeSelector *v1.Selector `json:"instanceTypeSelector,omitempty" tf:"-"` + // User-defined labels for the alloydb instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -201,7 +309,12 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional MachineConfig []MachineConfigParameters `json:"machineConfig,omitempty" tf:"machine_config,omitempty"` - // Read pool specific config. + // Configuration for query insights. + // Structure is documented below. + // +kubebuilder:validation:Optional + QueryInsightsConfig []QueryInsightsConfigParameters `json:"queryInsightsConfig,omitempty" tf:"query_insights_config,omitempty"` + + // Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. // Structure is documented below. // +kubebuilder:validation:Optional ReadPoolConfig []ReadPoolConfigParameters `json:"readPoolConfig,omitempty" tf:"read_pool_config,omitempty"` @@ -226,6 +339,55 @@ type MachineConfigParameters struct { CPUCount *float64 `json:"cpuCount,omitempty" tf:"cpu_count,omitempty"` } +type QueryInsightsConfigInitParameters struct { + + // Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid. + QueryPlansPerMinute *float64 `json:"queryPlansPerMinute,omitempty" tf:"query_plans_per_minute,omitempty"` + + // Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid. + QueryStringLength *float64 `json:"queryStringLength,omitempty" tf:"query_string_length,omitempty"` + + // Record application tags for an instance. This flag is turned "on" by default. + RecordApplicationTags *bool `json:"recordApplicationTags,omitempty" tf:"record_application_tags,omitempty"` + + // Record client address for an instance. Client address is PII information. This flag is turned "on" by default. + RecordClientAddress *bool `json:"recordClientAddress,omitempty" tf:"record_client_address,omitempty"` +} + +type QueryInsightsConfigObservation struct { + + // Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid. + QueryPlansPerMinute *float64 `json:"queryPlansPerMinute,omitempty" tf:"query_plans_per_minute,omitempty"` + + // Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid. + QueryStringLength *float64 `json:"queryStringLength,omitempty" tf:"query_string_length,omitempty"` + + // Record application tags for an instance. This flag is turned "on" by default. + RecordApplicationTags *bool `json:"recordApplicationTags,omitempty" tf:"record_application_tags,omitempty"` + + // Record client address for an instance. Client address is PII information. This flag is turned "on" by default. + RecordClientAddress *bool `json:"recordClientAddress,omitempty" tf:"record_client_address,omitempty"` +} + +type QueryInsightsConfigParameters struct { + + // Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid. + // +kubebuilder:validation:Optional + QueryPlansPerMinute *float64 `json:"queryPlansPerMinute,omitempty" tf:"query_plans_per_minute,omitempty"` + + // Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid. + // +kubebuilder:validation:Optional + QueryStringLength *float64 `json:"queryStringLength,omitempty" tf:"query_string_length,omitempty"` + + // Record application tags for an instance. This flag is turned "on" by default. + // +kubebuilder:validation:Optional + RecordApplicationTags *bool `json:"recordApplicationTags,omitempty" tf:"record_application_tags,omitempty"` + + // Record client address for an instance. Client address is PII information. This flag is turned "on" by default. + // +kubebuilder:validation:Optional + RecordClientAddress *bool `json:"recordClientAddress,omitempty" tf:"record_client_address,omitempty"` +} + type ReadPoolConfigInitParameters struct { // Read capacity, i.e. number of nodes in a read pool instance. @@ -245,6 +407,28 @@ type ReadPoolConfigParameters struct { NodeCount *float64 `json:"nodeCount,omitempty" tf:"node_count,omitempty"` } +type SSLConfigInitParameters struct { + + // SSL mode. Specifies client-server SSL/TLS connection behavior. + // Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. + SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` +} + +type SSLConfigObservation struct { + + // SSL mode. Specifies client-server SSL/TLS connection behavior. + // Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. + SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` +} + +type SSLConfigParameters struct { + + // SSL mode. Specifies client-server SSL/TLS connection behavior. + // Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. + // +kubebuilder:validation:Optional + SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` +} + // InstanceSpec defines the desired state of Instance type InstanceSpec struct { v1.ResourceSpec `json:",inline"` @@ -281,9 +465,8 @@ type InstanceStatus struct { type Instance struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.instanceType) || (has(self.initProvider) && has(self.initProvider.instanceType))",message="spec.forProvider.instanceType is a required parameter" - Spec InstanceSpec `json:"spec"` - Status InstanceStatus `json:"status,omitempty"` + Spec InstanceSpec `json:"spec"` + Status InstanceStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/apigee/v1beta1/zz_environment_types.go b/apis/apigee/v1beta1/zz_environment_types.go index f474181c7..a88ad90ec 100755 --- a/apis/apigee/v1beta1/zz_environment_types.go +++ b/apis/apigee/v1beta1/zz_environment_types.go @@ -55,6 +55,13 @@ type EnvironmentInitParameters struct { // NodeConfig for setting the min/max number of nodes associated with the environment. // Structure is documented below. NodeConfig []NodeConfigInitParameters `json:"nodeConfig,omitempty" tf:"node_config,omitempty"` + + // Types that can be selected for an Environment. Each of the types are + // limited by capability and capacity. Refer to Apigee's public documentation + // to understand about each of these types in details. + // An Apigee org can support heterogeneous Environments. + // Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type EnvironmentObservation struct { @@ -90,6 +97,13 @@ type EnvironmentObservation struct { // The Apigee Organization associated with the Apigee environment, // in the format organizations/{{org_name}}. OrgID *string `json:"orgId,omitempty" tf:"org_id,omitempty"` + + // Types that can be selected for an Environment. Each of the types are + // limited by capability and capacity. Refer to Apigee's public documentation + // to understand about each of these types in details. + // An Apigee org can support heterogeneous Environments. + // Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type EnvironmentParameters struct { @@ -138,6 +152,14 @@ type EnvironmentParameters struct { // Selector for a Organization in apigee to populate orgId. // +kubebuilder:validation:Optional OrgIDSelector *v1.Selector `json:"orgIdSelector,omitempty" tf:"-"` + + // Types that can be selected for an Environment. Each of the types are + // limited by capability and capacity. Refer to Apigee's public documentation + // to understand about each of these types in details. + // An Apigee org can support heterogeneous Environments. + // Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type NodeConfigInitParameters struct { diff --git a/apis/apigee/v1beta1/zz_generated.deepcopy.go b/apis/apigee/v1beta1/zz_generated.deepcopy.go index 895307173..7601b3b10 100644 --- a/apis/apigee/v1beta1/zz_generated.deepcopy.go +++ b/apis/apigee/v1beta1/zz_generated.deepcopy.go @@ -599,6 +599,11 @@ func (in *EnvironmentInitParameters) DeepCopyInto(out *EnvironmentInitParameters (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentInitParameters. @@ -683,6 +688,11 @@ func (in *EnvironmentObservation) DeepCopyInto(out *EnvironmentObservation) { *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentObservation. @@ -740,6 +750,11 @@ func (in *EnvironmentParameters) DeepCopyInto(out *EnvironmentParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentParameters. diff --git a/apis/artifact/v1beta1/zz_generated.deepcopy.go b/apis/artifact/v1beta1/zz_generated.deepcopy.go index 2da81fc2a..17b38957c 100644 --- a/apis/artifact/v1beta1/zz_generated.deepcopy.go +++ b/apis/artifact/v1beta1/zz_generated.deepcopy.go @@ -25,24 +25,240 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AptRepositoryInitParameters) DeepCopyInto(out *AptRepositoryInitParameters) { + *out = *in + if in.PublicRepository != nil { + in, out := &in.PublicRepository, &out.PublicRepository + *out = make([]PublicRepositoryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AptRepositoryInitParameters. +func (in *AptRepositoryInitParameters) DeepCopy() *AptRepositoryInitParameters { + if in == nil { + return nil + } + out := new(AptRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AptRepositoryObservation) DeepCopyInto(out *AptRepositoryObservation) { + *out = *in + if in.PublicRepository != nil { + in, out := &in.PublicRepository, &out.PublicRepository + *out = make([]PublicRepositoryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AptRepositoryObservation. +func (in *AptRepositoryObservation) DeepCopy() *AptRepositoryObservation { + if in == nil { + return nil + } + out := new(AptRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AptRepositoryParameters) DeepCopyInto(out *AptRepositoryParameters) { + *out = *in + if in.PublicRepository != nil { + in, out := &in.PublicRepository, &out.PublicRepository + *out = make([]PublicRepositoryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AptRepositoryParameters. +func (in *AptRepositoryParameters) DeepCopy() *AptRepositoryParameters { + if in == nil { + return nil + } + out := new(AptRepositoryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CleanupPoliciesInitParameters) DeepCopyInto(out *CleanupPoliciesInitParameters) { + *out = *in + if in.Action != nil { + in, out := &in.Action, &out.Action + *out = new(string) + **out = **in + } + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = make([]ConditionInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.MostRecentVersions != nil { + in, out := &in.MostRecentVersions, &out.MostRecentVersions + *out = make([]MostRecentVersionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPoliciesInitParameters. +func (in *CleanupPoliciesInitParameters) DeepCopy() *CleanupPoliciesInitParameters { + if in == nil { + return nil + } + out := new(CleanupPoliciesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CleanupPoliciesObservation) DeepCopyInto(out *CleanupPoliciesObservation) { + *out = *in + if in.Action != nil { + in, out := &in.Action, &out.Action + *out = new(string) + **out = **in + } + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = make([]ConditionObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.MostRecentVersions != nil { + in, out := &in.MostRecentVersions, &out.MostRecentVersions + *out = make([]MostRecentVersionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPoliciesObservation. +func (in *CleanupPoliciesObservation) DeepCopy() *CleanupPoliciesObservation { + if in == nil { + return nil + } + out := new(CleanupPoliciesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CleanupPoliciesParameters) DeepCopyInto(out *CleanupPoliciesParameters) { + *out = *in + if in.Action != nil { + in, out := &in.Action, &out.Action + *out = new(string) + **out = **in + } + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = make([]ConditionParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.MostRecentVersions != nil { + in, out := &in.MostRecentVersions, &out.MostRecentVersions + *out = make([]MostRecentVersionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPoliciesParameters. +func (in *CleanupPoliciesParameters) DeepCopy() *CleanupPoliciesParameters { + if in == nil { + return nil + } + out := new(CleanupPoliciesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.NewerThan != nil { + in, out := &in.NewerThan, &out.NewerThan *out = new(string) **out = **in } - if in.Expression != nil { - in, out := &in.Expression, &out.Expression + if in.OlderThan != nil { + in, out := &in.OlderThan, &out.OlderThan *out = new(string) **out = **in } - if in.Title != nil { - in, out := &in.Title, &out.Title + if in.PackageNamePrefixes != nil { + in, out := &in.PackageNamePrefixes, &out.PackageNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TagPrefixes != nil { + in, out := &in.TagPrefixes, &out.TagPrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TagState != nil { + in, out := &in.TagState, &out.TagState *out = new(string) **out = **in } + if in.VersionNamePrefixes != nil { + in, out := &in.VersionNamePrefixes, &out.VersionNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionInitParameters. @@ -58,21 +274,54 @@ func (in *ConditionInitParameters) DeepCopy() *ConditionInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionObservation) DeepCopyInto(out *ConditionObservation) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.NewerThan != nil { + in, out := &in.NewerThan, &out.NewerThan *out = new(string) **out = **in } - if in.Expression != nil { - in, out := &in.Expression, &out.Expression + if in.OlderThan != nil { + in, out := &in.OlderThan, &out.OlderThan *out = new(string) **out = **in } - if in.Title != nil { - in, out := &in.Title, &out.Title + if in.PackageNamePrefixes != nil { + in, out := &in.PackageNamePrefixes, &out.PackageNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TagPrefixes != nil { + in, out := &in.TagPrefixes, &out.TagPrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TagState != nil { + in, out := &in.TagState, &out.TagState *out = new(string) **out = **in } + if in.VersionNamePrefixes != nil { + in, out := &in.VersionNamePrefixes, &out.VersionNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionObservation. @@ -88,21 +337,54 @@ func (in *ConditionObservation) DeepCopy() *ConditionObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionParameters) DeepCopyInto(out *ConditionParameters) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.NewerThan != nil { + in, out := &in.NewerThan, &out.NewerThan *out = new(string) **out = **in } - if in.Expression != nil { - in, out := &in.Expression, &out.Expression + if in.OlderThan != nil { + in, out := &in.OlderThan, &out.OlderThan *out = new(string) **out = **in } - if in.Title != nil { - in, out := &in.Title, &out.Title + if in.PackageNamePrefixes != nil { + in, out := &in.PackageNamePrefixes, &out.PackageNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TagPrefixes != nil { + in, out := &in.TagPrefixes, &out.TagPrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TagState != nil { + in, out := &in.TagState, &out.TagState *out = new(string) **out = **in } + if in.VersionNamePrefixes != nil { + in, out := &in.VersionNamePrefixes, &out.VersionNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionParameters. @@ -370,6 +652,99 @@ func (in *MavenRepositoryParameters) DeepCopy() *MavenRepositoryParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MostRecentVersionsInitParameters) DeepCopyInto(out *MostRecentVersionsInitParameters) { + *out = *in + if in.KeepCount != nil { + in, out := &in.KeepCount, &out.KeepCount + *out = new(float64) + **out = **in + } + if in.PackageNamePrefixes != nil { + in, out := &in.PackageNamePrefixes, &out.PackageNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MostRecentVersionsInitParameters. +func (in *MostRecentVersionsInitParameters) DeepCopy() *MostRecentVersionsInitParameters { + if in == nil { + return nil + } + out := new(MostRecentVersionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MostRecentVersionsObservation) DeepCopyInto(out *MostRecentVersionsObservation) { + *out = *in + if in.KeepCount != nil { + in, out := &in.KeepCount, &out.KeepCount + *out = new(float64) + **out = **in + } + if in.PackageNamePrefixes != nil { + in, out := &in.PackageNamePrefixes, &out.PackageNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MostRecentVersionsObservation. +func (in *MostRecentVersionsObservation) DeepCopy() *MostRecentVersionsObservation { + if in == nil { + return nil + } + out := new(MostRecentVersionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MostRecentVersionsParameters) DeepCopyInto(out *MostRecentVersionsParameters) { + *out = *in + if in.KeepCount != nil { + in, out := &in.KeepCount, &out.KeepCount + *out = new(float64) + **out = **in + } + if in.PackageNamePrefixes != nil { + in, out := &in.PackageNamePrefixes, &out.PackageNamePrefixes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MostRecentVersionsParameters. +func (in *MostRecentVersionsParameters) DeepCopy() *MostRecentVersionsParameters { + if in == nil { + return nil + } + out := new(MostRecentVersionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NpmRepositoryInitParameters) DeepCopyInto(out *NpmRepositoryInitParameters) { *out = *in @@ -430,6 +805,81 @@ func (in *NpmRepositoryParameters) DeepCopy() *NpmRepositoryParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PublicRepositoryInitParameters) DeepCopyInto(out *PublicRepositoryInitParameters) { + *out = *in + if in.RepositoryBase != nil { + in, out := &in.RepositoryBase, &out.RepositoryBase + *out = new(string) + **out = **in + } + if in.RepositoryPath != nil { + in, out := &in.RepositoryPath, &out.RepositoryPath + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicRepositoryInitParameters. +func (in *PublicRepositoryInitParameters) DeepCopy() *PublicRepositoryInitParameters { + if in == nil { + return nil + } + out := new(PublicRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PublicRepositoryObservation) DeepCopyInto(out *PublicRepositoryObservation) { + *out = *in + if in.RepositoryBase != nil { + in, out := &in.RepositoryBase, &out.RepositoryBase + *out = new(string) + **out = **in + } + if in.RepositoryPath != nil { + in, out := &in.RepositoryPath, &out.RepositoryPath + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicRepositoryObservation. +func (in *PublicRepositoryObservation) DeepCopy() *PublicRepositoryObservation { + if in == nil { + return nil + } + out := new(PublicRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PublicRepositoryParameters) DeepCopyInto(out *PublicRepositoryParameters) { + *out = *in + if in.RepositoryBase != nil { + in, out := &in.RepositoryBase, &out.RepositoryBase + *out = new(string) + **out = **in + } + if in.RepositoryPath != nil { + in, out := &in.RepositoryPath, &out.RepositoryPath + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicRepositoryParameters. +func (in *PublicRepositoryParameters) DeepCopy() *PublicRepositoryParameters { + if in == nil { + return nil + } + out := new(PublicRepositoryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PythonRepositoryInitParameters) DeepCopyInto(out *PythonRepositoryInitParameters) { *out = *in @@ -544,12 +994,102 @@ func (in *RegistryRepositoryIAMMember) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistryRepositoryIAMMemberConditionInitParameters) DeepCopyInto(out *RegistryRepositoryIAMMemberConditionInitParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryRepositoryIAMMemberConditionInitParameters. +func (in *RegistryRepositoryIAMMemberConditionInitParameters) DeepCopy() *RegistryRepositoryIAMMemberConditionInitParameters { + if in == nil { + return nil + } + out := new(RegistryRepositoryIAMMemberConditionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistryRepositoryIAMMemberConditionObservation) DeepCopyInto(out *RegistryRepositoryIAMMemberConditionObservation) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryRepositoryIAMMemberConditionObservation. +func (in *RegistryRepositoryIAMMemberConditionObservation) DeepCopy() *RegistryRepositoryIAMMemberConditionObservation { + if in == nil { + return nil + } + out := new(RegistryRepositoryIAMMemberConditionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistryRepositoryIAMMemberConditionParameters) DeepCopyInto(out *RegistryRepositoryIAMMemberConditionParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryRepositoryIAMMemberConditionParameters. +func (in *RegistryRepositoryIAMMemberConditionParameters) DeepCopy() *RegistryRepositoryIAMMemberConditionParameters { + if in == nil { + return nil + } + out := new(RegistryRepositoryIAMMemberConditionParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryRepositoryIAMMemberInitParameters) DeepCopyInto(out *RegistryRepositoryIAMMemberInitParameters) { *out = *in if in.Condition != nil { in, out := &in.Condition, &out.Condition - *out = make([]ConditionInitParameters, len(*in)) + *out = make([]RegistryRepositoryIAMMemberConditionInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -628,7 +1168,7 @@ func (in *RegistryRepositoryIAMMemberObservation) DeepCopyInto(out *RegistryRepo *out = *in if in.Condition != nil { in, out := &in.Condition, &out.Condition - *out = make([]ConditionObservation, len(*in)) + *out = make([]RegistryRepositoryIAMMemberConditionObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -685,7 +1225,7 @@ func (in *RegistryRepositoryIAMMemberParameters) DeepCopyInto(out *RegistryRepos *out = *in if in.Condition != nil { in, out := &in.Condition, &out.Condition - *out = make([]ConditionParameters, len(*in)) + *out = make([]RegistryRepositoryIAMMemberConditionParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -765,6 +1305,18 @@ func (in *RegistryRepositoryIAMMemberStatus) DeepCopy() *RegistryRepositoryIAMMe // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryRepositoryInitParameters) DeepCopyInto(out *RegistryRepositoryInitParameters) { *out = *in + if in.CleanupPolicies != nil { + in, out := &in.CleanupPolicies, &out.CleanupPolicies + *out = make([]CleanupPoliciesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CleanupPolicyDryRun != nil { + in, out := &in.CleanupPolicyDryRun, &out.CleanupPolicyDryRun + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -881,6 +1433,18 @@ func (in *RegistryRepositoryList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryRepositoryObservation) DeepCopyInto(out *RegistryRepositoryObservation) { *out = *in + if in.CleanupPolicies != nil { + in, out := &in.CleanupPolicies, &out.CleanupPolicies + *out = make([]CleanupPoliciesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CleanupPolicyDryRun != nil { + in, out := &in.CleanupPolicyDryRun, &out.CleanupPolicyDryRun + *out = new(bool) + **out = **in + } if in.CreateTime != nil { in, out := &in.CreateTime, &out.CreateTime *out = new(string) @@ -898,6 +1462,22 @@ func (in *RegistryRepositoryObservation) DeepCopyInto(out *RegistryRepositoryObs (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Format != nil { in, out := &in.Format, &out.Format *out = new(string) @@ -963,6 +1543,22 @@ func (in *RegistryRepositoryObservation) DeepCopyInto(out *RegistryRepositoryObs (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -990,6 +1586,18 @@ func (in *RegistryRepositoryObservation) DeepCopy() *RegistryRepositoryObservati // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryRepositoryParameters) DeepCopyInto(out *RegistryRepositoryParameters) { *out = *in + if in.CleanupPolicies != nil { + in, out := &in.CleanupPolicies, &out.CleanupPolicies + *out = make([]CleanupPoliciesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CleanupPolicyDryRun != nil { + in, out := &in.CleanupPolicyDryRun, &out.CleanupPolicyDryRun + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1114,6 +1722,13 @@ func (in *RegistryRepositoryStatus) DeepCopy() *RegistryRepositoryStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteRepositoryConfigInitParameters) DeepCopyInto(out *RemoteRepositoryConfigInitParameters) { *out = *in + if in.AptRepository != nil { + in, out := &in.AptRepository, &out.AptRepository + *out = make([]AptRepositoryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1147,6 +1762,20 @@ func (in *RemoteRepositoryConfigInitParameters) DeepCopyInto(out *RemoteReposito (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.UpstreamCredentials != nil { + in, out := &in.UpstreamCredentials, &out.UpstreamCredentials + *out = make([]UpstreamCredentialsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.YumRepository != nil { + in, out := &in.YumRepository, &out.YumRepository + *out = make([]YumRepositoryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteRepositoryConfigInitParameters. @@ -1162,6 +1791,13 @@ func (in *RemoteRepositoryConfigInitParameters) DeepCopy() *RemoteRepositoryConf // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteRepositoryConfigObservation) DeepCopyInto(out *RemoteRepositoryConfigObservation) { *out = *in + if in.AptRepository != nil { + in, out := &in.AptRepository, &out.AptRepository + *out = make([]AptRepositoryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1195,6 +1831,20 @@ func (in *RemoteRepositoryConfigObservation) DeepCopyInto(out *RemoteRepositoryC (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.UpstreamCredentials != nil { + in, out := &in.UpstreamCredentials, &out.UpstreamCredentials + *out = make([]UpstreamCredentialsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.YumRepository != nil { + in, out := &in.YumRepository, &out.YumRepository + *out = make([]YumRepositoryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteRepositoryConfigObservation. @@ -1210,6 +1860,13 @@ func (in *RemoteRepositoryConfigObservation) DeepCopy() *RemoteRepositoryConfigO // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteRepositoryConfigParameters) DeepCopyInto(out *RemoteRepositoryConfigParameters) { *out = *in + if in.AptRepository != nil { + in, out := &in.AptRepository, &out.AptRepository + *out = make([]AptRepositoryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1243,6 +1900,20 @@ func (in *RemoteRepositoryConfigParameters) DeepCopyInto(out *RemoteRepositoryCo (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.UpstreamCredentials != nil { + in, out := &in.UpstreamCredentials, &out.UpstreamCredentials + *out = make([]UpstreamCredentialsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.YumRepository != nil { + in, out := &in.YumRepository, &out.YumRepository + *out = make([]YumRepositoryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteRepositoryConfigParameters. @@ -1255,6 +1926,72 @@ func (in *RemoteRepositoryConfigParameters) DeepCopy() *RemoteRepositoryConfigPa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamCredentialsInitParameters) DeepCopyInto(out *UpstreamCredentialsInitParameters) { + *out = *in + if in.UsernamePasswordCredentials != nil { + in, out := &in.UsernamePasswordCredentials, &out.UsernamePasswordCredentials + *out = make([]UsernamePasswordCredentialsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamCredentialsInitParameters. +func (in *UpstreamCredentialsInitParameters) DeepCopy() *UpstreamCredentialsInitParameters { + if in == nil { + return nil + } + out := new(UpstreamCredentialsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamCredentialsObservation) DeepCopyInto(out *UpstreamCredentialsObservation) { + *out = *in + if in.UsernamePasswordCredentials != nil { + in, out := &in.UsernamePasswordCredentials, &out.UsernamePasswordCredentials + *out = make([]UsernamePasswordCredentialsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamCredentialsObservation. +func (in *UpstreamCredentialsObservation) DeepCopy() *UpstreamCredentialsObservation { + if in == nil { + return nil + } + out := new(UpstreamCredentialsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamCredentialsParameters) DeepCopyInto(out *UpstreamCredentialsParameters) { + *out = *in + if in.UsernamePasswordCredentials != nil { + in, out := &in.UsernamePasswordCredentials, &out.UsernamePasswordCredentials + *out = make([]UsernamePasswordCredentialsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamCredentialsParameters. +func (in *UpstreamCredentialsParameters) DeepCopy() *UpstreamCredentialsParameters { + if in == nil { + return nil + } + out := new(UpstreamCredentialsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UpstreamPoliciesInitParameters) DeepCopyInto(out *UpstreamPoliciesInitParameters) { *out = *in @@ -1365,6 +2102,101 @@ func (in *UpstreamPoliciesParameters) DeepCopy() *UpstreamPoliciesParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernamePasswordCredentialsInitParameters) DeepCopyInto(out *UsernamePasswordCredentialsInitParameters) { + *out = *in + if in.PasswordSecretVersion != nil { + in, out := &in.PasswordSecretVersion, &out.PasswordSecretVersion + *out = new(string) + **out = **in + } + if in.PasswordSecretVersionRef != nil { + in, out := &in.PasswordSecretVersionRef, &out.PasswordSecretVersionRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PasswordSecretVersionSelector != nil { + in, out := &in.PasswordSecretVersionSelector, &out.PasswordSecretVersionSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernamePasswordCredentialsInitParameters. +func (in *UsernamePasswordCredentialsInitParameters) DeepCopy() *UsernamePasswordCredentialsInitParameters { + if in == nil { + return nil + } + out := new(UsernamePasswordCredentialsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernamePasswordCredentialsObservation) DeepCopyInto(out *UsernamePasswordCredentialsObservation) { + *out = *in + if in.PasswordSecretVersion != nil { + in, out := &in.PasswordSecretVersion, &out.PasswordSecretVersion + *out = new(string) + **out = **in + } + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernamePasswordCredentialsObservation. +func (in *UsernamePasswordCredentialsObservation) DeepCopy() *UsernamePasswordCredentialsObservation { + if in == nil { + return nil + } + out := new(UsernamePasswordCredentialsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernamePasswordCredentialsParameters) DeepCopyInto(out *UsernamePasswordCredentialsParameters) { + *out = *in + if in.PasswordSecretVersion != nil { + in, out := &in.PasswordSecretVersion, &out.PasswordSecretVersion + *out = new(string) + **out = **in + } + if in.PasswordSecretVersionRef != nil { + in, out := &in.PasswordSecretVersionRef, &out.PasswordSecretVersionRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PasswordSecretVersionSelector != nil { + in, out := &in.PasswordSecretVersionSelector, &out.PasswordSecretVersionSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernamePasswordCredentialsParameters. +func (in *UsernamePasswordCredentialsParameters) DeepCopy() *UsernamePasswordCredentialsParameters { + if in == nil { + return nil + } + out := new(UsernamePasswordCredentialsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VirtualRepositoryConfigInitParameters) DeepCopyInto(out *VirtualRepositoryConfigInitParameters) { *out = *in @@ -1430,3 +2262,144 @@ func (in *VirtualRepositoryConfigParameters) DeepCopy() *VirtualRepositoryConfig in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *YumRepositoryInitParameters) DeepCopyInto(out *YumRepositoryInitParameters) { + *out = *in + if in.PublicRepository != nil { + in, out := &in.PublicRepository, &out.PublicRepository + *out = make([]YumRepositoryPublicRepositoryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YumRepositoryInitParameters. +func (in *YumRepositoryInitParameters) DeepCopy() *YumRepositoryInitParameters { + if in == nil { + return nil + } + out := new(YumRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *YumRepositoryObservation) DeepCopyInto(out *YumRepositoryObservation) { + *out = *in + if in.PublicRepository != nil { + in, out := &in.PublicRepository, &out.PublicRepository + *out = make([]YumRepositoryPublicRepositoryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YumRepositoryObservation. +func (in *YumRepositoryObservation) DeepCopy() *YumRepositoryObservation { + if in == nil { + return nil + } + out := new(YumRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *YumRepositoryParameters) DeepCopyInto(out *YumRepositoryParameters) { + *out = *in + if in.PublicRepository != nil { + in, out := &in.PublicRepository, &out.PublicRepository + *out = make([]YumRepositoryPublicRepositoryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YumRepositoryParameters. +func (in *YumRepositoryParameters) DeepCopy() *YumRepositoryParameters { + if in == nil { + return nil + } + out := new(YumRepositoryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *YumRepositoryPublicRepositoryInitParameters) DeepCopyInto(out *YumRepositoryPublicRepositoryInitParameters) { + *out = *in + if in.RepositoryBase != nil { + in, out := &in.RepositoryBase, &out.RepositoryBase + *out = new(string) + **out = **in + } + if in.RepositoryPath != nil { + in, out := &in.RepositoryPath, &out.RepositoryPath + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YumRepositoryPublicRepositoryInitParameters. +func (in *YumRepositoryPublicRepositoryInitParameters) DeepCopy() *YumRepositoryPublicRepositoryInitParameters { + if in == nil { + return nil + } + out := new(YumRepositoryPublicRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *YumRepositoryPublicRepositoryObservation) DeepCopyInto(out *YumRepositoryPublicRepositoryObservation) { + *out = *in + if in.RepositoryBase != nil { + in, out := &in.RepositoryBase, &out.RepositoryBase + *out = new(string) + **out = **in + } + if in.RepositoryPath != nil { + in, out := &in.RepositoryPath, &out.RepositoryPath + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YumRepositoryPublicRepositoryObservation. +func (in *YumRepositoryPublicRepositoryObservation) DeepCopy() *YumRepositoryPublicRepositoryObservation { + if in == nil { + return nil + } + out := new(YumRepositoryPublicRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *YumRepositoryPublicRepositoryParameters) DeepCopyInto(out *YumRepositoryPublicRepositoryParameters) { + *out = *in + if in.RepositoryBase != nil { + in, out := &in.RepositoryBase, &out.RepositoryBase + *out = new(string) + **out = **in + } + if in.RepositoryPath != nil { + in, out := &in.RepositoryPath, &out.RepositoryPath + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YumRepositoryPublicRepositoryParameters. +func (in *YumRepositoryPublicRepositoryParameters) DeepCopy() *YumRepositoryPublicRepositoryParameters { + if in == nil { + return nil + } + out := new(YumRepositoryPublicRepositoryParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/artifact/v1beta1/zz_generated.resolvers.go b/apis/artifact/v1beta1/zz_generated.resolvers.go index c81828f8c..e41ae6bbf 100644 --- a/apis/artifact/v1beta1/zz_generated.resolvers.go +++ b/apis/artifact/v1beta1/zz_generated.resolvers.go @@ -21,9 +21,10 @@ package v1beta1 import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" apisresolver "github.com/upbound/provider-gcp/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -37,6 +38,31 @@ func (mg *RegistryRepository) ResolveReferences( // ResolveReferences of this Re var rsp reference.ResolutionResponse var err error + for i3 := 0; i3 < len(mg.Spec.ForProvider.RemoteRepositoryConfig); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials); i4++ { + for i5 := 0; i5 < len(mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials); i5++ { + { + m, l, err = apisresolver.GetManagedResource("secretmanager.gcp.upbound.io", "v1beta1", "SecretVersion", "SecretVersionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersion), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersionRef, + Selector: mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersionSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersion") + } + mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersion = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersionRef = rsp.ResolvedReference + + } + } + } for i3 := 0; i3 < len(mg.Spec.ForProvider.VirtualRepositoryConfig); i3++ { for i4 := 0; i4 < len(mg.Spec.ForProvider.VirtualRepositoryConfig[i3].UpstreamPolicies); i4++ { { @@ -60,6 +86,31 @@ func (mg *RegistryRepository) ResolveReferences( // ResolveReferences of this Re } } + for i3 := 0; i3 < len(mg.Spec.InitProvider.RemoteRepositoryConfig); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials); i4++ { + for i5 := 0; i5 < len(mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials); i5++ { + { + m, l, err = apisresolver.GetManagedResource("secretmanager.gcp.upbound.io", "v1beta1", "SecretVersion", "SecretVersionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersion), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersionRef, + Selector: mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersionSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersion") + } + mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersion = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RemoteRepositoryConfig[i3].UpstreamCredentials[i4].UsernamePasswordCredentials[i5].PasswordSecretVersionRef = rsp.ResolvedReference + + } + } + } for i3 := 0; i3 < len(mg.Spec.InitProvider.VirtualRepositoryConfig); i3++ { for i4 := 0; i4 < len(mg.Spec.InitProvider.VirtualRepositoryConfig[i3].UpstreamPolicies); i4++ { { diff --git a/apis/artifact/v1beta1/zz_registryrepository_types.go b/apis/artifact/v1beta1/zz_registryrepository_types.go index 1975fb22e..bd1c01eee 100755 --- a/apis/artifact/v1beta1/zz_registryrepository_types.go +++ b/apis/artifact/v1beta1/zz_registryrepository_types.go @@ -29,6 +29,164 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AptRepositoryInitParameters struct { + + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. + PublicRepository []PublicRepositoryInitParameters `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` +} + +type AptRepositoryObservation struct { + + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. + PublicRepository []PublicRepositoryObservation `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` +} + +type AptRepositoryParameters struct { + + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. + // +kubebuilder:validation:Optional + PublicRepository []PublicRepositoryParameters `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` +} + +type CleanupPoliciesInitParameters struct { + + // Policy action. + // Possible values are: DELETE, KEEP. + Action *string `json:"action,omitempty" tf:"action,omitempty"` + + // Policy condition for matching versions. + // Structure is documented below. + Condition []ConditionInitParameters `json:"condition,omitempty" tf:"condition,omitempty"` + + // The identifier for this object. Format specified above. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Policy condition for retaining a minimum number of versions. May only be + // specified with a Keep action. + // Structure is documented below. + MostRecentVersions []MostRecentVersionsInitParameters `json:"mostRecentVersions,omitempty" tf:"most_recent_versions,omitempty"` +} + +type CleanupPoliciesObservation struct { + + // Policy action. + // Possible values are: DELETE, KEEP. + Action *string `json:"action,omitempty" tf:"action,omitempty"` + + // Policy condition for matching versions. + // Structure is documented below. + Condition []ConditionObservation `json:"condition,omitempty" tf:"condition,omitempty"` + + // The identifier for this object. Format specified above. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Policy condition for retaining a minimum number of versions. May only be + // specified with a Keep action. + // Structure is documented below. + MostRecentVersions []MostRecentVersionsObservation `json:"mostRecentVersions,omitempty" tf:"most_recent_versions,omitempty"` +} + +type CleanupPoliciesParameters struct { + + // Policy action. + // Possible values are: DELETE, KEEP. + // +kubebuilder:validation:Optional + Action *string `json:"action,omitempty" tf:"action,omitempty"` + + // Policy condition for matching versions. + // Structure is documented below. + // +kubebuilder:validation:Optional + Condition []ConditionParameters `json:"condition,omitempty" tf:"condition,omitempty"` + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + ID *string `json:"id" tf:"id,omitempty"` + + // Policy condition for retaining a minimum number of versions. May only be + // specified with a Keep action. + // Structure is documented below. + // +kubebuilder:validation:Optional + MostRecentVersions []MostRecentVersionsParameters `json:"mostRecentVersions,omitempty" tf:"most_recent_versions,omitempty"` +} + +type ConditionInitParameters struct { + + // Match versions newer than a duration. + NewerThan *string `json:"newerThan,omitempty" tf:"newer_than,omitempty"` + + // Match versions older than a duration. + OlderThan *string `json:"olderThan,omitempty" tf:"older_than,omitempty"` + + // Match versions by package prefix. Applied on any prefix match. + PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` + + // Match versions by tag prefix. Applied on any prefix match. + TagPrefixes []*string `json:"tagPrefixes,omitempty" tf:"tag_prefixes,omitempty"` + + // Match versions by tag status. + // Default value is ANY. + // Possible values are: TAGGED, UNTAGGED, ANY. + TagState *string `json:"tagState,omitempty" tf:"tag_state,omitempty"` + + // Match versions by version name prefix. Applied on any prefix match. + VersionNamePrefixes []*string `json:"versionNamePrefixes,omitempty" tf:"version_name_prefixes,omitempty"` +} + +type ConditionObservation struct { + + // Match versions newer than a duration. + NewerThan *string `json:"newerThan,omitempty" tf:"newer_than,omitempty"` + + // Match versions older than a duration. + OlderThan *string `json:"olderThan,omitempty" tf:"older_than,omitempty"` + + // Match versions by package prefix. Applied on any prefix match. + PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` + + // Match versions by tag prefix. Applied on any prefix match. + TagPrefixes []*string `json:"tagPrefixes,omitempty" tf:"tag_prefixes,omitempty"` + + // Match versions by tag status. + // Default value is ANY. + // Possible values are: TAGGED, UNTAGGED, ANY. + TagState *string `json:"tagState,omitempty" tf:"tag_state,omitempty"` + + // Match versions by version name prefix. Applied on any prefix match. + VersionNamePrefixes []*string `json:"versionNamePrefixes,omitempty" tf:"version_name_prefixes,omitempty"` +} + +type ConditionParameters struct { + + // Match versions newer than a duration. + // +kubebuilder:validation:Optional + NewerThan *string `json:"newerThan,omitempty" tf:"newer_than,omitempty"` + + // Match versions older than a duration. + // +kubebuilder:validation:Optional + OlderThan *string `json:"olderThan,omitempty" tf:"older_than,omitempty"` + + // Match versions by package prefix. Applied on any prefix match. + // +kubebuilder:validation:Optional + PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` + + // Match versions by tag prefix. Applied on any prefix match. + // +kubebuilder:validation:Optional + TagPrefixes []*string `json:"tagPrefixes,omitempty" tf:"tag_prefixes,omitempty"` + + // Match versions by tag status. + // Default value is ANY. + // Possible values are: TAGGED, UNTAGGED, ANY. + // +kubebuilder:validation:Optional + TagState *string `json:"tagState,omitempty" tf:"tag_state,omitempty"` + + // Match versions by version name prefix. Applied on any prefix match. + // +kubebuilder:validation:Optional + VersionNamePrefixes []*string `json:"versionNamePrefixes,omitempty" tf:"version_name_prefixes,omitempty"` +} + type DockerConfigInitParameters struct { // The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created. @@ -50,25 +208,22 @@ type DockerConfigParameters struct { type DockerRepositoryInitParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type DockerRepositoryObservation struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type DockerRepositoryParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. // +kubebuilder:validation:Optional PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } @@ -113,81 +268,144 @@ type MavenConfigParameters struct { type MavenRepositoryInitParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type MavenRepositoryObservation struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type MavenRepositoryParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. // +kubebuilder:validation:Optional PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } +type MostRecentVersionsInitParameters struct { + + // Minimum number of versions to keep. + KeepCount *float64 `json:"keepCount,omitempty" tf:"keep_count,omitempty"` + + // Match versions by package prefix. Applied on any prefix match. + PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` +} + +type MostRecentVersionsObservation struct { + + // Minimum number of versions to keep. + KeepCount *float64 `json:"keepCount,omitempty" tf:"keep_count,omitempty"` + + // Match versions by package prefix. Applied on any prefix match. + PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` +} + +type MostRecentVersionsParameters struct { + + // Minimum number of versions to keep. + // +kubebuilder:validation:Optional + KeepCount *float64 `json:"keepCount,omitempty" tf:"keep_count,omitempty"` + + // Match versions by package prefix. Applied on any prefix match. + // +kubebuilder:validation:Optional + PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` +} + type NpmRepositoryInitParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type NpmRepositoryObservation struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type NpmRepositoryParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. // +kubebuilder:validation:Optional PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } +type PublicRepositoryInitParameters struct { + + // A common public repository base for Yum. + // Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + RepositoryBase *string `json:"repositoryBase,omitempty" tf:"repository_base,omitempty"` + + // Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + RepositoryPath *string `json:"repositoryPath,omitempty" tf:"repository_path,omitempty"` +} + +type PublicRepositoryObservation struct { + + // A common public repository base for Yum. + // Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + RepositoryBase *string `json:"repositoryBase,omitempty" tf:"repository_base,omitempty"` + + // Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + RepositoryPath *string `json:"repositoryPath,omitempty" tf:"repository_path,omitempty"` +} + +type PublicRepositoryParameters struct { + + // A common public repository base for Yum. + // Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + // +kubebuilder:validation:Optional + RepositoryBase *string `json:"repositoryBase" tf:"repository_base,omitempty"` + + // Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + // +kubebuilder:validation:Optional + RepositoryPath *string `json:"repositoryPath" tf:"repository_path,omitempty"` +} + type PythonRepositoryInitParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type PythonRepositoryObservation struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type PythonRepositoryParameters struct { - // Address of the remote repository. - // Default value is PYPI. - // Possible values are: PYPI. + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. // +kubebuilder:validation:Optional PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` } type RegistryRepositoryInitParameters struct { + // Cleanup policies for this repository. Cleanup policies indicate when + // certain package versions can be automatically deleted. + // Map keys are policy IDs supplied by users during policy creation. They must + // unique within a repository and be under 128 characters in length. + // Structure is documented below. + CleanupPolicies []CleanupPoliciesInitParameters `json:"cleanupPolicies,omitempty" tf:"cleanup_policies,omitempty"` + + // If true, the cleanup pipeline is prevented from deleting versions in this + // repository. + CleanupPolicyDryRun *bool `json:"cleanupPolicyDryRun,omitempty" tf:"cleanup_policy_dry_run,omitempty"` + // The user-provided description of the repository. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -241,6 +459,17 @@ type RegistryRepositoryInitParameters struct { type RegistryRepositoryObservation struct { + // Cleanup policies for this repository. Cleanup policies indicate when + // certain package versions can be automatically deleted. + // Map keys are policy IDs supplied by users during policy creation. They must + // unique within a repository and be under 128 characters in length. + // Structure is documented below. + CleanupPolicies []CleanupPoliciesObservation `json:"cleanupPolicies,omitempty" tf:"cleanup_policies,omitempty"` + + // If true, the cleanup pipeline is prevented from deleting versions in this + // repository. + CleanupPolicyDryRun *bool `json:"cleanupPolicyDryRun,omitempty" tf:"cleanup_policy_dry_run,omitempty"` + // The time when the repository was created. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` @@ -251,6 +480,10 @@ type RegistryRepositoryObservation struct { // Structure is documented below. DockerConfig []DockerConfigObservation `json:"dockerConfig,omitempty" tf:"docker_config,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The format of packages that are stored in the repository. Supported formats // can be found here. // You can only create alpha formats if you are a member of the @@ -300,6 +533,11 @@ type RegistryRepositoryObservation struct { // Structure is documented below. RemoteRepositoryConfig []RemoteRepositoryConfigObservation `json:"remoteRepositoryConfig,omitempty" tf:"remote_repository_config,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The time when the repository was last updated. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` @@ -310,6 +548,19 @@ type RegistryRepositoryObservation struct { type RegistryRepositoryParameters struct { + // Cleanup policies for this repository. Cleanup policies indicate when + // certain package versions can be automatically deleted. + // Map keys are policy IDs supplied by users during policy creation. They must + // unique within a repository and be under 128 characters in length. + // Structure is documented below. + // +kubebuilder:validation:Optional + CleanupPolicies []CleanupPoliciesParameters `json:"cleanupPolicies,omitempty" tf:"cleanup_policies,omitempty"` + + // If true, the cleanup pipeline is prevented from deleting versions in this + // repository. + // +kubebuilder:validation:Optional + CleanupPolicyDryRun *bool `json:"cleanupPolicyDryRun,omitempty" tf:"cleanup_policy_dry_run,omitempty"` + // The user-provided description of the repository. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -377,6 +628,10 @@ type RegistryRepositoryParameters struct { type RemoteRepositoryConfigInitParameters struct { + // Specific settings for an Apt remote repository. + // Structure is documented below. + AptRepository []AptRepositoryInitParameters `json:"aptRepository,omitempty" tf:"apt_repository,omitempty"` + // The description of the remote source. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -395,10 +650,22 @@ type RemoteRepositoryConfigInitParameters struct { // Specific settings for a Python remote repository. // Structure is documented below. PythonRepository []PythonRepositoryInitParameters `json:"pythonRepository,omitempty" tf:"python_repository,omitempty"` + + // The credentials used to access the remote repository. + // Structure is documented below. + UpstreamCredentials []UpstreamCredentialsInitParameters `json:"upstreamCredentials,omitempty" tf:"upstream_credentials,omitempty"` + + // Specific settings for an Yum remote repository. + // Structure is documented below. + YumRepository []YumRepositoryInitParameters `json:"yumRepository,omitempty" tf:"yum_repository,omitempty"` } type RemoteRepositoryConfigObservation struct { + // Specific settings for an Apt remote repository. + // Structure is documented below. + AptRepository []AptRepositoryObservation `json:"aptRepository,omitempty" tf:"apt_repository,omitempty"` + // The description of the remote source. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -417,10 +684,23 @@ type RemoteRepositoryConfigObservation struct { // Specific settings for a Python remote repository. // Structure is documented below. PythonRepository []PythonRepositoryObservation `json:"pythonRepository,omitempty" tf:"python_repository,omitempty"` + + // The credentials used to access the remote repository. + // Structure is documented below. + UpstreamCredentials []UpstreamCredentialsObservation `json:"upstreamCredentials,omitempty" tf:"upstream_credentials,omitempty"` + + // Specific settings for an Yum remote repository. + // Structure is documented below. + YumRepository []YumRepositoryObservation `json:"yumRepository,omitempty" tf:"yum_repository,omitempty"` } type RemoteRepositoryConfigParameters struct { + // Specific settings for an Apt remote repository. + // Structure is documented below. + // +kubebuilder:validation:Optional + AptRepository []AptRepositoryParameters `json:"aptRepository,omitempty" tf:"apt_repository,omitempty"` + // The description of the remote source. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -444,6 +724,38 @@ type RemoteRepositoryConfigParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional PythonRepository []PythonRepositoryParameters `json:"pythonRepository,omitempty" tf:"python_repository,omitempty"` + + // The credentials used to access the remote repository. + // Structure is documented below. + // +kubebuilder:validation:Optional + UpstreamCredentials []UpstreamCredentialsParameters `json:"upstreamCredentials,omitempty" tf:"upstream_credentials,omitempty"` + + // Specific settings for an Yum remote repository. + // Structure is documented below. + // +kubebuilder:validation:Optional + YumRepository []YumRepositoryParameters `json:"yumRepository,omitempty" tf:"yum_repository,omitempty"` +} + +type UpstreamCredentialsInitParameters struct { + + // Use username and password to access the remote repository. + // Structure is documented below. + UsernamePasswordCredentials []UsernamePasswordCredentialsInitParameters `json:"usernamePasswordCredentials,omitempty" tf:"username_password_credentials,omitempty"` +} + +type UpstreamCredentialsObservation struct { + + // Use username and password to access the remote repository. + // Structure is documented below. + UsernamePasswordCredentials []UsernamePasswordCredentialsObservation `json:"usernamePasswordCredentials,omitempty" tf:"username_password_credentials,omitempty"` +} + +type UpstreamCredentialsParameters struct { + + // Use username and password to access the remote repository. + // Structure is documented below. + // +kubebuilder:validation:Optional + UsernamePasswordCredentials []UsernamePasswordCredentialsParameters `json:"usernamePasswordCredentials,omitempty" tf:"username_password_credentials,omitempty"` } type UpstreamPoliciesInitParameters struct { @@ -508,6 +820,61 @@ type UpstreamPoliciesParameters struct { RepositorySelector *v1.Selector `json:"repositorySelector,omitempty" tf:"-"` } +type UsernamePasswordCredentialsInitParameters struct { + + // The Secret Manager key version that holds the password to access the + // remote repository. Must be in the format of + // projects/{project}/secrets/{secret}/versions/{version}. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/secretmanager/v1beta1.SecretVersion + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + PasswordSecretVersion *string `json:"passwordSecretVersion,omitempty" tf:"password_secret_version,omitempty"` + + // Reference to a SecretVersion in secretmanager to populate passwordSecretVersion. + // +kubebuilder:validation:Optional + PasswordSecretVersionRef *v1.Reference `json:"passwordSecretVersionRef,omitempty" tf:"-"` + + // Selector for a SecretVersion in secretmanager to populate passwordSecretVersion. + // +kubebuilder:validation:Optional + PasswordSecretVersionSelector *v1.Selector `json:"passwordSecretVersionSelector,omitempty" tf:"-"` + + // The username to access the remote repository. + Username *string `json:"username,omitempty" tf:"username,omitempty"` +} + +type UsernamePasswordCredentialsObservation struct { + + // The Secret Manager key version that holds the password to access the + // remote repository. Must be in the format of + // projects/{project}/secrets/{secret}/versions/{version}. + PasswordSecretVersion *string `json:"passwordSecretVersion,omitempty" tf:"password_secret_version,omitempty"` + + // The username to access the remote repository. + Username *string `json:"username,omitempty" tf:"username,omitempty"` +} + +type UsernamePasswordCredentialsParameters struct { + + // The Secret Manager key version that holds the password to access the + // remote repository. Must be in the format of + // projects/{project}/secrets/{secret}/versions/{version}. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/secretmanager/v1beta1.SecretVersion + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + PasswordSecretVersion *string `json:"passwordSecretVersion,omitempty" tf:"password_secret_version,omitempty"` + + // Reference to a SecretVersion in secretmanager to populate passwordSecretVersion. + // +kubebuilder:validation:Optional + PasswordSecretVersionRef *v1.Reference `json:"passwordSecretVersionRef,omitempty" tf:"-"` + + // Selector for a SecretVersion in secretmanager to populate passwordSecretVersion. + // +kubebuilder:validation:Optional + PasswordSecretVersionSelector *v1.Selector `json:"passwordSecretVersionSelector,omitempty" tf:"-"` + + // The username to access the remote repository. + // +kubebuilder:validation:Optional + Username *string `json:"username,omitempty" tf:"username,omitempty"` +} + type VirtualRepositoryConfigInitParameters struct { // Policies that configure the upstream artifacts distributed by the Virtual @@ -533,6 +900,60 @@ type VirtualRepositoryConfigParameters struct { UpstreamPolicies []UpstreamPoliciesParameters `json:"upstreamPolicies,omitempty" tf:"upstream_policies,omitempty"` } +type YumRepositoryInitParameters struct { + + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. + PublicRepository []YumRepositoryPublicRepositoryInitParameters `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` +} + +type YumRepositoryObservation struct { + + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. + PublicRepository []YumRepositoryPublicRepositoryObservation `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` +} + +type YumRepositoryParameters struct { + + // One of the publicly available Yum repositories supported by Artifact Registry. + // Structure is documented below. + // +kubebuilder:validation:Optional + PublicRepository []YumRepositoryPublicRepositoryParameters `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` +} + +type YumRepositoryPublicRepositoryInitParameters struct { + + // A common public repository base for Yum. + // Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + RepositoryBase *string `json:"repositoryBase,omitempty" tf:"repository_base,omitempty"` + + // Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + RepositoryPath *string `json:"repositoryPath,omitempty" tf:"repository_path,omitempty"` +} + +type YumRepositoryPublicRepositoryObservation struct { + + // A common public repository base for Yum. + // Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + RepositoryBase *string `json:"repositoryBase,omitempty" tf:"repository_base,omitempty"` + + // Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + RepositoryPath *string `json:"repositoryPath,omitempty" tf:"repository_path,omitempty"` +} + +type YumRepositoryPublicRepositoryParameters struct { + + // A common public repository base for Yum. + // Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + // +kubebuilder:validation:Optional + RepositoryBase *string `json:"repositoryBase" tf:"repository_base,omitempty"` + + // Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + // +kubebuilder:validation:Optional + RepositoryPath *string `json:"repositoryPath" tf:"repository_path,omitempty"` +} + // RegistryRepositorySpec defines the desired state of RegistryRepository type RegistryRepositorySpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/artifact/v1beta1/zz_registryrepositoryiammember_types.go b/apis/artifact/v1beta1/zz_registryrepositoryiammember_types.go index 397dd5f93..e22aa282a 100755 --- a/apis/artifact/v1beta1/zz_registryrepositoryiammember_types.go +++ b/apis/artifact/v1beta1/zz_registryrepositoryiammember_types.go @@ -29,7 +29,7 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) -type ConditionInitParameters struct { +type RegistryRepositoryIAMMemberConditionInitParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` Expression *string `json:"expression,omitempty" tf:"expression,omitempty"` @@ -37,7 +37,7 @@ type ConditionInitParameters struct { Title *string `json:"title,omitempty" tf:"title,omitempty"` } -type ConditionObservation struct { +type RegistryRepositoryIAMMemberConditionObservation struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` Expression *string `json:"expression,omitempty" tf:"expression,omitempty"` @@ -45,7 +45,7 @@ type ConditionObservation struct { Title *string `json:"title,omitempty" tf:"title,omitempty"` } -type ConditionParameters struct { +type RegistryRepositoryIAMMemberConditionParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -58,7 +58,7 @@ type ConditionParameters struct { } type RegistryRepositoryIAMMemberInitParameters struct { - Condition []ConditionInitParameters `json:"condition,omitempty" tf:"condition,omitempty"` + Condition []RegistryRepositoryIAMMemberConditionInitParameters `json:"condition,omitempty" tf:"condition,omitempty"` Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -72,7 +72,7 @@ type RegistryRepositoryIAMMemberInitParameters struct { } type RegistryRepositoryIAMMemberObservation struct { - Condition []ConditionObservation `json:"condition,omitempty" tf:"condition,omitempty"` + Condition []RegistryRepositoryIAMMemberConditionObservation `json:"condition,omitempty" tf:"condition,omitempty"` Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -92,7 +92,7 @@ type RegistryRepositoryIAMMemberObservation struct { type RegistryRepositoryIAMMemberParameters struct { // +kubebuilder:validation:Optional - Condition []ConditionParameters `json:"condition,omitempty" tf:"condition,omitempty"` + Condition []RegistryRepositoryIAMMemberConditionParameters `json:"condition,omitempty" tf:"condition,omitempty"` // +kubebuilder:validation:Optional Location *string `json:"location,omitempty" tf:"location,omitempty"` diff --git a/apis/beyondcorp/v1beta1/zz_appconnection_types.go b/apis/beyondcorp/v1beta1/zz_appconnection_types.go index c0b4851cb..c455809a5 100755 --- a/apis/beyondcorp/v1beta1/zz_appconnection_types.go +++ b/apis/beyondcorp/v1beta1/zz_appconnection_types.go @@ -77,6 +77,9 @@ type AppConnectionObservation struct { // An arbitrary user-provided name for the AppConnection. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Gateway used by the AppConnection. // Structure is documented below. Gateway []GatewayObservation `json:"gateway,omitempty" tf:"gateway,omitempty"` @@ -98,6 +101,11 @@ type AppConnectionObservation struct { // The region of the AppConnection. Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The type of hosting used by the gateway. Refer to // https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 // for a list of possible values. diff --git a/apis/beyondcorp/v1beta1/zz_appconnector_types.go b/apis/beyondcorp/v1beta1/zz_appconnector_types.go index 64e770790..2a637135d 100755 --- a/apis/beyondcorp/v1beta1/zz_appconnector_types.go +++ b/apis/beyondcorp/v1beta1/zz_appconnector_types.go @@ -52,6 +52,9 @@ type AppConnectorObservation struct { // An arbitrary user-provided name for the AppConnector. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnectors/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -72,6 +75,11 @@ type AppConnectorObservation struct { // Represents the different states of a AppConnector. State *string `json:"state,omitempty" tf:"state,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type AppConnectorParameters struct { diff --git a/apis/beyondcorp/v1beta1/zz_appgateway_terraformed.go b/apis/beyondcorp/v1beta1/zz_appgateway_terraformed.go index afc7fa79f..e3462e3de 100755 --- a/apis/beyondcorp/v1beta1/zz_appgateway_terraformed.go +++ b/apis/beyondcorp/v1beta1/zz_appgateway_terraformed.go @@ -141,5 +141,5 @@ func (tr *AppGateway) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *AppGateway) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/beyondcorp/v1beta1/zz_appgateway_types.go b/apis/beyondcorp/v1beta1/zz_appgateway_types.go index a7c73e199..e9a5280a4 100755 --- a/apis/beyondcorp/v1beta1/zz_appgateway_types.go +++ b/apis/beyondcorp/v1beta1/zz_appgateway_types.go @@ -77,6 +77,10 @@ type AppGatewayObservation struct { // An arbitrary user-provided name for the AppGateway. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The type of hosting used by the AppGateway. // Default value is HOST_TYPE_UNSPECIFIED. // Possible values are: HOST_TYPE_UNSPECIFIED, GCP_REGIONAL_MIG. @@ -99,6 +103,11 @@ type AppGatewayObservation struct { // Represents the different states of a AppGateway. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The type of network connectivity used by the AppGateway. // Default value is TYPE_UNSPECIFIED. // Possible values are: TYPE_UNSPECIFIED, TCP_PROXY. diff --git a/apis/beyondcorp/v1beta1/zz_generated.deepcopy.go b/apis/beyondcorp/v1beta1/zz_generated.deepcopy.go index ea83d9625..59a6f50a8 100644 --- a/apis/beyondcorp/v1beta1/zz_generated.deepcopy.go +++ b/apis/beyondcorp/v1beta1/zz_generated.deepcopy.go @@ -246,6 +246,22 @@ func (in *AppConnectionObservation) DeepCopyInto(out *AppConnectionObservation) *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Gateway != nil { in, out := &in.Gateway, &out.Gateway *out = make([]GatewayObservation, len(*in)) @@ -289,6 +305,22 @@ func (in *AppConnectionObservation) DeepCopyInto(out *AppConnectionObservation) *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -537,6 +569,22 @@ func (in *AppConnectorObservation) DeepCopyInto(out *AppConnectorObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -580,6 +628,22 @@ func (in *AppConnectorObservation) DeepCopyInto(out *AppConnectorObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppConnectorObservation. @@ -805,6 +869,22 @@ func (in *AppGatewayObservation) DeepCopyInto(out *AppGatewayObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.HostType != nil { in, out := &in.HostType, &out.HostType *out = new(string) @@ -846,6 +926,22 @@ func (in *AppGatewayObservation) DeepCopyInto(out *AppGatewayObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) diff --git a/apis/bigquery/v1beta1/zz_analyticshublisting_types.go b/apis/bigquery/v1beta1/zz_analyticshublisting_types.go index 6931a422e..943d1c171 100755 --- a/apis/bigquery/v1beta1/zz_analyticshublisting_types.go +++ b/apis/bigquery/v1beta1/zz_analyticshublisting_types.go @@ -67,6 +67,10 @@ type AnalyticsHubListingInitParameters struct { // Email or URL of the request access of the listing. Subscribers can use this reference to request access. RequestAccess *string `json:"requestAccess,omitempty" tf:"request_access,omitempty"` + + // If set, restricted export configuration will be propagated and enforced on the linked dataset. + // Structure is documented below. + RestrictedExportConfig []RestrictedExportConfigInitParameters `json:"restrictedExportConfig,omitempty" tf:"restricted_export_config,omitempty"` } type AnalyticsHubListingObservation struct { @@ -119,6 +123,10 @@ type AnalyticsHubListingObservation struct { // Email or URL of the request access of the listing. Subscribers can use this reference to request access. RequestAccess *string `json:"requestAccess,omitempty" tf:"request_access,omitempty"` + + // If set, restricted export configuration will be propagated and enforced on the linked dataset. + // Structure is documented below. + RestrictedExportConfig []RestrictedExportConfigObservation `json:"restrictedExportConfig,omitempty" tf:"restricted_export_config,omitempty"` } type AnalyticsHubListingParameters struct { @@ -188,6 +196,11 @@ type AnalyticsHubListingParameters struct { // Email or URL of the request access of the listing. Subscribers can use this reference to request access. // +kubebuilder:validation:Optional RequestAccess *string `json:"requestAccess,omitempty" tf:"request_access,omitempty"` + + // If set, restricted export configuration will be propagated and enforced on the linked dataset. + // Structure is documented below. + // +kubebuilder:validation:Optional + RestrictedExportConfig []RestrictedExportConfigParameters `json:"restrictedExportConfig,omitempty" tf:"restricted_export_config,omitempty"` } type BigqueryDatasetInitParameters struct { @@ -287,6 +300,35 @@ type PublisherParameters struct { PrimaryContact *string `json:"primaryContact,omitempty" tf:"primary_contact,omitempty"` } +type RestrictedExportConfigInitParameters struct { + + // If true, enable restricted export. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // If true, restrict export of query result derived from restricted linked dataset table. + RestrictQueryResult *bool `json:"restrictQueryResult,omitempty" tf:"restrict_query_result,omitempty"` +} + +type RestrictedExportConfigObservation struct { + + // If true, enable restricted export. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // If true, restrict export of query result derived from restricted linked dataset table. + RestrictQueryResult *bool `json:"restrictQueryResult,omitempty" tf:"restrict_query_result,omitempty"` +} + +type RestrictedExportConfigParameters struct { + + // If true, enable restricted export. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // If true, restrict export of query result derived from restricted linked dataset table. + // +kubebuilder:validation:Optional + RestrictQueryResult *bool `json:"restrictQueryResult,omitempty" tf:"restrict_query_result,omitempty"` +} + // AnalyticsHubListingSpec defines the desired state of AnalyticsHubListing type AnalyticsHubListingSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/bigquery/v1beta1/zz_connection_types.go b/apis/bigquery/v1beta1/zz_connection_types.go index 0d9075491..c4714b0d6 100755 --- a/apis/bigquery/v1beta1/zz_connection_types.go +++ b/apis/bigquery/v1beta1/zz_connection_types.go @@ -235,39 +235,69 @@ type CloudSQLParameters struct { type CloudSpannerInitParameters struct { - // Cloud Spanner database in the form `project/instance/database' + // Cloud Spanner database in the form `project/instance/database'. Database *string `json:"database,omitempty" tf:"database,omitempty"` - // If parallelism should be used when reading from Cloud Spanner + // Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as SELECT and INSERT. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + DatabaseRole *string `json:"databaseRole,omitempty" tf:"database_role,omitempty"` + + // Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. useParallelism and useDataBoost must be set when setting max parallelism. + MaxParallelism *float64 `json:"maxParallelism,omitempty" tf:"max_parallelism,omitempty"` + + // If set, the request will be executed via Spanner independent compute resources. use_parallelism must be set when using data boost. + UseDataBoost *bool `json:"useDataBoost,omitempty" tf:"use_data_boost,omitempty"` + + // If parallelism should be used when reading from Cloud Spanner. UseParallelism *bool `json:"useParallelism,omitempty" tf:"use_parallelism,omitempty"` - // If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics + // If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. UseServerlessAnalytics *bool `json:"useServerlessAnalytics,omitempty" tf:"use_serverless_analytics,omitempty"` } type CloudSpannerObservation struct { - // Cloud Spanner database in the form `project/instance/database' + // Cloud Spanner database in the form `project/instance/database'. Database *string `json:"database,omitempty" tf:"database,omitempty"` - // If parallelism should be used when reading from Cloud Spanner + // Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as SELECT and INSERT. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + DatabaseRole *string `json:"databaseRole,omitempty" tf:"database_role,omitempty"` + + // Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. useParallelism and useDataBoost must be set when setting max parallelism. + MaxParallelism *float64 `json:"maxParallelism,omitempty" tf:"max_parallelism,omitempty"` + + // If set, the request will be executed via Spanner independent compute resources. use_parallelism must be set when using data boost. + UseDataBoost *bool `json:"useDataBoost,omitempty" tf:"use_data_boost,omitempty"` + + // If parallelism should be used when reading from Cloud Spanner. UseParallelism *bool `json:"useParallelism,omitempty" tf:"use_parallelism,omitempty"` - // If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics + // If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. UseServerlessAnalytics *bool `json:"useServerlessAnalytics,omitempty" tf:"use_serverless_analytics,omitempty"` } type CloudSpannerParameters struct { - // Cloud Spanner database in the form `project/instance/database' + // Cloud Spanner database in the form `project/instance/database'. // +kubebuilder:validation:Optional Database *string `json:"database" tf:"database,omitempty"` - // If parallelism should be used when reading from Cloud Spanner + // Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as SELECT and INSERT. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + // +kubebuilder:validation:Optional + DatabaseRole *string `json:"databaseRole,omitempty" tf:"database_role,omitempty"` + + // Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. useParallelism and useDataBoost must be set when setting max parallelism. + // +kubebuilder:validation:Optional + MaxParallelism *float64 `json:"maxParallelism,omitempty" tf:"max_parallelism,omitempty"` + + // If set, the request will be executed via Spanner independent compute resources. use_parallelism must be set when using data boost. + // +kubebuilder:validation:Optional + UseDataBoost *bool `json:"useDataBoost,omitempty" tf:"use_data_boost,omitempty"` + + // If parallelism should be used when reading from Cloud Spanner. // +kubebuilder:validation:Optional UseParallelism *bool `json:"useParallelism,omitempty" tf:"use_parallelism,omitempty"` - // If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics + // If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. // +kubebuilder:validation:Optional UseServerlessAnalytics *bool `json:"useServerlessAnalytics,omitempty" tf:"use_serverless_analytics,omitempty"` } @@ -315,6 +345,10 @@ type ConnectionInitParameters struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Container for connection properties to execute stored procedures for Apache Spark. resources. + // Structure is documented below. + Spark []SparkInitParameters `json:"spark,omitempty" tf:"spark,omitempty"` } type ConnectionObservation struct { @@ -370,6 +404,10 @@ type ConnectionObservation struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Container for connection properties to execute stored procedures for Apache Spark. resources. + // Structure is documented below. + Spark []SparkObservation `json:"spark,omitempty" tf:"spark,omitempty"` } type ConnectionParameters struct { @@ -425,6 +463,11 @@ type ConnectionParameters struct { // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Container for connection properties to execute stored procedures for Apache Spark. resources. + // Structure is documented below. + // +kubebuilder:validation:Optional + Spark []SparkParameters `json:"spark,omitempty" tf:"spark,omitempty"` } type CredentialInitParameters struct { @@ -469,6 +512,103 @@ type CredentialParameters struct { UsernameSelector *v1.Selector `json:"usernameSelector,omitempty" tf:"-"` } +type MetastoreServiceConfigInitParameters struct { + + // Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + MetastoreService *string `json:"metastoreService,omitempty" tf:"metastore_service,omitempty"` +} + +type MetastoreServiceConfigObservation struct { + + // Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + MetastoreService *string `json:"metastoreService,omitempty" tf:"metastore_service,omitempty"` +} + +type MetastoreServiceConfigParameters struct { + + // Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + // +kubebuilder:validation:Optional + MetastoreService *string `json:"metastoreService,omitempty" tf:"metastore_service,omitempty"` +} + +type SparkHistoryServerConfigInitParameters struct { + + // Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dataproc/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + DataprocCluster *string `json:"dataprocCluster,omitempty" tf:"dataproc_cluster,omitempty"` + + // Reference to a Cluster in dataproc to populate dataprocCluster. + // +kubebuilder:validation:Optional + DataprocClusterRef *v1.Reference `json:"dataprocClusterRef,omitempty" tf:"-"` + + // Selector for a Cluster in dataproc to populate dataprocCluster. + // +kubebuilder:validation:Optional + DataprocClusterSelector *v1.Selector `json:"dataprocClusterSelector,omitempty" tf:"-"` +} + +type SparkHistoryServerConfigObservation struct { + + // Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + DataprocCluster *string `json:"dataprocCluster,omitempty" tf:"dataproc_cluster,omitempty"` +} + +type SparkHistoryServerConfigParameters struct { + + // Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dataproc/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + DataprocCluster *string `json:"dataprocCluster,omitempty" tf:"dataproc_cluster,omitempty"` + + // Reference to a Cluster in dataproc to populate dataprocCluster. + // +kubebuilder:validation:Optional + DataprocClusterRef *v1.Reference `json:"dataprocClusterRef,omitempty" tf:"-"` + + // Selector for a Cluster in dataproc to populate dataprocCluster. + // +kubebuilder:validation:Optional + DataprocClusterSelector *v1.Selector `json:"dataprocClusterSelector,omitempty" tf:"-"` +} + +type SparkInitParameters struct { + + // Dataproc Metastore Service configuration for the connection. + // Structure is documented below. + MetastoreServiceConfig []MetastoreServiceConfigInitParameters `json:"metastoreServiceConfig,omitempty" tf:"metastore_service_config,omitempty"` + + // Spark History Server configuration for the connection. + // Structure is documented below. + SparkHistoryServerConfig []SparkHistoryServerConfigInitParameters `json:"sparkHistoryServerConfig,omitempty" tf:"spark_history_server_config,omitempty"` +} + +type SparkObservation struct { + + // Dataproc Metastore Service configuration for the connection. + // Structure is documented below. + MetastoreServiceConfig []MetastoreServiceConfigObservation `json:"metastoreServiceConfig,omitempty" tf:"metastore_service_config,omitempty"` + + // (Output) + // The account ID of the service created for the purpose of this connection. + ServiceAccountID *string `json:"serviceAccountId,omitempty" tf:"service_account_id,omitempty"` + + // Spark History Server configuration for the connection. + // Structure is documented below. + SparkHistoryServerConfig []SparkHistoryServerConfigObservation `json:"sparkHistoryServerConfig,omitempty" tf:"spark_history_server_config,omitempty"` +} + +type SparkParameters struct { + + // Dataproc Metastore Service configuration for the connection. + // Structure is documented below. + // +kubebuilder:validation:Optional + MetastoreServiceConfig []MetastoreServiceConfigParameters `json:"metastoreServiceConfig,omitempty" tf:"metastore_service_config,omitempty"` + + // Spark History Server configuration for the connection. + // Structure is documented below. + // +kubebuilder:validation:Optional + SparkHistoryServerConfig []SparkHistoryServerConfigParameters `json:"sparkHistoryServerConfig,omitempty" tf:"spark_history_server_config,omitempty"` +} + // ConnectionSpec defines the desired state of Connection type ConnectionSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/bigquery/v1beta1/zz_dataset_types.go b/apis/bigquery/v1beta1/zz_dataset_types.go index cf1c61ea2..12dab53d6 100755 --- a/apis/bigquery/v1beta1/zz_dataset_types.go +++ b/apis/bigquery/v1beta1/zz_dataset_types.go @@ -77,6 +77,10 @@ type AccessInitParameters struct { // An email address of a Google Group to grant access to. GroupByEmail *string `json:"groupByEmail,omitempty" tf:"group_by_email,omitempty"` + // Some other type of member that appears in the IAM Policy but isn't a user, + // group, domain, or special group. For example: allUsers + IAMMember *string `json:"iamMember,omitempty" tf:"iam_member,omitempty"` + // Describes the rights granted to the user specified by the other // member of the access object. Basic, predefined, and custom roles // are supported. Predefined roles that have equivalent basic roles @@ -131,6 +135,10 @@ type AccessObservation struct { // An email address of a Google Group to grant access to. GroupByEmail *string `json:"groupByEmail,omitempty" tf:"group_by_email,omitempty"` + // Some other type of member that appears in the IAM Policy but isn't a user, + // group, domain, or special group. For example: allUsers + IAMMember *string `json:"iamMember,omitempty" tf:"iam_member,omitempty"` + // Describes the rights granted to the user specified by the other // member of the access object. Basic, predefined, and custom roles // are supported. Predefined roles that have equivalent basic roles @@ -178,6 +186,11 @@ type AccessParameters struct { // +kubebuilder:validation:Optional GroupByEmail *string `json:"groupByEmail,omitempty" tf:"group_by_email,omitempty"` + // Some other type of member that appears in the IAM Policy but isn't a user, + // group, domain, or special group. For example: allUsers + // +kubebuilder:validation:Optional + IAMMember *string `json:"iamMember,omitempty" tf:"iam_member,omitempty"` + // Describes the rights granted to the user specified by the other // member of the access object. Basic, predefined, and custom roles // are supported. Predefined roles that have equivalent basic roles @@ -317,7 +330,7 @@ type DatasetInitParameters struct { IsCaseInsensitive *bool `json:"isCaseInsensitive,omitempty" tf:"is_case_insensitive,omitempty"` // The labels associated with this dataset. You can use these to - // organize and group your datasets + // organize and group your datasets. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -376,6 +389,10 @@ type DatasetObservation struct { // A user-friendly description of the dataset Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // A hash of the resource. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -391,7 +408,7 @@ type DatasetObservation struct { IsCaseInsensitive *bool `json:"isCaseInsensitive,omitempty" tf:"is_case_insensitive,omitempty"` // The labels associated with this dataset. You can use these to - // organize and group your datasets + // organize and group your datasets. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -418,6 +435,11 @@ type DatasetObservation struct { // or to PHYSICAL to use physical bytes instead. // LOGICAL is the default if this flag isn't specified. StorageBillingModel *string `json:"storageBillingModel,omitempty" tf:"storage_billing_model,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type DatasetParameters struct { @@ -475,7 +497,7 @@ type DatasetParameters struct { IsCaseInsensitive *bool `json:"isCaseInsensitive,omitempty" tf:"is_case_insensitive,omitempty"` // The labels associated with this dataset. You can use these to - // organize and group your datasets + // organize and group your datasets. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/bigquery/v1beta1/zz_datatransferconfig_types.go b/apis/bigquery/v1beta1/zz_datatransferconfig_types.go index b77b3675f..2295d1074 100755 --- a/apis/bigquery/v1beta1/zz_datatransferconfig_types.go +++ b/apis/bigquery/v1beta1/zz_datatransferconfig_types.go @@ -146,8 +146,9 @@ type DataTransferConfigObservation struct { Location *string `json:"location,omitempty" tf:"location,omitempty"` // The resource name of the transfer config. Transfer config names have the - // form projects/{projectId}/locations/{location}/transferConfigs/{configId}. - // Where configId is usually a uuid, but this is not required. + // form projects/{projectId}/locations/{location}/transferConfigs/{configId} + // or projects/{projectId}/transferConfigs/{configId}, + // where configId is usually a uuid, but this is not required. // The name is ignored when creating a transfer config. Name *string `json:"name,omitempty" tf:"name,omitempty"` diff --git a/apis/bigquery/v1beta1/zz_generated.deepcopy.go b/apis/bigquery/v1beta1/zz_generated.deepcopy.go index 5d15d9665..60217d0c7 100644 --- a/apis/bigquery/v1beta1/zz_generated.deepcopy.go +++ b/apis/bigquery/v1beta1/zz_generated.deepcopy.go @@ -144,6 +144,11 @@ func (in *AccessInitParameters) DeepCopyInto(out *AccessInitParameters) { *out = new(string) **out = **in } + if in.IAMMember != nil { + in, out := &in.IAMMember, &out.IAMMember + *out = new(string) + **out = **in + } if in.Role != nil { in, out := &in.Role, &out.Role *out = new(string) @@ -215,6 +220,11 @@ func (in *AccessObservation) DeepCopyInto(out *AccessObservation) { *out = new(string) **out = **in } + if in.IAMMember != nil { + in, out := &in.IAMMember, &out.IAMMember + *out = new(string) + **out = **in + } if in.Role != nil { in, out := &in.Role, &out.Role *out = new(string) @@ -276,6 +286,11 @@ func (in *AccessParameters) DeepCopyInto(out *AccessParameters) { *out = new(string) **out = **in } + if in.IAMMember != nil { + in, out := &in.IAMMember, &out.IAMMember + *out = new(string) + **out = **in + } if in.Role != nil { in, out := &in.Role, &out.Role *out = new(string) @@ -1028,6 +1043,13 @@ func (in *AnalyticsHubListingInitParameters) DeepCopyInto(out *AnalyticsHubListi *out = new(string) **out = **in } + if in.RestrictedExportConfig != nil { + in, out := &in.RestrictedExportConfig, &out.RestrictedExportConfig + *out = make([]RestrictedExportConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalyticsHubListingInitParameters. @@ -1162,6 +1184,13 @@ func (in *AnalyticsHubListingObservation) DeepCopyInto(out *AnalyticsHubListingO *out = new(string) **out = **in } + if in.RestrictedExportConfig != nil { + in, out := &in.RestrictedExportConfig, &out.RestrictedExportConfig + *out = make([]RestrictedExportConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalyticsHubListingObservation. @@ -1264,6 +1293,13 @@ func (in *AnalyticsHubListingParameters) DeepCopyInto(out *AnalyticsHubListingPa *out = new(string) **out = **in } + if in.RestrictedExportConfig != nil { + in, out := &in.RestrictedExportConfig, &out.RestrictedExportConfig + *out = make([]RestrictedExportConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalyticsHubListingParameters. @@ -2001,6 +2037,21 @@ func (in *CloudSpannerInitParameters) DeepCopyInto(out *CloudSpannerInitParamete *out = new(string) **out = **in } + if in.DatabaseRole != nil { + in, out := &in.DatabaseRole, &out.DatabaseRole + *out = new(string) + **out = **in + } + if in.MaxParallelism != nil { + in, out := &in.MaxParallelism, &out.MaxParallelism + *out = new(float64) + **out = **in + } + if in.UseDataBoost != nil { + in, out := &in.UseDataBoost, &out.UseDataBoost + *out = new(bool) + **out = **in + } if in.UseParallelism != nil { in, out := &in.UseParallelism, &out.UseParallelism *out = new(bool) @@ -2031,6 +2082,21 @@ func (in *CloudSpannerObservation) DeepCopyInto(out *CloudSpannerObservation) { *out = new(string) **out = **in } + if in.DatabaseRole != nil { + in, out := &in.DatabaseRole, &out.DatabaseRole + *out = new(string) + **out = **in + } + if in.MaxParallelism != nil { + in, out := &in.MaxParallelism, &out.MaxParallelism + *out = new(float64) + **out = **in + } + if in.UseDataBoost != nil { + in, out := &in.UseDataBoost, &out.UseDataBoost + *out = new(bool) + **out = **in + } if in.UseParallelism != nil { in, out := &in.UseParallelism, &out.UseParallelism *out = new(bool) @@ -2061,6 +2127,21 @@ func (in *CloudSpannerParameters) DeepCopyInto(out *CloudSpannerParameters) { *out = new(string) **out = **in } + if in.DatabaseRole != nil { + in, out := &in.DatabaseRole, &out.DatabaseRole + *out = new(string) + **out = **in + } + if in.MaxParallelism != nil { + in, out := &in.MaxParallelism, &out.MaxParallelism + *out = new(float64) + **out = **in + } + if in.UseDataBoost != nil { + in, out := &in.UseDataBoost, &out.UseDataBoost + *out = new(bool) + **out = **in + } if in.UseParallelism != nil { in, out := &in.UseParallelism, &out.UseParallelism *out = new(bool) @@ -2083,6 +2164,81 @@ func (in *CloudSpannerParameters) DeepCopy() *CloudSpannerParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ColumnReferencesInitParameters) DeepCopyInto(out *ColumnReferencesInitParameters) { + *out = *in + if in.ReferencedColumn != nil { + in, out := &in.ReferencedColumn, &out.ReferencedColumn + *out = new(string) + **out = **in + } + if in.ReferencingColumn != nil { + in, out := &in.ReferencingColumn, &out.ReferencingColumn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ColumnReferencesInitParameters. +func (in *ColumnReferencesInitParameters) DeepCopy() *ColumnReferencesInitParameters { + if in == nil { + return nil + } + out := new(ColumnReferencesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ColumnReferencesObservation) DeepCopyInto(out *ColumnReferencesObservation) { + *out = *in + if in.ReferencedColumn != nil { + in, out := &in.ReferencedColumn, &out.ReferencedColumn + *out = new(string) + **out = **in + } + if in.ReferencingColumn != nil { + in, out := &in.ReferencingColumn, &out.ReferencingColumn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ColumnReferencesObservation. +func (in *ColumnReferencesObservation) DeepCopy() *ColumnReferencesObservation { + if in == nil { + return nil + } + out := new(ColumnReferencesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ColumnReferencesParameters) DeepCopyInto(out *ColumnReferencesParameters) { + *out = *in + if in.ReferencedColumn != nil { + in, out := &in.ReferencedColumn, &out.ReferencedColumn + *out = new(string) + **out = **in + } + if in.ReferencingColumn != nil { + in, out := &in.ReferencingColumn, &out.ReferencingColumn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ColumnReferencesParameters. +func (in *ColumnReferencesParameters) DeepCopy() *ColumnReferencesParameters { + if in == nil { + return nil + } + out := new(ColumnReferencesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in @@ -2261,6 +2417,13 @@ func (in *ConnectionInitParameters) DeepCopyInto(out *ConnectionInitParameters) *out = new(string) **out = **in } + if in.Spark != nil { + in, out := &in.Spark, &out.Spark + *out = make([]SparkInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionInitParameters. @@ -2383,6 +2546,13 @@ func (in *ConnectionObservation) DeepCopyInto(out *ConnectionObservation) { *out = new(string) **out = **in } + if in.Spark != nil { + in, out := &in.Spark, &out.Spark + *out = make([]SparkObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionObservation. @@ -2456,6 +2626,13 @@ func (in *ConnectionParameters) DeepCopyInto(out *ConnectionParameters) { *out = new(string) **out = **in } + if in.Spark != nil { + in, out := &in.Spark, &out.Spark + *out = make([]SparkParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionParameters. @@ -5350,6 +5527,22 @@ func (in *DatasetObservation) DeepCopyInto(out *DatasetObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -5416,6 +5609,22 @@ func (in *DatasetObservation) DeepCopyInto(out *DatasetObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatasetObservation. @@ -6230,6 +6439,11 @@ func (in *ExternalDataConfigurationInitParameters) DeepCopyInto(out *ExternalDat (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FileSetSpecType != nil { + in, out := &in.FileSetSpecType, &out.FileSetSpecType + *out = new(string) + **out = **in + } if in.GoogleSheetsOptions != nil { in, out := &in.GoogleSheetsOptions, &out.GoogleSheetsOptions *out = make([]GoogleSheetsOptionsInitParameters, len(*in)) @@ -6348,6 +6562,11 @@ func (in *ExternalDataConfigurationObservation) DeepCopyInto(out *ExternalDataCo (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FileSetSpecType != nil { + in, out := &in.FileSetSpecType, &out.FileSetSpecType + *out = new(string) + **out = **in + } if in.GoogleSheetsOptions != nil { in, out := &in.GoogleSheetsOptions, &out.GoogleSheetsOptions *out = make([]GoogleSheetsOptionsObservation, len(*in)) @@ -6466,6 +6685,11 @@ func (in *ExternalDataConfigurationParameters) DeepCopyInto(out *ExternalDataCon (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FileSetSpecType != nil { + in, out := &in.FileSetSpecType, &out.FileSetSpecType + *out = new(string) + **out = **in + } if in.GoogleSheetsOptions != nil { in, out := &in.GoogleSheetsOptions, &out.GoogleSheetsOptions *out = make([]GoogleSheetsOptionsParameters, len(*in)) @@ -6822,6 +7046,108 @@ func (in *ExtractParameters) DeepCopy() *ExtractParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ForeignKeysInitParameters) DeepCopyInto(out *ForeignKeysInitParameters) { + *out = *in + if in.ColumnReferences != nil { + in, out := &in.ColumnReferences, &out.ColumnReferences + *out = make([]ColumnReferencesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.ReferencedTable != nil { + in, out := &in.ReferencedTable, &out.ReferencedTable + *out = make([]ReferencedTableInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForeignKeysInitParameters. +func (in *ForeignKeysInitParameters) DeepCopy() *ForeignKeysInitParameters { + if in == nil { + return nil + } + out := new(ForeignKeysInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ForeignKeysObservation) DeepCopyInto(out *ForeignKeysObservation) { + *out = *in + if in.ColumnReferences != nil { + in, out := &in.ColumnReferences, &out.ColumnReferences + *out = make([]ColumnReferencesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.ReferencedTable != nil { + in, out := &in.ReferencedTable, &out.ReferencedTable + *out = make([]ReferencedTableObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForeignKeysObservation. +func (in *ForeignKeysObservation) DeepCopy() *ForeignKeysObservation { + if in == nil { + return nil + } + out := new(ForeignKeysObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ForeignKeysParameters) DeepCopyInto(out *ForeignKeysParameters) { + *out = *in + if in.ColumnReferences != nil { + in, out := &in.ColumnReferences, &out.ColumnReferences + *out = make([]ColumnReferencesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.ReferencedTable != nil { + in, out := &in.ReferencedTable, &out.ReferencedTable + *out = make([]ReferencedTableParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForeignKeysParameters. +func (in *ForeignKeysParameters) DeepCopy() *ForeignKeysParameters { + if in == nil { + return nil + } + out := new(ForeignKeysParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GoogleSheetsOptionsInitParameters) DeepCopyInto(out *GoogleSheetsOptionsInitParameters) { *out = *in @@ -7195,6 +7521,22 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Extract != nil { in, out := &in.Extract, &out.Extract *out = make([]ExtractObservation, len(*in)) @@ -7269,6 +7611,22 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UserEmail != nil { in, out := &in.UserEmail, &out.UserEmail *out = new(string) @@ -8036,8 +8394,13 @@ func (in *LoadParameters) DeepCopy() *LoadParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MaterializedViewInitParameters) DeepCopyInto(out *MaterializedViewInitParameters) { *out = *in - if in.EnableRefresh != nil { - in, out := &in.EnableRefresh, &out.EnableRefresh + if in.AllowNonIncrementalDefinition != nil { + in, out := &in.AllowNonIncrementalDefinition, &out.AllowNonIncrementalDefinition + *out = new(bool) + **out = **in + } + if in.EnableRefresh != nil { + in, out := &in.EnableRefresh, &out.EnableRefresh *out = new(bool) **out = **in } @@ -8066,6 +8429,11 @@ func (in *MaterializedViewInitParameters) DeepCopy() *MaterializedViewInitParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MaterializedViewObservation) DeepCopyInto(out *MaterializedViewObservation) { *out = *in + if in.AllowNonIncrementalDefinition != nil { + in, out := &in.AllowNonIncrementalDefinition, &out.AllowNonIncrementalDefinition + *out = new(bool) + **out = **in + } if in.EnableRefresh != nil { in, out := &in.EnableRefresh, &out.EnableRefresh *out = new(bool) @@ -8096,6 +8464,11 @@ func (in *MaterializedViewObservation) DeepCopy() *MaterializedViewObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MaterializedViewParameters) DeepCopyInto(out *MaterializedViewParameters) { *out = *in + if in.AllowNonIncrementalDefinition != nil { + in, out := &in.AllowNonIncrementalDefinition, &out.AllowNonIncrementalDefinition + *out = new(bool) + **out = **in + } if in.EnableRefresh != nil { in, out := &in.EnableRefresh, &out.EnableRefresh *out = new(bool) @@ -8123,6 +8496,66 @@ func (in *MaterializedViewParameters) DeepCopy() *MaterializedViewParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetastoreServiceConfigInitParameters) DeepCopyInto(out *MetastoreServiceConfigInitParameters) { + *out = *in + if in.MetastoreService != nil { + in, out := &in.MetastoreService, &out.MetastoreService + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreServiceConfigInitParameters. +func (in *MetastoreServiceConfigInitParameters) DeepCopy() *MetastoreServiceConfigInitParameters { + if in == nil { + return nil + } + out := new(MetastoreServiceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetastoreServiceConfigObservation) DeepCopyInto(out *MetastoreServiceConfigObservation) { + *out = *in + if in.MetastoreService != nil { + in, out := &in.MetastoreService, &out.MetastoreService + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreServiceConfigObservation. +func (in *MetastoreServiceConfigObservation) DeepCopy() *MetastoreServiceConfigObservation { + if in == nil { + return nil + } + out := new(MetastoreServiceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetastoreServiceConfigParameters) DeepCopyInto(out *MetastoreServiceConfigParameters) { + *out = *in + if in.MetastoreService != nil { + in, out := &in.MetastoreService, &out.MetastoreService + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreServiceConfigParameters. +func (in *MetastoreServiceConfigParameters) DeepCopy() *MetastoreServiceConfigParameters { + if in == nil { + return nil + } + out := new(MetastoreServiceConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ParquetOptionsInitParameters) DeepCopyInto(out *ParquetOptionsInitParameters) { *out = *in @@ -8198,6 +8631,84 @@ func (in *ParquetOptionsParameters) DeepCopy() *ParquetOptionsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryKeyInitParameters) DeepCopyInto(out *PrimaryKeyInitParameters) { + *out = *in + if in.Columns != nil { + in, out := &in.Columns, &out.Columns + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryKeyInitParameters. +func (in *PrimaryKeyInitParameters) DeepCopy() *PrimaryKeyInitParameters { + if in == nil { + return nil + } + out := new(PrimaryKeyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryKeyObservation) DeepCopyInto(out *PrimaryKeyObservation) { + *out = *in + if in.Columns != nil { + in, out := &in.Columns, &out.Columns + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryKeyObservation. +func (in *PrimaryKeyObservation) DeepCopy() *PrimaryKeyObservation { + if in == nil { + return nil + } + out := new(PrimaryKeyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryKeyParameters) DeepCopyInto(out *PrimaryKeyParameters) { + *out = *in + if in.Columns != nil { + in, out := &in.Columns, &out.Columns + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryKeyParameters. +func (in *PrimaryKeyParameters) DeepCopy() *PrimaryKeyParameters { + if in == nil { + return nil + } + out := new(PrimaryKeyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PublisherInitParameters) DeepCopyInto(out *PublisherInitParameters) { *out = *in @@ -8988,156 +9499,399 @@ func (in *RangePartitioningParameters) DeepCopy() *RangePartitioningParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Reservation) DeepCopyInto(out *Reservation) { +func (in *ReferencedTableInitParameters) DeepCopyInto(out *ReferencedTableInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.ProjectID != nil { + in, out := &in.ProjectID, &out.ProjectID + *out = new(string) + **out = **in + } + if in.TableID != nil { + in, out := &in.TableID, &out.TableID + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Reservation. -func (in *Reservation) DeepCopy() *Reservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferencedTableInitParameters. +func (in *ReferencedTableInitParameters) DeepCopy() *ReferencedTableInitParameters { if in == nil { return nil } - out := new(Reservation) + out := new(ReferencedTableInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Reservation) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReservationAssignment) DeepCopyInto(out *ReservationAssignment) { +func (in *ReferencedTableObservation) DeepCopyInto(out *ReferencedTableObservation) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.DatasetID != nil { + in, out := &in.DatasetID, &out.DatasetID + *out = new(string) + **out = **in + } + if in.ProjectID != nil { + in, out := &in.ProjectID, &out.ProjectID + *out = new(string) + **out = **in + } + if in.TableID != nil { + in, out := &in.TableID, &out.TableID + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReservationAssignment. -func (in *ReservationAssignment) DeepCopy() *ReservationAssignment { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferencedTableObservation. +func (in *ReferencedTableObservation) DeepCopy() *ReferencedTableObservation { if in == nil { return nil } - out := new(ReservationAssignment) + out := new(ReferencedTableObservation) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ReservationAssignment) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReservationAssignmentInitParameters) DeepCopyInto(out *ReservationAssignmentInitParameters) { +func (in *ReferencedTableParameters) DeepCopyInto(out *ReferencedTableParameters) { *out = *in - if in.Assignee != nil { - in, out := &in.Assignee, &out.Assignee - *out = new(string) - **out = **in - } - if in.JobType != nil { - in, out := &in.JobType, &out.JobType + if in.DatasetID != nil { + in, out := &in.DatasetID, &out.DatasetID *out = new(string) **out = **in } - if in.Location != nil { - in, out := &in.Location, &out.Location + if in.ProjectID != nil { + in, out := &in.ProjectID, &out.ProjectID *out = new(string) **out = **in } - if in.Project != nil { - in, out := &in.Project, &out.Project + if in.TableID != nil { + in, out := &in.TableID, &out.TableID *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReservationAssignmentInitParameters. -func (in *ReservationAssignmentInitParameters) DeepCopy() *ReservationAssignmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferencedTableParameters. +func (in *ReferencedTableParameters) DeepCopy() *ReferencedTableParameters { if in == nil { return nil } - out := new(ReservationAssignmentInitParameters) + out := new(ReferencedTableParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReservationAssignmentList) DeepCopyInto(out *ReservationAssignmentList) { +func (in *RemoteFunctionOptionsInitParameters) DeepCopyInto(out *RemoteFunctionOptionsInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ReservationAssignment, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ConnectionRef != nil { + in, out := &in.ConnectionRef, &out.ConnectionRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ConnectionSelector != nil { + in, out := &in.ConnectionSelector, &out.ConnectionSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = new(string) + **out = **in + } + if in.MaxBatchingRows != nil { + in, out := &in.MaxBatchingRows, &out.MaxBatchingRows + *out = new(string) + **out = **in + } + if in.UserDefinedContext != nil { + in, out := &in.UserDefinedContext, &out.UserDefinedContext + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReservationAssignmentList. -func (in *ReservationAssignmentList) DeepCopy() *ReservationAssignmentList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteFunctionOptionsInitParameters. +func (in *RemoteFunctionOptionsInitParameters) DeepCopy() *RemoteFunctionOptionsInitParameters { if in == nil { return nil } - out := new(ReservationAssignmentList) + out := new(RemoteFunctionOptionsInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ReservationAssignmentList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReservationAssignmentObservation) DeepCopyInto(out *ReservationAssignmentObservation) { +func (in *RemoteFunctionOptionsObservation) DeepCopyInto(out *RemoteFunctionOptionsObservation) { *out = *in - if in.Assignee != nil { - in, out := &in.Assignee, &out.Assignee + if in.Connection != nil { + in, out := &in.Connection, &out.Connection *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.JobType != nil { - in, out := &in.JobType, &out.JobType - *out = new(string) - **out = **in - } - if in.Location != nil { - in, out := &in.Location, &out.Location + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint *out = new(string) **out = **in } - if in.Name != nil { - in, out := &in.Name, &out.Name + if in.MaxBatchingRows != nil { + in, out := &in.MaxBatchingRows, &out.MaxBatchingRows *out = new(string) **out = **in } - if in.Project != nil { - in, out := &in.Project, &out.Project + if in.UserDefinedContext != nil { + in, out := &in.UserDefinedContext, &out.UserDefinedContext + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteFunctionOptionsObservation. +func (in *RemoteFunctionOptionsObservation) DeepCopy() *RemoteFunctionOptionsObservation { + if in == nil { + return nil + } + out := new(RemoteFunctionOptionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteFunctionOptionsParameters) DeepCopyInto(out *RemoteFunctionOptionsParameters) { + *out = *in + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ConnectionRef != nil { + in, out := &in.ConnectionRef, &out.ConnectionRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ConnectionSelector != nil { + in, out := &in.ConnectionSelector, &out.ConnectionSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = new(string) + **out = **in + } + if in.MaxBatchingRows != nil { + in, out := &in.MaxBatchingRows, &out.MaxBatchingRows + *out = new(string) + **out = **in + } + if in.UserDefinedContext != nil { + in, out := &in.UserDefinedContext, &out.UserDefinedContext + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteFunctionOptionsParameters. +func (in *RemoteFunctionOptionsParameters) DeepCopy() *RemoteFunctionOptionsParameters { + if in == nil { + return nil + } + out := new(RemoteFunctionOptionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Reservation) DeepCopyInto(out *Reservation) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Reservation. +func (in *Reservation) DeepCopy() *Reservation { + if in == nil { + return nil + } + out := new(Reservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Reservation) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReservationAssignment) DeepCopyInto(out *ReservationAssignment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReservationAssignment. +func (in *ReservationAssignment) DeepCopy() *ReservationAssignment { + if in == nil { + return nil + } + out := new(ReservationAssignment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReservationAssignment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReservationAssignmentInitParameters) DeepCopyInto(out *ReservationAssignmentInitParameters) { + *out = *in + if in.Assignee != nil { + in, out := &in.Assignee, &out.Assignee + *out = new(string) + **out = **in + } + if in.JobType != nil { + in, out := &in.JobType, &out.JobType + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReservationAssignmentInitParameters. +func (in *ReservationAssignmentInitParameters) DeepCopy() *ReservationAssignmentInitParameters { + if in == nil { + return nil + } + out := new(ReservationAssignmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReservationAssignmentList) DeepCopyInto(out *ReservationAssignmentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ReservationAssignment, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReservationAssignmentList. +func (in *ReservationAssignmentList) DeepCopy() *ReservationAssignmentList { + if in == nil { + return nil + } + out := new(ReservationAssignmentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReservationAssignmentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReservationAssignmentObservation) DeepCopyInto(out *ReservationAssignmentObservation) { + *out = *in + if in.Assignee != nil { + in, out := &in.Assignee, &out.Assignee + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.JobType != nil { + in, out := &in.JobType, &out.JobType + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project *out = new(string) **out = **in } @@ -9482,44 +10236,119 @@ func (in *ReservationStatus) DeepCopy() *ReservationStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Routine) DeepCopyInto(out *Routine) { +func (in *RestrictedExportConfigInitParameters) DeepCopyInto(out *RestrictedExportConfigInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.RestrictQueryResult != nil { + in, out := &in.RestrictQueryResult, &out.RestrictQueryResult + *out = new(bool) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Routine. -func (in *Routine) DeepCopy() *Routine { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestrictedExportConfigInitParameters. +func (in *RestrictedExportConfigInitParameters) DeepCopy() *RestrictedExportConfigInitParameters { if in == nil { return nil } - out := new(Routine) + out := new(RestrictedExportConfigInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Routine) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestrictedExportConfigObservation) DeepCopyInto(out *RestrictedExportConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.RestrictQueryResult != nil { + in, out := &in.RestrictQueryResult, &out.RestrictQueryResult + *out = new(bool) + **out = **in } - return nil +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestrictedExportConfigObservation. +func (in *RestrictedExportConfigObservation) DeepCopy() *RestrictedExportConfigObservation { + if in == nil { + return nil + } + out := new(RestrictedExportConfigObservation) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoutineInitParameters) DeepCopyInto(out *RoutineInitParameters) { +func (in *RestrictedExportConfigParameters) DeepCopyInto(out *RestrictedExportConfigParameters) { *out = *in - if in.DatasetID != nil { - in, out := &in.DatasetID, &out.DatasetID - *out = new(string) + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) **out = **in } - if in.DatasetIDRef != nil { - in, out := &in.DatasetIDRef, &out.DatasetIDRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) + if in.RestrictQueryResult != nil { + in, out := &in.RestrictQueryResult, &out.RestrictQueryResult + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestrictedExportConfigParameters. +func (in *RestrictedExportConfigParameters) DeepCopy() *RestrictedExportConfigParameters { + if in == nil { + return nil + } + out := new(RestrictedExportConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Routine) DeepCopyInto(out *Routine) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Routine. +func (in *Routine) DeepCopy() *Routine { + if in == nil { + return nil + } + out := new(Routine) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Routine) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RoutineInitParameters) DeepCopyInto(out *RoutineInitParameters) { + *out = *in + if in.DatasetID != nil { + in, out := &in.DatasetID, &out.DatasetID + *out = new(string) + **out = **in + } + if in.DatasetIDRef != nil { + in, out := &in.DatasetIDRef, &out.DatasetIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) } if in.DatasetIDSelector != nil { in, out := &in.DatasetIDSelector, &out.DatasetIDSelector @@ -9614,6 +10443,13 @@ func (in *RoutineInitParameters_2) DeepCopyInto(out *RoutineInitParameters_2) { *out = new(string) **out = **in } + if in.RemoteFunctionOptions != nil { + in, out := &in.RemoteFunctionOptions, &out.RemoteFunctionOptions + *out = make([]RemoteFunctionOptionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ReturnTableType != nil { in, out := &in.ReturnTableType, &out.ReturnTableType *out = new(string) @@ -9629,6 +10465,13 @@ func (in *RoutineInitParameters_2) DeepCopyInto(out *RoutineInitParameters_2) { *out = new(string) **out = **in } + if in.SparkOptions != nil { + in, out := &in.SparkOptions, &out.SparkOptions + *out = make([]SparkOptionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoutineInitParameters_2. @@ -9769,6 +10612,13 @@ func (in *RoutineObservation_2) DeepCopyInto(out *RoutineObservation_2) { *out = new(string) **out = **in } + if in.RemoteFunctionOptions != nil { + in, out := &in.RemoteFunctionOptions, &out.RemoteFunctionOptions + *out = make([]RemoteFunctionOptionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ReturnTableType != nil { in, out := &in.ReturnTableType, &out.ReturnTableType *out = new(string) @@ -9784,6 +10634,13 @@ func (in *RoutineObservation_2) DeepCopyInto(out *RoutineObservation_2) { *out = new(string) **out = **in } + if in.SparkOptions != nil { + in, out := &in.SparkOptions, &out.SparkOptions + *out = make([]SparkOptionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoutineObservation_2. @@ -9917,6 +10774,13 @@ func (in *RoutineParameters_2) DeepCopyInto(out *RoutineParameters_2) { *out = new(string) **out = **in } + if in.RemoteFunctionOptions != nil { + in, out := &in.RemoteFunctionOptions, &out.RemoteFunctionOptions + *out = make([]RemoteFunctionOptionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ReturnTableType != nil { in, out := &in.ReturnTableType, &out.ReturnTableType *out = new(string) @@ -9932,6 +10796,13 @@ func (in *RoutineParameters_2) DeepCopyInto(out *RoutineParameters_2) { *out = new(string) **out = **in } + if in.SparkOptions != nil { + in, out := &in.SparkOptions, &out.SparkOptions + *out = make([]SparkOptionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoutineParameters_2. @@ -10463,54 +11334,546 @@ func (in *SourceTablesObservation) DeepCopyInto(out *SourceTablesObservation) { *out = new(string) **out = **in } - if in.ProjectID != nil { - in, out := &in.ProjectID, &out.ProjectID + if in.ProjectID != nil { + in, out := &in.ProjectID, &out.ProjectID + *out = new(string) + **out = **in + } + if in.TableID != nil { + in, out := &in.TableID, &out.TableID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceTablesObservation. +func (in *SourceTablesObservation) DeepCopy() *SourceTablesObservation { + if in == nil { + return nil + } + out := new(SourceTablesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourceTablesParameters) DeepCopyInto(out *SourceTablesParameters) { + *out = *in + if in.DatasetID != nil { + in, out := &in.DatasetID, &out.DatasetID + *out = new(string) + **out = **in + } + if in.ProjectID != nil { + in, out := &in.ProjectID, &out.ProjectID + *out = new(string) + **out = **in + } + if in.TableID != nil { + in, out := &in.TableID, &out.TableID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceTablesParameters. +func (in *SourceTablesParameters) DeepCopy() *SourceTablesParameters { + if in == nil { + return nil + } + out := new(SourceTablesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkHistoryServerConfigInitParameters) DeepCopyInto(out *SparkHistoryServerConfigInitParameters) { + *out = *in + if in.DataprocCluster != nil { + in, out := &in.DataprocCluster, &out.DataprocCluster + *out = new(string) + **out = **in + } + if in.DataprocClusterRef != nil { + in, out := &in.DataprocClusterRef, &out.DataprocClusterRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.DataprocClusterSelector != nil { + in, out := &in.DataprocClusterSelector, &out.DataprocClusterSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkHistoryServerConfigInitParameters. +func (in *SparkHistoryServerConfigInitParameters) DeepCopy() *SparkHistoryServerConfigInitParameters { + if in == nil { + return nil + } + out := new(SparkHistoryServerConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkHistoryServerConfigObservation) DeepCopyInto(out *SparkHistoryServerConfigObservation) { + *out = *in + if in.DataprocCluster != nil { + in, out := &in.DataprocCluster, &out.DataprocCluster + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkHistoryServerConfigObservation. +func (in *SparkHistoryServerConfigObservation) DeepCopy() *SparkHistoryServerConfigObservation { + if in == nil { + return nil + } + out := new(SparkHistoryServerConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkHistoryServerConfigParameters) DeepCopyInto(out *SparkHistoryServerConfigParameters) { + *out = *in + if in.DataprocCluster != nil { + in, out := &in.DataprocCluster, &out.DataprocCluster + *out = new(string) + **out = **in + } + if in.DataprocClusterRef != nil { + in, out := &in.DataprocClusterRef, &out.DataprocClusterRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.DataprocClusterSelector != nil { + in, out := &in.DataprocClusterSelector, &out.DataprocClusterSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkHistoryServerConfigParameters. +func (in *SparkHistoryServerConfigParameters) DeepCopy() *SparkHistoryServerConfigParameters { + if in == nil { + return nil + } + out := new(SparkHistoryServerConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkInitParameters) DeepCopyInto(out *SparkInitParameters) { + *out = *in + if in.MetastoreServiceConfig != nil { + in, out := &in.MetastoreServiceConfig, &out.MetastoreServiceConfig + *out = make([]MetastoreServiceConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SparkHistoryServerConfig != nil { + in, out := &in.SparkHistoryServerConfig, &out.SparkHistoryServerConfig + *out = make([]SparkHistoryServerConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkInitParameters. +func (in *SparkInitParameters) DeepCopy() *SparkInitParameters { + if in == nil { + return nil + } + out := new(SparkInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkObservation) DeepCopyInto(out *SparkObservation) { + *out = *in + if in.MetastoreServiceConfig != nil { + in, out := &in.MetastoreServiceConfig, &out.MetastoreServiceConfig + *out = make([]MetastoreServiceConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ServiceAccountID != nil { + in, out := &in.ServiceAccountID, &out.ServiceAccountID + *out = new(string) + **out = **in + } + if in.SparkHistoryServerConfig != nil { + in, out := &in.SparkHistoryServerConfig, &out.SparkHistoryServerConfig + *out = make([]SparkHistoryServerConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkObservation. +func (in *SparkObservation) DeepCopy() *SparkObservation { + if in == nil { + return nil + } + out := new(SparkObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkOptionsInitParameters) DeepCopyInto(out *SparkOptionsInitParameters) { + *out = *in + if in.ArchiveUris != nil { + in, out := &in.ArchiveUris, &out.ArchiveUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ConnectionRef != nil { + in, out := &in.ConnectionRef, &out.ConnectionRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ConnectionSelector != nil { + in, out := &in.ConnectionSelector, &out.ConnectionSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ContainerImage != nil { + in, out := &in.ContainerImage, &out.ContainerImage + *out = new(string) + **out = **in + } + if in.FileUris != nil { + in, out := &in.FileUris, &out.FileUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.JarUris != nil { + in, out := &in.JarUris, &out.JarUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MainClass != nil { + in, out := &in.MainClass, &out.MainClass + *out = new(string) + **out = **in + } + if in.MainFileURI != nil { + in, out := &in.MainFileURI, &out.MainFileURI + *out = new(string) + **out = **in + } + if in.Properties != nil { + in, out := &in.Properties, &out.Properties + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.PyFileUris != nil { + in, out := &in.PyFileUris, &out.PyFileUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RuntimeVersion != nil { + in, out := &in.RuntimeVersion, &out.RuntimeVersion + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkOptionsInitParameters. +func (in *SparkOptionsInitParameters) DeepCopy() *SparkOptionsInitParameters { + if in == nil { + return nil + } + out := new(SparkOptionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkOptionsObservation) DeepCopyInto(out *SparkOptionsObservation) { + *out = *in + if in.ArchiveUris != nil { + in, out := &in.ArchiveUris, &out.ArchiveUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ContainerImage != nil { + in, out := &in.ContainerImage, &out.ContainerImage + *out = new(string) + **out = **in + } + if in.FileUris != nil { + in, out := &in.FileUris, &out.FileUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.JarUris != nil { + in, out := &in.JarUris, &out.JarUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MainClass != nil { + in, out := &in.MainClass, &out.MainClass + *out = new(string) + **out = **in + } + if in.MainFileURI != nil { + in, out := &in.MainFileURI, &out.MainFileURI + *out = new(string) + **out = **in + } + if in.Properties != nil { + in, out := &in.Properties, &out.Properties + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.PyFileUris != nil { + in, out := &in.PyFileUris, &out.PyFileUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RuntimeVersion != nil { + in, out := &in.RuntimeVersion, &out.RuntimeVersion + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkOptionsObservation. +func (in *SparkOptionsObservation) DeepCopy() *SparkOptionsObservation { + if in == nil { + return nil + } + out := new(SparkOptionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SparkOptionsParameters) DeepCopyInto(out *SparkOptionsParameters) { + *out = *in + if in.ArchiveUris != nil { + in, out := &in.ArchiveUris, &out.ArchiveUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ConnectionRef != nil { + in, out := &in.ConnectionRef, &out.ConnectionRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ConnectionSelector != nil { + in, out := &in.ConnectionSelector, &out.ConnectionSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ContainerImage != nil { + in, out := &in.ContainerImage, &out.ContainerImage + *out = new(string) + **out = **in + } + if in.FileUris != nil { + in, out := &in.FileUris, &out.FileUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.JarUris != nil { + in, out := &in.JarUris, &out.JarUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MainClass != nil { + in, out := &in.MainClass, &out.MainClass + *out = new(string) + **out = **in + } + if in.MainFileURI != nil { + in, out := &in.MainFileURI, &out.MainFileURI *out = new(string) **out = **in } - if in.TableID != nil { - in, out := &in.TableID, &out.TableID + if in.Properties != nil { + in, out := &in.Properties, &out.Properties + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.PyFileUris != nil { + in, out := &in.PyFileUris, &out.PyFileUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RuntimeVersion != nil { + in, out := &in.RuntimeVersion, &out.RuntimeVersion *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceTablesObservation. -func (in *SourceTablesObservation) DeepCopy() *SourceTablesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkOptionsParameters. +func (in *SparkOptionsParameters) DeepCopy() *SparkOptionsParameters { if in == nil { return nil } - out := new(SourceTablesObservation) + out := new(SparkOptionsParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SourceTablesParameters) DeepCopyInto(out *SourceTablesParameters) { +func (in *SparkParameters) DeepCopyInto(out *SparkParameters) { *out = *in - if in.DatasetID != nil { - in, out := &in.DatasetID, &out.DatasetID - *out = new(string) - **out = **in - } - if in.ProjectID != nil { - in, out := &in.ProjectID, &out.ProjectID - *out = new(string) - **out = **in + if in.MetastoreServiceConfig != nil { + in, out := &in.MetastoreServiceConfig, &out.MetastoreServiceConfig + *out = make([]MetastoreServiceConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.TableID != nil { - in, out := &in.TableID, &out.TableID - *out = new(string) - **out = **in + if in.SparkHistoryServerConfig != nil { + in, out := &in.SparkHistoryServerConfig, &out.SparkHistoryServerConfig + *out = make([]SparkHistoryServerConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceTablesParameters. -func (in *SourceTablesParameters) DeepCopy() *SourceTablesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SparkParameters. +func (in *SparkParameters) DeepCopy() *SparkParameters { if in == nil { return nil } - out := new(SourceTablesParameters) + out := new(SparkParameters) in.DeepCopyInto(out) return out } @@ -10606,6 +11969,93 @@ func (in *Table) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableConstraintsInitParameters) DeepCopyInto(out *TableConstraintsInitParameters) { + *out = *in + if in.ForeignKeys != nil { + in, out := &in.ForeignKeys, &out.ForeignKeys + *out = make([]ForeignKeysInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PrimaryKey != nil { + in, out := &in.PrimaryKey, &out.PrimaryKey + *out = make([]PrimaryKeyInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableConstraintsInitParameters. +func (in *TableConstraintsInitParameters) DeepCopy() *TableConstraintsInitParameters { + if in == nil { + return nil + } + out := new(TableConstraintsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableConstraintsObservation) DeepCopyInto(out *TableConstraintsObservation) { + *out = *in + if in.ForeignKeys != nil { + in, out := &in.ForeignKeys, &out.ForeignKeys + *out = make([]ForeignKeysObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PrimaryKey != nil { + in, out := &in.PrimaryKey, &out.PrimaryKey + *out = make([]PrimaryKeyObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableConstraintsObservation. +func (in *TableConstraintsObservation) DeepCopy() *TableConstraintsObservation { + if in == nil { + return nil + } + out := new(TableConstraintsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableConstraintsParameters) DeepCopyInto(out *TableConstraintsParameters) { + *out = *in + if in.ForeignKeys != nil { + in, out := &in.ForeignKeys, &out.ForeignKeys + *out = make([]ForeignKeysParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PrimaryKey != nil { + in, out := &in.PrimaryKey, &out.PrimaryKey + *out = make([]PrimaryKeyParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableConstraintsParameters. +func (in *TableConstraintsParameters) DeepCopy() *TableConstraintsParameters { + if in == nil { + return nil + } + out := new(TableConstraintsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TableIAMBinding) DeepCopyInto(out *TableIAMBinding) { *out = *in @@ -11654,6 +13104,11 @@ func (in *TableInitParameters) DeepCopyInto(out *TableInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MaxStaleness != nil { + in, out := &in.MaxStaleness, &out.MaxStaleness + *out = new(string) + **out = **in + } if in.RangePartitioning != nil { in, out := &in.RangePartitioning, &out.RangePartitioning *out = make([]RangePartitioningInitParameters, len(*in)) @@ -11661,11 +13116,30 @@ func (in *TableInitParameters) DeepCopyInto(out *TableInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.RequirePartitionFilter != nil { + in, out := &in.RequirePartitionFilter, &out.RequirePartitionFilter + *out = new(bool) + **out = **in + } if in.Schema != nil { in, out := &in.Schema, &out.Schema *out = new(string) **out = **in } + if in.TableConstraints != nil { + in, out := &in.TableConstraints, &out.TableConstraints + *out = make([]TableConstraintsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TableReplicationInfo != nil { + in, out := &in.TableReplicationInfo, &out.TableReplicationInfo + *out = make([]TableReplicationInfoInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TimePartitioning != nil { in, out := &in.TimePartitioning, &out.TimePartitioning *out = make([]TableTimePartitioningInitParameters, len(*in)) @@ -11758,6 +13232,22 @@ func (in *TableObservation) DeepCopyInto(out *TableObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EncryptionConfiguration != nil { in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration *out = make([]EncryptionConfigurationObservation, len(*in)) @@ -11825,6 +13315,11 @@ func (in *TableObservation) DeepCopyInto(out *TableObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MaxStaleness != nil { + in, out := &in.MaxStaleness, &out.MaxStaleness + *out = new(string) + **out = **in + } if in.NumBytes != nil { in, out := &in.NumBytes, &out.NumBytes *out = new(float64) @@ -11852,6 +13347,11 @@ func (in *TableObservation) DeepCopyInto(out *TableObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.RequirePartitionFilter != nil { + in, out := &in.RequirePartitionFilter, &out.RequirePartitionFilter + *out = new(bool) + **out = **in + } if in.Schema != nil { in, out := &in.Schema, &out.Schema *out = new(string) @@ -11862,6 +13362,36 @@ func (in *TableObservation) DeepCopyInto(out *TableObservation) { *out = new(string) **out = **in } + if in.TableConstraints != nil { + in, out := &in.TableConstraints, &out.TableConstraints + *out = make([]TableConstraintsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TableReplicationInfo != nil { + in, out := &in.TableReplicationInfo, &out.TableReplicationInfo + *out = make([]TableReplicationInfoObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.TimePartitioning != nil { in, out := &in.TimePartitioning, &out.TimePartitioning *out = make([]TableTimePartitioningObservation, len(*in)) @@ -11979,6 +13509,11 @@ func (in *TableParameters) DeepCopyInto(out *TableParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MaxStaleness != nil { + in, out := &in.MaxStaleness, &out.MaxStaleness + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -11991,11 +13526,30 @@ func (in *TableParameters) DeepCopyInto(out *TableParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.RequirePartitionFilter != nil { + in, out := &in.RequirePartitionFilter, &out.RequirePartitionFilter + *out = new(bool) + **out = **in + } if in.Schema != nil { in, out := &in.Schema, &out.Schema *out = new(string) **out = **in } + if in.TableConstraints != nil { + in, out := &in.TableConstraints, &out.TableConstraints + *out = make([]TableConstraintsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TableReplicationInfo != nil { + in, out := &in.TableReplicationInfo, &out.TableReplicationInfo + *out = make([]TableReplicationInfoParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TimePartitioning != nil { in, out := &in.TimePartitioning, &out.TimePartitioning *out = make([]TableTimePartitioningParameters, len(*in)) @@ -12022,6 +13576,111 @@ func (in *TableParameters) DeepCopy() *TableParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableReplicationInfoInitParameters) DeepCopyInto(out *TableReplicationInfoInitParameters) { + *out = *in + if in.ReplicationIntervalMs != nil { + in, out := &in.ReplicationIntervalMs, &out.ReplicationIntervalMs + *out = new(float64) + **out = **in + } + if in.SourceDatasetID != nil { + in, out := &in.SourceDatasetID, &out.SourceDatasetID + *out = new(string) + **out = **in + } + if in.SourceProjectID != nil { + in, out := &in.SourceProjectID, &out.SourceProjectID + *out = new(string) + **out = **in + } + if in.SourceTableID != nil { + in, out := &in.SourceTableID, &out.SourceTableID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableReplicationInfoInitParameters. +func (in *TableReplicationInfoInitParameters) DeepCopy() *TableReplicationInfoInitParameters { + if in == nil { + return nil + } + out := new(TableReplicationInfoInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableReplicationInfoObservation) DeepCopyInto(out *TableReplicationInfoObservation) { + *out = *in + if in.ReplicationIntervalMs != nil { + in, out := &in.ReplicationIntervalMs, &out.ReplicationIntervalMs + *out = new(float64) + **out = **in + } + if in.SourceDatasetID != nil { + in, out := &in.SourceDatasetID, &out.SourceDatasetID + *out = new(string) + **out = **in + } + if in.SourceProjectID != nil { + in, out := &in.SourceProjectID, &out.SourceProjectID + *out = new(string) + **out = **in + } + if in.SourceTableID != nil { + in, out := &in.SourceTableID, &out.SourceTableID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableReplicationInfoObservation. +func (in *TableReplicationInfoObservation) DeepCopy() *TableReplicationInfoObservation { + if in == nil { + return nil + } + out := new(TableReplicationInfoObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableReplicationInfoParameters) DeepCopyInto(out *TableReplicationInfoParameters) { + *out = *in + if in.ReplicationIntervalMs != nil { + in, out := &in.ReplicationIntervalMs, &out.ReplicationIntervalMs + *out = new(float64) + **out = **in + } + if in.SourceDatasetID != nil { + in, out := &in.SourceDatasetID, &out.SourceDatasetID + *out = new(string) + **out = **in + } + if in.SourceProjectID != nil { + in, out := &in.SourceProjectID, &out.SourceProjectID + *out = new(string) + **out = **in + } + if in.SourceTableID != nil { + in, out := &in.SourceTableID, &out.SourceTableID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableReplicationInfoParameters. +func (in *TableReplicationInfoParameters) DeepCopy() *TableReplicationInfoParameters { + if in == nil { + return nil + } + out := new(TableReplicationInfoParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TableSpec) DeepCopyInto(out *TableSpec) { *out = *in diff --git a/apis/bigquery/v1beta1/zz_generated.resolvers.go b/apis/bigquery/v1beta1/zz_generated.resolvers.go index c4fcd02da..4aa0f2e1e 100644 --- a/apis/bigquery/v1beta1/zz_generated.resolvers.go +++ b/apis/bigquery/v1beta1/zz_generated.resolvers.go @@ -227,6 +227,29 @@ func (mg *Connection) ResolveReferences(ctx context.Context, c client.Reader) er mg.Spec.ForProvider.CloudSQL[i3].InstanceIDRef = rsp.ResolvedReference } + for i3 := 0; i3 < len(mg.Spec.ForProvider.Spark); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig); i4++ { + { + m, l, err = apisresolver.GetManagedResource("dataproc.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocCluster), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocClusterRef, + Selector: mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocClusterSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocCluster") + } + mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocCluster = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocClusterRef = rsp.ResolvedReference + + } + } for i3 := 0; i3 < len(mg.Spec.InitProvider.CloudSQL); i3++ { for i4 := 0; i4 < len(mg.Spec.InitProvider.CloudSQL[i3].Credential); i4++ { { @@ -292,6 +315,29 @@ func (mg *Connection) ResolveReferences(ctx context.Context, c client.Reader) er mg.Spec.InitProvider.CloudSQL[i3].InstanceIDRef = rsp.ResolvedReference } + for i3 := 0; i3 < len(mg.Spec.InitProvider.Spark); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig); i4++ { + { + m, l, err = apisresolver.GetManagedResource("dataproc.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocCluster), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocClusterRef, + Selector: mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocClusterSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocCluster") + } + mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocCluster = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.Spark[i3].SparkHistoryServerConfig[i4].DataprocClusterRef = rsp.ResolvedReference + + } + } return nil } @@ -1601,6 +1647,91 @@ func (mg *Routine) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.DatasetID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.DatasetIDRef = rsp.ResolvedReference + for i3 := 0; i3 < len(mg.Spec.ForProvider.RemoteFunctionOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta1", "Connection", "ConnectionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RemoteFunctionOptions[i3].Connection), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.RemoteFunctionOptions[i3].ConnectionRef, + Selector: mg.Spec.ForProvider.RemoteFunctionOptions[i3].ConnectionSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RemoteFunctionOptions[i3].Connection") + } + mg.Spec.ForProvider.RemoteFunctionOptions[i3].Connection = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RemoteFunctionOptions[i3].ConnectionRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.SparkOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta1", "Connection", "ConnectionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SparkOptions[i3].Connection), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.SparkOptions[i3].ConnectionRef, + Selector: mg.Spec.ForProvider.SparkOptions[i3].ConnectionSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SparkOptions[i3].Connection") + } + mg.Spec.ForProvider.SparkOptions[i3].Connection = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SparkOptions[i3].ConnectionRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.RemoteFunctionOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta1", "Connection", "ConnectionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RemoteFunctionOptions[i3].Connection), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.InitProvider.RemoteFunctionOptions[i3].ConnectionRef, + Selector: mg.Spec.InitProvider.RemoteFunctionOptions[i3].ConnectionSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RemoteFunctionOptions[i3].Connection") + } + mg.Spec.InitProvider.RemoteFunctionOptions[i3].Connection = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RemoteFunctionOptions[i3].ConnectionRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.SparkOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta1", "Connection", "ConnectionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SparkOptions[i3].Connection), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.InitProvider.SparkOptions[i3].ConnectionRef, + Selector: mg.Spec.InitProvider.SparkOptions[i3].ConnectionSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SparkOptions[i3].Connection") + } + mg.Spec.InitProvider.SparkOptions[i3].Connection = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SparkOptions[i3].ConnectionRef = rsp.ResolvedReference + + } + return nil } diff --git a/apis/bigquery/v1beta1/zz_job_terraformed.go b/apis/bigquery/v1beta1/zz_job_terraformed.go index cf2427775..b4d0b07f9 100755 --- a/apis/bigquery/v1beta1/zz_job_terraformed.go +++ b/apis/bigquery/v1beta1/zz_job_terraformed.go @@ -141,5 +141,5 @@ func (tr *Job) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Job) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/bigquery/v1beta1/zz_job_types.go b/apis/bigquery/v1beta1/zz_job_types.go index 172ca026f..b93b8244e 100755 --- a/apis/bigquery/v1beta1/zz_job_types.go +++ b/apis/bigquery/v1beta1/zz_job_types.go @@ -493,6 +493,9 @@ type JobObservation struct { // Structure is documented below. Copy []CopyObservation `json:"copy,omitempty" tf:"copy,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Configures an extract job. // Structure is documented below. Extract []ExtractObservation `json:"extract,omitempty" tf:"extract,omitempty"` @@ -533,6 +536,12 @@ type JobObservation struct { // Structure is documented below. Status []StatusObservation `json:"status,omitempty" tf:"status,omitempty"` + // (Output) + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Email address of the user who ran the job. UserEmail *string `json:"userEmail,omitempty" tf:"user_email,omitempty"` } diff --git a/apis/bigquery/v1beta1/zz_routine_types.go b/apis/bigquery/v1beta1/zz_routine_types.go index a54b480d3..8e647f2a7 100755 --- a/apis/bigquery/v1beta1/zz_routine_types.go +++ b/apis/bigquery/v1beta1/zz_routine_types.go @@ -105,6 +105,102 @@ type ArgumentsParameters struct { Name *string `json:"name,omitempty" tf:"name,omitempty"` } +type RemoteFunctionOptionsInitParameters struct { + + // Fully qualified name of the user-provided connection object which holds + // the authentication information to send requests to the remote service. + // Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta1.Connection + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // Reference to a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionRef *v1.Reference `json:"connectionRef,omitempty" tf:"-"` + + // Selector for a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionSelector *v1.Selector `json:"connectionSelector,omitempty" tf:"-"` + + // Endpoint of the user-provided remote service, e.g. + // https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + + // Max number of rows in each batch sent to the remote service. If absent or if 0, + // BigQuery dynamically decides the number of rows in a batch. + MaxBatchingRows *string `json:"maxBatchingRows,omitempty" tf:"max_batching_rows,omitempty"` + + // User-defined context as a set of key/value pairs, which will be sent as function + // invocation context together with batched arguments in the requests to the remote + // service. The total number of bytes of keys and values must be less than 8KB. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + UserDefinedContext map[string]*string `json:"userDefinedContext,omitempty" tf:"user_defined_context,omitempty"` +} + +type RemoteFunctionOptionsObservation struct { + + // Fully qualified name of the user-provided connection object which holds + // the authentication information to send requests to the remote service. + // Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // Endpoint of the user-provided remote service, e.g. + // https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + + // Max number of rows in each batch sent to the remote service. If absent or if 0, + // BigQuery dynamically decides the number of rows in a batch. + MaxBatchingRows *string `json:"maxBatchingRows,omitempty" tf:"max_batching_rows,omitempty"` + + // User-defined context as a set of key/value pairs, which will be sent as function + // invocation context together with batched arguments in the requests to the remote + // service. The total number of bytes of keys and values must be less than 8KB. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + UserDefinedContext map[string]*string `json:"userDefinedContext,omitempty" tf:"user_defined_context,omitempty"` +} + +type RemoteFunctionOptionsParameters struct { + + // Fully qualified name of the user-provided connection object which holds + // the authentication information to send requests to the remote service. + // Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta1.Connection + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // Reference to a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionRef *v1.Reference `json:"connectionRef,omitempty" tf:"-"` + + // Selector for a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionSelector *v1.Selector `json:"connectionSelector,omitempty" tf:"-"` + + // Endpoint of the user-provided remote service, e.g. + // https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + // +kubebuilder:validation:Optional + Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + + // Max number of rows in each batch sent to the remote service. If absent or if 0, + // BigQuery dynamically decides the number of rows in a batch. + // +kubebuilder:validation:Optional + MaxBatchingRows *string `json:"maxBatchingRows,omitempty" tf:"max_batching_rows,omitempty"` + + // User-defined context as a set of key/value pairs, which will be sent as function + // invocation context together with batched arguments in the requests to the remote + // service. The total number of bytes of keys and values must be less than 8KB. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + UserDefinedContext map[string]*string `json:"userDefinedContext,omitempty" tf:"user_defined_context,omitempty"` +} + type RoutineInitParameters_2 struct { // Input/output argument of a function or a stored procedure. @@ -127,13 +223,17 @@ type RoutineInitParameters_2 struct { ImportedLibraries []*string `json:"importedLibraries,omitempty" tf:"imported_libraries,omitempty"` // The language of the routine. - // Possible values are: SQL, JAVASCRIPT. + // Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. Language *string `json:"language,omitempty" tf:"language,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Remote function specific options. + // Structure is documented below. + RemoteFunctionOptions []RemoteFunctionOptionsInitParameters `json:"remoteFunctionOptions,omitempty" tf:"remote_function_options,omitempty"` + // Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". // If absent, the return table type is inferred from definitionBody at query time in each query // that references this routine. If present, then the columns in the evaluated table result will @@ -154,6 +254,10 @@ type RoutineInitParameters_2 struct { // The type of routine. // Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. RoutineType *string `json:"routineType,omitempty" tf:"routine_type,omitempty"` + + // Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + // Structure is documented below. + SparkOptions []SparkOptionsInitParameters `json:"sparkOptions,omitempty" tf:"spark_options,omitempty"` } type RoutineObservation_2 struct { @@ -188,7 +292,7 @@ type RoutineObservation_2 struct { ImportedLibraries []*string `json:"importedLibraries,omitempty" tf:"imported_libraries,omitempty"` // The language of the routine. - // Possible values are: SQL, JAVASCRIPT. + // Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. Language *string `json:"language,omitempty" tf:"language,omitempty"` // The time when this routine was modified, in milliseconds since the @@ -199,6 +303,10 @@ type RoutineObservation_2 struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Remote function specific options. + // Structure is documented below. + RemoteFunctionOptions []RemoteFunctionOptionsObservation `json:"remoteFunctionOptions,omitempty" tf:"remote_function_options,omitempty"` + // Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". // If absent, the return table type is inferred from definitionBody at query time in each query // that references this routine. If present, then the columns in the evaluated table result will @@ -219,6 +327,10 @@ type RoutineObservation_2 struct { // The type of routine. // Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. RoutineType *string `json:"routineType,omitempty" tf:"routine_type,omitempty"` + + // Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + // Structure is documented below. + SparkOptions []SparkOptionsObservation `json:"sparkOptions,omitempty" tf:"spark_options,omitempty"` } type RoutineParameters_2 struct { @@ -261,7 +373,7 @@ type RoutineParameters_2 struct { ImportedLibraries []*string `json:"importedLibraries,omitempty" tf:"imported_libraries,omitempty"` // The language of the routine. - // Possible values are: SQL, JAVASCRIPT. + // Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. // +kubebuilder:validation:Optional Language *string `json:"language,omitempty" tf:"language,omitempty"` @@ -270,6 +382,11 @@ type RoutineParameters_2 struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Remote function specific options. + // Structure is documented below. + // +kubebuilder:validation:Optional + RemoteFunctionOptions []RemoteFunctionOptionsParameters `json:"remoteFunctionOptions,omitempty" tf:"remote_function_options,omitempty"` + // Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". // If absent, the return table type is inferred from definitionBody at query time in each query // that references this routine. If present, then the columns in the evaluated table result will @@ -293,6 +410,161 @@ type RoutineParameters_2 struct { // Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. // +kubebuilder:validation:Optional RoutineType *string `json:"routineType,omitempty" tf:"routine_type,omitempty"` + + // Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + // Structure is documented below. + // +kubebuilder:validation:Optional + SparkOptions []SparkOptionsParameters `json:"sparkOptions,omitempty" tf:"spark_options,omitempty"` +} + +type SparkOptionsInitParameters struct { + + // Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. + ArchiveUris []*string `json:"archiveUris,omitempty" tf:"archive_uris,omitempty"` + + // Fully qualified name of the user-provided Spark connection object. + // Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta1.Connection + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // Reference to a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionRef *v1.Reference `json:"connectionRef,omitempty" tf:"-"` + + // Selector for a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionSelector *v1.Selector `json:"connectionSelector,omitempty" tf:"-"` + + // Custom container image for the runtime environment. + ContainerImage *string `json:"containerImage,omitempty" tf:"container_image,omitempty"` + + // Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. + FileUris []*string `json:"fileUris,omitempty" tf:"file_uris,omitempty"` + + // JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. + JarUris []*string `json:"jarUris,omitempty" tf:"jar_uris,omitempty"` + + // The fully qualified name of a class in jarUris, for example, com.example.wordcount. + // Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + MainClass *string `json:"mainClass,omitempty" tf:"main_class,omitempty"` + + // The main file/jar URI of the Spark application. + // Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + // Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + MainFileURI *string `json:"mainFileUri,omitempty" tf:"main_file_uri,omitempty"` + + // Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + // For more information, see Apache Spark and the procedure option list. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Properties map[string]*string `json:"properties,omitempty" tf:"properties,omitempty"` + + // Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. + PyFileUris []*string `json:"pyFileUris,omitempty" tf:"py_file_uris,omitempty"` + + // Runtime version. If not specified, the default runtime version is used. + RuntimeVersion *string `json:"runtimeVersion,omitempty" tf:"runtime_version,omitempty"` +} + +type SparkOptionsObservation struct { + + // Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. + ArchiveUris []*string `json:"archiveUris,omitempty" tf:"archive_uris,omitempty"` + + // Fully qualified name of the user-provided Spark connection object. + // Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // Custom container image for the runtime environment. + ContainerImage *string `json:"containerImage,omitempty" tf:"container_image,omitempty"` + + // Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. + FileUris []*string `json:"fileUris,omitempty" tf:"file_uris,omitempty"` + + // JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. + JarUris []*string `json:"jarUris,omitempty" tf:"jar_uris,omitempty"` + + // The fully qualified name of a class in jarUris, for example, com.example.wordcount. + // Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + MainClass *string `json:"mainClass,omitempty" tf:"main_class,omitempty"` + + // The main file/jar URI of the Spark application. + // Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + // Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + MainFileURI *string `json:"mainFileUri,omitempty" tf:"main_file_uri,omitempty"` + + // Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + // For more information, see Apache Spark and the procedure option list. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Properties map[string]*string `json:"properties,omitempty" tf:"properties,omitempty"` + + // Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. + PyFileUris []*string `json:"pyFileUris,omitempty" tf:"py_file_uris,omitempty"` + + // Runtime version. If not specified, the default runtime version is used. + RuntimeVersion *string `json:"runtimeVersion,omitempty" tf:"runtime_version,omitempty"` +} + +type SparkOptionsParameters struct { + + // Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. + // +kubebuilder:validation:Optional + ArchiveUris []*string `json:"archiveUris,omitempty" tf:"archive_uris,omitempty"` + + // Fully qualified name of the user-provided Spark connection object. + // Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta1.Connection + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // Reference to a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionRef *v1.Reference `json:"connectionRef,omitempty" tf:"-"` + + // Selector for a Connection in bigquery to populate connection. + // +kubebuilder:validation:Optional + ConnectionSelector *v1.Selector `json:"connectionSelector,omitempty" tf:"-"` + + // Custom container image for the runtime environment. + // +kubebuilder:validation:Optional + ContainerImage *string `json:"containerImage,omitempty" tf:"container_image,omitempty"` + + // Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. + // +kubebuilder:validation:Optional + FileUris []*string `json:"fileUris,omitempty" tf:"file_uris,omitempty"` + + // JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. + // +kubebuilder:validation:Optional + JarUris []*string `json:"jarUris,omitempty" tf:"jar_uris,omitempty"` + + // The fully qualified name of a class in jarUris, for example, com.example.wordcount. + // Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + // +kubebuilder:validation:Optional + MainClass *string `json:"mainClass,omitempty" tf:"main_class,omitempty"` + + // The main file/jar URI of the Spark application. + // Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + // Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + // +kubebuilder:validation:Optional + MainFileURI *string `json:"mainFileUri,omitempty" tf:"main_file_uri,omitempty"` + + // Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + // For more information, see Apache Spark and the procedure option list. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Properties map[string]*string `json:"properties,omitempty" tf:"properties,omitempty"` + + // Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. + // +kubebuilder:validation:Optional + PyFileUris []*string `json:"pyFileUris,omitempty" tf:"py_file_uris,omitempty"` + + // Runtime version. If not specified, the default runtime version is used. + // +kubebuilder:validation:Optional + RuntimeVersion *string `json:"runtimeVersion,omitempty" tf:"runtime_version,omitempty"` } // RoutineSpec defines the desired state of Routine @@ -332,6 +604,7 @@ type Routine struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.definitionBody) || (has(self.initProvider) && has(self.initProvider.definitionBody))",message="spec.forProvider.definitionBody is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.routineType) || (has(self.initProvider) && has(self.initProvider.routineType))",message="spec.forProvider.routineType is a required parameter" Spec RoutineSpec `json:"spec"` Status RoutineStatus `json:"status,omitempty"` } diff --git a/apis/bigquery/v1beta1/zz_table_types.go b/apis/bigquery/v1beta1/zz_table_types.go index 7ff510142..fd923530c 100755 --- a/apis/bigquery/v1beta1/zz_table_types.go +++ b/apis/bigquery/v1beta1/zz_table_types.go @@ -54,6 +54,38 @@ type AvroOptionsParameters struct { UseAvroLogicalTypes *bool `json:"useAvroLogicalTypes" tf:"use_avro_logical_types,omitempty"` } +type ColumnReferencesInitParameters struct { + + // : The column in the primary key that are + // referenced by the referencingColumn + ReferencedColumn *string `json:"referencedColumn,omitempty" tf:"referenced_column,omitempty"` + + // : The column that composes the foreign key. + ReferencingColumn *string `json:"referencingColumn,omitempty" tf:"referencing_column,omitempty"` +} + +type ColumnReferencesObservation struct { + + // : The column in the primary key that are + // referenced by the referencingColumn + ReferencedColumn *string `json:"referencedColumn,omitempty" tf:"referenced_column,omitempty"` + + // : The column that composes the foreign key. + ReferencingColumn *string `json:"referencingColumn,omitempty" tf:"referencing_column,omitempty"` +} + +type ColumnReferencesParameters struct { + + // : The column in the primary key that are + // referenced by the referencingColumn + // +kubebuilder:validation:Optional + ReferencedColumn *string `json:"referencedColumn" tf:"referenced_column,omitempty"` + + // : The column that composes the foreign key. + // +kubebuilder:validation:Optional + ReferencingColumn *string `json:"referencingColumn" tf:"referencing_column,omitempty"` +} + type CsvOptionsInitParameters struct { // Indicates if BigQuery should accept rows @@ -205,6 +237,11 @@ type ExternalDataConfigurationInitParameters struct { // source_format is set to "CSV". Structure is documented below. CsvOptions []CsvOptionsInitParameters `json:"csvOptions,omitempty" tf:"csv_options,omitempty"` + // Specifies how source URIs are interpreted for constructing the file set to load. + // By default source URIs are expanded against the underlying storage. + // Other options include specifying manifest files. Only applicable to object storage systems. Docs + FileSetSpecType *string `json:"fileSetSpecType,omitempty" tf:"file_set_spec_type,omitempty"` + // Additional options if // source_format is set to "GOOGLE_SHEETS". Structure is // documented below. @@ -293,6 +330,11 @@ type ExternalDataConfigurationObservation struct { // source_format is set to "CSV". Structure is documented below. CsvOptions []CsvOptionsObservation `json:"csvOptions,omitempty" tf:"csv_options,omitempty"` + // Specifies how source URIs are interpreted for constructing the file set to load. + // By default source URIs are expanded against the underlying storage. + // Other options include specifying manifest files. Only applicable to object storage systems. Docs + FileSetSpecType *string `json:"fileSetSpecType,omitempty" tf:"file_set_spec_type,omitempty"` + // Additional options if // source_format is set to "GOOGLE_SHEETS". Structure is // documented below. @@ -386,6 +428,12 @@ type ExternalDataConfigurationParameters struct { // +kubebuilder:validation:Optional CsvOptions []CsvOptionsParameters `json:"csvOptions,omitempty" tf:"csv_options,omitempty"` + // Specifies how source URIs are interpreted for constructing the file set to load. + // By default source URIs are expanded against the underlying storage. + // Other options include specifying manifest files. Only applicable to object storage systems. Docs + // +kubebuilder:validation:Optional + FileSetSpecType *string `json:"fileSetSpecType,omitempty" tf:"file_set_spec_type,omitempty"` + // Additional options if // source_format is set to "GOOGLE_SHEETS". Structure is // documented below. @@ -491,6 +539,54 @@ type ExternalDataConfigurationParquetOptionsParameters struct { EnumAsString *bool `json:"enumAsString,omitempty" tf:"enum_as_string,omitempty"` } +type ForeignKeysInitParameters struct { + + // : The pair of the foreign key column and primary key column. + // Structure is documented below. + ColumnReferences []ColumnReferencesInitParameters `json:"columnReferences,omitempty" tf:"column_references,omitempty"` + + // : Set only if the foreign key constraint is named. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // : The table that holds the primary key + // and is referenced by this foreign key. + // Structure is documented below. + ReferencedTable []ReferencedTableInitParameters `json:"referencedTable,omitempty" tf:"referenced_table,omitempty"` +} + +type ForeignKeysObservation struct { + + // : The pair of the foreign key column and primary key column. + // Structure is documented below. + ColumnReferences []ColumnReferencesObservation `json:"columnReferences,omitempty" tf:"column_references,omitempty"` + + // : Set only if the foreign key constraint is named. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // : The table that holds the primary key + // and is referenced by this foreign key. + // Structure is documented below. + ReferencedTable []ReferencedTableObservation `json:"referencedTable,omitempty" tf:"referenced_table,omitempty"` +} + +type ForeignKeysParameters struct { + + // : The pair of the foreign key column and primary key column. + // Structure is documented below. + // +kubebuilder:validation:Optional + ColumnReferences []ColumnReferencesParameters `json:"columnReferences" tf:"column_references,omitempty"` + + // : Set only if the foreign key constraint is named. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // : The table that holds the primary key + // and is referenced by this foreign key. + // Structure is documented below. + // +kubebuilder:validation:Optional + ReferencedTable []ReferencedTableParameters `json:"referencedTable" tf:"referenced_table,omitempty"` +} + type GoogleSheetsOptionsInitParameters struct { // Information required to partition based on ranges. @@ -537,7 +633,8 @@ type HivePartitioningOptionsInitParameters struct { // If set to true, queries over this table // require a partition filter that can be used for partition elimination to be - // specified. + // specified. require_partition_filter is deprecated and will be removed in + // a future major release. Use the top level field with the same name instead. RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` // When hive partition detection is requested, @@ -559,7 +656,8 @@ type HivePartitioningOptionsObservation struct { // If set to true, queries over this table // require a partition filter that can be used for partition elimination to be - // specified. + // specified. require_partition_filter is deprecated and will be removed in + // a future major release. Use the top level field with the same name instead. RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` // When hive partition detection is requested, @@ -582,7 +680,8 @@ type HivePartitioningOptionsParameters struct { // If set to true, queries over this table // require a partition filter that can be used for partition elimination to be - // specified. + // specified. require_partition_filter is deprecated and will be removed in + // a future major release. Use the top level field with the same name instead. // +kubebuilder:validation:Optional RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` @@ -619,6 +718,10 @@ type JSONOptionsParameters struct { type MaterializedViewInitParameters struct { + // Allow non incremental materialized view definition. + // The default value is false. + AllowNonIncrementalDefinition *bool `json:"allowNonIncrementalDefinition,omitempty" tf:"allow_non_incremental_definition,omitempty"` + // Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. // The default value is true. EnableRefresh *bool `json:"enableRefresh,omitempty" tf:"enable_refresh,omitempty"` @@ -633,6 +736,10 @@ type MaterializedViewInitParameters struct { type MaterializedViewObservation struct { + // Allow non incremental materialized view definition. + // The default value is false. + AllowNonIncrementalDefinition *bool `json:"allowNonIncrementalDefinition,omitempty" tf:"allow_non_incremental_definition,omitempty"` + // Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. // The default value is true. EnableRefresh *bool `json:"enableRefresh,omitempty" tf:"enable_refresh,omitempty"` @@ -647,6 +754,11 @@ type MaterializedViewObservation struct { type MaterializedViewParameters struct { + // Allow non incremental materialized view definition. + // The default value is false. + // +kubebuilder:validation:Optional + AllowNonIncrementalDefinition *bool `json:"allowNonIncrementalDefinition,omitempty" tf:"allow_non_incremental_definition,omitempty"` + // Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. // The default value is true. // +kubebuilder:validation:Optional @@ -662,6 +774,25 @@ type MaterializedViewParameters struct { RefreshIntervalMs *float64 `json:"refreshIntervalMs,omitempty" tf:"refresh_interval_ms,omitempty"` } +type PrimaryKeyInitParameters struct { + + // : The columns that are composed of the primary key constraint. + Columns []*string `json:"columns,omitempty" tf:"columns,omitempty"` +} + +type PrimaryKeyObservation struct { + + // : The columns that are composed of the primary key constraint. + Columns []*string `json:"columns,omitempty" tf:"columns,omitempty"` +} + +type PrimaryKeyParameters struct { + + // : The columns that are composed of the primary key constraint. + // +kubebuilder:validation:Optional + Columns []*string `json:"columns" tf:"columns,omitempty"` +} + type RangeInitParameters struct { // End of the range partitioning, exclusive. @@ -736,6 +867,89 @@ type RangePartitioningParameters struct { Range []RangeParameters `json:"range" tf:"range,omitempty"` } +type ReferencedTableInitParameters struct { + + // : The ID of the project containing this table. + ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` + + // A unique ID for the resource. + // Changing this forces a new resource to be created. + TableID *string `json:"tableId,omitempty" tf:"table_id,omitempty"` +} + +type ReferencedTableObservation struct { + + // : The ID of the dataset containing this table. + DatasetID *string `json:"datasetId,omitempty" tf:"dataset_id,omitempty"` + + // : The ID of the project containing this table. + ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` + + // A unique ID for the resource. + // Changing this forces a new resource to be created. + TableID *string `json:"tableId,omitempty" tf:"table_id,omitempty"` +} + +type ReferencedTableParameters struct { + + // : The ID of the dataset containing this table. + // +kubebuilder:validation:Required + DatasetID *string `json:"datasetId" tf:"dataset_id,omitempty"` + + // : The ID of the project containing this table. + // +kubebuilder:validation:Optional + ProjectID *string `json:"projectId" tf:"project_id,omitempty"` + + // A unique ID for the resource. + // Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + TableID *string `json:"tableId" tf:"table_id,omitempty"` +} + +type TableConstraintsInitParameters struct { + + // Present only if the table has a foreign key. + // The foreign key is not enforced. + // Structure is documented below. + ForeignKeys []ForeignKeysInitParameters `json:"foreignKeys,omitempty" tf:"foreign_keys,omitempty"` + + // Represents the primary key constraint + // on a table's columns. Present only if the table has a primary key. + // The primary key is not enforced. + // Structure is documented below. + PrimaryKey []PrimaryKeyInitParameters `json:"primaryKey,omitempty" tf:"primary_key,omitempty"` +} + +type TableConstraintsObservation struct { + + // Present only if the table has a foreign key. + // The foreign key is not enforced. + // Structure is documented below. + ForeignKeys []ForeignKeysObservation `json:"foreignKeys,omitempty" tf:"foreign_keys,omitempty"` + + // Represents the primary key constraint + // on a table's columns. Present only if the table has a primary key. + // The primary key is not enforced. + // Structure is documented below. + PrimaryKey []PrimaryKeyObservation `json:"primaryKey,omitempty" tf:"primary_key,omitempty"` +} + +type TableConstraintsParameters struct { + + // Present only if the table has a foreign key. + // The foreign key is not enforced. + // Structure is documented below. + // +kubebuilder:validation:Optional + ForeignKeys []ForeignKeysParameters `json:"foreignKeys,omitempty" tf:"foreign_keys,omitempty"` + + // Represents the primary key constraint + // on a table's columns. Present only if the table has a primary key. + // The primary key is not enforced. + // Structure is documented below. + // +kubebuilder:validation:Optional + PrimaryKey []PrimaryKeyParameters `json:"primaryKey,omitempty" tf:"primary_key,omitempty"` +} + type TableInitParameters struct { // Specifies column names to use for data clustering. @@ -776,13 +990,30 @@ type TableInitParameters struct { // Structure is documented below. MaterializedView []MaterializedViewInitParameters `json:"materializedView,omitempty" tf:"materialized_view,omitempty"` + // : The maximum staleness of data that could be + // returned when the table (or stale MV) is queried. Staleness encoded as a + // string encoding of SQL IntervalValue + // type. + MaxStaleness *string `json:"maxStaleness,omitempty" tf:"max_staleness,omitempty"` + // If specified, configures range-based // partitioning for this table. Structure is documented below. RangePartitioning []RangePartitioningInitParameters `json:"rangePartitioning,omitempty" tf:"range_partitioning,omitempty"` + // If set to true, queries over this table + // require a partition filter that can be used for partition elimination to be + // specified. + RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` + // A JSON schema for the table. Schema *string `json:"schema,omitempty" tf:"schema,omitempty"` + // Defines the primary key and foreign keys. + // Structure is documented below. + TableConstraints []TableConstraintsInitParameters `json:"tableConstraints,omitempty" tf:"table_constraints,omitempty"` + + TableReplicationInfo []TableReplicationInfoInitParameters `json:"tableReplicationInfo,omitempty" tf:"table_replication_info,omitempty"` + // If specified, configures time-based // partitioning for this table. Structure is documented below. TimePartitioning []TableTimePartitioningInitParameters `json:"timePartitioning,omitempty" tf:"time_partitioning,omitempty"` @@ -811,6 +1042,9 @@ type TableObservation struct { // The field description. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Specifies how the table should be encrypted. // If left blank, the table will be encrypted with a Google-managed key; that process // is transparent to the user. Structure is documented below. @@ -851,6 +1085,12 @@ type TableObservation struct { // Structure is documented below. MaterializedView []MaterializedViewObservation `json:"materializedView,omitempty" tf:"materialized_view,omitempty"` + // : The maximum staleness of data that could be + // returned when the table (or stale MV) is queried. Staleness encoded as a + // string encoding of SQL IntervalValue + // type. + MaxStaleness *string `json:"maxStaleness,omitempty" tf:"max_staleness,omitempty"` + // The size of this table in bytes, excluding any data in the streaming buffer. NumBytes *float64 `json:"numBytes,omitempty" tf:"num_bytes,omitempty"` @@ -868,12 +1108,27 @@ type TableObservation struct { // partitioning for this table. Structure is documented below. RangePartitioning []RangePartitioningObservation `json:"rangePartitioning,omitempty" tf:"range_partitioning,omitempty"` + // If set to true, queries over this table + // require a partition filter that can be used for partition elimination to be + // specified. + RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` + // A JSON schema for the table. Schema *string `json:"schema,omitempty" tf:"schema,omitempty"` // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // Defines the primary key and foreign keys. + // Structure is documented below. + TableConstraints []TableConstraintsObservation `json:"tableConstraints,omitempty" tf:"table_constraints,omitempty"` + + TableReplicationInfo []TableReplicationInfoObservation `json:"tableReplicationInfo,omitempty" tf:"table_replication_info,omitempty"` + + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // If specified, configures time-based // partitioning for this table. Structure is documented below. TimePartitioning []TableTimePartitioningObservation `json:"timePartitioning,omitempty" tf:"time_partitioning,omitempty"` @@ -949,6 +1204,13 @@ type TableParameters struct { // +kubebuilder:validation:Optional MaterializedView []MaterializedViewParameters `json:"materializedView,omitempty" tf:"materialized_view,omitempty"` + // : The maximum staleness of data that could be + // returned when the table (or stale MV) is queried. Staleness encoded as a + // string encoding of SQL IntervalValue + // type. + // +kubebuilder:validation:Optional + MaxStaleness *string `json:"maxStaleness,omitempty" tf:"max_staleness,omitempty"` + // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. // +kubebuilder:validation:Optional @@ -959,10 +1221,24 @@ type TableParameters struct { // +kubebuilder:validation:Optional RangePartitioning []RangePartitioningParameters `json:"rangePartitioning,omitempty" tf:"range_partitioning,omitempty"` + // If set to true, queries over this table + // require a partition filter that can be used for partition elimination to be + // specified. + // +kubebuilder:validation:Optional + RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` + // A JSON schema for the table. // +kubebuilder:validation:Optional Schema *string `json:"schema,omitempty" tf:"schema,omitempty"` + // Defines the primary key and foreign keys. + // Structure is documented below. + // +kubebuilder:validation:Optional + TableConstraints []TableConstraintsParameters `json:"tableConstraints,omitempty" tf:"table_constraints,omitempty"` + + // +kubebuilder:validation:Optional + TableReplicationInfo []TableReplicationInfoParameters `json:"tableReplicationInfo,omitempty" tf:"table_replication_info,omitempty"` + // If specified, configures time-based // partitioning for this table. Structure is documented below. // +kubebuilder:validation:Optional @@ -974,6 +1250,56 @@ type TableParameters struct { View []TableViewParameters `json:"view,omitempty" tf:"view,omitempty"` } +type TableReplicationInfoInitParameters struct { + ReplicationIntervalMs *float64 `json:"replicationIntervalMs,omitempty" tf:"replication_interval_ms,omitempty"` + + // The dataset ID to create the table in. + // Changing this forces a new resource to be created. + SourceDatasetID *string `json:"sourceDatasetId,omitempty" tf:"source_dataset_id,omitempty"` + + // an identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + SourceProjectID *string `json:"sourceProjectId,omitempty" tf:"source_project_id,omitempty"` + + // A unique ID for the resource. + // Changing this forces a new resource to be created. + SourceTableID *string `json:"sourceTableId,omitempty" tf:"source_table_id,omitempty"` +} + +type TableReplicationInfoObservation struct { + ReplicationIntervalMs *float64 `json:"replicationIntervalMs,omitempty" tf:"replication_interval_ms,omitempty"` + + // The dataset ID to create the table in. + // Changing this forces a new resource to be created. + SourceDatasetID *string `json:"sourceDatasetId,omitempty" tf:"source_dataset_id,omitempty"` + + // an identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + SourceProjectID *string `json:"sourceProjectId,omitempty" tf:"source_project_id,omitempty"` + + // A unique ID for the resource. + // Changing this forces a new resource to be created. + SourceTableID *string `json:"sourceTableId,omitempty" tf:"source_table_id,omitempty"` +} + +type TableReplicationInfoParameters struct { + + // +kubebuilder:validation:Optional + ReplicationIntervalMs *float64 `json:"replicationIntervalMs,omitempty" tf:"replication_interval_ms,omitempty"` + + // The dataset ID to create the table in. + // Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + SourceDatasetID *string `json:"sourceDatasetId" tf:"source_dataset_id,omitempty"` + + // an identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + // +kubebuilder:validation:Optional + SourceProjectID *string `json:"sourceProjectId" tf:"source_project_id,omitempty"` + + // A unique ID for the resource. + // Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + SourceTableID *string `json:"sourceTableId" tf:"source_table_id,omitempty"` +} + type TableTimePartitioningInitParameters struct { // Number of milliseconds for which to keep the @@ -987,7 +1313,8 @@ type TableTimePartitioningInitParameters struct { // If set to true, queries over this table // require a partition filter that can be used for partition elimination to be - // specified. + // specified. require_partition_filter is deprecated and will be removed in + // a future major release. Use the top level field with the same name instead. RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` // The supported types are DAY, HOUR, MONTH, and YEAR, @@ -1008,7 +1335,8 @@ type TableTimePartitioningObservation struct { // If set to true, queries over this table // require a partition filter that can be used for partition elimination to be - // specified. + // specified. require_partition_filter is deprecated and will be removed in + // a future major release. Use the top level field with the same name instead. RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` // The supported types are DAY, HOUR, MONTH, and YEAR, @@ -1031,7 +1359,8 @@ type TableTimePartitioningParameters struct { // If set to true, queries over this table // require a partition filter that can be used for partition elimination to be - // specified. + // specified. require_partition_filter is deprecated and will be removed in + // a future major release. Use the top level field with the same name instead. // +kubebuilder:validation:Optional RequirePartitionFilter *bool `json:"requirePartitionFilter,omitempty" tf:"require_partition_filter,omitempty"` diff --git a/apis/bigtable/v1beta1/zz_appprofile_types.go b/apis/bigtable/v1beta1/zz_appprofile_types.go index b8d6e8e20..8b431bd0e 100755 --- a/apis/bigtable/v1beta1/zz_appprofile_types.go +++ b/apis/bigtable/v1beta1/zz_appprofile_types.go @@ -51,6 +51,10 @@ type AppProfileInitParameters struct { // Use a single-cluster routing policy. // Structure is documented below. SingleClusterRouting []SingleClusterRoutingInitParameters `json:"singleClusterRouting,omitempty" tf:"single_cluster_routing,omitempty"` + + // The standard options used for isolating this app profile's traffic from other use cases. + // Structure is documented below. + StandardIsolation []StandardIsolationInitParameters `json:"standardIsolation,omitempty" tf:"standard_isolation,omitempty"` } type AppProfileObservation struct { @@ -84,6 +88,10 @@ type AppProfileObservation struct { // Use a single-cluster routing policy. // Structure is documented below. SingleClusterRouting []SingleClusterRoutingObservation `json:"singleClusterRouting,omitempty" tf:"single_cluster_routing,omitempty"` + + // The standard options used for isolating this app profile's traffic from other use cases. + // Structure is documented below. + StandardIsolation []StandardIsolationObservation `json:"standardIsolation,omitempty" tf:"standard_isolation,omitempty"` } type AppProfileParameters struct { @@ -127,6 +135,11 @@ type AppProfileParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional SingleClusterRouting []SingleClusterRoutingParameters `json:"singleClusterRouting,omitempty" tf:"single_cluster_routing,omitempty"` + + // The standard options used for isolating this app profile's traffic from other use cases. + // Structure is documented below. + // +kubebuilder:validation:Optional + StandardIsolation []StandardIsolationParameters `json:"standardIsolation,omitempty" tf:"standard_isolation,omitempty"` } type SingleClusterRoutingInitParameters struct { @@ -161,6 +174,28 @@ type SingleClusterRoutingParameters struct { ClusterID *string `json:"clusterId" tf:"cluster_id,omitempty"` } +type StandardIsolationInitParameters struct { + + // The priority of requests sent using this app profile. + // Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. + Priority *string `json:"priority,omitempty" tf:"priority,omitempty"` +} + +type StandardIsolationObservation struct { + + // The priority of requests sent using this app profile. + // Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. + Priority *string `json:"priority,omitempty" tf:"priority,omitempty"` +} + +type StandardIsolationParameters struct { + + // The priority of requests sent using this app profile. + // Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. + // +kubebuilder:validation:Optional + Priority *string `json:"priority" tf:"priority,omitempty"` +} + // AppProfileSpec defines the desired state of AppProfile type AppProfileSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/bigtable/v1beta1/zz_generated.deepcopy.go b/apis/bigtable/v1beta1/zz_generated.deepcopy.go index f0e0e5e35..f334572dd 100644 --- a/apis/bigtable/v1beta1/zz_generated.deepcopy.go +++ b/apis/bigtable/v1beta1/zz_generated.deepcopy.go @@ -93,6 +93,13 @@ func (in *AppProfileInitParameters) DeepCopyInto(out *AppProfileInitParameters) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StandardIsolation != nil { + in, out := &in.StandardIsolation, &out.StandardIsolation + *out = make([]StandardIsolationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppProfileInitParameters. @@ -193,6 +200,13 @@ func (in *AppProfileObservation) DeepCopyInto(out *AppProfileObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StandardIsolation != nil { + in, out := &in.StandardIsolation, &out.StandardIsolation + *out = make([]StandardIsolationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppProfileObservation. @@ -261,6 +275,13 @@ func (in *AppProfileParameters) DeepCopyInto(out *AppProfileParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StandardIsolation != nil { + in, out := &in.StandardIsolation, &out.StandardIsolation + *out = make([]StandardIsolationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppProfileParameters. @@ -485,6 +506,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(float64) **out = **in } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } if in.StorageType != nil { in, out := &in.StorageType, &out.StorageType *out = new(string) @@ -1904,6 +1930,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1935,6 +1977,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceObservation. @@ -2250,6 +2308,66 @@ func (in *SingleClusterRoutingParameters) DeepCopy() *SingleClusterRoutingParame return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StandardIsolationInitParameters) DeepCopyInto(out *StandardIsolationInitParameters) { + *out = *in + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StandardIsolationInitParameters. +func (in *StandardIsolationInitParameters) DeepCopy() *StandardIsolationInitParameters { + if in == nil { + return nil + } + out := new(StandardIsolationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StandardIsolationObservation) DeepCopyInto(out *StandardIsolationObservation) { + *out = *in + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StandardIsolationObservation. +func (in *StandardIsolationObservation) DeepCopy() *StandardIsolationObservation { + if in == nil { + return nil + } + out := new(StandardIsolationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StandardIsolationParameters) DeepCopyInto(out *StandardIsolationParameters) { + *out = *in + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StandardIsolationParameters. +func (in *StandardIsolationParameters) DeepCopy() *StandardIsolationParameters { + if in == nil { + return nil + } + out := new(StandardIsolationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Table) DeepCopyInto(out *Table) { *out = *in diff --git a/apis/bigtable/v1beta1/zz_instance_types.go b/apis/bigtable/v1beta1/zz_instance_types.go index 56a61a2c3..ca897a4a6 100755 --- a/apis/bigtable/v1beta1/zz_instance_types.go +++ b/apis/bigtable/v1beta1/zz_instance_types.go @@ -118,6 +118,9 @@ type ClusterObservation struct { // If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization. NumNodes *float64 `json:"numNodes,omitempty" tf:"num_nodes,omitempty"` + // describes the current state of the cluster. + State *string `json:"state,omitempty" tf:"state,omitempty"` + // The storage type to use. One of "SSD" or // "HDD". Defaults to "SSD". StorageType *string `json:"storageType,omitempty" tf:"storage_type,omitempty"` @@ -199,6 +202,9 @@ type InstanceObservation struct { // The human-readable display name of the Bigtable instance. Defaults to the instance name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/instances/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -216,6 +222,10 @@ type InstanceObservation struct { // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type InstanceParameters struct { diff --git a/apis/certificatemanager/v1beta1/zz_certificate_types.go b/apis/certificatemanager/v1beta1/zz_certificate_types.go index 2cc28ef5d..580eb2817 100755 --- a/apis/certificatemanager/v1beta1/zz_certificate_types.go +++ b/apis/certificatemanager/v1beta1/zz_certificate_types.go @@ -62,6 +62,8 @@ type CertificateInitParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Set of label tags associated with the Certificate resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -78,9 +80,10 @@ type CertificateInitParameters struct { // The scope of the certificate. // DEFAULT: Certificates with default scope are served from core Google data centers. // If unsure, choose this option. - // EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - // served from non-core Google data centers. - // Currently allowed only for managed certificates. + // EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + // See https://cloud.google.com/vpc/docs/edge-locations. + // ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + // See https://cloud.google.com/compute/docs/regions-zones Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` // Certificate data for a SelfManaged Certificate. @@ -95,10 +98,15 @@ type CertificateObservation struct { // A human-readable description of the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/certificates/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // Set of label tags associated with the Certificate resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -118,9 +126,10 @@ type CertificateObservation struct { // The scope of the certificate. // DEFAULT: Certificates with default scope are served from core Google data centers. // If unsure, choose this option. - // EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - // served from non-core Google data centers. - // Currently allowed only for managed certificates. + // EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + // See https://cloud.google.com/vpc/docs/edge-locations. + // ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + // See https://cloud.google.com/compute/docs/regions-zones Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` // Certificate data for a SelfManaged Certificate. @@ -128,6 +137,11 @@ type CertificateObservation struct { // certificates before they expire remains the user's responsibility. // Structure is documented below. SelfManaged []SelfManagedObservation `json:"selfManaged,omitempty" tf:"self_managed,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type CertificateParameters struct { @@ -137,6 +151,8 @@ type CertificateParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Set of label tags associated with the Certificate resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -160,9 +176,10 @@ type CertificateParameters struct { // The scope of the certificate. // DEFAULT: Certificates with default scope are served from core Google data centers. // If unsure, choose this option. - // EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - // served from non-core Google data centers. - // Currently allowed only for managed certificates. + // EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + // See https://cloud.google.com/vpc/docs/edge-locations. + // ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + // See https://cloud.google.com/compute/docs/regions-zones // +kubebuilder:validation:Optional Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` @@ -272,7 +289,7 @@ type SelfManagedObservation struct { type SelfManagedParameters struct { - // Deprecated The certificate chain in PEM-encoded form. + // The certificate chain in PEM-encoded form. // Leaf certificate comes first, followed by intermediate ones if any. // Note: This property is sensitive and will not be displayed in the plan. // +kubebuilder:validation:Optional @@ -288,7 +305,7 @@ type SelfManagedParameters struct { // +kubebuilder:validation:Optional PemPrivateKeySecretRef *v1.SecretKeySelector `json:"pemPrivateKeySecretRef,omitempty" tf:"-"` - // Deprecated The private key of the leaf certificate in PEM-encoded form. + // The private key of the leaf certificate in PEM-encoded form. // Note: This property is sensitive and will not be displayed in the plan. // +kubebuilder:validation:Optional PrivateKeyPemSecretRef *v1.SecretKeySelector `json:"privateKeyPemSecretRef,omitempty" tf:"-"` diff --git a/apis/certificatemanager/v1beta1/zz_certificatemap_types.go b/apis/certificatemanager/v1beta1/zz_certificatemap_types.go index 209fb5def..a8aedcb53 100755 --- a/apis/certificatemanager/v1beta1/zz_certificatemap_types.go +++ b/apis/certificatemanager/v1beta1/zz_certificatemap_types.go @@ -53,6 +53,10 @@ type CertificateMapObservation struct { // A human-readable description of the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // A list of target proxies that use this Certificate Map // Structure is documented below. GclbTargets []GclbTargetsObservation `json:"gclbTargets,omitempty" tf:"gclb_targets,omitempty"` @@ -68,6 +72,11 @@ type CertificateMapObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, // accurate to nanoseconds with up to nine fractional digits. // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". diff --git a/apis/certificatemanager/v1beta1/zz_certificatemapentry_types.go b/apis/certificatemanager/v1beta1/zz_certificatemapentry_types.go index 159ff5f48..968939adb 100755 --- a/apis/certificatemanager/v1beta1/zz_certificatemapentry_types.go +++ b/apis/certificatemanager/v1beta1/zz_certificatemapentry_types.go @@ -73,6 +73,10 @@ type CertificateMapEntryObservation struct { // A human-readable description of the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) // for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for // selecting a proper certificate. @@ -100,6 +104,11 @@ type CertificateMapEntryObservation struct { // A serving state of this Certificate Map Entry. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, // with nanosecond resolution and up to nine fractional digits. // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". diff --git a/apis/certificatemanager/v1beta1/zz_dnsauthorization_terraformed.go b/apis/certificatemanager/v1beta1/zz_dnsauthorization_terraformed.go index a0c686247..401225b49 100755 --- a/apis/certificatemanager/v1beta1/zz_dnsauthorization_terraformed.go +++ b/apis/certificatemanager/v1beta1/zz_dnsauthorization_terraformed.go @@ -141,5 +141,5 @@ func (tr *DNSAuthorization) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *DNSAuthorization) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go b/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go index 7f4eae06f..79692062f 100755 --- a/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go +++ b/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go @@ -40,6 +40,8 @@ type DNSAuthorizationInitParameters struct { Domain *string `json:"domain,omitempty" tf:"domain,omitempty"` // Set of label tags associated with the DNS Authorization resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -64,16 +66,29 @@ type DNSAuthorizationObservation struct { // be used to issue certificates for "example.com" and "*.example.com". Domain *string `json:"domain,omitempty" tf:"domain,omitempty"` - // an identifier for the resource with format projects/{{project}}/locations/global/dnsAuthorizations/{{name}} + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/dnsAuthorizations/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // Set of label tags associated with the DNS Authorization resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // The Certificate Manager location. If not specified, "global" is used. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type DNSAuthorizationParameters struct { @@ -89,10 +104,16 @@ type DNSAuthorizationParameters struct { Domain *string `json:"domain,omitempty" tf:"domain,omitempty"` // Set of label tags associated with the DNS Authorization resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // The Certificate Manager location. If not specified, "global" is used. + // +kubebuilder:validation:Optional + Location *string `json:"location,omitempty" tf:"location,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go b/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go index 7157fc2a3..74ae002aa 100644 --- a/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go +++ b/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go @@ -381,6 +381,22 @@ func (in *CertificateMapEntryObservation) DeepCopyInto(out *CertificateMapEntryO *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Hostname != nil { in, out := &in.Hostname, &out.Hostname *out = new(string) @@ -427,6 +443,22 @@ func (in *CertificateMapEntryObservation) DeepCopyInto(out *CertificateMapEntryO *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -642,6 +674,22 @@ func (in *CertificateMapObservation) DeepCopyInto(out *CertificateMapObservation *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.GclbTargets != nil { in, out := &in.GclbTargets, &out.GclbTargets *out = make([]GclbTargetsObservation, len(*in)) @@ -675,6 +723,22 @@ func (in *CertificateMapObservation) DeepCopyInto(out *CertificateMapObservation *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -776,6 +840,22 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -826,6 +906,22 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateObservation. @@ -1063,6 +1159,22 @@ func (in *DNSAuthorizationObservation) DeepCopyInto(out *DNSAuthorizationObserva *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1084,11 +1196,32 @@ func (in *DNSAuthorizationObservation) DeepCopyInto(out *DNSAuthorizationObserva (*out)[key] = outVal } } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSAuthorizationObservation. @@ -1130,6 +1263,11 @@ func (in *DNSAuthorizationParameters) DeepCopyInto(out *DNSAuthorizationParamete (*out)[key] = outVal } } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/cloudbuild/v1beta1/zz_generated.deepcopy.go b/apis/cloudbuild/v1beta1/zz_generated.deepcopy.go index b1f9c1f87..9b53c8744 100644 --- a/apis/cloudbuild/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudbuild/v1beta1/zz_generated.deepcopy.go @@ -99,6 +99,20 @@ func (in *ArtifactsInitParameters) DeepCopyInto(out *ArtifactsInitParameters) { } } } + if in.MavenArtifacts != nil { + in, out := &in.MavenArtifacts, &out.MavenArtifacts + *out = make([]MavenArtifactsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NpmPackages != nil { + in, out := &in.NpmPackages, &out.NpmPackages + *out = make([]NpmPackagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Objects != nil { in, out := &in.Objects, &out.Objects *out = make([]ObjectsInitParameters, len(*in)) @@ -106,6 +120,13 @@ func (in *ArtifactsInitParameters) DeepCopyInto(out *ArtifactsInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PythonPackages != nil { + in, out := &in.PythonPackages, &out.PythonPackages + *out = make([]PythonPackagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArtifactsInitParameters. @@ -132,6 +153,20 @@ func (in *ArtifactsObservation) DeepCopyInto(out *ArtifactsObservation) { } } } + if in.MavenArtifacts != nil { + in, out := &in.MavenArtifacts, &out.MavenArtifacts + *out = make([]MavenArtifactsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NpmPackages != nil { + in, out := &in.NpmPackages, &out.NpmPackages + *out = make([]NpmPackagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Objects != nil { in, out := &in.Objects, &out.Objects *out = make([]ObjectsObservation, len(*in)) @@ -139,6 +174,13 @@ func (in *ArtifactsObservation) DeepCopyInto(out *ArtifactsObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PythonPackages != nil { + in, out := &in.PythonPackages, &out.PythonPackages + *out = make([]PythonPackagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArtifactsObservation. @@ -165,6 +207,20 @@ func (in *ArtifactsParameters) DeepCopyInto(out *ArtifactsParameters) { } } } + if in.MavenArtifacts != nil { + in, out := &in.MavenArtifacts, &out.MavenArtifacts + *out = make([]MavenArtifactsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NpmPackages != nil { + in, out := &in.NpmPackages, &out.NpmPackages + *out = make([]NpmPackagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Objects != nil { in, out := &in.Objects, &out.Objects *out = make([]ObjectsParameters, len(*in)) @@ -172,6 +228,13 @@ func (in *ArtifactsParameters) DeepCopyInto(out *ArtifactsParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PythonPackages != nil { + in, out := &in.PythonPackages, &out.PythonPackages + *out = make([]PythonPackagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArtifactsParameters. @@ -715,6 +778,11 @@ func (in *BuildParameters) DeepCopy() *BuildParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GitFileSourceInitParameters) DeepCopyInto(out *GitFileSourceInitParameters) { *out = *in + if in.BitbucketServerConfig != nil { + in, out := &in.BitbucketServerConfig, &out.BitbucketServerConfig + *out = new(string) + **out = **in + } if in.GithubEnterpriseConfig != nil { in, out := &in.GithubEnterpriseConfig, &out.GithubEnterpriseConfig *out = new(string) @@ -760,6 +828,11 @@ func (in *GitFileSourceInitParameters) DeepCopy() *GitFileSourceInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GitFileSourceObservation) DeepCopyInto(out *GitFileSourceObservation) { *out = *in + if in.BitbucketServerConfig != nil { + in, out := &in.BitbucketServerConfig, &out.BitbucketServerConfig + *out = new(string) + **out = **in + } if in.GithubEnterpriseConfig != nil { in, out := &in.GithubEnterpriseConfig, &out.GithubEnterpriseConfig *out = new(string) @@ -805,6 +878,11 @@ func (in *GitFileSourceObservation) DeepCopy() *GitFileSourceObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GitFileSourceParameters) DeepCopyInto(out *GitFileSourceParameters) { *out = *in + if in.BitbucketServerConfig != nil { + in, out := &in.BitbucketServerConfig, &out.BitbucketServerConfig + *out = new(string) + **out = **in + } if in.GithubEnterpriseConfig != nil { in, out := &in.GithubEnterpriseConfig, &out.GithubEnterpriseConfig *out = new(string) @@ -1159,6 +1237,126 @@ func (in *GithubPushParameters) DeepCopy() *GithubPushParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MavenArtifactsInitParameters) DeepCopyInto(out *MavenArtifactsInitParameters) { + *out = *in + if in.ArtifactID != nil { + in, out := &in.ArtifactID, &out.ArtifactID + *out = new(string) + **out = **in + } + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MavenArtifactsInitParameters. +func (in *MavenArtifactsInitParameters) DeepCopy() *MavenArtifactsInitParameters { + if in == nil { + return nil + } + out := new(MavenArtifactsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MavenArtifactsObservation) DeepCopyInto(out *MavenArtifactsObservation) { + *out = *in + if in.ArtifactID != nil { + in, out := &in.ArtifactID, &out.ArtifactID + *out = new(string) + **out = **in + } + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MavenArtifactsObservation. +func (in *MavenArtifactsObservation) DeepCopy() *MavenArtifactsObservation { + if in == nil { + return nil + } + out := new(MavenArtifactsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MavenArtifactsParameters) DeepCopyInto(out *MavenArtifactsParameters) { + *out = *in + if in.ArtifactID != nil { + in, out := &in.ArtifactID, &out.ArtifactID + *out = new(string) + **out = **in + } + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MavenArtifactsParameters. +func (in *MavenArtifactsParameters) DeepCopy() *MavenArtifactsParameters { + if in == nil { + return nil + } + out := new(MavenArtifactsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkConfigInitParameters) DeepCopyInto(out *NetworkConfigInitParameters) { *out = *in @@ -1254,6 +1452,81 @@ func (in *NetworkConfigParameters) DeepCopy() *NetworkConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NpmPackagesInitParameters) DeepCopyInto(out *NpmPackagesInitParameters) { + *out = *in + if in.PackagePath != nil { + in, out := &in.PackagePath, &out.PackagePath + *out = new(string) + **out = **in + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NpmPackagesInitParameters. +func (in *NpmPackagesInitParameters) DeepCopy() *NpmPackagesInitParameters { + if in == nil { + return nil + } + out := new(NpmPackagesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NpmPackagesObservation) DeepCopyInto(out *NpmPackagesObservation) { + *out = *in + if in.PackagePath != nil { + in, out := &in.PackagePath, &out.PackagePath + *out = new(string) + **out = **in + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NpmPackagesObservation. +func (in *NpmPackagesObservation) DeepCopy() *NpmPackagesObservation { + if in == nil { + return nil + } + out := new(NpmPackagesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NpmPackagesParameters) DeepCopyInto(out *NpmPackagesParameters) { + *out = *in + if in.PackagePath != nil { + in, out := &in.PackagePath, &out.PackagePath + *out = new(string) + **out = **in + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NpmPackagesParameters. +func (in *NpmPackagesParameters) DeepCopy() *NpmPackagesParameters { + if in == nil { + return nil + } + out := new(NpmPackagesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ObjectsInitParameters) DeepCopyInto(out *ObjectsInitParameters) { *out = *in @@ -1924,6 +2197,99 @@ func (in *PushParameters) DeepCopy() *PushParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PythonPackagesInitParameters) DeepCopyInto(out *PythonPackagesInitParameters) { + *out = *in + if in.Paths != nil { + in, out := &in.Paths, &out.Paths + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PythonPackagesInitParameters. +func (in *PythonPackagesInitParameters) DeepCopy() *PythonPackagesInitParameters { + if in == nil { + return nil + } + out := new(PythonPackagesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PythonPackagesObservation) DeepCopyInto(out *PythonPackagesObservation) { + *out = *in + if in.Paths != nil { + in, out := &in.Paths, &out.Paths + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PythonPackagesObservation. +func (in *PythonPackagesObservation) DeepCopy() *PythonPackagesObservation { + if in == nil { + return nil + } + out := new(PythonPackagesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PythonPackagesParameters) DeepCopyInto(out *PythonPackagesParameters) { + *out = *in + if in.Paths != nil { + in, out := &in.Paths, &out.Paths + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Repository != nil { + in, out := &in.Repository, &out.Repository + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PythonPackagesParameters. +func (in *PythonPackagesParameters) DeepCopy() *PythonPackagesParameters { + if in == nil { + return nil + } + out := new(PythonPackagesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepoSourceInitParameters) DeepCopyInto(out *RepoSourceInitParameters) { *out = *in @@ -2677,6 +3043,11 @@ func (in *SourceParameters) DeepCopy() *SourceParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SourceToBuildInitParameters) DeepCopyInto(out *SourceToBuildInitParameters) { *out = *in + if in.BitbucketServerConfig != nil { + in, out := &in.BitbucketServerConfig, &out.BitbucketServerConfig + *out = new(string) + **out = **in + } if in.GithubEnterpriseConfig != nil { in, out := &in.GithubEnterpriseConfig, &out.GithubEnterpriseConfig *out = new(string) @@ -2717,6 +3088,11 @@ func (in *SourceToBuildInitParameters) DeepCopy() *SourceToBuildInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SourceToBuildObservation) DeepCopyInto(out *SourceToBuildObservation) { *out = *in + if in.BitbucketServerConfig != nil { + in, out := &in.BitbucketServerConfig, &out.BitbucketServerConfig + *out = new(string) + **out = **in + } if in.GithubEnterpriseConfig != nil { in, out := &in.GithubEnterpriseConfig, &out.GithubEnterpriseConfig *out = new(string) @@ -2757,6 +3133,11 @@ func (in *SourceToBuildObservation) DeepCopy() *SourceToBuildObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SourceToBuildParameters) DeepCopyInto(out *SourceToBuildParameters) { *out = *in + if in.BitbucketServerConfig != nil { + in, out := &in.BitbucketServerConfig, &out.BitbucketServerConfig + *out = new(string) + **out = **in + } if in.GithubEnterpriseConfig != nil { in, out := &in.GithubEnterpriseConfig, &out.GithubEnterpriseConfig *out = new(string) @@ -4579,6 +4960,22 @@ func (in *WorkerPoolObservation) DeepCopyInto(out *WorkerPoolObservation) { *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) diff --git a/apis/cloudbuild/v1beta1/zz_trigger_types.go b/apis/cloudbuild/v1beta1/zz_trigger_types.go index 47beee439..256c235ce 100755 --- a/apis/cloudbuild/v1beta1/zz_trigger_types.go +++ b/apis/cloudbuild/v1beta1/zz_trigger_types.go @@ -59,6 +59,18 @@ type ArtifactsInitParameters struct { // If any of the images fail to be pushed, the build status is marked FAILURE. Images []*string `json:"images,omitempty" tf:"images,omitempty"` + // A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + MavenArtifacts []MavenArtifactsInitParameters `json:"mavenArtifacts,omitempty" tf:"maven_artifacts,omitempty"` + + // Npm package to upload to Artifact Registry upon successful completion of all build steps. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + NpmPackages []NpmPackagesInitParameters `json:"npmPackages,omitempty" tf:"npm_packages,omitempty"` + // A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. // Files in the workspace matching specified paths globs will be uploaded to the // Cloud Storage location using the builder service account's credentials. @@ -66,6 +78,12 @@ type ArtifactsInitParameters struct { // If any objects fail to be pushed, the build is marked FAILURE. // Structure is documented below. Objects []ObjectsInitParameters `json:"objects,omitempty" tf:"objects,omitempty"` + + // Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + PythonPackages []PythonPackagesInitParameters `json:"pythonPackages,omitempty" tf:"python_packages,omitempty"` } type ArtifactsObservation struct { @@ -76,6 +94,18 @@ type ArtifactsObservation struct { // If any of the images fail to be pushed, the build status is marked FAILURE. Images []*string `json:"images,omitempty" tf:"images,omitempty"` + // A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + MavenArtifacts []MavenArtifactsObservation `json:"mavenArtifacts,omitempty" tf:"maven_artifacts,omitempty"` + + // Npm package to upload to Artifact Registry upon successful completion of all build steps. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + NpmPackages []NpmPackagesObservation `json:"npmPackages,omitempty" tf:"npm_packages,omitempty"` + // A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. // Files in the workspace matching specified paths globs will be uploaded to the // Cloud Storage location using the builder service account's credentials. @@ -83,6 +113,12 @@ type ArtifactsObservation struct { // If any objects fail to be pushed, the build is marked FAILURE. // Structure is documented below. Objects []ObjectsObservation `json:"objects,omitempty" tf:"objects,omitempty"` + + // Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + PythonPackages []PythonPackagesObservation `json:"pythonPackages,omitempty" tf:"python_packages,omitempty"` } type ArtifactsParameters struct { @@ -94,6 +130,20 @@ type ArtifactsParameters struct { // +kubebuilder:validation:Optional Images []*string `json:"images,omitempty" tf:"images,omitempty"` + // A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + // +kubebuilder:validation:Optional + MavenArtifacts []MavenArtifactsParameters `json:"mavenArtifacts,omitempty" tf:"maven_artifacts,omitempty"` + + // Npm package to upload to Artifact Registry upon successful completion of all build steps. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + // +kubebuilder:validation:Optional + NpmPackages []NpmPackagesParameters `json:"npmPackages,omitempty" tf:"npm_packages,omitempty"` + // A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. // Files in the workspace matching specified paths globs will be uploaded to the // Cloud Storage location using the builder service account's credentials. @@ -102,6 +152,13 @@ type ArtifactsParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional Objects []ObjectsParameters `json:"objects,omitempty" tf:"objects,omitempty"` + + // Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + // The location and generation of the uploaded objects will be stored in the Build resource's results field. + // If any objects fail to be pushed, the build is marked FAILURE. + // Structure is documented below. + // +kubebuilder:validation:Optional + PythonPackages []PythonPackagesParameters `json:"pythonPackages,omitempty" tf:"python_packages,omitempty"` } type AvailableSecretsInitParameters struct { @@ -382,6 +439,10 @@ type BuildParameters struct { type GitFileSourceInitParameters struct { + // The full resource name of the bitbucket server config. + // Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + BitbucketServerConfig *string `json:"bitbucketServerConfig,omitempty" tf:"bitbucket_server_config,omitempty"` + // The full resource name of the github enterprise config. // Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. GithubEnterpriseConfig *string `json:"githubEnterpriseConfig,omitempty" tf:"github_enterprise_config,omitempty"` @@ -410,6 +471,10 @@ type GitFileSourceInitParameters struct { type GitFileSourceObservation struct { + // The full resource name of the bitbucket server config. + // Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + BitbucketServerConfig *string `json:"bitbucketServerConfig,omitempty" tf:"bitbucket_server_config,omitempty"` + // The full resource name of the github enterprise config. // Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. GithubEnterpriseConfig *string `json:"githubEnterpriseConfig,omitempty" tf:"github_enterprise_config,omitempty"` @@ -438,6 +503,11 @@ type GitFileSourceObservation struct { type GitFileSourceParameters struct { + // The full resource name of the bitbucket server config. + // Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + // +kubebuilder:validation:Optional + BitbucketServerConfig *string `json:"bitbucketServerConfig,omitempty" tf:"bitbucket_server_config,omitempty"` + // The full resource name of the github enterprise config. // Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. // +kubebuilder:validation:Optional @@ -643,6 +713,106 @@ type GithubPushParameters struct { Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` } +type MavenArtifactsInitParameters struct { + + // Maven artifactId value used when uploading the artifact to Artifact Registry. + ArtifactID *string `json:"artifactId,omitempty" tf:"artifact_id,omitempty"` + + // Maven groupId value used when uploading the artifact to Artifact Registry. + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // Path at which to mount the volume. + // Paths must be absolute and cannot conflict with other volume paths on + // the same build step or with certain reserved volume paths. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` + + // Maven version value used when uploading the artifact to Artifact Registry. + Version *string `json:"version,omitempty" tf:"version,omitempty"` +} + +type MavenArtifactsObservation struct { + + // Maven artifactId value used when uploading the artifact to Artifact Registry. + ArtifactID *string `json:"artifactId,omitempty" tf:"artifact_id,omitempty"` + + // Maven groupId value used when uploading the artifact to Artifact Registry. + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // Path at which to mount the volume. + // Paths must be absolute and cannot conflict with other volume paths on + // the same build step or with certain reserved volume paths. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` + + // Maven version value used when uploading the artifact to Artifact Registry. + Version *string `json:"version,omitempty" tf:"version,omitempty"` +} + +type MavenArtifactsParameters struct { + + // Maven artifactId value used when uploading the artifact to Artifact Registry. + // +kubebuilder:validation:Optional + ArtifactID *string `json:"artifactId,omitempty" tf:"artifact_id,omitempty"` + + // Maven groupId value used when uploading the artifact to Artifact Registry. + // +kubebuilder:validation:Optional + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // Path at which to mount the volume. + // Paths must be absolute and cannot conflict with other volume paths on + // the same build step or with certain reserved volume paths. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + // +kubebuilder:validation:Optional + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` + + // Maven version value used when uploading the artifact to Artifact Registry. + // +kubebuilder:validation:Optional + Version *string `json:"version,omitempty" tf:"version,omitempty"` +} + +type NpmPackagesInitParameters struct { + + // Path to the package.json. e.g. workspace/path/to/package + PackagePath *string `json:"packagePath,omitempty" tf:"package_path,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` +} + +type NpmPackagesObservation struct { + + // Path to the package.json. e.g. workspace/path/to/package + PackagePath *string `json:"packagePath,omitempty" tf:"package_path,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` +} + +type NpmPackagesParameters struct { + + // Path to the package.json. e.g. workspace/path/to/package + // +kubebuilder:validation:Optional + PackagePath *string `json:"packagePath,omitempty" tf:"package_path,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + // +kubebuilder:validation:Optional + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` +} + type ObjectsInitParameters struct { // Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". @@ -650,7 +820,7 @@ type ObjectsInitParameters struct { // this location as a prefix. Location *string `json:"location,omitempty" tf:"location,omitempty"` - // Path globs used to match files in the build's workspace. + // Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. Paths []*string `json:"paths,omitempty" tf:"paths,omitempty"` } @@ -661,7 +831,7 @@ type ObjectsObservation struct { // this location as a prefix. Location *string `json:"location,omitempty" tf:"location,omitempty"` - // Path globs used to match files in the build's workspace. + // Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. Paths []*string `json:"paths,omitempty" tf:"paths,omitempty"` // Output only. Stores timing information for executing this @@ -677,7 +847,7 @@ type ObjectsParameters struct { // +kubebuilder:validation:Optional Location *string `json:"location,omitempty" tf:"location,omitempty"` - // Path globs used to match files in the build's workspace. + // Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. // +kubebuilder:validation:Optional Paths []*string `json:"paths,omitempty" tf:"paths,omitempty"` } @@ -1043,6 +1213,38 @@ type PushParameters struct { Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` } +type PythonPackagesInitParameters struct { + + // Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. + Paths []*string `json:"paths,omitempty" tf:"paths,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` +} + +type PythonPackagesObservation struct { + + // Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. + Paths []*string `json:"paths,omitempty" tf:"paths,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` +} + +type PythonPackagesParameters struct { + + // Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. + // +kubebuilder:validation:Optional + Paths []*string `json:"paths,omitempty" tf:"paths,omitempty"` + + // The qualified resource name of the Repo API repository. + // Either uri or repository can be specified and is required. + // +kubebuilder:validation:Optional + Repository *string `json:"repository,omitempty" tf:"repository,omitempty"` +} + type RepoSourceInitParameters struct { // Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. @@ -1413,6 +1615,10 @@ type SourceParameters struct { type SourceToBuildInitParameters struct { + // The full resource name of the bitbucket server config. + // Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + BitbucketServerConfig *string `json:"bitbucketServerConfig,omitempty" tf:"bitbucket_server_config,omitempty"` + // The full resource name of the github enterprise config. // Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. GithubEnterpriseConfig *string `json:"githubEnterpriseConfig,omitempty" tf:"github_enterprise_config,omitempty"` @@ -1435,6 +1641,10 @@ type SourceToBuildInitParameters struct { type SourceToBuildObservation struct { + // The full resource name of the bitbucket server config. + // Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + BitbucketServerConfig *string `json:"bitbucketServerConfig,omitempty" tf:"bitbucket_server_config,omitempty"` + // The full resource name of the github enterprise config. // Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. GithubEnterpriseConfig *string `json:"githubEnterpriseConfig,omitempty" tf:"github_enterprise_config,omitempty"` @@ -1457,6 +1667,11 @@ type SourceToBuildObservation struct { type SourceToBuildParameters struct { + // The full resource name of the bitbucket server config. + // Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + // +kubebuilder:validation:Optional + BitbucketServerConfig *string `json:"bitbucketServerConfig,omitempty" tf:"bitbucket_server_config,omitempty"` + // The full resource name of the github enterprise config. // Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. // +kubebuilder:validation:Optional diff --git a/apis/cloudbuild/v1beta1/zz_workerpool_types.go b/apis/cloudbuild/v1beta1/zz_workerpool_types.go index e6223edab..d221b7709 100755 --- a/apis/cloudbuild/v1beta1/zz_workerpool_types.go +++ b/apis/cloudbuild/v1beta1/zz_workerpool_types.go @@ -149,6 +149,9 @@ type WorkerPoolObservation struct { // User-defined name of the WorkerPool. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/workerPools/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` diff --git a/apis/cloudfunctions/v1beta1/zz_function_types.go b/apis/cloudfunctions/v1beta1/zz_function_types.go index ce2254b4b..df1e11042 100755 --- a/apis/cloudfunctions/v1beta1/zz_function_types.go +++ b/apis/cloudfunctions/v1beta1/zz_function_types.go @@ -104,6 +104,7 @@ type FunctionInitParameters struct { // A set of key/value environment variable pairs available during build time. BuildEnvironmentVariables map[string]string `json:"buildEnvironmentVariables,omitempty" tf:"build_environment_variables,omitempty"` + // Name of the Cloud Build Custom Worker Pool that should be used to build the function. BuildWorkerPool *string `json:"buildWorkerPool,omitempty" tf:"build_worker_pool,omitempty"` // Description of the function. @@ -212,6 +213,7 @@ type FunctionObservation struct { // A set of key/value environment variable pairs available during build time. BuildEnvironmentVariables map[string]string `json:"buildEnvironmentVariables,omitempty" tf:"build_environment_variables,omitempty"` + // Name of the Cloud Build Custom Worker Pool that should be used to build the function. BuildWorkerPool *string `json:"buildWorkerPool,omitempty" tf:"build_worker_pool,omitempty"` // Description of the function. @@ -223,6 +225,9 @@ type FunctionObservation struct { // User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means. DockerRepository *string `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Name of the function that will be executed when the Google Cloud Function is triggered. EntryPoint *string `json:"entryPoint,omitempty" tf:"entry_point,omitempty"` @@ -288,6 +293,10 @@ type FunctionObservation struct { Status *string `json:"status,omitempty" tf:"status,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds. Timeout *float64 `json:"timeout,omitempty" tf:"timeout,omitempty"` @@ -299,6 +308,9 @@ type FunctionObservation struct { // The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value. VPCConnectorEgressSettings *string `json:"vpcConnectorEgressSettings,omitempty" tf:"vpc_connector_egress_settings,omitempty"` + + // an identifier for the resource with format {{name}} + VersionID *string `json:"versionId,omitempty" tf:"version_id,omitempty"` } type FunctionParameters struct { @@ -311,6 +323,7 @@ type FunctionParameters struct { // +kubebuilder:validation:Optional BuildEnvironmentVariables map[string]string `json:"buildEnvironmentVariables,omitempty" tf:"build_environment_variables,omitempty"` + // Name of the Cloud Build Custom Worker Pool that should be used to build the function. // +kubebuilder:validation:Optional BuildWorkerPool *string `json:"buildWorkerPool,omitempty" tf:"build_worker_pool,omitempty"` diff --git a/apis/cloudfunctions/v1beta1/zz_generated.deepcopy.go b/apis/cloudfunctions/v1beta1/zz_generated.deepcopy.go index d11c911e4..e90644127 100644 --- a/apis/cloudfunctions/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudfunctions/v1beta1/zz_generated.deepcopy.go @@ -819,6 +819,22 @@ func (in *FunctionObservation) DeepCopyInto(out *FunctionObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EntryPoint != nil { in, out := &in.EntryPoint, &out.EntryPoint *out = new(string) @@ -936,6 +952,22 @@ func (in *FunctionObservation) DeepCopyInto(out *FunctionObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Timeout != nil { in, out := &in.Timeout, &out.Timeout *out = new(float64) @@ -956,6 +988,11 @@ func (in *FunctionObservation) DeepCopyInto(out *FunctionObservation) { *out = new(string) **out = **in } + if in.VersionID != nil { + in, out := &in.VersionID, &out.VersionID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FunctionObservation. diff --git a/apis/cloudfunctions2/v1beta1/zz_function_types.go b/apis/cloudfunctions2/v1beta1/zz_function_types.go index ce7d6c137..a790e9e75 100755 --- a/apis/cloudfunctions2/v1beta1/zz_function_types.go +++ b/apis/cloudfunctions2/v1beta1/zz_function_types.go @@ -32,8 +32,18 @@ import ( type BuildConfigInitParameters struct { // User managed repository created in Artifact Registry optionally with a customer managed encryption key. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/artifact/v1beta1.RegistryRepository + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() DockerRepository *string `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` + // Reference to a RegistryRepository in artifact to populate dockerRepository. + // +kubebuilder:validation:Optional + DockerRepositoryRef *v1.Reference `json:"dockerRepositoryRef,omitempty" tf:"-"` + + // Selector for a RegistryRepository in artifact to populate dockerRepository. + // +kubebuilder:validation:Optional + DockerRepositorySelector *v1.Selector `json:"dockerRepositorySelector,omitempty" tf:"-"` + // The name of the function (as defined in source code) that will be executed. // Defaults to the resource name suffix, if not specified. For backward // compatibility, if function with given name is not found, then the system @@ -103,9 +113,19 @@ type BuildConfigObservation struct { type BuildConfigParameters struct { // User managed repository created in Artifact Registry optionally with a customer managed encryption key. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/artifact/v1beta1.RegistryRepository + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional DockerRepository *string `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` + // Reference to a RegistryRepository in artifact to populate dockerRepository. + // +kubebuilder:validation:Optional + DockerRepositoryRef *v1.Reference `json:"dockerRepositoryRef,omitempty" tf:"-"` + + // Selector for a RegistryRepository in artifact to populate dockerRepository. + // +kubebuilder:validation:Optional + DockerRepositorySelector *v1.Selector `json:"dockerRepositorySelector,omitempty" tf:"-"` + // The name of the function (as defined in source code) that will be executed. // Defaults to the resource name suffix, if not specified. For backward // compatibility, if function with given name is not found, then the system @@ -250,7 +270,9 @@ type EventTriggerInitParameters struct { // Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY. RetryPolicy *string `json:"retryPolicy,omitempty" tf:"retry_policy,omitempty"` - // The email of the service account for this function. + // Optional. The email of the trigger's service account. The service account + // must have permission to invoke Cloud Run services. If empty, defaults to the + // Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` @@ -288,7 +310,9 @@ type EventTriggerObservation struct { // Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY. RetryPolicy *string `json:"retryPolicy,omitempty" tf:"retry_policy,omitempty"` - // The email of the service account for this function. + // Optional. The email of the trigger's service account. The service account + // must have permission to invoke Cloud Run services. If empty, defaults to the + // Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` // (Output) @@ -334,7 +358,9 @@ type EventTriggerParameters struct { // +kubebuilder:validation:Optional RetryPolicy *string `json:"retryPolicy,omitempty" tf:"retry_policy,omitempty"` - // The email of the service account for this function. + // Optional. The email of the trigger's service account. The service account + // must have permission to invoke Cloud Run services. If empty, defaults to the + // Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) // +kubebuilder:validation:Optional @@ -371,6 +397,10 @@ type FunctionInitParameters struct { // Structure is documented below. EventTrigger []EventTriggerInitParameters `json:"eventTrigger,omitempty" tf:"event_trigger,omitempty"` + // Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + // It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + // A set of key/value label pairs associated with this Cloud Function. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -394,6 +424,10 @@ type FunctionObservation struct { // User-provided description of a function. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The environment the function is hosted on. Environment *string `json:"environment,omitempty" tf:"environment,omitempty"` @@ -405,6 +439,10 @@ type FunctionObservation struct { // an identifier for the resource with format projects/{{project}}/locations/{{location}}/functions/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + // It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + // A set of key/value label pairs associated with this Cloud Function. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -423,6 +461,11 @@ type FunctionObservation struct { // Describes the current state of the function. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. The deployed url for the function. URL *string `json:"url,omitempty" tf:"url,omitempty"` @@ -448,14 +491,19 @@ type FunctionParameters struct { // +kubebuilder:validation:Optional EventTrigger []EventTriggerParameters `json:"eventTrigger,omitempty" tf:"event_trigger,omitempty"` + // Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + // It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + // +kubebuilder:validation:Optional + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + // A set of key/value label pairs associated with this Cloud Function. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` // The location of this cloud function. - // +kubebuilder:validation:Optional - Location *string `json:"location,omitempty" tf:"location,omitempty"` + // +kubebuilder:validation:Required + Location *string `json:"location" tf:"location,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. diff --git a/apis/cloudfunctions2/v1beta1/zz_generated.deepcopy.go b/apis/cloudfunctions2/v1beta1/zz_generated.deepcopy.go index 54d7356ee..173489619 100644 --- a/apis/cloudfunctions2/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudfunctions2/v1beta1/zz_generated.deepcopy.go @@ -33,6 +33,16 @@ func (in *BuildConfigInitParameters) DeepCopyInto(out *BuildConfigInitParameters *out = new(string) **out = **in } + if in.DockerRepositoryRef != nil { + in, out := &in.DockerRepositoryRef, &out.DockerRepositoryRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.DockerRepositorySelector != nil { + in, out := &in.DockerRepositorySelector, &out.DockerRepositorySelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.EntryPoint != nil { in, out := &in.EntryPoint, &out.EntryPoint *out = new(string) @@ -164,6 +174,16 @@ func (in *BuildConfigParameters) DeepCopyInto(out *BuildConfigParameters) { *out = new(string) **out = **in } + if in.DockerRepositoryRef != nil { + in, out := &in.DockerRepositoryRef, &out.DockerRepositoryRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.DockerRepositorySelector != nil { + in, out := &in.DockerRepositorySelector, &out.DockerRepositorySelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.EntryPoint != nil { in, out := &in.EntryPoint, &out.EntryPoint *out = new(string) @@ -569,6 +589,11 @@ func (in *FunctionInitParameters) DeepCopyInto(out *FunctionInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -656,6 +681,22 @@ func (in *FunctionObservation) DeepCopyInto(out *FunctionObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Environment != nil { in, out := &in.Environment, &out.Environment *out = new(string) @@ -673,6 +714,11 @@ func (in *FunctionObservation) DeepCopyInto(out *FunctionObservation) { *out = new(string) **out = **in } + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -711,6 +757,22 @@ func (in *FunctionObservation) DeepCopyInto(out *FunctionObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.URL != nil { in, out := &in.URL, &out.URL *out = new(string) @@ -755,6 +817,11 @@ func (in *FunctionParameters) DeepCopyInto(out *FunctionParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) diff --git a/apis/cloudfunctions2/v1beta1/zz_generated.resolvers.go b/apis/cloudfunctions2/v1beta1/zz_generated.resolvers.go index 4fa09bcc2..c9c5b236c 100644 --- a/apis/cloudfunctions2/v1beta1/zz_generated.resolvers.go +++ b/apis/cloudfunctions2/v1beta1/zz_generated.resolvers.go @@ -39,6 +39,27 @@ func (mg *Function) ResolveReferences(ctx context.Context, c client.Reader) erro var rsp reference.ResolutionResponse var err error + for i3 := 0; i3 < len(mg.Spec.ForProvider.BuildConfig); i3++ { + { + m, l, err = apisresolver.GetManagedResource("artifact.gcp.upbound.io", "v1beta1", "RegistryRepository", "RegistryRepositoryList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.BuildConfig[i3].DockerRepository), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.BuildConfig[i3].DockerRepositoryRef, + Selector: mg.Spec.ForProvider.BuildConfig[i3].DockerRepositorySelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.BuildConfig[i3].DockerRepository") + } + mg.Spec.ForProvider.BuildConfig[i3].DockerRepository = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.BuildConfig[i3].DockerRepositoryRef = rsp.ResolvedReference + + } for i3 := 0; i3 < len(mg.Spec.ForProvider.BuildConfig); i3++ { for i4 := 0; i4 < len(mg.Spec.ForProvider.BuildConfig[i3].Source); i4++ { for i5 := 0; i5 < len(mg.Spec.ForProvider.BuildConfig[i3].Source[i4].StorageSource); i5++ { @@ -241,6 +262,27 @@ func (mg *Function) ResolveReferences(ctx context.Context, c client.Reader) erro mg.Spec.ForProvider.ServiceConfig[i3].ServiceAccountEmail = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServiceConfig[i3].ServiceAccountEmailRef = rsp.ResolvedReference + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.BuildConfig); i3++ { + { + m, l, err = apisresolver.GetManagedResource("artifact.gcp.upbound.io", "v1beta1", "RegistryRepository", "RegistryRepositoryList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.BuildConfig[i3].DockerRepository), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.BuildConfig[i3].DockerRepositoryRef, + Selector: mg.Spec.InitProvider.BuildConfig[i3].DockerRepositorySelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.BuildConfig[i3].DockerRepository") + } + mg.Spec.InitProvider.BuildConfig[i3].DockerRepository = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.BuildConfig[i3].DockerRepositoryRef = rsp.ResolvedReference + } for i3 := 0; i3 < len(mg.Spec.InitProvider.BuildConfig); i3++ { for i4 := 0; i4 < len(mg.Spec.InitProvider.BuildConfig[i3].Source); i4++ { diff --git a/apis/cloudiot/v1beta1/zz_device_terraformed.go b/apis/cloudiot/v1beta1/zz_device_terraformed.go deleted file mode 100755 index 1577dbba1..000000000 --- a/apis/cloudiot/v1beta1/zz_device_terraformed.go +++ /dev/null @@ -1,145 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - "dario.cat/mergo" - "github.com/pkg/errors" - - "github.com/crossplane/upjet/pkg/resource" - "github.com/crossplane/upjet/pkg/resource/json" -) - -// GetTerraformResourceType returns Terraform resource type for this Device -func (mg *Device) GetTerraformResourceType() string { - return "google_cloudiot_device" -} - -// GetConnectionDetailsMapping for this Device -func (tr *Device) GetConnectionDetailsMapping() map[string]string { - return nil -} - -// GetObservation of this Device -func (tr *Device) GetObservation() (map[string]any, error) { - o, err := json.TFParser.Marshal(tr.Status.AtProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(o, &base) -} - -// SetObservation for this Device -func (tr *Device) SetObservation(obs map[string]any) error { - p, err := json.TFParser.Marshal(obs) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) -} - -// GetID returns ID of underlying Terraform resource of this Device -func (tr *Device) GetID() string { - if tr.Status.AtProvider.ID == nil { - return "" - } - return *tr.Status.AtProvider.ID -} - -// GetParameters of this Device -func (tr *Device) GetParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.ForProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// SetParameters for this Device -func (tr *Device) SetParameters(params map[string]any) error { - p, err := json.TFParser.Marshal(params) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) -} - -// GetInitParameters of this Device -func (tr *Device) GetInitParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.InitProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// GetInitParameters of this Device -func (tr *Device) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { - params, err := tr.GetParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) - } - if !shouldMergeInitProvider { - return params, nil - } - - initParams, err := tr.GetInitParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) - } - - // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the - // slices from the initProvider to forProvider. As it also sets - // overwrite to true, we need to set it back to false, we don't - // want to overwrite the forProvider fields with the initProvider - // fields. - err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { - c.Overwrite = false - }) - if err != nil { - return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) - } - - return params, nil -} - -// LateInitialize this Device using its observed tfState. -// returns True if there are any spec changes for the resource. -func (tr *Device) LateInitialize(attrs []byte) (bool, error) { - params := &DeviceParameters{} - if err := json.TFParser.Unmarshal(attrs, params); err != nil { - return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") - } - opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} - - li := resource.NewGenericLateInitializer(opts...) - return li.LateInitialize(&tr.Spec.ForProvider, params) -} - -// GetTerraformSchemaVersion returns the associated Terraform schema version -func (tr *Device) GetTerraformSchemaVersion() int { - return 0 -} diff --git a/apis/cloudiot/v1beta1/zz_device_types.go b/apis/cloudiot/v1beta1/zz_device_types.go deleted file mode 100755 index b5cbfb178..000000000 --- a/apis/cloudiot/v1beta1/zz_device_types.go +++ /dev/null @@ -1,384 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" -) - -type ConfigInitParameters struct { -} - -type ConfigObservation struct { - - // The device configuration data. - BinaryData *string `json:"binaryData,omitempty" tf:"binary_data,omitempty"` - - // (Output) - // The time at which this configuration version was updated in Cloud IoT Core. - CloudUpdateTime *string `json:"cloudUpdateTime,omitempty" tf:"cloud_update_time,omitempty"` - - // (Output) - // The time at which Cloud IoT Core received the acknowledgment from the device, - // indicating that the device has received this configuration version. - DeviceAckTime *string `json:"deviceAckTime,omitempty" tf:"device_ack_time,omitempty"` - - // (Output) - // The version of this update. - Version *string `json:"version,omitempty" tf:"version,omitempty"` -} - -type ConfigParameters struct { -} - -type CredentialsInitParameters struct { - - // The time at which this credential becomes invalid. - ExpirationTime *string `json:"expirationTime,omitempty" tf:"expiration_time,omitempty"` - - // A public key used to verify the signature of JSON Web Tokens (JWTs). - // Structure is documented below. - PublicKey []PublicKeyInitParameters `json:"publicKey,omitempty" tf:"public_key,omitempty"` -} - -type CredentialsObservation struct { - - // The time at which this credential becomes invalid. - ExpirationTime *string `json:"expirationTime,omitempty" tf:"expiration_time,omitempty"` - - // A public key used to verify the signature of JSON Web Tokens (JWTs). - // Structure is documented below. - PublicKey []PublicKeyObservation `json:"publicKey,omitempty" tf:"public_key,omitempty"` -} - -type CredentialsParameters struct { - - // The time at which this credential becomes invalid. - // +kubebuilder:validation:Optional - ExpirationTime *string `json:"expirationTime,omitempty" tf:"expiration_time,omitempty"` - - // A public key used to verify the signature of JSON Web Tokens (JWTs). - // Structure is documented below. - // +kubebuilder:validation:Optional - PublicKey []PublicKeyParameters `json:"publicKey" tf:"public_key,omitempty"` -} - -type DeviceInitParameters struct { - - // If a device is blocked, connections or requests from this device will fail. - Blocked *bool `json:"blocked,omitempty" tf:"blocked,omitempty"` - - // The credentials used to authenticate this device. - // Structure is documented below. - Credentials []CredentialsInitParameters `json:"credentials,omitempty" tf:"credentials,omitempty"` - - // Gateway-related configuration and state. - // Structure is documented below. - GatewayConfig []GatewayConfigInitParameters `json:"gatewayConfig,omitempty" tf:"gateway_config,omitempty"` - - // The logging verbosity for device activity. - // Possible values are: NONE, ERROR, INFO, DEBUG. - LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` - - // The metadata key-value pairs assigned to the device. - // +mapType=granular - Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` -} - -type DeviceObservation struct { - - // If a device is blocked, connections or requests from this device will fail. - Blocked *bool `json:"blocked,omitempty" tf:"blocked,omitempty"` - - // The most recent device configuration, which is eventually sent from Cloud IoT Core to the device. - // Structure is documented below. - Config []ConfigObservation `json:"config,omitempty" tf:"config,omitempty"` - - // The credentials used to authenticate this device. - // Structure is documented below. - Credentials []CredentialsObservation `json:"credentials,omitempty" tf:"credentials,omitempty"` - - // Gateway-related configuration and state. - // Structure is documented below. - GatewayConfig []GatewayConfigObservation `json:"gatewayConfig,omitempty" tf:"gateway_config,omitempty"` - - // an identifier for the resource with format {{registry}}/devices/{{name}} - ID *string `json:"id,omitempty" tf:"id,omitempty"` - - // The last time a cloud-to-device config version acknowledgment was received from the device. - LastConfigAckTime *string `json:"lastConfigAckTime,omitempty" tf:"last_config_ack_time,omitempty"` - - // The last time a cloud-to-device config version was sent to the device. - LastConfigSendTime *string `json:"lastConfigSendTime,omitempty" tf:"last_config_send_time,omitempty"` - - // The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub. - // Structure is documented below. - LastErrorStatus []LastErrorStatusObservation `json:"lastErrorStatus,omitempty" tf:"last_error_status,omitempty"` - - // The time the most recent error occurred, such as a failure to publish to Cloud Pub/Sub. - LastErrorTime *string `json:"lastErrorTime,omitempty" tf:"last_error_time,omitempty"` - - // The last time a telemetry event was received. - LastEventTime *string `json:"lastEventTime,omitempty" tf:"last_event_time,omitempty"` - - // The last time an MQTT PINGREQ was received. - LastHeartbeatTime *string `json:"lastHeartbeatTime,omitempty" tf:"last_heartbeat_time,omitempty"` - - // The last time a state event was received. - LastStateTime *string `json:"lastStateTime,omitempty" tf:"last_state_time,omitempty"` - - // The logging verbosity for device activity. - // Possible values are: NONE, ERROR, INFO, DEBUG. - LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` - - // The metadata key-value pairs assigned to the device. - // +mapType=granular - Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` - - // A server-defined unique numeric ID for the device. - // This is a more compact way to identify devices, and it is globally unique. - NumID *string `json:"numId,omitempty" tf:"num_id,omitempty"` - - // The name of the device registry where this device should be created. - Registry *string `json:"registry,omitempty" tf:"registry,omitempty"` - - // The state most recently received from the device. - // Structure is documented below. - State []StateObservation `json:"state,omitempty" tf:"state,omitempty"` -} - -type DeviceParameters struct { - - // If a device is blocked, connections or requests from this device will fail. - // +kubebuilder:validation:Optional - Blocked *bool `json:"blocked,omitempty" tf:"blocked,omitempty"` - - // The credentials used to authenticate this device. - // Structure is documented below. - // +kubebuilder:validation:Optional - Credentials []CredentialsParameters `json:"credentials,omitempty" tf:"credentials,omitempty"` - - // Gateway-related configuration and state. - // Structure is documented below. - // +kubebuilder:validation:Optional - GatewayConfig []GatewayConfigParameters `json:"gatewayConfig,omitempty" tf:"gateway_config,omitempty"` - - // The logging verbosity for device activity. - // Possible values are: NONE, ERROR, INFO, DEBUG. - // +kubebuilder:validation:Optional - LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` - - // The metadata key-value pairs assigned to the device. - // +kubebuilder:validation:Optional - // +mapType=granular - Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` - - // The name of the device registry where this device should be created. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudiot/v1beta1.Registry - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() - // +kubebuilder:validation:Optional - Registry *string `json:"registry,omitempty" tf:"registry,omitempty"` - - // Reference to a Registry in cloudiot to populate registry. - // +kubebuilder:validation:Optional - RegistryRef *v1.Reference `json:"registryRef,omitempty" tf:"-"` - - // Selector for a Registry in cloudiot to populate registry. - // +kubebuilder:validation:Optional - RegistrySelector *v1.Selector `json:"registrySelector,omitempty" tf:"-"` -} - -type GatewayConfigInitParameters struct { - - // Indicates whether the device is a gateway. - // Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - GatewayAuthMethod *string `json:"gatewayAuthMethod,omitempty" tf:"gateway_auth_method,omitempty"` - - // Indicates whether the device is a gateway. - // Default value is NON_GATEWAY. - // Possible values are: GATEWAY, NON_GATEWAY. - GatewayType *string `json:"gatewayType,omitempty" tf:"gateway_type,omitempty"` -} - -type GatewayConfigObservation struct { - - // Indicates whether the device is a gateway. - // Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - GatewayAuthMethod *string `json:"gatewayAuthMethod,omitempty" tf:"gateway_auth_method,omitempty"` - - // Indicates whether the device is a gateway. - // Default value is NON_GATEWAY. - // Possible values are: GATEWAY, NON_GATEWAY. - GatewayType *string `json:"gatewayType,omitempty" tf:"gateway_type,omitempty"` - - // (Output) - // The ID of the gateway the device accessed most recently. - LastAccessedGatewayID *string `json:"lastAccessedGatewayId,omitempty" tf:"last_accessed_gateway_id,omitempty"` - - // (Output) - // The most recent time at which the device accessed the gateway specified in last_accessed_gateway. - LastAccessedGatewayTime *string `json:"lastAccessedGatewayTime,omitempty" tf:"last_accessed_gateway_time,omitempty"` -} - -type GatewayConfigParameters struct { - - // Indicates whether the device is a gateway. - // Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - // +kubebuilder:validation:Optional - GatewayAuthMethod *string `json:"gatewayAuthMethod,omitempty" tf:"gateway_auth_method,omitempty"` - - // Indicates whether the device is a gateway. - // Default value is NON_GATEWAY. - // Possible values are: GATEWAY, NON_GATEWAY. - // +kubebuilder:validation:Optional - GatewayType *string `json:"gatewayType,omitempty" tf:"gateway_type,omitempty"` -} - -type LastErrorStatusInitParameters struct { -} - -type LastErrorStatusObservation struct { - - // A list of messages that carry the error details. - Details []string `json:"details,omitempty" tf:"details,omitempty"` - - // A developer-facing error message, which should be in English. - Message *string `json:"message,omitempty" tf:"message,omitempty"` - - // The status code, which should be an enum value of google.rpc.Code. - Number *float64 `json:"number,omitempty" tf:"number,omitempty"` -} - -type LastErrorStatusParameters struct { -} - -type PublicKeyInitParameters struct { - - // The format of the key. - // Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - Format *string `json:"format,omitempty" tf:"format,omitempty"` - - // The key data. - Key *string `json:"key,omitempty" tf:"key,omitempty"` -} - -type PublicKeyObservation struct { - - // The format of the key. - // Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - Format *string `json:"format,omitempty" tf:"format,omitempty"` - - // The key data. - Key *string `json:"key,omitempty" tf:"key,omitempty"` -} - -type PublicKeyParameters struct { - - // The format of the key. - // Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - // +kubebuilder:validation:Optional - Format *string `json:"format" tf:"format,omitempty"` - - // The key data. - // +kubebuilder:validation:Optional - Key *string `json:"key" tf:"key,omitempty"` -} - -type StateInitParameters struct { -} - -type StateObservation struct { - - // The device state data. - BinaryData *string `json:"binaryData,omitempty" tf:"binary_data,omitempty"` - - // The time at which this state version was updated in Cloud IoT Core. - UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` -} - -type StateParameters struct { -} - -// DeviceSpec defines the desired state of Device -type DeviceSpec struct { - v1.ResourceSpec `json:",inline"` - ForProvider DeviceParameters `json:"forProvider"` - // THIS IS A BETA FIELD. It will be honored - // unless the Management Policies feature flag is disabled. - // InitProvider holds the same fields as ForProvider, with the exception - // of Identifier and other resource reference fields. The fields that are - // in InitProvider are merged into ForProvider when the resource is created. - // The same fields are also added to the terraform ignore_changes hook, to - // avoid updating them after creation. This is useful for fields that are - // required on creation, but we do not desire to update them after creation, - // for example because of an external controller is managing them, like an - // autoscaler. - InitProvider DeviceInitParameters `json:"initProvider,omitempty"` -} - -// DeviceStatus defines the observed state of Device. -type DeviceStatus struct { - v1.ResourceStatus `json:",inline"` - AtProvider DeviceObservation `json:"atProvider,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:storageversion - -// Device is the Schema for the Devices API. A Google Cloud IoT Core device. -// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" -// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" -// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} -type Device struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - Spec DeviceSpec `json:"spec"` - Status DeviceStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// DeviceList contains a list of Devices -type DeviceList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Device `json:"items"` -} - -// Repository type metadata. -var ( - Device_Kind = "Device" - Device_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Device_Kind}.String() - Device_KindAPIVersion = Device_Kind + "." + CRDGroupVersion.String() - Device_GroupVersionKind = CRDGroupVersion.WithKind(Device_Kind) -) - -func init() { - SchemeBuilder.Register(&Device{}, &DeviceList{}) -} diff --git a/apis/cloudiot/v1beta1/zz_generated.conversion_hubs.go b/apis/cloudiot/v1beta1/zz_generated.conversion_hubs.go deleted file mode 100755 index c57edd0d6..000000000 --- a/apis/cloudiot/v1beta1/zz_generated.conversion_hubs.go +++ /dev/null @@ -1,29 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -// Hub marks this type as a conversion hub. -func (tr *Device) Hub() {} - -// Hub marks this type as a conversion hub. -func (tr *Registry) Hub() {} diff --git a/apis/cloudiot/v1beta1/zz_generated.deepcopy.go b/apis/cloudiot/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 4f3743807..000000000 --- a/apis/cloudiot/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,1257 +0,0 @@ -//go:build !ignore_autogenerated - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigInitParameters. -func (in *ConfigInitParameters) DeepCopy() *ConfigInitParameters { - if in == nil { - return nil - } - out := new(ConfigInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigObservation) DeepCopyInto(out *ConfigObservation) { - *out = *in - if in.BinaryData != nil { - in, out := &in.BinaryData, &out.BinaryData - *out = new(string) - **out = **in - } - if in.CloudUpdateTime != nil { - in, out := &in.CloudUpdateTime, &out.CloudUpdateTime - *out = new(string) - **out = **in - } - if in.DeviceAckTime != nil { - in, out := &in.DeviceAckTime, &out.DeviceAckTime - *out = new(string) - **out = **in - } - if in.Version != nil { - in, out := &in.Version, &out.Version - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigObservation. -func (in *ConfigObservation) DeepCopy() *ConfigObservation { - if in == nil { - return nil - } - out := new(ConfigObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigParameters) DeepCopyInto(out *ConfigParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigParameters. -func (in *ConfigParameters) DeepCopy() *ConfigParameters { - if in == nil { - return nil - } - out := new(ConfigParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsInitParameters) DeepCopyInto(out *CredentialsInitParameters) { - *out = *in - if in.ExpirationTime != nil { - in, out := &in.ExpirationTime, &out.ExpirationTime - *out = new(string) - **out = **in - } - if in.PublicKey != nil { - in, out := &in.PublicKey, &out.PublicKey - *out = make([]PublicKeyInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsInitParameters. -func (in *CredentialsInitParameters) DeepCopy() *CredentialsInitParameters { - if in == nil { - return nil - } - out := new(CredentialsInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsObservation) DeepCopyInto(out *CredentialsObservation) { - *out = *in - if in.ExpirationTime != nil { - in, out := &in.ExpirationTime, &out.ExpirationTime - *out = new(string) - **out = **in - } - if in.PublicKey != nil { - in, out := &in.PublicKey, &out.PublicKey - *out = make([]PublicKeyObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsObservation. -func (in *CredentialsObservation) DeepCopy() *CredentialsObservation { - if in == nil { - return nil - } - out := new(CredentialsObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsParameters) DeepCopyInto(out *CredentialsParameters) { - *out = *in - if in.ExpirationTime != nil { - in, out := &in.ExpirationTime, &out.ExpirationTime - *out = new(string) - **out = **in - } - if in.PublicKey != nil { - in, out := &in.PublicKey, &out.PublicKey - *out = make([]PublicKeyParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsParameters. -func (in *CredentialsParameters) DeepCopy() *CredentialsParameters { - if in == nil { - return nil - } - out := new(CredentialsParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Device) DeepCopyInto(out *Device) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device. -func (in *Device) DeepCopy() *Device { - if in == nil { - return nil - } - out := new(Device) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Device) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeviceInitParameters) DeepCopyInto(out *DeviceInitParameters) { - *out = *in - if in.Blocked != nil { - in, out := &in.Blocked, &out.Blocked - *out = new(bool) - **out = **in - } - if in.Credentials != nil { - in, out := &in.Credentials, &out.Credentials - *out = make([]CredentialsInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.GatewayConfig != nil { - in, out := &in.GatewayConfig, &out.GatewayConfig - *out = make([]GatewayConfigInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.LogLevel != nil { - in, out := &in.LogLevel, &out.LogLevel - *out = new(string) - **out = **in - } - if in.Metadata != nil { - in, out := &in.Metadata, &out.Metadata - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceInitParameters. -func (in *DeviceInitParameters) DeepCopy() *DeviceInitParameters { - if in == nil { - return nil - } - out := new(DeviceInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeviceList) DeepCopyInto(out *DeviceList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Device, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceList. -func (in *DeviceList) DeepCopy() *DeviceList { - if in == nil { - return nil - } - out := new(DeviceList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DeviceList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeviceObservation) DeepCopyInto(out *DeviceObservation) { - *out = *in - if in.Blocked != nil { - in, out := &in.Blocked, &out.Blocked - *out = new(bool) - **out = **in - } - if in.Config != nil { - in, out := &in.Config, &out.Config - *out = make([]ConfigObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Credentials != nil { - in, out := &in.Credentials, &out.Credentials - *out = make([]CredentialsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.GatewayConfig != nil { - in, out := &in.GatewayConfig, &out.GatewayConfig - *out = make([]GatewayConfigObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.LastConfigAckTime != nil { - in, out := &in.LastConfigAckTime, &out.LastConfigAckTime - *out = new(string) - **out = **in - } - if in.LastConfigSendTime != nil { - in, out := &in.LastConfigSendTime, &out.LastConfigSendTime - *out = new(string) - **out = **in - } - if in.LastErrorStatus != nil { - in, out := &in.LastErrorStatus, &out.LastErrorStatus - *out = make([]LastErrorStatusObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.LastErrorTime != nil { - in, out := &in.LastErrorTime, &out.LastErrorTime - *out = new(string) - **out = **in - } - if in.LastEventTime != nil { - in, out := &in.LastEventTime, &out.LastEventTime - *out = new(string) - **out = **in - } - if in.LastHeartbeatTime != nil { - in, out := &in.LastHeartbeatTime, &out.LastHeartbeatTime - *out = new(string) - **out = **in - } - if in.LastStateTime != nil { - in, out := &in.LastStateTime, &out.LastStateTime - *out = new(string) - **out = **in - } - if in.LogLevel != nil { - in, out := &in.LogLevel, &out.LogLevel - *out = new(string) - **out = **in - } - if in.Metadata != nil { - in, out := &in.Metadata, &out.Metadata - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } - if in.NumID != nil { - in, out := &in.NumID, &out.NumID - *out = new(string) - **out = **in - } - if in.Registry != nil { - in, out := &in.Registry, &out.Registry - *out = new(string) - **out = **in - } - if in.State != nil { - in, out := &in.State, &out.State - *out = make([]StateObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceObservation. -func (in *DeviceObservation) DeepCopy() *DeviceObservation { - if in == nil { - return nil - } - out := new(DeviceObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeviceParameters) DeepCopyInto(out *DeviceParameters) { - *out = *in - if in.Blocked != nil { - in, out := &in.Blocked, &out.Blocked - *out = new(bool) - **out = **in - } - if in.Credentials != nil { - in, out := &in.Credentials, &out.Credentials - *out = make([]CredentialsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.GatewayConfig != nil { - in, out := &in.GatewayConfig, &out.GatewayConfig - *out = make([]GatewayConfigParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.LogLevel != nil { - in, out := &in.LogLevel, &out.LogLevel - *out = new(string) - **out = **in - } - if in.Metadata != nil { - in, out := &in.Metadata, &out.Metadata - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } - if in.Registry != nil { - in, out := &in.Registry, &out.Registry - *out = new(string) - **out = **in - } - if in.RegistryRef != nil { - in, out := &in.RegistryRef, &out.RegistryRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.RegistrySelector != nil { - in, out := &in.RegistrySelector, &out.RegistrySelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceParameters. -func (in *DeviceParameters) DeepCopy() *DeviceParameters { - if in == nil { - return nil - } - out := new(DeviceParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeviceSpec) DeepCopyInto(out *DeviceSpec) { - *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSpec. -func (in *DeviceSpec) DeepCopy() *DeviceSpec { - if in == nil { - return nil - } - out := new(DeviceSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeviceStatus) DeepCopyInto(out *DeviceStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceStatus. -func (in *DeviceStatus) DeepCopy() *DeviceStatus { - if in == nil { - return nil - } - out := new(DeviceStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventNotificationConfigsInitParameters) DeepCopyInto(out *EventNotificationConfigsInitParameters) { - *out = *in - if in.PubsubTopicName != nil { - in, out := &in.PubsubTopicName, &out.PubsubTopicName - *out = new(string) - **out = **in - } - if in.PubsubTopicNameRef != nil { - in, out := &in.PubsubTopicNameRef, &out.PubsubTopicNameRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.PubsubTopicNameSelector != nil { - in, out := &in.PubsubTopicNameSelector, &out.PubsubTopicNameSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } - if in.SubfolderMatches != nil { - in, out := &in.SubfolderMatches, &out.SubfolderMatches - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventNotificationConfigsInitParameters. -func (in *EventNotificationConfigsInitParameters) DeepCopy() *EventNotificationConfigsInitParameters { - if in == nil { - return nil - } - out := new(EventNotificationConfigsInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventNotificationConfigsObservation) DeepCopyInto(out *EventNotificationConfigsObservation) { - *out = *in - if in.PubsubTopicName != nil { - in, out := &in.PubsubTopicName, &out.PubsubTopicName - *out = new(string) - **out = **in - } - if in.SubfolderMatches != nil { - in, out := &in.SubfolderMatches, &out.SubfolderMatches - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventNotificationConfigsObservation. -func (in *EventNotificationConfigsObservation) DeepCopy() *EventNotificationConfigsObservation { - if in == nil { - return nil - } - out := new(EventNotificationConfigsObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventNotificationConfigsParameters) DeepCopyInto(out *EventNotificationConfigsParameters) { - *out = *in - if in.PubsubTopicName != nil { - in, out := &in.PubsubTopicName, &out.PubsubTopicName - *out = new(string) - **out = **in - } - if in.PubsubTopicNameRef != nil { - in, out := &in.PubsubTopicNameRef, &out.PubsubTopicNameRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.PubsubTopicNameSelector != nil { - in, out := &in.PubsubTopicNameSelector, &out.PubsubTopicNameSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } - if in.SubfolderMatches != nil { - in, out := &in.SubfolderMatches, &out.SubfolderMatches - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventNotificationConfigsParameters. -func (in *EventNotificationConfigsParameters) DeepCopy() *EventNotificationConfigsParameters { - if in == nil { - return nil - } - out := new(EventNotificationConfigsParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatewayConfigInitParameters) DeepCopyInto(out *GatewayConfigInitParameters) { - *out = *in - if in.GatewayAuthMethod != nil { - in, out := &in.GatewayAuthMethod, &out.GatewayAuthMethod - *out = new(string) - **out = **in - } - if in.GatewayType != nil { - in, out := &in.GatewayType, &out.GatewayType - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigInitParameters. -func (in *GatewayConfigInitParameters) DeepCopy() *GatewayConfigInitParameters { - if in == nil { - return nil - } - out := new(GatewayConfigInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatewayConfigObservation) DeepCopyInto(out *GatewayConfigObservation) { - *out = *in - if in.GatewayAuthMethod != nil { - in, out := &in.GatewayAuthMethod, &out.GatewayAuthMethod - *out = new(string) - **out = **in - } - if in.GatewayType != nil { - in, out := &in.GatewayType, &out.GatewayType - *out = new(string) - **out = **in - } - if in.LastAccessedGatewayID != nil { - in, out := &in.LastAccessedGatewayID, &out.LastAccessedGatewayID - *out = new(string) - **out = **in - } - if in.LastAccessedGatewayTime != nil { - in, out := &in.LastAccessedGatewayTime, &out.LastAccessedGatewayTime - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigObservation. -func (in *GatewayConfigObservation) DeepCopy() *GatewayConfigObservation { - if in == nil { - return nil - } - out := new(GatewayConfigObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatewayConfigParameters) DeepCopyInto(out *GatewayConfigParameters) { - *out = *in - if in.GatewayAuthMethod != nil { - in, out := &in.GatewayAuthMethod, &out.GatewayAuthMethod - *out = new(string) - **out = **in - } - if in.GatewayType != nil { - in, out := &in.GatewayType, &out.GatewayType - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigParameters. -func (in *GatewayConfigParameters) DeepCopy() *GatewayConfigParameters { - if in == nil { - return nil - } - out := new(GatewayConfigParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LastErrorStatusInitParameters) DeepCopyInto(out *LastErrorStatusInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LastErrorStatusInitParameters. -func (in *LastErrorStatusInitParameters) DeepCopy() *LastErrorStatusInitParameters { - if in == nil { - return nil - } - out := new(LastErrorStatusInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LastErrorStatusObservation) DeepCopyInto(out *LastErrorStatusObservation) { - *out = *in - if in.Details != nil { - in, out := &in.Details, &out.Details - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Message != nil { - in, out := &in.Message, &out.Message - *out = new(string) - **out = **in - } - if in.Number != nil { - in, out := &in.Number, &out.Number - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LastErrorStatusObservation. -func (in *LastErrorStatusObservation) DeepCopy() *LastErrorStatusObservation { - if in == nil { - return nil - } - out := new(LastErrorStatusObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LastErrorStatusParameters) DeepCopyInto(out *LastErrorStatusParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LastErrorStatusParameters. -func (in *LastErrorStatusParameters) DeepCopy() *LastErrorStatusParameters { - if in == nil { - return nil - } - out := new(LastErrorStatusParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKeyInitParameters) DeepCopyInto(out *PublicKeyInitParameters) { - *out = *in - if in.Format != nil { - in, out := &in.Format, &out.Format - *out = new(string) - **out = **in - } - if in.Key != nil { - in, out := &in.Key, &out.Key - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeyInitParameters. -func (in *PublicKeyInitParameters) DeepCopy() *PublicKeyInitParameters { - if in == nil { - return nil - } - out := new(PublicKeyInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKeyObservation) DeepCopyInto(out *PublicKeyObservation) { - *out = *in - if in.Format != nil { - in, out := &in.Format, &out.Format - *out = new(string) - **out = **in - } - if in.Key != nil { - in, out := &in.Key, &out.Key - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeyObservation. -func (in *PublicKeyObservation) DeepCopy() *PublicKeyObservation { - if in == nil { - return nil - } - out := new(PublicKeyObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKeyParameters) DeepCopyInto(out *PublicKeyParameters) { - *out = *in - if in.Format != nil { - in, out := &in.Format, &out.Format - *out = new(string) - **out = **in - } - if in.Key != nil { - in, out := &in.Key, &out.Key - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeyParameters. -func (in *PublicKeyParameters) DeepCopy() *PublicKeyParameters { - if in == nil { - return nil - } - out := new(PublicKeyParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Registry) DeepCopyInto(out *Registry) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Registry. -func (in *Registry) DeepCopy() *Registry { - if in == nil { - return nil - } - out := new(Registry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Registry) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryCredentialsInitParameters) DeepCopyInto(out *RegistryCredentialsInitParameters) { - *out = *in - if in.PublicKeyCertificate != nil { - in, out := &in.PublicKeyCertificate, &out.PublicKeyCertificate - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryCredentialsInitParameters. -func (in *RegistryCredentialsInitParameters) DeepCopy() *RegistryCredentialsInitParameters { - if in == nil { - return nil - } - out := new(RegistryCredentialsInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryCredentialsObservation) DeepCopyInto(out *RegistryCredentialsObservation) { - *out = *in - if in.PublicKeyCertificate != nil { - in, out := &in.PublicKeyCertificate, &out.PublicKeyCertificate - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryCredentialsObservation. -func (in *RegistryCredentialsObservation) DeepCopy() *RegistryCredentialsObservation { - if in == nil { - return nil - } - out := new(RegistryCredentialsObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryCredentialsParameters) DeepCopyInto(out *RegistryCredentialsParameters) { - *out = *in - if in.PublicKeyCertificate != nil { - in, out := &in.PublicKeyCertificate, &out.PublicKeyCertificate - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryCredentialsParameters. -func (in *RegistryCredentialsParameters) DeepCopy() *RegistryCredentialsParameters { - if in == nil { - return nil - } - out := new(RegistryCredentialsParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryInitParameters) DeepCopyInto(out *RegistryInitParameters) { - *out = *in - if in.Credentials != nil { - in, out := &in.Credentials, &out.Credentials - *out = make([]RegistryCredentialsInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EventNotificationConfigs != nil { - in, out := &in.EventNotificationConfigs, &out.EventNotificationConfigs - *out = make([]EventNotificationConfigsInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPConfig != nil { - in, out := &in.HTTPConfig, &out.HTTPConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.LogLevel != nil { - in, out := &in.LogLevel, &out.LogLevel - *out = new(string) - **out = **in - } - if in.MqttConfig != nil { - in, out := &in.MqttConfig, &out.MqttConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.Region != nil { - in, out := &in.Region, &out.Region - *out = new(string) - **out = **in - } - if in.StateNotificationConfig != nil { - in, out := &in.StateNotificationConfig, &out.StateNotificationConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryInitParameters. -func (in *RegistryInitParameters) DeepCopy() *RegistryInitParameters { - if in == nil { - return nil - } - out := new(RegistryInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryList) DeepCopyInto(out *RegistryList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Registry, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryList. -func (in *RegistryList) DeepCopy() *RegistryList { - if in == nil { - return nil - } - out := new(RegistryList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RegistryList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryObservation) DeepCopyInto(out *RegistryObservation) { - *out = *in - if in.Credentials != nil { - in, out := &in.Credentials, &out.Credentials - *out = make([]RegistryCredentialsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EventNotificationConfigs != nil { - in, out := &in.EventNotificationConfigs, &out.EventNotificationConfigs - *out = make([]EventNotificationConfigsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPConfig != nil { - in, out := &in.HTTPConfig, &out.HTTPConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.LogLevel != nil { - in, out := &in.LogLevel, &out.LogLevel - *out = new(string) - **out = **in - } - if in.MqttConfig != nil { - in, out := &in.MqttConfig, &out.MqttConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.Region != nil { - in, out := &in.Region, &out.Region - *out = new(string) - **out = **in - } - if in.StateNotificationConfig != nil { - in, out := &in.StateNotificationConfig, &out.StateNotificationConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryObservation. -func (in *RegistryObservation) DeepCopy() *RegistryObservation { - if in == nil { - return nil - } - out := new(RegistryObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryParameters) DeepCopyInto(out *RegistryParameters) { - *out = *in - if in.Credentials != nil { - in, out := &in.Credentials, &out.Credentials - *out = make([]RegistryCredentialsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EventNotificationConfigs != nil { - in, out := &in.EventNotificationConfigs, &out.EventNotificationConfigs - *out = make([]EventNotificationConfigsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPConfig != nil { - in, out := &in.HTTPConfig, &out.HTTPConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.LogLevel != nil { - in, out := &in.LogLevel, &out.LogLevel - *out = new(string) - **out = **in - } - if in.MqttConfig != nil { - in, out := &in.MqttConfig, &out.MqttConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.Region != nil { - in, out := &in.Region, &out.Region - *out = new(string) - **out = **in - } - if in.StateNotificationConfig != nil { - in, out := &in.StateNotificationConfig, &out.StateNotificationConfig - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryParameters. -func (in *RegistryParameters) DeepCopy() *RegistryParameters { - if in == nil { - return nil - } - out := new(RegistryParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistrySpec) DeepCopyInto(out *RegistrySpec) { - *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrySpec. -func (in *RegistrySpec) DeepCopy() *RegistrySpec { - if in == nil { - return nil - } - out := new(RegistrySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryStatus) DeepCopyInto(out *RegistryStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryStatus. -func (in *RegistryStatus) DeepCopy() *RegistryStatus { - if in == nil { - return nil - } - out := new(RegistryStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StateInitParameters) DeepCopyInto(out *StateInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StateInitParameters. -func (in *StateInitParameters) DeepCopy() *StateInitParameters { - if in == nil { - return nil - } - out := new(StateInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StateObservation) DeepCopyInto(out *StateObservation) { - *out = *in - if in.BinaryData != nil { - in, out := &in.BinaryData, &out.BinaryData - *out = new(string) - **out = **in - } - if in.UpdateTime != nil { - in, out := &in.UpdateTime, &out.UpdateTime - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StateObservation. -func (in *StateObservation) DeepCopy() *StateObservation { - if in == nil { - return nil - } - out := new(StateObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StateParameters) DeepCopyInto(out *StateParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StateParameters. -func (in *StateParameters) DeepCopy() *StateParameters { - if in == nil { - return nil - } - out := new(StateParameters) - in.DeepCopyInto(out) - return out -} diff --git a/apis/cloudiot/v1beta1/zz_generated.managed.go b/apis/cloudiot/v1beta1/zz_generated.managed.go deleted file mode 100644 index 176df0d58..000000000 --- a/apis/cloudiot/v1beta1/zz_generated.managed.go +++ /dev/null @@ -1,140 +0,0 @@ -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by angryjet. DO NOT EDIT. - -package v1beta1 - -import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - -// GetCondition of this Device. -func (mg *Device) GetCondition(ct xpv1.ConditionType) xpv1.Condition { - return mg.Status.GetCondition(ct) -} - -// GetDeletionPolicy of this Device. -func (mg *Device) GetDeletionPolicy() xpv1.DeletionPolicy { - return mg.Spec.DeletionPolicy -} - -// GetManagementPolicies of this Device. -func (mg *Device) GetManagementPolicies() xpv1.ManagementPolicies { - return mg.Spec.ManagementPolicies -} - -// GetProviderConfigReference of this Device. -func (mg *Device) GetProviderConfigReference() *xpv1.Reference { - return mg.Spec.ProviderConfigReference -} - -// GetPublishConnectionDetailsTo of this Device. -func (mg *Device) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { - return mg.Spec.PublishConnectionDetailsTo -} - -// GetWriteConnectionSecretToReference of this Device. -func (mg *Device) GetWriteConnectionSecretToReference() *xpv1.SecretReference { - return mg.Spec.WriteConnectionSecretToReference -} - -// SetConditions of this Device. -func (mg *Device) SetConditions(c ...xpv1.Condition) { - mg.Status.SetConditions(c...) -} - -// SetDeletionPolicy of this Device. -func (mg *Device) SetDeletionPolicy(r xpv1.DeletionPolicy) { - mg.Spec.DeletionPolicy = r -} - -// SetManagementPolicies of this Device. -func (mg *Device) SetManagementPolicies(r xpv1.ManagementPolicies) { - mg.Spec.ManagementPolicies = r -} - -// SetProviderConfigReference of this Device. -func (mg *Device) SetProviderConfigReference(r *xpv1.Reference) { - mg.Spec.ProviderConfigReference = r -} - -// SetPublishConnectionDetailsTo of this Device. -func (mg *Device) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { - mg.Spec.PublishConnectionDetailsTo = r -} - -// SetWriteConnectionSecretToReference of this Device. -func (mg *Device) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { - mg.Spec.WriteConnectionSecretToReference = r -} - -// GetCondition of this Registry. -func (mg *Registry) GetCondition(ct xpv1.ConditionType) xpv1.Condition { - return mg.Status.GetCondition(ct) -} - -// GetDeletionPolicy of this Registry. -func (mg *Registry) GetDeletionPolicy() xpv1.DeletionPolicy { - return mg.Spec.DeletionPolicy -} - -// GetManagementPolicies of this Registry. -func (mg *Registry) GetManagementPolicies() xpv1.ManagementPolicies { - return mg.Spec.ManagementPolicies -} - -// GetProviderConfigReference of this Registry. -func (mg *Registry) GetProviderConfigReference() *xpv1.Reference { - return mg.Spec.ProviderConfigReference -} - -// GetPublishConnectionDetailsTo of this Registry. -func (mg *Registry) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { - return mg.Spec.PublishConnectionDetailsTo -} - -// GetWriteConnectionSecretToReference of this Registry. -func (mg *Registry) GetWriteConnectionSecretToReference() *xpv1.SecretReference { - return mg.Spec.WriteConnectionSecretToReference -} - -// SetConditions of this Registry. -func (mg *Registry) SetConditions(c ...xpv1.Condition) { - mg.Status.SetConditions(c...) -} - -// SetDeletionPolicy of this Registry. -func (mg *Registry) SetDeletionPolicy(r xpv1.DeletionPolicy) { - mg.Spec.DeletionPolicy = r -} - -// SetManagementPolicies of this Registry. -func (mg *Registry) SetManagementPolicies(r xpv1.ManagementPolicies) { - mg.Spec.ManagementPolicies = r -} - -// SetProviderConfigReference of this Registry. -func (mg *Registry) SetProviderConfigReference(r *xpv1.Reference) { - mg.Spec.ProviderConfigReference = r -} - -// SetPublishConnectionDetailsTo of this Registry. -func (mg *Registry) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { - mg.Spec.PublishConnectionDetailsTo = r -} - -// SetWriteConnectionSecretToReference of this Registry. -func (mg *Registry) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { - mg.Spec.WriteConnectionSecretToReference = r -} diff --git a/apis/cloudiot/v1beta1/zz_generated.managedlist.go b/apis/cloudiot/v1beta1/zz_generated.managedlist.go deleted file mode 100644 index 38b32e909..000000000 --- a/apis/cloudiot/v1beta1/zz_generated.managedlist.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by angryjet. DO NOT EDIT. - -package v1beta1 - -import resource "github.com/crossplane/crossplane-runtime/pkg/resource" - -// GetItems of this DeviceList. -func (l *DeviceList) GetItems() []resource.Managed { - items := make([]resource.Managed, len(l.Items)) - for i := range l.Items { - items[i] = &l.Items[i] - } - return items -} - -// GetItems of this RegistryList. -func (l *RegistryList) GetItems() []resource.Managed { - items := make([]resource.Managed, len(l.Items)) - for i := range l.Items { - items[i] = &l.Items[i] - } - return items -} diff --git a/apis/cloudiot/v1beta1/zz_generated.resolvers.go b/apis/cloudiot/v1beta1/zz_generated.resolvers.go deleted file mode 100644 index 4d988b6c2..000000000 --- a/apis/cloudiot/v1beta1/zz_generated.resolvers.go +++ /dev/null @@ -1,117 +0,0 @@ -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by angryjet. DO NOT EDIT. -// Code transformed by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - reference "github.com/crossplane/crossplane-runtime/pkg/reference" - resource "github.com/crossplane/upjet/pkg/resource" - errors "github.com/pkg/errors" - - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - client "sigs.k8s.io/controller-runtime/pkg/client" - - // ResolveReferences of this Device. - apisresolver "github.com/upbound/provider-gcp/internal/apis" -) - -func (mg *Device) ResolveReferences(ctx context.Context, c client.Reader) error { - var m xpresource.Managed - var l xpresource.ManagedList - r := reference.NewAPIResolver(c, mg) - - var rsp reference.ResolutionResponse - var err error - { - m, l, err = apisresolver.GetManagedResource("cloudiot.gcp.upbound.io", "v1beta1", "Registry", "RegistryList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Registry), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.ForProvider.RegistryRef, - Selector: mg.Spec.ForProvider.RegistrySelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.Registry") - } - mg.Spec.ForProvider.Registry = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.RegistryRef = rsp.ResolvedReference - - return nil -} - -// ResolveReferences of this Registry. -func (mg *Registry) ResolveReferences(ctx context.Context, c client.Reader) error { - var m xpresource.Managed - var l xpresource.ManagedList - r := reference.NewAPIResolver(c, mg) - - var rsp reference.ResolutionResponse - var err error - - for i3 := 0; i3 < len(mg.Spec.ForProvider.EventNotificationConfigs); i3++ { - { - m, l, err = apisresolver.GetManagedResource("pubsub.gcp.upbound.io", "v1beta1", "Topic", "TopicList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.EventNotificationConfigs[i3].PubsubTopicName), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.ForProvider.EventNotificationConfigs[i3].PubsubTopicNameRef, - Selector: mg.Spec.ForProvider.EventNotificationConfigs[i3].PubsubTopicNameSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.EventNotificationConfigs[i3].PubsubTopicName") - } - mg.Spec.ForProvider.EventNotificationConfigs[i3].PubsubTopicName = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.EventNotificationConfigs[i3].PubsubTopicNameRef = rsp.ResolvedReference - - } - for i3 := 0; i3 < len(mg.Spec.InitProvider.EventNotificationConfigs); i3++ { - { - m, l, err = apisresolver.GetManagedResource("pubsub.gcp.upbound.io", "v1beta1", "Topic", "TopicList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.EventNotificationConfigs[i3].PubsubTopicName), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.InitProvider.EventNotificationConfigs[i3].PubsubTopicNameRef, - Selector: mg.Spec.InitProvider.EventNotificationConfigs[i3].PubsubTopicNameSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.InitProvider.EventNotificationConfigs[i3].PubsubTopicName") - } - mg.Spec.InitProvider.EventNotificationConfigs[i3].PubsubTopicName = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.InitProvider.EventNotificationConfigs[i3].PubsubTopicNameRef = rsp.ResolvedReference - - } - - return nil -} diff --git a/apis/cloudiot/v1beta1/zz_groupversion_info.go b/apis/cloudiot/v1beta1/zz_groupversion_info.go deleted file mode 100755 index 4592a56f1..000000000 --- a/apis/cloudiot/v1beta1/zz_groupversion_info.go +++ /dev/null @@ -1,48 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -// +kubebuilder:object:generate=true -// +groupName=cloudiot.gcp.upbound.io -// +versionName=v1beta1 -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -// Package type metadata. -const ( - CRDGroup = "cloudiot.gcp.upbound.io" - CRDVersion = "v1beta1" -) - -var ( - // CRDGroupVersion is the API Group Version used to register the objects - CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/apis/cloudiot/v1beta1/zz_registry_terraformed.go b/apis/cloudiot/v1beta1/zz_registry_terraformed.go deleted file mode 100755 index aa494edbe..000000000 --- a/apis/cloudiot/v1beta1/zz_registry_terraformed.go +++ /dev/null @@ -1,145 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - "dario.cat/mergo" - "github.com/pkg/errors" - - "github.com/crossplane/upjet/pkg/resource" - "github.com/crossplane/upjet/pkg/resource/json" -) - -// GetTerraformResourceType returns Terraform resource type for this Registry -func (mg *Registry) GetTerraformResourceType() string { - return "google_cloudiot_registry" -} - -// GetConnectionDetailsMapping for this Registry -func (tr *Registry) GetConnectionDetailsMapping() map[string]string { - return nil -} - -// GetObservation of this Registry -func (tr *Registry) GetObservation() (map[string]any, error) { - o, err := json.TFParser.Marshal(tr.Status.AtProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(o, &base) -} - -// SetObservation for this Registry -func (tr *Registry) SetObservation(obs map[string]any) error { - p, err := json.TFParser.Marshal(obs) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) -} - -// GetID returns ID of underlying Terraform resource of this Registry -func (tr *Registry) GetID() string { - if tr.Status.AtProvider.ID == nil { - return "" - } - return *tr.Status.AtProvider.ID -} - -// GetParameters of this Registry -func (tr *Registry) GetParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.ForProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// SetParameters for this Registry -func (tr *Registry) SetParameters(params map[string]any) error { - p, err := json.TFParser.Marshal(params) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) -} - -// GetInitParameters of this Registry -func (tr *Registry) GetInitParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.InitProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// GetInitParameters of this Registry -func (tr *Registry) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { - params, err := tr.GetParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) - } - if !shouldMergeInitProvider { - return params, nil - } - - initParams, err := tr.GetInitParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) - } - - // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the - // slices from the initProvider to forProvider. As it also sets - // overwrite to true, we need to set it back to false, we don't - // want to overwrite the forProvider fields with the initProvider - // fields. - err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { - c.Overwrite = false - }) - if err != nil { - return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) - } - - return params, nil -} - -// LateInitialize this Registry using its observed tfState. -// returns True if there are any spec changes for the resource. -func (tr *Registry) LateInitialize(attrs []byte) (bool, error) { - params := &RegistryParameters{} - if err := json.TFParser.Unmarshal(attrs, params); err != nil { - return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") - } - opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} - - li := resource.NewGenericLateInitializer(opts...) - return li.LateInitialize(&tr.Spec.ForProvider, params) -} - -// GetTerraformSchemaVersion returns the associated Terraform schema version -func (tr *Registry) GetTerraformSchemaVersion() int { - return 0 -} diff --git a/apis/cloudiot/v1beta1/zz_registry_types.go b/apis/cloudiot/v1beta1/zz_registry_types.go deleted file mode 100755 index b1006b2ff..000000000 --- a/apis/cloudiot/v1beta1/zz_registry_types.go +++ /dev/null @@ -1,316 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" -) - -type EventNotificationConfigsInitParameters struct { - - // PubSub topic name to publish device events. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/pubsub/v1beta1.Topic - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() - PubsubTopicName *string `json:"pubsubTopicName,omitempty" tf:"pubsub_topic_name,omitempty"` - - // Reference to a Topic in pubsub to populate pubsubTopicName. - // +kubebuilder:validation:Optional - PubsubTopicNameRef *v1.Reference `json:"pubsubTopicNameRef,omitempty" tf:"-"` - - // Selector for a Topic in pubsub to populate pubsubTopicName. - // +kubebuilder:validation:Optional - PubsubTopicNameSelector *v1.Selector `json:"pubsubTopicNameSelector,omitempty" tf:"-"` - - // If the subfolder name matches this string exactly, this - // configuration will be used. The string must not include the - // leading '/' character. If empty, all strings are matched. Empty - // value can only be used for the last event_notification_configs - // item. - SubfolderMatches *string `json:"subfolderMatches,omitempty" tf:"subfolder_matches,omitempty"` -} - -type EventNotificationConfigsObservation struct { - - // PubSub topic name to publish device events. - PubsubTopicName *string `json:"pubsubTopicName,omitempty" tf:"pubsub_topic_name,omitempty"` - - // If the subfolder name matches this string exactly, this - // configuration will be used. The string must not include the - // leading '/' character. If empty, all strings are matched. Empty - // value can only be used for the last event_notification_configs - // item. - SubfolderMatches *string `json:"subfolderMatches,omitempty" tf:"subfolder_matches,omitempty"` -} - -type EventNotificationConfigsParameters struct { - - // PubSub topic name to publish device events. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/pubsub/v1beta1.Topic - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() - // +kubebuilder:validation:Optional - PubsubTopicName *string `json:"pubsubTopicName,omitempty" tf:"pubsub_topic_name,omitempty"` - - // Reference to a Topic in pubsub to populate pubsubTopicName. - // +kubebuilder:validation:Optional - PubsubTopicNameRef *v1.Reference `json:"pubsubTopicNameRef,omitempty" tf:"-"` - - // Selector for a Topic in pubsub to populate pubsubTopicName. - // +kubebuilder:validation:Optional - PubsubTopicNameSelector *v1.Selector `json:"pubsubTopicNameSelector,omitempty" tf:"-"` - - // If the subfolder name matches this string exactly, this - // configuration will be used. The string must not include the - // leading '/' character. If empty, all strings are matched. Empty - // value can only be used for the last event_notification_configs - // item. - // +kubebuilder:validation:Optional - SubfolderMatches *string `json:"subfolderMatches,omitempty" tf:"subfolder_matches,omitempty"` -} - -type RegistryCredentialsInitParameters struct { - - // A public key certificate format and data. - PublicKeyCertificate map[string]string `json:"publicKeyCertificate,omitempty" tf:"public_key_certificate,omitempty"` -} - -type RegistryCredentialsObservation struct { - - // A public key certificate format and data. - PublicKeyCertificate map[string]string `json:"publicKeyCertificate,omitempty" tf:"public_key_certificate,omitempty"` -} - -type RegistryCredentialsParameters struct { - - // A public key certificate format and data. - // +kubebuilder:validation:Optional - PublicKeyCertificate map[string]string `json:"publicKeyCertificate" tf:"public_key_certificate,omitempty"` -} - -type RegistryInitParameters struct { - - // List of public key certificates to authenticate devices. - // The structure is documented below. - Credentials []RegistryCredentialsInitParameters `json:"credentials,omitempty" tf:"credentials,omitempty"` - - // List of configurations for event notifications, such as PubSub topics - // to publish device events to. - // Structure is documented below. - EventNotificationConfigs []EventNotificationConfigsInitParameters `json:"eventNotificationConfigs,omitempty" tf:"event_notification_configs,omitempty"` - - // Activate or deactivate HTTP. - // The structure is documented below. - HTTPConfig map[string]string `json:"httpConfig,omitempty" tf:"http_config,omitempty"` - - // The default logging verbosity for activity from devices in this - // registry. Specifies which events should be written to logs. For - // example, if the LogLevel is ERROR, only events that terminate in - // errors will be logged. LogLevel is inclusive; enabling INFO logging - // will also enable ERROR logging. - // Default value is NONE. - // Possible values are: NONE, ERROR, INFO, DEBUG. - LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` - - // Activate or deactivate MQTT. - // The structure is documented below. - MqttConfig map[string]string `json:"mqttConfig,omitempty" tf:"mqtt_config,omitempty"` - - // A unique name for the resource, required by device registry. - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // The region in which the created registry should reside. - // If it is not provided, the provider region is used. - Region *string `json:"region,omitempty" tf:"region,omitempty"` - - // A PubSub topic to publish device state updates. - // The structure is documented below. - StateNotificationConfig map[string]string `json:"stateNotificationConfig,omitempty" tf:"state_notification_config,omitempty"` -} - -type RegistryObservation struct { - - // List of public key certificates to authenticate devices. - // The structure is documented below. - Credentials []RegistryCredentialsObservation `json:"credentials,omitempty" tf:"credentials,omitempty"` - - // List of configurations for event notifications, such as PubSub topics - // to publish device events to. - // Structure is documented below. - EventNotificationConfigs []EventNotificationConfigsObservation `json:"eventNotificationConfigs,omitempty" tf:"event_notification_configs,omitempty"` - - // Activate or deactivate HTTP. - // The structure is documented below. - HTTPConfig map[string]string `json:"httpConfig,omitempty" tf:"http_config,omitempty"` - - // an identifier for the resource with format projects/{{project}}/locations/{{region}}/registries/{{name}} - ID *string `json:"id,omitempty" tf:"id,omitempty"` - - // The default logging verbosity for activity from devices in this - // registry. Specifies which events should be written to logs. For - // example, if the LogLevel is ERROR, only events that terminate in - // errors will be logged. LogLevel is inclusive; enabling INFO logging - // will also enable ERROR logging. - // Default value is NONE. - // Possible values are: NONE, ERROR, INFO, DEBUG. - LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` - - // Activate or deactivate MQTT. - // The structure is documented below. - MqttConfig map[string]string `json:"mqttConfig,omitempty" tf:"mqtt_config,omitempty"` - - // A unique name for the resource, required by device registry. - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // The region in which the created registry should reside. - // If it is not provided, the provider region is used. - Region *string `json:"region,omitempty" tf:"region,omitempty"` - - // A PubSub topic to publish device state updates. - // The structure is documented below. - StateNotificationConfig map[string]string `json:"stateNotificationConfig,omitempty" tf:"state_notification_config,omitempty"` -} - -type RegistryParameters struct { - - // List of public key certificates to authenticate devices. - // The structure is documented below. - // +kubebuilder:validation:Optional - Credentials []RegistryCredentialsParameters `json:"credentials,omitempty" tf:"credentials,omitempty"` - - // List of configurations for event notifications, such as PubSub topics - // to publish device events to. - // Structure is documented below. - // +kubebuilder:validation:Optional - EventNotificationConfigs []EventNotificationConfigsParameters `json:"eventNotificationConfigs,omitempty" tf:"event_notification_configs,omitempty"` - - // Activate or deactivate HTTP. - // The structure is documented below. - // +kubebuilder:validation:Optional - HTTPConfig map[string]string `json:"httpConfig,omitempty" tf:"http_config,omitempty"` - - // The default logging verbosity for activity from devices in this - // registry. Specifies which events should be written to logs. For - // example, if the LogLevel is ERROR, only events that terminate in - // errors will be logged. LogLevel is inclusive; enabling INFO logging - // will also enable ERROR logging. - // Default value is NONE. - // Possible values are: NONE, ERROR, INFO, DEBUG. - // +kubebuilder:validation:Optional - LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` - - // Activate or deactivate MQTT. - // The structure is documented below. - // +kubebuilder:validation:Optional - MqttConfig map[string]string `json:"mqttConfig,omitempty" tf:"mqtt_config,omitempty"` - - // A unique name for the resource, required by device registry. - // +kubebuilder:validation:Optional - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - // +kubebuilder:validation:Optional - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // The region in which the created registry should reside. - // If it is not provided, the provider region is used. - // +kubebuilder:validation:Optional - Region *string `json:"region,omitempty" tf:"region,omitempty"` - - // A PubSub topic to publish device state updates. - // The structure is documented below. - // +kubebuilder:validation:Optional - StateNotificationConfig map[string]string `json:"stateNotificationConfig,omitempty" tf:"state_notification_config,omitempty"` -} - -// RegistrySpec defines the desired state of Registry -type RegistrySpec struct { - v1.ResourceSpec `json:",inline"` - ForProvider RegistryParameters `json:"forProvider"` - // THIS IS A BETA FIELD. It will be honored - // unless the Management Policies feature flag is disabled. - // InitProvider holds the same fields as ForProvider, with the exception - // of Identifier and other resource reference fields. The fields that are - // in InitProvider are merged into ForProvider when the resource is created. - // The same fields are also added to the terraform ignore_changes hook, to - // avoid updating them after creation. This is useful for fields that are - // required on creation, but we do not desire to update them after creation, - // for example because of an external controller is managing them, like an - // autoscaler. - InitProvider RegistryInitParameters `json:"initProvider,omitempty"` -} - -// RegistryStatus defines the observed state of Registry. -type RegistryStatus struct { - v1.ResourceStatus `json:",inline"` - AtProvider RegistryObservation `json:"atProvider,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:storageversion - -// Registry is the Schema for the Registrys API. A Google Cloud IoT Core device registry. -// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" -// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" -// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} -type Registry struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" - Spec RegistrySpec `json:"spec"` - Status RegistryStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// RegistryList contains a list of Registrys -type RegistryList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Registry `json:"items"` -} - -// Repository type metadata. -var ( - Registry_Kind = "Registry" - Registry_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Registry_Kind}.String() - Registry_KindAPIVersion = Registry_Kind + "." + CRDGroupVersion.String() - Registry_GroupVersionKind = CRDGroupVersion.WithKind(Registry_Kind) -) - -func init() { - SchemeBuilder.Register(&Registry{}, &RegistryList{}) -} diff --git a/apis/cloudplatform/v1beta1/zz_folder_types.go b/apis/cloudplatform/v1beta1/zz_folder_types.go index d29ff692f..e233948d5 100755 --- a/apis/cloudplatform/v1beta1/zz_folder_types.go +++ b/apis/cloudplatform/v1beta1/zz_folder_types.go @@ -60,6 +60,7 @@ type FolderObservation struct { // A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // The folder id from the name "folders/{folder_id}" FolderID *string `json:"folderId,omitempty" tf:"folder_id,omitempty"` ID *string `json:"id,omitempty" tf:"id,omitempty"` diff --git a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go index 7e07c1ceb..2c963a24a 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go @@ -2673,6 +2673,22 @@ func (in *ProjectObservation) DeepCopyInto(out *ProjectObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.FolderID != nil { in, out := &in.FolderID, &out.FolderID *out = new(string) @@ -2724,6 +2740,22 @@ func (in *ProjectObservation) DeepCopyInto(out *ProjectObservation) { *out = new(bool) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectObservation. @@ -3655,6 +3687,11 @@ func (in *ServiceAccountIAMMemberStatus) DeepCopy() *ServiceAccountIAMMemberStat // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceAccountInitParameters) DeepCopyInto(out *ServiceAccountInitParameters) { *out = *in + if in.CreateIgnoreAlreadyExists != nil { + in, out := &in.CreateIgnoreAlreadyExists, &out.CreateIgnoreAlreadyExists + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -4002,6 +4039,11 @@ func (in *ServiceAccountList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceAccountObservation) DeepCopyInto(out *ServiceAccountObservation) { *out = *in + if in.CreateIgnoreAlreadyExists != nil { + in, out := &in.CreateIgnoreAlreadyExists, &out.CreateIgnoreAlreadyExists + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -4062,6 +4104,11 @@ func (in *ServiceAccountObservation) DeepCopy() *ServiceAccountObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceAccountParameters) DeepCopyInto(out *ServiceAccountParameters) { *out = *in + if in.CreateIgnoreAlreadyExists != nil { + in, out := &in.CreateIgnoreAlreadyExists, &out.CreateIgnoreAlreadyExists + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/cloudplatform/v1beta1/zz_project_types.go b/apis/cloudplatform/v1beta1/zz_project_types.go index dc0d7e56d..9c3fded34 100755 --- a/apis/cloudplatform/v1beta1/zz_project_types.go +++ b/apis/cloudplatform/v1beta1/zz_project_types.go @@ -62,6 +62,8 @@ type ProjectInitParameters struct { FolderIDSelector *v1.Selector `json:"folderIdSelector,omitempty" tf:"-"` // A set of key/value label pairs to assign to the project. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -98,6 +100,9 @@ type ProjectObservation struct { // for more details. BillingAccount *string `json:"billingAccount,omitempty" tf:"billing_account,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The numeric ID of the folder this project should be // created under. Only one of org_id or folder_id may be // specified. If the folder_id is specified, then the project is @@ -109,6 +114,8 @@ type ProjectObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // A set of key/value label pairs to assign to the project. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -131,6 +138,10 @@ type ProjectObservation struct { ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` SkipDelete *bool `json:"skipDelete,omitempty" tf:"skip_delete,omitempty"` + + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ProjectParameters struct { @@ -169,6 +180,8 @@ type ProjectParameters struct { FolderIDSelector *v1.Selector `json:"folderIdSelector,omitempty" tf:"-"` // A set of key/value label pairs to assign to the project. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/cloudplatform/v1beta1/zz_projectiamcustomrole_types.go b/apis/cloudplatform/v1beta1/zz_projectiamcustomrole_types.go index 2e41de4d2..679700411 100755 --- a/apis/cloudplatform/v1beta1/zz_projectiamcustomrole_types.go +++ b/apis/cloudplatform/v1beta1/zz_projectiamcustomrole_types.go @@ -38,7 +38,7 @@ type ProjectIAMCustomRoleInitParameters struct { // +listType=set Permissions []*string `json:"permissions,omitempty" tf:"permissions,omitempty"` - // The project that the service account will be created in. + // The project that the custom role will be created in. // Defaults to the provider project configuration. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -69,7 +69,7 @@ type ProjectIAMCustomRoleObservation struct { // +listType=set Permissions []*string `json:"permissions,omitempty" tf:"permissions,omitempty"` - // The project that the service account will be created in. + // The project that the custom role will be created in. // Defaults to the provider project configuration. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -93,7 +93,7 @@ type ProjectIAMCustomRoleParameters struct { // +listType=set Permissions []*string `json:"permissions,omitempty" tf:"permissions,omitempty"` - // The project that the service account will be created in. + // The project that the custom role will be created in. // Defaults to the provider project configuration. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/cloudplatform/v1beta1/zz_serviceaccount_types.go b/apis/cloudplatform/v1beta1/zz_serviceaccount_types.go index faef405b6..aa2e92b48 100755 --- a/apis/cloudplatform/v1beta1/zz_serviceaccount_types.go +++ b/apis/cloudplatform/v1beta1/zz_serviceaccount_types.go @@ -31,6 +31,9 @@ import ( type ServiceAccountInitParameters struct { + // If set to true, skip service account creation if a service account with the same email already exists. + CreateIgnoreAlreadyExists *bool `json:"createIgnoreAlreadyExists,omitempty" tf:"create_ignore_already_exists,omitempty"` + // A text description of the service account. // Must be less than or equal to 256 UTF-8 bytes. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -50,6 +53,9 @@ type ServiceAccountInitParameters struct { type ServiceAccountObservation struct { + // If set to true, skip service account creation if a service account with the same email already exists. + CreateIgnoreAlreadyExists *bool `json:"createIgnoreAlreadyExists,omitempty" tf:"create_ignore_already_exists,omitempty"` + // A text description of the service account. // Must be less than or equal to 256 UTF-8 bytes. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -86,6 +92,10 @@ type ServiceAccountObservation struct { type ServiceAccountParameters struct { + // If set to true, skip service account creation if a service account with the same email already exists. + // +kubebuilder:validation:Optional + CreateIgnoreAlreadyExists *bool `json:"createIgnoreAlreadyExists,omitempty" tf:"create_ignore_already_exists,omitempty"` + // A text description of the service account. // Must be less than or equal to 256 UTF-8 bytes. // +kubebuilder:validation:Optional diff --git a/apis/cloudrun/v1beta1/zz_domainmapping_terraformed.go b/apis/cloudrun/v1beta1/zz_domainmapping_terraformed.go index 06361dbe0..757d68f33 100755 --- a/apis/cloudrun/v1beta1/zz_domainmapping_terraformed.go +++ b/apis/cloudrun/v1beta1/zz_domainmapping_terraformed.go @@ -141,5 +141,5 @@ func (tr *DomainMapping) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *DomainMapping) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/cloudrun/v1beta1/zz_domainmapping_types.go b/apis/cloudrun/v1beta1/zz_domainmapping_types.go index 51a87cf4f..384a1791d 100755 --- a/apis/cloudrun/v1beta1/zz_domainmapping_types.go +++ b/apis/cloudrun/v1beta1/zz_domainmapping_types.go @@ -135,6 +135,8 @@ type MetadataInitParameters struct { // may be set by external tools to store and retrieve arbitrary metadata. More // info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations // Note: The Cloud Run API may add additional annotations that were not provided in your config.ignore_changes rule to the metadata.0.annotations field. + // Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + // Please refer to the field effective_annotations for all of the annotations present on the resource. // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -142,6 +144,8 @@ type MetadataInitParameters struct { // (scope and select) objects. May match selectors of replication controllers // and routes. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -165,9 +169,17 @@ type MetadataObservation struct { // may be set by external tools to store and retrieve arbitrary metadata. More // info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations // Note: The Cloud Run API may add additional annotations that were not provided in your config.ignore_changes rule to the metadata.0.annotations field. + // Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + // Please refer to the field effective_annotations for all of the annotations present on the resource. // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // (Output) // A sequence number representing a specific generation of the desired state. Generation *float64 `json:"generation,omitempty" tf:"generation,omitempty"` @@ -176,6 +188,8 @@ type MetadataObservation struct { // (scope and select) objects. May match selectors of replication controllers // and routes. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -197,6 +211,12 @@ type MetadataObservation struct { // SelfLink is a URL representing this object. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // (Output) + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // (Output) // UID is a unique id generated by the server on successful creation of a resource and is not // allowed to change on PUT operations. @@ -210,6 +230,8 @@ type MetadataParameters struct { // may be set by external tools to store and retrieve arbitrary metadata. More // info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations // Note: The Cloud Run API may add additional annotations that were not provided in your config.ignore_changes rule to the metadata.0.annotations field. + // Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + // Please refer to the field effective_annotations for all of the annotations present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -218,6 +240,8 @@ type MetadataParameters struct { // (scope and select) objects. May match selectors of replication controllers // and routes. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -402,7 +426,6 @@ type DomainMapping struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.location) || (has(self.initProvider) && has(self.initProvider.location))",message="spec.forProvider.location is a required parameter" - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.metadata) || (has(self.initProvider) && has(self.initProvider.metadata))",message="spec.forProvider.metadata is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.spec) || (has(self.initProvider) && has(self.initProvider.spec))",message="spec.forProvider.spec is a required parameter" Spec DomainMappingSpec `json:"spec"` diff --git a/apis/cloudrun/v1beta1/zz_generated.deepcopy.go b/apis/cloudrun/v1beta1/zz_generated.deepcopy.go index 5fc35defa..b06bab1c1 100644 --- a/apis/cloudrun/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudrun/v1beta1/zz_generated.deepcopy.go @@ -612,184 +612,20 @@ func (in *ContainersInitParameters) DeepCopy() *ContainersInitParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters) DeepCopyInto(out *ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters. -func (in *ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters) DeepCopy() *ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeHTTPGetHTTPHeadersObservation) DeepCopyInto(out *ContainersLivenessProbeHTTPGetHTTPHeadersObservation) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeHTTPGetHTTPHeadersObservation. -func (in *ContainersLivenessProbeHTTPGetHTTPHeadersObservation) DeepCopy() *ContainersLivenessProbeHTTPGetHTTPHeadersObservation { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeHTTPGetHTTPHeadersObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeHTTPGetHTTPHeadersParameters) DeepCopyInto(out *ContainersLivenessProbeHTTPGetHTTPHeadersParameters) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeHTTPGetHTTPHeadersParameters. -func (in *ContainersLivenessProbeHTTPGetHTTPHeadersParameters) DeepCopy() *ContainersLivenessProbeHTTPGetHTTPHeadersParameters { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeHTTPGetHTTPHeadersParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeHTTPGetInitParameters) DeepCopyInto(out *ContainersLivenessProbeHTTPGetInitParameters) { - *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeHTTPGetInitParameters. -func (in *ContainersLivenessProbeHTTPGetInitParameters) DeepCopy() *ContainersLivenessProbeHTTPGetInitParameters { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeHTTPGetInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeHTTPGetObservation) DeepCopyInto(out *ContainersLivenessProbeHTTPGetObservation) { +func (in *ContainersLivenessProbeInitParameters) DeepCopyInto(out *ContainersLivenessProbeInitParameters) { *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]ContainersLivenessProbeHTTPGetHTTPHeadersObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port + if in.FailureThreshold != nil { + in, out := &in.FailureThreshold, &out.FailureThreshold *out = new(float64) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeHTTPGetObservation. -func (in *ContainersLivenessProbeHTTPGetObservation) DeepCopy() *ContainersLivenessProbeHTTPGetObservation { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeHTTPGetObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeHTTPGetParameters) DeepCopyInto(out *ContainersLivenessProbeHTTPGetParameters) { - *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]ContainersLivenessProbeHTTPGetHTTPHeadersParameters, len(*in)) + if in.GRPC != nil { + in, out := &in.GRPC, &out.GRPC + *out = make([]LivenessProbeGRPCInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeHTTPGetParameters. -func (in *ContainersLivenessProbeHTTPGetParameters) DeepCopy() *ContainersLivenessProbeHTTPGetParameters { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeHTTPGetParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeInitParameters) DeepCopyInto(out *ContainersLivenessProbeInitParameters) { - *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in - } if in.HTTPGet != nil { in, out := &in.HTTPGet, &out.HTTPGet *out = make([]LivenessProbeHTTPGetInitParameters, len(*in)) @@ -839,6 +675,13 @@ func (in *ContainersLivenessProbeObservation) DeepCopyInto(out *ContainersLivene *out = new(float64) **out = **in } + if in.GRPC != nil { + in, out := &in.GRPC, &out.GRPC + *out = make([]LivenessProbeGRPCObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.HTTPGet != nil { in, out := &in.HTTPGet, &out.HTTPGet *out = make([]LivenessProbeHTTPGetObservation, len(*in)) @@ -888,6 +731,13 @@ func (in *ContainersLivenessProbeParameters) DeepCopyInto(out *ContainersLivenes *out = new(float64) **out = **in } + if in.GRPC != nil { + in, out := &in.GRPC, &out.GRPC + *out = make([]LivenessProbeGRPCParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.HTTPGet != nil { in, out := &in.HTTPGet, &out.HTTPGet *out = make([]LivenessProbeHTTPGetParameters, len(*in)) @@ -929,66 +779,6 @@ func (in *ContainersLivenessProbeParameters) DeepCopy() *ContainersLivenessProbe return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeTCPSocketInitParameters) DeepCopyInto(out *ContainersLivenessProbeTCPSocketInitParameters) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeTCPSocketInitParameters. -func (in *ContainersLivenessProbeTCPSocketInitParameters) DeepCopy() *ContainersLivenessProbeTCPSocketInitParameters { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeTCPSocketInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeTCPSocketObservation) DeepCopyInto(out *ContainersLivenessProbeTCPSocketObservation) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeTCPSocketObservation. -func (in *ContainersLivenessProbeTCPSocketObservation) DeepCopy() *ContainersLivenessProbeTCPSocketObservation { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeTCPSocketObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersLivenessProbeTCPSocketParameters) DeepCopyInto(out *ContainersLivenessProbeTCPSocketParameters) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersLivenessProbeTCPSocketParameters. -func (in *ContainersLivenessProbeTCPSocketParameters) DeepCopy() *ContainersLivenessProbeTCPSocketParameters { - if in == nil { - return nil - } - out := new(ContainersLivenessProbeTCPSocketParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ContainersObservation) DeepCopyInto(out *ContainersObservation) { *out = *in @@ -1435,113 +1225,75 @@ func (in *ContainersStartupProbeGRPCParameters) DeepCopy() *ContainersStartupPro } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeHTTPGetHTTPHeadersInitParameters) DeepCopyInto(out *ContainersStartupProbeHTTPGetHTTPHeadersInitParameters) { +func (in *ContainersStartupProbeHTTPGetInitParameters) DeepCopyInto(out *ContainersStartupProbeHTTPGetInitParameters) { *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name + if in.HTTPHeaders != nil { + in, out := &in.HTTPHeaders, &out.HTTPHeaders + *out = make([]StartupProbeHTTPGetHTTPHeadersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Path != nil { + in, out := &in.Path, &out.Path *out = new(string) **out = **in } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetHTTPHeadersInitParameters. -func (in *ContainersStartupProbeHTTPGetHTTPHeadersInitParameters) DeepCopy() *ContainersStartupProbeHTTPGetHTTPHeadersInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetInitParameters. +func (in *ContainersStartupProbeHTTPGetInitParameters) DeepCopy() *ContainersStartupProbeHTTPGetInitParameters { if in == nil { return nil } - out := new(ContainersStartupProbeHTTPGetHTTPHeadersInitParameters) + out := new(ContainersStartupProbeHTTPGetInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeHTTPGetHTTPHeadersObservation) DeepCopyInto(out *ContainersStartupProbeHTTPGetHTTPHeadersObservation) { +func (in *ContainersStartupProbeHTTPGetObservation) DeepCopyInto(out *ContainersStartupProbeHTTPGetObservation) { *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name + if in.HTTPHeaders != nil { + in, out := &in.HTTPHeaders, &out.HTTPHeaders + *out = make([]StartupProbeHTTPGetHTTPHeadersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Path != nil { + in, out := &in.Path, &out.Path *out = new(string) **out = **in } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetHTTPHeadersObservation. -func (in *ContainersStartupProbeHTTPGetHTTPHeadersObservation) DeepCopy() *ContainersStartupProbeHTTPGetHTTPHeadersObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetObservation. +func (in *ContainersStartupProbeHTTPGetObservation) DeepCopy() *ContainersStartupProbeHTTPGetObservation { if in == nil { return nil } - out := new(ContainersStartupProbeHTTPGetHTTPHeadersObservation) + out := new(ContainersStartupProbeHTTPGetObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeHTTPGetHTTPHeadersParameters) DeepCopyInto(out *ContainersStartupProbeHTTPGetHTTPHeadersParameters) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetHTTPHeadersParameters. -func (in *ContainersStartupProbeHTTPGetHTTPHeadersParameters) DeepCopy() *ContainersStartupProbeHTTPGetHTTPHeadersParameters { - if in == nil { - return nil - } - out := new(ContainersStartupProbeHTTPGetHTTPHeadersParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeHTTPGetInitParameters) DeepCopyInto(out *ContainersStartupProbeHTTPGetInitParameters) { - *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]StartupProbeHTTPGetHTTPHeadersInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetInitParameters. -func (in *ContainersStartupProbeHTTPGetInitParameters) DeepCopy() *ContainersStartupProbeHTTPGetInitParameters { - if in == nil { - return nil - } - out := new(ContainersStartupProbeHTTPGetInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeHTTPGetObservation) DeepCopyInto(out *ContainersStartupProbeHTTPGetObservation) { +func (in *ContainersStartupProbeHTTPGetParameters) DeepCopyInto(out *ContainersStartupProbeHTTPGetParameters) { *out = *in if in.HTTPHeaders != nil { in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]StartupProbeHTTPGetHTTPHeadersObservation, len(*in)) + *out = make([]StartupProbeHTTPGetHTTPHeadersParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1551,31 +1303,9 @@ func (in *ContainersStartupProbeHTTPGetObservation) DeepCopyInto(out *Containers *out = new(string) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeHTTPGetObservation. -func (in *ContainersStartupProbeHTTPGetObservation) DeepCopy() *ContainersStartupProbeHTTPGetObservation { - if in == nil { - return nil - } - out := new(ContainersStartupProbeHTTPGetObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeHTTPGetParameters) DeepCopyInto(out *ContainersStartupProbeHTTPGetParameters) { - *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]StartupProbeHTTPGetHTTPHeadersParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) **out = **in } } @@ -1598,6 +1328,13 @@ func (in *ContainersStartupProbeInitParameters) DeepCopyInto(out *ContainersStar *out = new(float64) **out = **in } + if in.GRPC != nil { + in, out := &in.GRPC, &out.GRPC + *out = make([]ContainersStartupProbeGRPCInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.HTTPGet != nil { in, out := &in.HTTPGet, &out.HTTPGet *out = make([]ContainersStartupProbeHTTPGetInitParameters, len(*in)) @@ -1647,6 +1384,13 @@ func (in *ContainersStartupProbeObservation) DeepCopyInto(out *ContainersStartup *out = new(float64) **out = **in } + if in.GRPC != nil { + in, out := &in.GRPC, &out.GRPC + *out = make([]ContainersStartupProbeGRPCObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.HTTPGet != nil { in, out := &in.HTTPGet, &out.HTTPGet *out = make([]ContainersStartupProbeHTTPGetObservation, len(*in)) @@ -1696,6 +1440,13 @@ func (in *ContainersStartupProbeParameters) DeepCopyInto(out *ContainersStartupP *out = new(float64) **out = **in } + if in.GRPC != nil { + in, out := &in.GRPC, &out.GRPC + *out = make([]ContainersStartupProbeGRPCParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.HTTPGet != nil { in, out := &in.HTTPGet, &out.HTTPGet *out = make([]ContainersStartupProbeHTTPGetParameters, len(*in)) @@ -1737,66 +1488,6 @@ func (in *ContainersStartupProbeParameters) DeepCopy() *ContainersStartupProbePa return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeTCPSocketInitParameters) DeepCopyInto(out *ContainersStartupProbeTCPSocketInitParameters) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeTCPSocketInitParameters. -func (in *ContainersStartupProbeTCPSocketInitParameters) DeepCopy() *ContainersStartupProbeTCPSocketInitParameters { - if in == nil { - return nil - } - out := new(ContainersStartupProbeTCPSocketInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeTCPSocketObservation) DeepCopyInto(out *ContainersStartupProbeTCPSocketObservation) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeTCPSocketObservation. -func (in *ContainersStartupProbeTCPSocketObservation) DeepCopy() *ContainersStartupProbeTCPSocketObservation { - if in == nil { - return nil - } - out := new(ContainersStartupProbeTCPSocketObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainersStartupProbeTCPSocketParameters) DeepCopyInto(out *ContainersStartupProbeTCPSocketParameters) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainersStartupProbeTCPSocketParameters. -func (in *ContainersStartupProbeTCPSocketParameters) DeepCopy() *ContainersStartupProbeTCPSocketParameters { - if in == nil { - return nil - } - out := new(ContainersStartupProbeTCPSocketParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ContainersVolumeMountsInitParameters) DeepCopyInto(out *ContainersVolumeMountsInitParameters) { *out = *in @@ -2544,6 +2235,101 @@ func (in *GRPCParameters) DeepCopy() *GRPCParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcsInitParameters) DeepCopyInto(out *GcsInitParameters) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.BucketRef != nil { + in, out := &in.BucketRef, &out.BucketRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BucketSelector != nil { + in, out := &in.BucketSelector, &out.BucketSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcsInitParameters. +func (in *GcsInitParameters) DeepCopy() *GcsInitParameters { + if in == nil { + return nil + } + out := new(GcsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcsObservation) DeepCopyInto(out *GcsObservation) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcsObservation. +func (in *GcsObservation) DeepCopy() *GcsObservation { + if in == nil { + return nil + } + out := new(GcsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcsParameters) DeepCopyInto(out *GcsParameters) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.BucketRef != nil { + in, out := &in.BucketRef, &out.BucketRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BucketSelector != nil { + in, out := &in.BucketSelector, &out.BucketSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcsParameters. +func (in *GcsParameters) DeepCopy() *GcsParameters { + if in == nil { + return nil + } + out := new(GcsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HTTPGetHTTPHeadersInitParameters) DeepCopyInto(out *HTTPGetHTTPHeadersInitParameters) { *out = *in @@ -3105,6 +2891,11 @@ func (in *LivenessProbeHTTPGetInitParameters) DeepCopyInto(out *LivenessProbeHTT *out = new(string) **out = **in } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LivenessProbeHTTPGetInitParameters. @@ -3132,6 +2923,11 @@ func (in *LivenessProbeHTTPGetObservation) DeepCopyInto(out *LivenessProbeHTTPGe *out = new(string) **out = **in } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LivenessProbeHTTPGetObservation. @@ -3159,6 +2955,11 @@ func (in *LivenessProbeHTTPGetParameters) DeepCopyInto(out *LivenessProbeHTTPGet *out = new(string) **out = **in } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LivenessProbeHTTPGetParameters. @@ -3519,6 +3320,38 @@ func (in *MetadataObservation) DeepCopyInto(out *MetadataObservation) { (*out)[key] = outVal } } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Generation != nil { in, out := &in.Generation, &out.Generation *out = new(float64) @@ -3555,10 +3388,26 @@ func (in *MetadataObservation) DeepCopyInto(out *MetadataObservation) { *out = new(string) **out = **in } - if in.UID != nil { - in, out := &in.UID, &out.UID - *out = new(string) - **out = **in + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.UID != nil { + in, out := &in.UID, &out.UID + *out = new(string) + **out = **in } } @@ -3634,6 +3483,204 @@ func (in *MetadataParameters) DeepCopy() *MetadataParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NFSInitParameters) DeepCopyInto(out *NFSInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NFSInitParameters. +func (in *NFSInitParameters) DeepCopy() *NFSInitParameters { + if in == nil { + return nil + } + out := new(NFSInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NFSObservation) DeepCopyInto(out *NFSObservation) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NFSObservation. +func (in *NFSObservation) DeepCopy() *NFSObservation { + if in == nil { + return nil + } + out := new(NFSObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NFSParameters) DeepCopyInto(out *NFSParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NFSParameters. +func (in *NFSParameters) DeepCopy() *NFSParameters { + if in == nil { + return nil + } + out := new(NFSParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkInterfacesInitParameters) DeepCopyInto(out *NetworkInterfacesInitParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkInterfacesInitParameters. +func (in *NetworkInterfacesInitParameters) DeepCopy() *NetworkInterfacesInitParameters { + if in == nil { + return nil + } + out := new(NetworkInterfacesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkInterfacesObservation) DeepCopyInto(out *NetworkInterfacesObservation) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkInterfacesObservation. +func (in *NetworkInterfacesObservation) DeepCopy() *NetworkInterfacesObservation { + if in == nil { + return nil + } + out := new(NetworkInterfacesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkInterfacesParameters) DeepCopyInto(out *NetworkInterfacesParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkInterfacesParameters. +func (in *NetworkInterfacesParameters) DeepCopy() *NetworkInterfacesParameters { + if in == nil { + return nil + } + out := new(NetworkInterfacesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PortsInitParameters) DeepCopyInto(out *PortsInitParameters) { *out = *in @@ -4913,6 +4960,38 @@ func (in *ServiceMetadataObservation) DeepCopyInto(out *ServiceMetadataObservati (*out)[key] = outVal } } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Generation != nil { in, out := &in.Generation, &out.Generation *out = new(float64) @@ -4949,6 +5028,22 @@ func (in *ServiceMetadataObservation) DeepCopyInto(out *ServiceMetadataObservati *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -6277,13 +6372,6 @@ func (in *TemplateContainersInitParameters) DeepCopyInto(out *TemplateContainers *out = new(string) **out = **in } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = make([]ContainersLivenessProbeInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -6303,13 +6391,6 @@ func (in *TemplateContainersInitParameters) DeepCopyInto(out *TemplateContainers (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.StartupProbe != nil { - in, out := &in.StartupProbe, &out.StartupProbe - *out = make([]ContainersStartupProbeInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]ContainersVolumeMountsInitParameters, len(*in)) @@ -6335,217 +6416,42 @@ func (in *TemplateContainersInitParameters) DeepCopy() *TemplateContainersInitPa } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersLivenessProbeInitParameters) DeepCopyInto(out *TemplateContainersLivenessProbeInitParameters) { +func (in *TemplateContainersObservation) DeepCopyInto(out *TemplateContainersObservation) { *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = make([]LivenessProbeGRPCInitParameters, len(*in)) + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]*string, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } } } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = make([]ContainersLivenessProbeHTTPGetInitParameters, len(*in)) + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = make([]ContainersEnvObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.InitialDelaySeconds != nil { - in, out := &in.InitialDelaySeconds, &out.InitialDelaySeconds - *out = new(float64) + if in.Image != nil { + in, out := &in.Image, &out.Image + *out = new(string) **out = **in } - if in.PeriodSeconds != nil { - in, out := &in.PeriodSeconds, &out.PeriodSeconds - *out = new(float64) - **out = **in - } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = make([]ContainersLivenessProbeTCPSocketInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersLivenessProbeInitParameters. -func (in *TemplateContainersLivenessProbeInitParameters) DeepCopy() *TemplateContainersLivenessProbeInitParameters { - if in == nil { - return nil - } - out := new(TemplateContainersLivenessProbeInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersLivenessProbeObservation) DeepCopyInto(out *TemplateContainersLivenessProbeObservation) { - *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in - } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = make([]LivenessProbeGRPCObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = make([]ContainersLivenessProbeHTTPGetObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.InitialDelaySeconds != nil { - in, out := &in.InitialDelaySeconds, &out.InitialDelaySeconds - *out = new(float64) - **out = **in - } - if in.PeriodSeconds != nil { - in, out := &in.PeriodSeconds, &out.PeriodSeconds - *out = new(float64) - **out = **in - } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = make([]ContainersLivenessProbeTCPSocketObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersLivenessProbeObservation. -func (in *TemplateContainersLivenessProbeObservation) DeepCopy() *TemplateContainersLivenessProbeObservation { - if in == nil { - return nil - } - out := new(TemplateContainersLivenessProbeObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersLivenessProbeParameters) DeepCopyInto(out *TemplateContainersLivenessProbeParameters) { - *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in - } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = make([]LivenessProbeGRPCParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = make([]ContainersLivenessProbeHTTPGetParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.InitialDelaySeconds != nil { - in, out := &in.InitialDelaySeconds, &out.InitialDelaySeconds - *out = new(float64) - **out = **in - } - if in.PeriodSeconds != nil { - in, out := &in.PeriodSeconds, &out.PeriodSeconds - *out = new(float64) - **out = **in - } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = make([]ContainersLivenessProbeTCPSocketParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersLivenessProbeParameters. -func (in *TemplateContainersLivenessProbeParameters) DeepCopy() *TemplateContainersLivenessProbeParameters { - if in == nil { - return nil - } - out := new(TemplateContainersLivenessProbeParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersObservation) DeepCopyInto(out *TemplateContainersObservation) { - *out = *in - if in.Args != nil { - in, out := &in.Args, &out.Args - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.Command != nil { - in, out := &in.Command, &out.Command - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]ContainersEnvObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Image != nil { - in, out := &in.Image, &out.Image - *out = new(string) - **out = **in - } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = make([]ContainersLivenessProbeObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -6565,13 +6471,6 @@ func (in *TemplateContainersObservation) DeepCopyInto(out *TemplateContainersObs (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.StartupProbe != nil { - in, out := &in.StartupProbe, &out.StartupProbe - *out = make([]ContainersStartupProbeObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]ContainersVolumeMountsObservation, len(*in)) @@ -6633,13 +6532,6 @@ func (in *TemplateContainersParameters) DeepCopyInto(out *TemplateContainersPara *out = new(string) **out = **in } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = make([]ContainersLivenessProbeParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -6659,13 +6551,6 @@ func (in *TemplateContainersParameters) DeepCopyInto(out *TemplateContainersPara (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.StartupProbe != nil { - in, out := &in.StartupProbe, &out.StartupProbe - *out = make([]ContainersStartupProbeParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]ContainersVolumeMountsParameters, len(*in)) @@ -6723,431 +6608,167 @@ func (in *TemplateContainersPortsObservation) DeepCopyInto(out *TemplateContaine *out = new(float64) **out = **in } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersPortsObservation. -func (in *TemplateContainersPortsObservation) DeepCopy() *TemplateContainersPortsObservation { - if in == nil { - return nil - } - out := new(TemplateContainersPortsObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersPortsParameters) DeepCopyInto(out *TemplateContainersPortsParameters) { - *out = *in - if in.ContainerPort != nil { - in, out := &in.ContainerPort, &out.ContainerPort - *out = new(float64) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersPortsParameters. -func (in *TemplateContainersPortsParameters) DeepCopy() *TemplateContainersPortsParameters { - if in == nil { - return nil - } - out := new(TemplateContainersPortsParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersResourcesInitParameters) DeepCopyInto(out *TemplateContainersResourcesInitParameters) { - *out = *in - if in.CPUIdle != nil { - in, out := &in.CPUIdle, &out.CPUIdle - *out = new(bool) - **out = **in - } - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } - if in.StartupCPUBoost != nil { - in, out := &in.StartupCPUBoost, &out.StartupCPUBoost - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersResourcesInitParameters. -func (in *TemplateContainersResourcesInitParameters) DeepCopy() *TemplateContainersResourcesInitParameters { - if in == nil { - return nil - } - out := new(TemplateContainersResourcesInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersResourcesObservation) DeepCopyInto(out *TemplateContainersResourcesObservation) { - *out = *in - if in.CPUIdle != nil { - in, out := &in.CPUIdle, &out.CPUIdle - *out = new(bool) - **out = **in - } - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } - if in.StartupCPUBoost != nil { - in, out := &in.StartupCPUBoost, &out.StartupCPUBoost - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersResourcesObservation. -func (in *TemplateContainersResourcesObservation) DeepCopy() *TemplateContainersResourcesObservation { - if in == nil { - return nil - } - out := new(TemplateContainersResourcesObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersResourcesParameters) DeepCopyInto(out *TemplateContainersResourcesParameters) { - *out = *in - if in.CPUIdle != nil { - in, out := &in.CPUIdle, &out.CPUIdle - *out = new(bool) - **out = **in - } - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } - if in.StartupCPUBoost != nil { - in, out := &in.StartupCPUBoost, &out.StartupCPUBoost - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersResourcesParameters. -func (in *TemplateContainersResourcesParameters) DeepCopy() *TemplateContainersResourcesParameters { - if in == nil { - return nil - } - out := new(TemplateContainersResourcesParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersStartupProbeHTTPGetInitParameters) DeepCopyInto(out *TemplateContainersStartupProbeHTTPGetInitParameters) { - *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]ContainersStartupProbeHTTPGetHTTPHeadersInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersStartupProbeHTTPGetInitParameters. -func (in *TemplateContainersStartupProbeHTTPGetInitParameters) DeepCopy() *TemplateContainersStartupProbeHTTPGetInitParameters { - if in == nil { - return nil - } - out := new(TemplateContainersStartupProbeHTTPGetInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersStartupProbeHTTPGetObservation) DeepCopyInto(out *TemplateContainersStartupProbeHTTPGetObservation) { - *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]ContainersStartupProbeHTTPGetHTTPHeadersObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersStartupProbeHTTPGetObservation. -func (in *TemplateContainersStartupProbeHTTPGetObservation) DeepCopy() *TemplateContainersStartupProbeHTTPGetObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersPortsObservation. +func (in *TemplateContainersPortsObservation) DeepCopy() *TemplateContainersPortsObservation { if in == nil { return nil } - out := new(TemplateContainersStartupProbeHTTPGetObservation) + out := new(TemplateContainersPortsObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersStartupProbeHTTPGetParameters) DeepCopyInto(out *TemplateContainersStartupProbeHTTPGetParameters) { +func (in *TemplateContainersPortsParameters) DeepCopyInto(out *TemplateContainersPortsParameters) { *out = *in - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]ContainersStartupProbeHTTPGetHTTPHeadersParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) + if in.ContainerPort != nil { + in, out := &in.ContainerPort, &out.ContainerPort + *out = new(float64) **out = **in } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersStartupProbeHTTPGetParameters. -func (in *TemplateContainersStartupProbeHTTPGetParameters) DeepCopy() *TemplateContainersStartupProbeHTTPGetParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersPortsParameters. +func (in *TemplateContainersPortsParameters) DeepCopy() *TemplateContainersPortsParameters { if in == nil { return nil } - out := new(TemplateContainersStartupProbeHTTPGetParameters) + out := new(TemplateContainersPortsParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersStartupProbeInitParameters) DeepCopyInto(out *TemplateContainersStartupProbeInitParameters) { +func (in *TemplateContainersResourcesInitParameters) DeepCopyInto(out *TemplateContainersResourcesInitParameters) { *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in - } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = make([]ContainersStartupProbeGRPCInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = make([]TemplateContainersStartupProbeHTTPGetInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.InitialDelaySeconds != nil { - in, out := &in.InitialDelaySeconds, &out.InitialDelaySeconds - *out = new(float64) - **out = **in - } - if in.PeriodSeconds != nil { - in, out := &in.PeriodSeconds, &out.PeriodSeconds - *out = new(float64) + if in.CPUIdle != nil { + in, out := &in.CPUIdle, &out.CPUIdle + *out = new(bool) **out = **in } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = make([]ContainersStartupProbeTCPSocketInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if in.Limits != nil { + in, out := &in.Limits, &out.Limits + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal } } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(float64) + if in.StartupCPUBoost != nil { + in, out := &in.StartupCPUBoost, &out.StartupCPUBoost + *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersStartupProbeInitParameters. -func (in *TemplateContainersStartupProbeInitParameters) DeepCopy() *TemplateContainersStartupProbeInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersResourcesInitParameters. +func (in *TemplateContainersResourcesInitParameters) DeepCopy() *TemplateContainersResourcesInitParameters { if in == nil { return nil } - out := new(TemplateContainersStartupProbeInitParameters) + out := new(TemplateContainersResourcesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersStartupProbeObservation) DeepCopyInto(out *TemplateContainersStartupProbeObservation) { +func (in *TemplateContainersResourcesObservation) DeepCopyInto(out *TemplateContainersResourcesObservation) { *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in - } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = make([]ContainersStartupProbeGRPCObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = make([]TemplateContainersStartupProbeHTTPGetObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.InitialDelaySeconds != nil { - in, out := &in.InitialDelaySeconds, &out.InitialDelaySeconds - *out = new(float64) - **out = **in - } - if in.PeriodSeconds != nil { - in, out := &in.PeriodSeconds, &out.PeriodSeconds - *out = new(float64) + if in.CPUIdle != nil { + in, out := &in.CPUIdle, &out.CPUIdle + *out = new(bool) **out = **in } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = make([]ContainersStartupProbeTCPSocketObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if in.Limits != nil { + in, out := &in.Limits, &out.Limits + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal } } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(float64) + if in.StartupCPUBoost != nil { + in, out := &in.StartupCPUBoost, &out.StartupCPUBoost + *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersStartupProbeObservation. -func (in *TemplateContainersStartupProbeObservation) DeepCopy() *TemplateContainersStartupProbeObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersResourcesObservation. +func (in *TemplateContainersResourcesObservation) DeepCopy() *TemplateContainersResourcesObservation { if in == nil { return nil } - out := new(TemplateContainersStartupProbeObservation) + out := new(TemplateContainersResourcesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateContainersStartupProbeParameters) DeepCopyInto(out *TemplateContainersStartupProbeParameters) { +func (in *TemplateContainersResourcesParameters) DeepCopyInto(out *TemplateContainersResourcesParameters) { *out = *in - if in.FailureThreshold != nil { - in, out := &in.FailureThreshold, &out.FailureThreshold - *out = new(float64) - **out = **in - } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = make([]ContainersStartupProbeGRPCParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = make([]TemplateContainersStartupProbeHTTPGetParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.InitialDelaySeconds != nil { - in, out := &in.InitialDelaySeconds, &out.InitialDelaySeconds - *out = new(float64) - **out = **in - } - if in.PeriodSeconds != nil { - in, out := &in.PeriodSeconds, &out.PeriodSeconds - *out = new(float64) + if in.CPUIdle != nil { + in, out := &in.CPUIdle, &out.CPUIdle + *out = new(bool) **out = **in } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = make([]ContainersStartupProbeTCPSocketParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if in.Limits != nil { + in, out := &in.Limits, &out.Limits + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal } } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(float64) + if in.StartupCPUBoost != nil { + in, out := &in.StartupCPUBoost, &out.StartupCPUBoost + *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersStartupProbeParameters. -func (in *TemplateContainersStartupProbeParameters) DeepCopy() *TemplateContainersStartupProbeParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateContainersResourcesParameters. +func (in *TemplateContainersResourcesParameters) DeepCopy() *TemplateContainersResourcesParameters { if in == nil { return nil } - out := new(TemplateContainersStartupProbeParameters) + out := new(TemplateContainersResourcesParameters) in.DeepCopyInto(out) return out } @@ -7838,6 +7459,13 @@ func (in *TemplateVPCAccessInitParameters) DeepCopyInto(out *TemplateVPCAccessIn *out = new(string) **out = **in } + if in.NetworkInterfaces != nil { + in, out := &in.NetworkInterfaces, &out.NetworkInterfaces + *out = make([]VPCAccessNetworkInterfacesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVPCAccessInitParameters. @@ -7863,6 +7491,13 @@ func (in *TemplateVPCAccessObservation) DeepCopyInto(out *TemplateVPCAccessObser *out = new(string) **out = **in } + if in.NetworkInterfaces != nil { + in, out := &in.NetworkInterfaces, &out.NetworkInterfaces + *out = make([]VPCAccessNetworkInterfacesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVPCAccessObservation. @@ -7888,6 +7523,13 @@ func (in *TemplateVPCAccessParameters) DeepCopyInto(out *TemplateVPCAccessParame *out = new(string) **out = **in } + if in.NetworkInterfaces != nil { + in, out := &in.NetworkInterfaces, &out.NetworkInterfaces + *out = make([]VPCAccessNetworkInterfacesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVPCAccessParameters. @@ -8611,6 +8253,53 @@ func (in *V2JobObservation) DeepCopyInto(out *V2JobObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CreateTime != nil { + in, out := &in.CreateTime, &out.CreateTime + *out = new(string) + **out = **in + } + if in.Creator != nil { + in, out := &in.Creator, &out.Creator + *out = new(string) + **out = **in + } + if in.DeleteTime != nil { + in, out := &in.DeleteTime, &out.DeleteTime + *out = new(string) + **out = **in + } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -8621,6 +8310,11 @@ func (in *V2JobObservation) DeepCopyInto(out *V2JobObservation) { *out = new(float64) **out = **in } + if in.ExpireTime != nil { + in, out := &in.ExpireTime, &out.ExpireTime + *out = new(string) + **out = **in + } if in.Generation != nil { in, out := &in.Generation, &out.Generation *out = new(string) @@ -8647,6 +8341,11 @@ func (in *V2JobObservation) DeepCopyInto(out *V2JobObservation) { (*out)[key] = outVal } } + if in.LastModifier != nil { + in, out := &in.LastModifier, &out.LastModifier + *out = new(string) + **out = **in + } if in.LatestCreatedExecution != nil { in, out := &in.LatestCreatedExecution, &out.LatestCreatedExecution *out = make([]LatestCreatedExecutionObservation, len(*in)) @@ -8693,11 +8392,32 @@ func (in *V2JobObservation) DeepCopyInto(out *V2JobObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) **out = **in } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new V2JobObservation. @@ -9246,6 +8966,17 @@ func (in *V2ServiceInitParameters) DeepCopyInto(out *V2ServiceInitParameters) { *out = new(string) **out = **in } + if in.CustomAudiences != nil { + in, out := &in.CustomAudiences, &out.CustomAudiences + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -9383,16 +9114,79 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CreateTime != nil { + in, out := &in.CreateTime, &out.CreateTime + *out = new(string) + **out = **in + } + if in.Creator != nil { + in, out := &in.Creator, &out.Creator + *out = new(string) + **out = **in + } + if in.CustomAudiences != nil { + in, out := &in.CustomAudiences, &out.CustomAudiences + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.DeleteTime != nil { + in, out := &in.DeleteTime, &out.DeleteTime + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) **out = **in } + if in.ExpireTime != nil { + in, out := &in.ExpireTime, &out.ExpireTime + *out = new(string) + **out = **in + } if in.Generation != nil { in, out := &in.Generation, &out.Generation *out = new(string) @@ -9424,6 +9218,11 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { (*out)[key] = outVal } } + if in.LastModifier != nil { + in, out := &in.LastModifier, &out.LastModifier + *out = new(string) + **out = **in + } if in.LatestCreatedRevision != nil { in, out := &in.LatestCreatedRevision, &out.LatestCreatedRevision *out = new(string) @@ -9473,6 +9272,22 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Traffic != nil { in, out := &in.Traffic, &out.Traffic *out = make([]V2ServiceTrafficObservation, len(*in)) @@ -9497,6 +9312,11 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { *out = new(string) **out = **in } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new V2ServiceObservation. @@ -9545,6 +9365,17 @@ func (in *V2ServiceParameters) DeepCopyInto(out *V2ServiceParameters) { *out = new(string) **out = **in } + if in.CustomAudiences != nil { + in, out := &in.CustomAudiences, &out.CustomAudiences + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -9672,6 +9503,17 @@ func (in *V2ServiceTemplateContainersInitParameters) DeepCopyInto(out *V2Service } } } + if in.DependsOn != nil { + in, out := &in.DependsOn, &out.DependsOn + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Env != nil { in, out := &in.Env, &out.Env *out = make([]TemplateContainersEnvInitParameters, len(*in)) @@ -9686,7 +9528,7 @@ func (in *V2ServiceTemplateContainersInitParameters) DeepCopyInto(out *V2Service } if in.LivenessProbe != nil { in, out := &in.LivenessProbe, &out.LivenessProbe - *out = make([]TemplateContainersLivenessProbeInitParameters, len(*in)) + *out = make([]ContainersLivenessProbeInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -9712,7 +9554,7 @@ func (in *V2ServiceTemplateContainersInitParameters) DeepCopyInto(out *V2Service } if in.StartupProbe != nil { in, out := &in.StartupProbe, &out.StartupProbe - *out = make([]TemplateContainersStartupProbeInitParameters, len(*in)) + *out = make([]ContainersStartupProbeInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -9766,6 +9608,17 @@ func (in *V2ServiceTemplateContainersObservation) DeepCopyInto(out *V2ServiceTem } } } + if in.DependsOn != nil { + in, out := &in.DependsOn, &out.DependsOn + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Env != nil { in, out := &in.Env, &out.Env *out = make([]TemplateContainersEnvObservation, len(*in)) @@ -9780,7 +9633,7 @@ func (in *V2ServiceTemplateContainersObservation) DeepCopyInto(out *V2ServiceTem } if in.LivenessProbe != nil { in, out := &in.LivenessProbe, &out.LivenessProbe - *out = make([]TemplateContainersLivenessProbeObservation, len(*in)) + *out = make([]ContainersLivenessProbeObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -9806,7 +9659,7 @@ func (in *V2ServiceTemplateContainersObservation) DeepCopyInto(out *V2ServiceTem } if in.StartupProbe != nil { in, out := &in.StartupProbe, &out.StartupProbe - *out = make([]TemplateContainersStartupProbeObservation, len(*in)) + *out = make([]ContainersStartupProbeObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -9860,6 +9713,17 @@ func (in *V2ServiceTemplateContainersParameters) DeepCopyInto(out *V2ServiceTemp } } } + if in.DependsOn != nil { + in, out := &in.DependsOn, &out.DependsOn + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Env != nil { in, out := &in.Env, &out.Env *out = make([]TemplateContainersEnvParameters, len(*in)) @@ -9874,7 +9738,7 @@ func (in *V2ServiceTemplateContainersParameters) DeepCopyInto(out *V2ServiceTemp } if in.LivenessProbe != nil { in, out := &in.LivenessProbe, &out.LivenessProbe - *out = make([]TemplateContainersLivenessProbeParameters, len(*in)) + *out = make([]ContainersLivenessProbeParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -9900,7 +9764,7 @@ func (in *V2ServiceTemplateContainersParameters) DeepCopyInto(out *V2ServiceTemp } if in.StartupProbe != nil { in, out := &in.StartupProbe, &out.StartupProbe - *out = make([]TemplateContainersStartupProbeParameters, len(*in)) + *out = make([]ContainersStartupProbeParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -10269,6 +10133,20 @@ func (in *V2ServiceTemplateVolumesInitParameters) DeepCopyInto(out *V2ServiceTem (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Gcs != nil { + in, out := &in.Gcs, &out.Gcs + *out = make([]GcsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = make([]NFSInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -10303,6 +10181,20 @@ func (in *V2ServiceTemplateVolumesObservation) DeepCopyInto(out *V2ServiceTempla (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Gcs != nil { + in, out := &in.Gcs, &out.Gcs + *out = make([]GcsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = make([]NFSObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -10337,6 +10229,20 @@ func (in *V2ServiceTemplateVolumesParameters) DeepCopyInto(out *V2ServiceTemplat (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Gcs != nil { + in, out := &in.Gcs, &out.Gcs + *out = make([]GcsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = make([]NFSParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -10564,6 +10470,13 @@ func (in *VPCAccessInitParameters) DeepCopyInto(out *VPCAccessInitParameters) { *out = new(string) **out = **in } + if in.NetworkInterfaces != nil { + in, out := &in.NetworkInterfaces, &out.NetworkInterfaces + *out = make([]NetworkInterfacesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCAccessInitParameters. @@ -10576,6 +10489,114 @@ func (in *VPCAccessInitParameters) DeepCopy() *VPCAccessInitParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCAccessNetworkInterfacesInitParameters) DeepCopyInto(out *VPCAccessNetworkInterfacesInitParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCAccessNetworkInterfacesInitParameters. +func (in *VPCAccessNetworkInterfacesInitParameters) DeepCopy() *VPCAccessNetworkInterfacesInitParameters { + if in == nil { + return nil + } + out := new(VPCAccessNetworkInterfacesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCAccessNetworkInterfacesObservation) DeepCopyInto(out *VPCAccessNetworkInterfacesObservation) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCAccessNetworkInterfacesObservation. +func (in *VPCAccessNetworkInterfacesObservation) DeepCopy() *VPCAccessNetworkInterfacesObservation { + if in == nil { + return nil + } + out := new(VPCAccessNetworkInterfacesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCAccessNetworkInterfacesParameters) DeepCopyInto(out *VPCAccessNetworkInterfacesParameters) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCAccessNetworkInterfacesParameters. +func (in *VPCAccessNetworkInterfacesParameters) DeepCopy() *VPCAccessNetworkInterfacesParameters { + if in == nil { + return nil + } + out := new(VPCAccessNetworkInterfacesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCAccessObservation) DeepCopyInto(out *VPCAccessObservation) { *out = *in @@ -10589,6 +10610,13 @@ func (in *VPCAccessObservation) DeepCopyInto(out *VPCAccessObservation) { *out = new(string) **out = **in } + if in.NetworkInterfaces != nil { + in, out := &in.NetworkInterfaces, &out.NetworkInterfaces + *out = make([]NetworkInterfacesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCAccessObservation. @@ -10614,6 +10642,13 @@ func (in *VPCAccessParameters) DeepCopyInto(out *VPCAccessParameters) { *out = new(string) **out = **in } + if in.NetworkInterfaces != nil { + in, out := &in.NetworkInterfaces, &out.NetworkInterfaces + *out = make([]NetworkInterfacesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCAccessParameters. diff --git a/apis/cloudrun/v1beta1/zz_generated.resolvers.go b/apis/cloudrun/v1beta1/zz_generated.resolvers.go index 5399b5b53..122c68443 100644 --- a/apis/cloudrun/v1beta1/zz_generated.resolvers.go +++ b/apis/cloudrun/v1beta1/zz_generated.resolvers.go @@ -551,6 +551,31 @@ func (mg *V2Service) ResolveReferences(ctx context.Context, c client.Reader) err } } } + for i3 := 0; i3 < len(mg.Spec.ForProvider.Template); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.Template[i3].Volumes); i4++ { + for i5 := 0; i5 < len(mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs); i5++ { + { + m, l, err = apisresolver.GetManagedResource("storage.gcp.upbound.io", "v1beta1", "Bucket", "BucketList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs[i5].Bucket), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs[i5].BucketRef, + Selector: mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs[i5].BucketSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs[i5].Bucket") + } + mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs[i5].Bucket = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.Template[i3].Volumes[i4].Gcs[i5].BucketRef = rsp.ResolvedReference + + } + } + } for i3 := 0; i3 < len(mg.Spec.ForProvider.Template); i3++ { for i4 := 0; i4 < len(mg.Spec.ForProvider.Template[i3].Volumes); i4++ { for i5 := 0; i5 < len(mg.Spec.ForProvider.Template[i3].Volumes[i4].Secret); i5++ { @@ -605,6 +630,31 @@ func (mg *V2Service) ResolveReferences(ctx context.Context, c client.Reader) err } } } + for i3 := 0; i3 < len(mg.Spec.InitProvider.Template); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.Template[i3].Volumes); i4++ { + for i5 := 0; i5 < len(mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs); i5++ { + { + m, l, err = apisresolver.GetManagedResource("storage.gcp.upbound.io", "v1beta1", "Bucket", "BucketList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs[i5].Bucket), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs[i5].BucketRef, + Selector: mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs[i5].BucketSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs[i5].Bucket") + } + mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs[i5].Bucket = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.Template[i3].Volumes[i4].Gcs[i5].BucketRef = rsp.ResolvedReference + + } + } + } for i3 := 0; i3 < len(mg.Spec.InitProvider.Template); i3++ { for i4 := 0; i4 < len(mg.Spec.InitProvider.Template[i3].Volumes); i4++ { for i5 := 0; i5 < len(mg.Spec.InitProvider.Template[i3].Volumes[i4].Secret); i5++ { diff --git a/apis/cloudrun/v1beta1/zz_service_terraformed.go b/apis/cloudrun/v1beta1/zz_service_terraformed.go index d43ac5723..272d38635 100755 --- a/apis/cloudrun/v1beta1/zz_service_terraformed.go +++ b/apis/cloudrun/v1beta1/zz_service_terraformed.go @@ -141,5 +141,5 @@ func (tr *Service) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Service) GetTerraformSchemaVersion() int { - return 1 + return 2 } diff --git a/apis/cloudrun/v1beta1/zz_service_types.go b/apis/cloudrun/v1beta1/zz_service_types.go index bad2f12ac..7b20042ef 100755 --- a/apis/cloudrun/v1beta1/zz_service_types.go +++ b/apis/cloudrun/v1beta1/zz_service_types.go @@ -1037,6 +1037,12 @@ type ServiceMetadataObservation struct { // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // (Output) // A sequence number representing a specific generation of the desired state. Generation *float64 `json:"generation,omitempty" tf:"generation,omitempty"` @@ -1062,6 +1068,12 @@ type ServiceMetadataObservation struct { // SelfLink is a URL representing this object. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // (Output) + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // (Output) // UID is a unique id generated by the server on successful creation of a resource and is not // allowed to change on PUT operations. diff --git a/apis/cloudrun/v1beta1/zz_v2job_types.go b/apis/cloudrun/v1beta1/zz_v2job_types.go index 930326276..163f059b5 100755 --- a/apis/cloudrun/v1beta1/zz_v2job_types.go +++ b/apis/cloudrun/v1beta1/zz_v2job_types.go @@ -82,7 +82,7 @@ type ContainersEnvInitParameters struct { // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // The header field value + // Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes Value *string `json:"value,omitempty" tf:"value,omitempty"` // Source for the environment variable's value. @@ -95,7 +95,7 @@ type ContainersEnvObservation struct { // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // The header field value + // Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes Value *string `json:"value,omitempty" tf:"value,omitempty"` // Source for the environment variable's value. @@ -109,7 +109,7 @@ type ContainersEnvParameters struct { // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` - // The header field value + // Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes // +kubebuilder:validation:Optional Value *string `json:"value,omitempty" tf:"value,omitempty"` @@ -119,81 +119,6 @@ type ContainersEnvParameters struct { ValueSource []ValueSourceParameters `json:"valueSource,omitempty" tf:"value_source,omitempty"` } -type ContainersLivenessProbeInitParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []LivenessProbeHTTPGetInitParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []LivenessProbeTCPSocketInitParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type ContainersLivenessProbeObservation struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []LivenessProbeHTTPGetObservation `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []LivenessProbeTCPSocketObservation `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type ContainersLivenessProbeParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - // +kubebuilder:validation:Optional - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - HTTPGet []LivenessProbeHTTPGetParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - // +kubebuilder:validation:Optional - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - TCPSocket []LivenessProbeTCPSocketParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - type ContainersPortsInitParameters struct { // Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. @@ -225,133 +150,26 @@ type ContainersPortsParameters struct { type ContainersResourcesInitParameters struct { - // Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` } type ContainersResourcesObservation struct { - // Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` } type ContainersResourcesParameters struct { - // Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +kubebuilder:validation:Optional // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` } -type ContainersStartupProbeHTTPGetInitParameters struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - HTTPHeaders []StartupProbeHTTPGetHTTPHeadersInitParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` -} - -type ContainersStartupProbeHTTPGetObservation struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - HTTPHeaders []StartupProbeHTTPGetHTTPHeadersObservation `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` -} - -type ContainersStartupProbeHTTPGetParameters struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - // +kubebuilder:validation:Optional - HTTPHeaders []StartupProbeHTTPGetHTTPHeadersParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - // +kubebuilder:validation:Optional - Path *string `json:"path,omitempty" tf:"path,omitempty"` -} - -type ContainersStartupProbeInitParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []ContainersStartupProbeHTTPGetInitParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []StartupProbeTCPSocketInitParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type ContainersStartupProbeObservation struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []ContainersStartupProbeHTTPGetObservation `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []StartupProbeTCPSocketObservation `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type ContainersStartupProbeParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - // +kubebuilder:validation:Optional - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - HTTPGet []ContainersStartupProbeHTTPGetParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - // +kubebuilder:validation:Optional - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - TCPSocket []StartupProbeTCPSocketParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - type ContainersVolumeMountsInitParameters struct { // Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run @@ -404,84 +222,55 @@ type LatestCreatedExecutionObservation struct { type LatestCreatedExecutionParameters struct { } -type LivenessProbeHTTPGetHTTPHeadersInitParameters struct { +type NetworkInterfacesInitParameters struct { - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` + // The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + // looked up from the subnetwork. + Network *string `json:"network,omitempty" tf:"network,omitempty"` - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} - -type LivenessProbeHTTPGetHTTPHeadersObservation struct { + // The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + // subnetwork with the same name with the network will be used. + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` + // Network tags applied to this Cloud Run job. + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` } -type LivenessProbeHTTPGetHTTPHeadersParameters struct { +type NetworkInterfacesObservation struct { - // Volume's name. - // +kubebuilder:validation:Optional - Name *string `json:"name" tf:"name,omitempty"` - - // The header field value - // +kubebuilder:validation:Optional - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} + // The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + // looked up from the subnetwork. + Network *string `json:"network,omitempty" tf:"network,omitempty"` -type LivenessProbeHTTPGetInitParameters struct { + // The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + // subnetwork with the same name with the network will be used. + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - HTTPHeaders []LivenessProbeHTTPGetHTTPHeadersInitParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` -} - -type LivenessProbeHTTPGetObservation struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - HTTPHeaders []LivenessProbeHTTPGetHTTPHeadersObservation `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` + // Network tags applied to this Cloud Run job. + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` } -type LivenessProbeHTTPGetParameters struct { +type NetworkInterfacesParameters struct { - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. + // The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + // looked up from the subnetwork. // +kubebuilder:validation:Optional - HTTPHeaders []LivenessProbeHTTPGetHTTPHeadersParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + Network *string `json:"network,omitempty" tf:"network,omitempty"` - // The relative path of the secret in the container. + // The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + // subnetwork with the same name with the network will be used. // +kubebuilder:validation:Optional - Path *string `json:"path,omitempty" tf:"path,omitempty"` -} - -type LivenessProbeTCPSocketInitParameters struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type LivenessProbeTCPSocketObservation struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` -type LivenessProbeTCPSocketParameters struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Network tags applied to this Cloud Run job. // +kubebuilder:validation:Optional - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` } type SecretItemsInitParameters struct { @@ -512,7 +301,7 @@ type SecretItemsParameters struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. // +kubebuilder:validation:Optional - Mode *float64 `json:"mode" tf:"mode,omitempty"` + Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` // The relative path of the secret in the container. // +kubebuilder:validation:Optional @@ -523,54 +312,6 @@ type SecretItemsParameters struct { Version *string `json:"version" tf:"version,omitempty"` } -type StartupProbeHTTPGetHTTPHeadersInitParameters struct { - - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} - -type StartupProbeHTTPGetHTTPHeadersObservation struct { - - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} - -type StartupProbeHTTPGetHTTPHeadersParameters struct { - - // Volume's name. - // +kubebuilder:validation:Optional - Name *string `json:"name" tf:"name,omitempty"` - - // The header field value - // +kubebuilder:validation:Optional - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} - -type StartupProbeTCPSocketInitParameters struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type StartupProbeTCPSocketObservation struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type StartupProbeTCPSocketParameters struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - // +kubebuilder:validation:Optional - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - type TemplateContainersInitParameters struct { // Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell @@ -586,11 +327,6 @@ type TemplateContainersInitParameters struct { // URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images Image *string `json:"image,omitempty" tf:"image,omitempty"` - // Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // This field is not supported in Cloud Run Job currently. - // Structure is documented below. - LivenessProbe []ContainersLivenessProbeInitParameters `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` - // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -603,11 +339,6 @@ type TemplateContainersInitParameters struct { // Structure is documented below. Resources []ContainersResourcesInitParameters `json:"resources,omitempty" tf:"resources,omitempty"` - // Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // This field is not supported in Cloud Run Job currently. - // Structure is documented below. - StartupProbe []ContainersStartupProbeInitParameters `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` - // Volume to mount into the container's filesystem. // Structure is documented below. VolumeMounts []ContainersVolumeMountsInitParameters `json:"volumeMounts,omitempty" tf:"volume_mounts,omitempty"` @@ -631,11 +362,6 @@ type TemplateContainersObservation struct { // URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images Image *string `json:"image,omitempty" tf:"image,omitempty"` - // Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // This field is not supported in Cloud Run Job currently. - // Structure is documented below. - LivenessProbe []ContainersLivenessProbeObservation `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` - // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -648,11 +374,6 @@ type TemplateContainersObservation struct { // Structure is documented below. Resources []ContainersResourcesObservation `json:"resources,omitempty" tf:"resources,omitempty"` - // Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // This field is not supported in Cloud Run Job currently. - // Structure is documented below. - StartupProbe []ContainersStartupProbeObservation `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` - // Volume to mount into the container's filesystem. // Structure is documented below. VolumeMounts []ContainersVolumeMountsObservation `json:"volumeMounts,omitempty" tf:"volume_mounts,omitempty"` @@ -680,12 +401,6 @@ type TemplateContainersParameters struct { // +kubebuilder:validation:Optional Image *string `json:"image" tf:"image,omitempty"` - // Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // This field is not supported in Cloud Run Job currently. - // Structure is documented below. - // +kubebuilder:validation:Optional - LivenessProbe []ContainersLivenessProbeParameters `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` - // Volume's name. // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -701,12 +416,6 @@ type TemplateContainersParameters struct { // +kubebuilder:validation:Optional Resources []ContainersResourcesParameters `json:"resources,omitempty" tf:"resources,omitempty"` - // Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // This field is not supported in Cloud Run Job currently. - // Structure is documented below. - // +kubebuilder:validation:Optional - StartupProbe []ContainersStartupProbeParameters `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` - // Volume to mount into the container's filesystem. // Structure is documented below. // +kubebuilder:validation:Optional @@ -953,8 +662,8 @@ type V2JobConditionsParameters struct { type V2JobInitParameters struct { // Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - // Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - // All system annotations in v1 now have a corresponding field in v2 Job. + // Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + // All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. // This field follows Kubernetes annotations' namespacing, limits, and rules. // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -969,10 +678,11 @@ type V2JobInitParameters struct { // Arbitrary version identifier for the API client. ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` - // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - // environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + // https://cloud.google.com/run/docs/configuring/labels. // Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - // All system labels in v1 now have a corresponding field in v2 Job. + // All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -994,8 +704,8 @@ type V2JobInitParameters struct { type V2JobObservation struct { // Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - // Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - // All system annotations in v1 now have a corresponding field in v2 Job. + // Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + // All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. // This field follows Kubernetes annotations' namespacing, limits, and rules. // +mapType=granular Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` @@ -1014,25 +724,47 @@ type V2JobObservation struct { // Structure is documented below. Conditions []V2JobConditionsObservation `json:"conditions,omitempty" tf:"conditions,omitempty"` + // The creation time. + CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + + // Email address of the authenticated creator. + Creator *string `json:"creator,omitempty" tf:"creator,omitempty"` + + // The deletion time. + DeleteTime *string `json:"deleteTime,omitempty" tf:"delete_time,omitempty"` + + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` // Number of executions created for this job. ExecutionCount *float64 `json:"executionCount,omitempty" tf:"execution_count,omitempty"` + // For a deleted resource, the time after which it will be permamently deleted. + ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` + // A number that monotonically increases every time the user modifies the desired state. Generation *string `json:"generation,omitempty" tf:"generation,omitempty"` // an identifier for the resource with format projects/{{project}}/locations/{{location}}/jobs/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - // environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + // https://cloud.google.com/run/docs/configuring/labels. // Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - // All system labels in v1 now have a corresponding field in v2 Job. + // All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Email address of the last authenticated modifier. + LastModifier *string `json:"lastModifier,omitempty" tf:"last_modifier,omitempty"` + // Name of the last created execution. // Structure is documented below. LatestCreatedExecution []LatestCreatedExecutionObservation `json:"latestCreatedExecution,omitempty" tf:"latest_created_execution,omitempty"` @@ -1067,15 +799,23 @@ type V2JobObservation struct { // Structure is documented below. TerminalCondition []TerminalConditionObservation `json:"terminalCondition,omitempty" tf:"terminal_condition,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` + + // The last-modified time. + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } type V2JobParameters struct { // Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - // Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - // All system annotations in v1 now have a corresponding field in v2 Job. + // Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + // All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. // This field follows Kubernetes annotations' namespacing, limits, and rules. // +kubebuilder:validation:Optional // +mapType=granular @@ -1094,10 +834,11 @@ type V2JobParameters struct { // +kubebuilder:validation:Optional ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` - // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - // environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + // https://cloud.google.com/run/docs/configuring/labels. // Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - // All system labels in v1 now have a corresponding field in v2 Job. + // All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -1110,8 +851,8 @@ type V2JobParameters struct { LaunchStage *string `json:"launchStage,omitempty" tf:"launch_stage,omitempty"` // The location of the cloud run job - // +kubebuilder:validation:Optional - Location *string `json:"location,omitempty" tf:"location,omitempty"` + // +kubebuilder:validation:Required + Location *string `json:"location" tf:"location,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -1221,6 +962,10 @@ type VPCAccessInitParameters struct { // Traffic VPC egress settings. // Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. Egress *string `json:"egress,omitempty" tf:"egress,omitempty"` + + // Direct VPC egress settings. Currently only single network interface is supported. + // Structure is documented below. + NetworkInterfaces []NetworkInterfacesInitParameters `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } type VPCAccessObservation struct { @@ -1231,6 +976,10 @@ type VPCAccessObservation struct { // Traffic VPC egress settings. // Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. Egress *string `json:"egress,omitempty" tf:"egress,omitempty"` + + // Direct VPC egress settings. Currently only single network interface is supported. + // Structure is documented below. + NetworkInterfaces []NetworkInterfacesObservation `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } type VPCAccessParameters struct { @@ -1243,6 +992,11 @@ type VPCAccessParameters struct { // Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. // +kubebuilder:validation:Optional Egress *string `json:"egress,omitempty" tf:"egress,omitempty"` + + // Direct VPC egress settings. Currently only single network interface is supported. + // Structure is documented below. + // +kubebuilder:validation:Optional + NetworkInterfaces []NetworkInterfacesParameters `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } type ValueSourceInitParameters struct { diff --git a/apis/cloudrun/v1beta1/zz_v2service_types.go b/apis/cloudrun/v1beta1/zz_v2service_types.go index 8313336a2..683b73017 100755 --- a/apis/cloudrun/v1beta1/zz_v2service_types.go +++ b/apis/cloudrun/v1beta1/zz_v2service_types.go @@ -29,99 +29,99 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) -type ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters struct { +type ContainersLivenessProbeInitParameters struct { - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} + // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` -type ContainersLivenessProbeHTTPGetHTTPHeadersObservation struct { + // GRPC specifies an action involving a GRPC port. + // Structure is documented below. + GRPC []LivenessProbeGRPCInitParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` + // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + HTTPGet []LivenessProbeHTTPGetInitParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` -} + // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` -type ContainersLivenessProbeHTTPGetHTTPHeadersParameters struct { + // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - // Volume's name. - // +kubebuilder:validation:Optional - Name *string `json:"name" tf:"name,omitempty"` + // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + TCPSocket []LivenessProbeTCPSocketInitParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - // The header field value - // +kubebuilder:validation:Optional - Value *string `json:"value,omitempty" tf:"value,omitempty"` + // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` } -type ContainersLivenessProbeHTTPGetInitParameters struct { +type ContainersLivenessProbeObservation struct { - // Custom headers to set in the request. HTTP allows repeated headers. + // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` + + // GRPC specifies an action involving a GRPC port. // Structure is documented below. - HTTPHeaders []ContainersLivenessProbeHTTPGetHTTPHeadersInitParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + GRPC []LivenessProbeGRPCObservation `json:"grpc,omitempty" tf:"grpc,omitempty"` - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` + // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + HTTPGet []LivenessProbeHTTPGetObservation `json:"httpGet,omitempty" tf:"http_get,omitempty"` - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} + // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` -type ContainersLivenessProbeHTTPGetObservation struct { + // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - // Custom headers to set in the request. HTTP allows repeated headers. + // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. // Structure is documented below. - HTTPHeaders []ContainersLivenessProbeHTTPGetHTTPHeadersObservation `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + TCPSocket []LivenessProbeTCPSocketObservation `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` } -type ContainersLivenessProbeHTTPGetParameters struct { +type ContainersLivenessProbeParameters struct { - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. + // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. // +kubebuilder:validation:Optional - HTTPHeaders []ContainersLivenessProbeHTTPGetHTTPHeadersParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - // The relative path of the secret in the container. + // GRPC specifies an action involving a GRPC port. + // Structure is documented below. // +kubebuilder:validation:Optional - Path *string `json:"path,omitempty" tf:"path,omitempty"` + GRPC []LivenessProbeGRPCParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. // +kubebuilder:validation:Optional - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type ContainersLivenessProbeTCPSocketInitParameters struct { - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} + HTTPGet []LivenessProbeHTTPGetParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` -type ContainersLivenessProbeTCPSocketObservation struct { + // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +kubebuilder:validation:Optional + InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} + // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + // +kubebuilder:validation:Optional + PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` -type ContainersLivenessProbeTCPSocketParameters struct { + // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + // +kubebuilder:validation:Optional + TCPSocket []LivenessProbeTCPSocketParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // +kubebuilder:validation:Optional - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` } type ContainersStartupProbeGRPCInitParameters struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` // The name of the service to place in the gRPC HealthCheckRequest @@ -132,7 +132,9 @@ type ContainersStartupProbeGRPCInitParameters struct { type ContainersStartupProbeGRPCObservation struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` // The name of the service to place in the gRPC HealthCheckRequest @@ -143,7 +145,9 @@ type ContainersStartupProbeGRPCObservation struct { type ContainersStartupProbeGRPCParameters struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. // +kubebuilder:validation:Optional Port *float64 `json:"port,omitempty" tf:"port,omitempty"` @@ -154,52 +158,140 @@ type ContainersStartupProbeGRPCParameters struct { Service *string `json:"service,omitempty" tf:"service,omitempty"` } -type ContainersStartupProbeHTTPGetHTTPHeadersInitParameters struct { +type ContainersStartupProbeHTTPGetInitParameters struct { - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Custom headers to set in the request. HTTP allows repeated headers. + // Structure is documented below. + HTTPHeaders []StartupProbeHTTPGetHTTPHeadersInitParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` } -type ContainersStartupProbeHTTPGetHTTPHeadersObservation struct { +type ContainersStartupProbeHTTPGetObservation struct { - // Volume's name. - Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Custom headers to set in the request. HTTP allows repeated headers. + // Structure is documented below. + HTTPHeaders []StartupProbeHTTPGetHTTPHeadersObservation `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - // The header field value - Value *string `json:"value,omitempty" tf:"value,omitempty"` + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` } -type ContainersStartupProbeHTTPGetHTTPHeadersParameters struct { +type ContainersStartupProbeHTTPGetParameters struct { - // Volume's name. + // Custom headers to set in the request. HTTP allows repeated headers. + // Structure is documented below. // +kubebuilder:validation:Optional - Name *string `json:"name" tf:"name,omitempty"` + HTTPHeaders []StartupProbeHTTPGetHTTPHeadersParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - // The header field value + // Path that is exported by the NFS server. // +kubebuilder:validation:Optional - Value *string `json:"value,omitempty" tf:"value,omitempty"` + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + // +kubebuilder:validation:Optional + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` } -type ContainersStartupProbeTCPSocketInitParameters struct { +type ContainersStartupProbeInitParameters struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` + + // GRPC specifies an action involving a GRPC port. + // Structure is documented below. + GRPC []ContainersStartupProbeGRPCInitParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` + + // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + HTTPGet []ContainersStartupProbeHTTPGetInitParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` + + // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` + + // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` + + // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + TCPSocket []StartupProbeTCPSocketInitParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` + + // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` } -type ContainersStartupProbeTCPSocketObservation struct { +type ContainersStartupProbeObservation struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` + + // GRPC specifies an action involving a GRPC port. + // Structure is documented below. + GRPC []ContainersStartupProbeGRPCObservation `json:"grpc,omitempty" tf:"grpc,omitempty"` + + // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + HTTPGet []ContainersStartupProbeHTTPGetObservation `json:"httpGet,omitempty" tf:"http_get,omitempty"` + + // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` + + // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` + + // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + TCPSocket []StartupProbeTCPSocketObservation `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` + + // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` } -type ContainersStartupProbeTCPSocketParameters struct { +type ContainersStartupProbeParameters struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. // +kubebuilder:validation:Optional - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` + + // GRPC specifies an action involving a GRPC port. + // Structure is documented below. + // +kubebuilder:validation:Optional + GRPC []ContainersStartupProbeGRPCParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` + + // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + // +kubebuilder:validation:Optional + HTTPGet []ContainersStartupProbeHTTPGetParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` + + // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +kubebuilder:validation:Optional + InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` + + // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + // +kubebuilder:validation:Optional + PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` + + // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + // Structure is documented below. + // +kubebuilder:validation:Optional + TCPSocket []StartupProbeTCPSocketParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` + + // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +kubebuilder:validation:Optional + TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` } type EnvValueSourceInitParameters struct { @@ -274,9 +366,58 @@ type EnvValueSourceSecretKeyRefParameters struct { Version *string `json:"version,omitempty" tf:"version,omitempty"` } +type GcsInitParameters struct { + + // GCS Bucket name + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/storage/v1beta1.Bucket + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // Reference to a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketRef *v1.Reference `json:"bucketRef,omitempty" tf:"-"` + + // Selector for a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketSelector *v1.Selector `json:"bucketSelector,omitempty" tf:"-"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + +type GcsObservation struct { + + // GCS Bucket name + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + +type GcsParameters struct { + + // GCS Bucket name + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/storage/v1beta1.Bucket + // +kubebuilder:validation:Optional + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // Reference to a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketRef *v1.Reference `json:"bucketRef,omitempty" tf:"-"` + + // Selector for a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketSelector *v1.Selector `json:"bucketSelector,omitempty" tf:"-"` + + // If true, mount the NFS volume as read only + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + type LivenessProbeGRPCInitParameters struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` // The name of the service to place in the gRPC HealthCheckRequest @@ -287,7 +428,9 @@ type LivenessProbeGRPCInitParameters struct { type LivenessProbeGRPCObservation struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` // The name of the service to place in the gRPC HealthCheckRequest @@ -298,7 +441,9 @@ type LivenessProbeGRPCObservation struct { type LivenessProbeGRPCParameters struct { - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. // +kubebuilder:validation:Optional Port *float64 `json:"port,omitempty" tf:"port,omitempty"` @@ -309,6 +454,147 @@ type LivenessProbeGRPCParameters struct { Service *string `json:"service,omitempty" tf:"service,omitempty"` } +type LivenessProbeHTTPGetHTTPHeadersInitParameters struct { + + // Volume's name. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The header field value + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type LivenessProbeHTTPGetHTTPHeadersObservation struct { + + // Volume's name. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The header field value + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type LivenessProbeHTTPGetHTTPHeadersParameters struct { + + // Volume's name. + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // The header field value + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type LivenessProbeHTTPGetInitParameters struct { + + // Custom headers to set in the request. HTTP allows repeated headers. + // Structure is documented below. + HTTPHeaders []LivenessProbeHTTPGetHTTPHeadersInitParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type LivenessProbeHTTPGetObservation struct { + + // Custom headers to set in the request. HTTP allows repeated headers. + // Structure is documented below. + HTTPHeaders []LivenessProbeHTTPGetHTTPHeadersObservation `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type LivenessProbeHTTPGetParameters struct { + + // Custom headers to set in the request. HTTP allows repeated headers. + // Structure is documented below. + // +kubebuilder:validation:Optional + HTTPHeaders []LivenessProbeHTTPGetHTTPHeadersParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` + + // Path that is exported by the NFS server. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + // +kubebuilder:validation:Optional + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type LivenessProbeTCPSocketInitParameters struct { + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type LivenessProbeTCPSocketObservation struct { + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type LivenessProbeTCPSocketParameters struct { + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + // +kubebuilder:validation:Optional + Port *float64 `json:"port" tf:"port,omitempty"` +} + +type NFSInitParameters struct { + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type NFSObservation struct { + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type NFSParameters struct { + + // Path that is exported by the NFS server. + // +kubebuilder:validation:Optional + Path *string `json:"path" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server + // +kubebuilder:validation:Optional + Server *string `json:"server" tf:"server,omitempty"` +} + type ScalingInitParameters struct { // Maximum number of serving instances that this resource should have. @@ -329,13 +615,67 @@ type ScalingObservation struct { type ScalingParameters struct { - // Maximum number of serving instances that this resource should have. - // +kubebuilder:validation:Optional - MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` + // Maximum number of serving instances that this resource should have. + // +kubebuilder:validation:Optional + MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` + + // Minimum number of serving instances that this resource should have. + // +kubebuilder:validation:Optional + MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` +} + +type StartupProbeHTTPGetHTTPHeadersInitParameters struct { + + // Volume's name. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The header field value + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type StartupProbeHTTPGetHTTPHeadersObservation struct { + + // Volume's name. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The header field value + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type StartupProbeHTTPGetHTTPHeadersParameters struct { + + // Volume's name. + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // The header field value + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type StartupProbeTCPSocketInitParameters struct { + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type StartupProbeTCPSocketObservation struct { + + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` +} + +type StartupProbeTCPSocketParameters struct { - // Minimum number of serving instances that this resource should have. + // Port number to access on the container. Must be in the range 1 to 65535. + // If not specified, defaults to the exposed port of the container, which + // is the value of container.ports[0].containerPort. // +kubebuilder:validation:Optional - MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` + Port *float64 `json:"port,omitempty" tf:"port,omitempty"` } type TemplateContainersEnvInitParameters struct { @@ -380,94 +720,6 @@ type TemplateContainersEnvParameters struct { ValueSource []EnvValueSourceParameters `json:"valueSource,omitempty" tf:"value_source,omitempty"` } -type TemplateContainersLivenessProbeInitParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // GRPC specifies an action involving a GRPC port. - // Structure is documented below. - GRPC []LivenessProbeGRPCInitParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []ContainersLivenessProbeHTTPGetInitParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []ContainersLivenessProbeTCPSocketInitParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type TemplateContainersLivenessProbeObservation struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // GRPC specifies an action involving a GRPC port. - // Structure is documented below. - GRPC []LivenessProbeGRPCObservation `json:"grpc,omitempty" tf:"grpc,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []ContainersLivenessProbeHTTPGetObservation `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []ContainersLivenessProbeTCPSocketObservation `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type TemplateContainersLivenessProbeParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - // +kubebuilder:validation:Optional - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // GRPC specifies an action involving a GRPC port. - // Structure is documented below. - // +kubebuilder:validation:Optional - GRPC []LivenessProbeGRPCParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - HTTPGet []ContainersLivenessProbeHTTPGetParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - // +kubebuilder:validation:Optional - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - TCPSocket []ContainersLivenessProbeTCPSocketParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - type TemplateContainersPortsInitParameters struct { // Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. @@ -499,10 +751,11 @@ type TemplateContainersPortsParameters struct { type TemplateContainersResourcesInitParameters struct { - // Determines whether CPU should be throttled or not outside of requests. + // Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + // resources is set, this field must be explicitly set to true to preserve the default behavior. CPUIdle *bool `json:"cpuIdle,omitempty" tf:"cpu_idle,omitempty"` - // Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` @@ -512,10 +765,11 @@ type TemplateContainersResourcesInitParameters struct { type TemplateContainersResourcesObservation struct { - // Determines whether CPU should be throttled or not outside of requests. + // Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + // resources is set, this field must be explicitly set to true to preserve the default behavior. CPUIdle *bool `json:"cpuIdle,omitempty" tf:"cpu_idle,omitempty"` - // Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` @@ -525,11 +779,12 @@ type TemplateContainersResourcesObservation struct { type TemplateContainersResourcesParameters struct { - // Determines whether CPU should be throttled or not outside of requests. + // Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + // resources is set, this field must be explicitly set to true to preserve the default behavior. // +kubebuilder:validation:Optional CPUIdle *bool `json:"cpuIdle,omitempty" tf:"cpu_idle,omitempty"` - // Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +kubebuilder:validation:Optional // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` @@ -539,136 +794,6 @@ type TemplateContainersResourcesParameters struct { StartupCPUBoost *bool `json:"startupCpuBoost,omitempty" tf:"startup_cpu_boost,omitempty"` } -type TemplateContainersStartupProbeHTTPGetInitParameters struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - HTTPHeaders []ContainersStartupProbeHTTPGetHTTPHeadersInitParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type TemplateContainersStartupProbeHTTPGetObservation struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - HTTPHeaders []ContainersStartupProbeHTTPGetHTTPHeadersObservation `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - Path *string `json:"path,omitempty" tf:"path,omitempty"` - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type TemplateContainersStartupProbeHTTPGetParameters struct { - - // Custom headers to set in the request. HTTP allows repeated headers. - // Structure is documented below. - // +kubebuilder:validation:Optional - HTTPHeaders []ContainersStartupProbeHTTPGetHTTPHeadersParameters `json:"httpHeaders,omitempty" tf:"http_headers,omitempty"` - - // The relative path of the secret in the container. - // +kubebuilder:validation:Optional - Path *string `json:"path,omitempty" tf:"path,omitempty"` - - // Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - // +kubebuilder:validation:Optional - Port *float64 `json:"port,omitempty" tf:"port,omitempty"` -} - -type TemplateContainersStartupProbeInitParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // GRPC specifies an action involving a GRPC port. - // Structure is documented below. - GRPC []ContainersStartupProbeGRPCInitParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []TemplateContainersStartupProbeHTTPGetInitParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []ContainersStartupProbeTCPSocketInitParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type TemplateContainersStartupProbeObservation struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // GRPC specifies an action involving a GRPC port. - // Structure is documented below. - GRPC []ContainersStartupProbeGRPCObservation `json:"grpc,omitempty" tf:"grpc,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - HTTPGet []TemplateContainersStartupProbeHTTPGetObservation `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - TCPSocket []ContainersStartupProbeTCPSocketObservation `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - -type TemplateContainersStartupProbeParameters struct { - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - // +kubebuilder:validation:Optional - FailureThreshold *float64 `json:"failureThreshold,omitempty" tf:"failure_threshold,omitempty"` - - // GRPC specifies an action involving a GRPC port. - // Structure is documented below. - // +kubebuilder:validation:Optional - GRPC []ContainersStartupProbeGRPCParameters `json:"grpc,omitempty" tf:"grpc,omitempty"` - - // HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - HTTPGet []TemplateContainersStartupProbeHTTPGetParameters `json:"httpGet,omitempty" tf:"http_get,omitempty"` - - // Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - InitialDelaySeconds *float64 `json:"initialDelaySeconds,omitempty" tf:"initial_delay_seconds,omitempty"` - - // How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - // +kubebuilder:validation:Optional - PeriodSeconds *float64 `json:"periodSeconds,omitempty" tf:"period_seconds,omitempty"` - - // TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - // Structure is documented below. - // +kubebuilder:validation:Optional - TCPSocket []ContainersStartupProbeTCPSocketParameters `json:"tcpSocket,omitempty" tf:"tcp_socket,omitempty"` - - // Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +kubebuilder:validation:Optional - TimeoutSeconds *float64 `json:"timeoutSeconds,omitempty" tf:"timeout_seconds,omitempty"` -} - type TemplateContainersVolumeMountsInitParameters struct { // Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run @@ -706,6 +831,10 @@ type TemplateVPCAccessInitParameters struct { // Traffic VPC egress settings. // Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. Egress *string `json:"egress,omitempty" tf:"egress,omitempty"` + + // Direct VPC egress settings. Currently only single network interface is supported. + // Structure is documented below. + NetworkInterfaces []VPCAccessNetworkInterfacesInitParameters `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } type TemplateVPCAccessObservation struct { @@ -716,6 +845,10 @@ type TemplateVPCAccessObservation struct { // Traffic VPC egress settings. // Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. Egress *string `json:"egress,omitempty" tf:"egress,omitempty"` + + // Direct VPC egress settings. Currently only single network interface is supported. + // Structure is documented below. + NetworkInterfaces []VPCAccessNetworkInterfacesObservation `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } type TemplateVPCAccessParameters struct { @@ -728,6 +861,11 @@ type TemplateVPCAccessParameters struct { // Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. // +kubebuilder:validation:Optional Egress *string `json:"egress,omitempty" tf:"egress,omitempty"` + + // Direct VPC egress settings. Currently only single network interface is supported. + // Structure is documented below. + // +kubebuilder:validation:Optional + NetworkInterfaces []VPCAccessNetworkInterfacesParameters `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } type TemplateVolumesSecretInitParameters struct { @@ -912,6 +1050,10 @@ type V2ServiceInitParameters struct { // Arbitrary version identifier for the API client. ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` + // One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + // For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` + // User-provided description of the Service. This field currently has a 512-character limit. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -968,12 +1110,34 @@ type V2ServiceObservation struct { // Structure is documented below. Conditions []V2ServiceConditionsObservation `json:"conditions,omitempty" tf:"conditions,omitempty"` + // The creation time. + CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + + // Email address of the authenticated creator. + Creator *string `json:"creator,omitempty" tf:"creator,omitempty"` + + // One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + // For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` + + // The deletion time. + DeleteTime *string `json:"deleteTime,omitempty" tf:"delete_time,omitempty"` + // User-provided description of the Service. This field currently has a 512-character limit. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // For a deleted resource, the time after which it will be permamently deleted. + ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` + // A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. Generation *string `json:"generation,omitempty" tf:"generation,omitempty"` @@ -991,6 +1155,9 @@ type V2ServiceObservation struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Email address of the last authenticated modifier. + LastModifier *string `json:"lastModifier,omitempty" tf:"last_modifier,omitempty"` + // Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. LatestCreatedRevision *string `json:"latestCreatedRevision,omitempty" tf:"latest_created_revision,omitempty"` @@ -1027,6 +1194,11 @@ type V2ServiceObservation struct { // Structure is documented below. TerminalCondition []V2ServiceTerminalConditionObservation `json:"terminalCondition,omitempty" tf:"terminal_condition,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. // Structure is documented below. Traffic []V2ServiceTrafficObservation `json:"traffic,omitempty" tf:"traffic,omitempty"` @@ -1040,6 +1212,9 @@ type V2ServiceObservation struct { // The main URI in which this Service is serving traffic. URI *string `json:"uri,omitempty" tf:"uri,omitempty"` + + // The last-modified time. + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } type V2ServiceParameters struct { @@ -1065,6 +1240,11 @@ type V2ServiceParameters struct { // +kubebuilder:validation:Optional ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` + // One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + // For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + // +kubebuilder:validation:Optional + CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` + // User-provided description of the Service. This field currently has a 512-character limit. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1090,8 +1270,8 @@ type V2ServiceParameters struct { LaunchStage *string `json:"launchStage,omitempty" tf:"launch_stage,omitempty"` // The location of the cloud run service - // +kubebuilder:validation:Optional - Location *string `json:"location,omitempty" tf:"location,omitempty"` + // +kubebuilder:validation:Required + Location *string `json:"location" tf:"location,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -1117,6 +1297,9 @@ type V2ServiceTemplateContainersInitParameters struct { // Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell Command []*string `json:"command,omitempty" tf:"command,omitempty"` + // Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. + DependsOn []*string `json:"dependsOn,omitempty" tf:"depends_on,omitempty"` + // List of environment variables to set in the container. // Structure is documented below. Env []TemplateContainersEnvInitParameters `json:"env,omitempty" tf:"env,omitempty"` @@ -1126,7 +1309,7 @@ type V2ServiceTemplateContainersInitParameters struct { // Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // Structure is documented below. - LivenessProbe []TemplateContainersLivenessProbeInitParameters `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` + LivenessProbe []ContainersLivenessProbeInitParameters `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1142,7 +1325,7 @@ type V2ServiceTemplateContainersInitParameters struct { // Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // Structure is documented below. - StartupProbe []TemplateContainersStartupProbeInitParameters `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` + StartupProbe []ContainersStartupProbeInitParameters `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` // Volume to mount into the container's filesystem. // Structure is documented below. @@ -1160,6 +1343,9 @@ type V2ServiceTemplateContainersObservation struct { // Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell Command []*string `json:"command,omitempty" tf:"command,omitempty"` + // Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. + DependsOn []*string `json:"dependsOn,omitempty" tf:"depends_on,omitempty"` + // List of environment variables to set in the container. // Structure is documented below. Env []TemplateContainersEnvObservation `json:"env,omitempty" tf:"env,omitempty"` @@ -1169,7 +1355,7 @@ type V2ServiceTemplateContainersObservation struct { // Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // Structure is documented below. - LivenessProbe []TemplateContainersLivenessProbeObservation `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` + LivenessProbe []ContainersLivenessProbeObservation `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1185,7 +1371,7 @@ type V2ServiceTemplateContainersObservation struct { // Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // Structure is documented below. - StartupProbe []TemplateContainersStartupProbeObservation `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` + StartupProbe []ContainersStartupProbeObservation `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` // Volume to mount into the container's filesystem. // Structure is documented below. @@ -1205,6 +1391,10 @@ type V2ServiceTemplateContainersParameters struct { // +kubebuilder:validation:Optional Command []*string `json:"command,omitempty" tf:"command,omitempty"` + // Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. + // +kubebuilder:validation:Optional + DependsOn []*string `json:"dependsOn,omitempty" tf:"depends_on,omitempty"` + // List of environment variables to set in the container. // Structure is documented below. // +kubebuilder:validation:Optional @@ -1217,7 +1407,7 @@ type V2ServiceTemplateContainersParameters struct { // Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // Structure is documented below. // +kubebuilder:validation:Optional - LivenessProbe []TemplateContainersLivenessProbeParameters `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` + LivenessProbe []ContainersLivenessProbeParameters `json:"livenessProbe,omitempty" tf:"liveness_probe,omitempty"` // Volume's name. // +kubebuilder:validation:Optional @@ -1237,7 +1427,7 @@ type V2ServiceTemplateContainersParameters struct { // Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes // Structure is documented below. // +kubebuilder:validation:Optional - StartupProbe []TemplateContainersStartupProbeParameters `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` + StartupProbe []ContainersStartupProbeParameters `json:"startupProbe,omitempty" tf:"startup_probe,omitempty"` // Volume to mount into the container's filesystem. // Structure is documented below. @@ -1436,6 +1626,14 @@ type V2ServiceTemplateVolumesInitParameters struct { // Structure is documented below. CloudSQLInstance []VolumesCloudSQLInstanceInitParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` + // Represents a GCS Bucket mounted as a volume. + // Structure is documented below. + Gcs []GcsInitParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` + + // Represents an NFS mount. + // Structure is documented below. + NFS []NFSInitParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1450,6 +1648,14 @@ type V2ServiceTemplateVolumesObservation struct { // Structure is documented below. CloudSQLInstance []VolumesCloudSQLInstanceObservation `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` + // Represents a GCS Bucket mounted as a volume. + // Structure is documented below. + Gcs []GcsObservation `json:"gcs,omitempty" tf:"gcs,omitempty"` + + // Represents an NFS mount. + // Structure is documented below. + NFS []NFSObservation `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1465,6 +1671,16 @@ type V2ServiceTemplateVolumesParameters struct { // +kubebuilder:validation:Optional CloudSQLInstance []VolumesCloudSQLInstanceParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` + // Represents a GCS Bucket mounted as a volume. + // Structure is documented below. + // +kubebuilder:validation:Optional + Gcs []GcsParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` + + // Represents an NFS mount. + // Structure is documented below. + // +kubebuilder:validation:Optional + NFS []NFSParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` @@ -1568,15 +1784,68 @@ type V2ServiceTrafficParameters struct { Type *string `json:"type,omitempty" tf:"type,omitempty"` } +type VPCAccessNetworkInterfacesInitParameters struct { + + // The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + // looked up from the subnetwork. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + // subnetwork with the same name with the network will be used. + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + + // Network tags applied to this Cloud Run service. + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + +type VPCAccessNetworkInterfacesObservation struct { + + // The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + // looked up from the subnetwork. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + // subnetwork with the same name with the network will be used. + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + + // Network tags applied to this Cloud Run service. + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + +type VPCAccessNetworkInterfacesParameters struct { + + // The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + // looked up from the subnetwork. + // +kubebuilder:validation:Optional + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + // network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + // subnetwork with the same name with the network will be used. + // +kubebuilder:validation:Optional + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + + // Network tags applied to this Cloud Run service. + // +kubebuilder:validation:Optional + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + type VolumesCloudSQLInstanceInitParameters struct { // The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} + // +listType=set Instances []*string `json:"instances,omitempty" tf:"instances,omitempty"` } type VolumesCloudSQLInstanceObservation struct { // The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} + // +listType=set Instances []*string `json:"instances,omitempty" tf:"instances,omitempty"` } @@ -1584,6 +1853,7 @@ type VolumesCloudSQLInstanceParameters struct { // The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} // +kubebuilder:validation:Optional + // +listType=set Instances []*string `json:"instances,omitempty" tf:"instances,omitempty"` } @@ -1592,7 +1862,7 @@ type VolumesSecretItemsInitParameters struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` - // The relative path of the secret in the container. + // Path that is exported by the NFS server. Path *string `json:"path,omitempty" tf:"path,omitempty"` // The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. @@ -1604,7 +1874,7 @@ type VolumesSecretItemsObservation struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` - // The relative path of the secret in the container. + // Path that is exported by the NFS server. Path *string `json:"path,omitempty" tf:"path,omitempty"` // The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. @@ -1615,9 +1885,9 @@ type VolumesSecretItemsParameters struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. // +kubebuilder:validation:Optional - Mode *float64 `json:"mode" tf:"mode,omitempty"` + Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` - // The relative path of the secret in the container. + // Path that is exported by the NFS server. // +kubebuilder:validation:Optional Path *string `json:"path" tf:"path,omitempty"` diff --git a/apis/composer/v1beta1/zz_environment_types.go b/apis/composer/v1beta1/zz_environment_types.go index 745ad62a6..a9854d473 100755 --- a/apis/composer/v1beta1/zz_environment_types.go +++ b/apis/composer/v1beta1/zz_environment_types.go @@ -69,7 +69,7 @@ type AllowedIPRangeParameters struct { type CidrBlocksInitParameters struct { - // `cidr_block< must be specified in CIDR notation. + // cidr_block must be specified in CIDR notation. CidrBlock *string `json:"cidrBlock,omitempty" tf:"cidr_block,omitempty"` // display_name is a field for users to identify CIDR blocks. @@ -78,7 +78,7 @@ type CidrBlocksInitParameters struct { type CidrBlocksObservation struct { - // `cidr_block< must be specified in CIDR notation. + // cidr_block must be specified in CIDR notation. CidrBlock *string `json:"cidrBlock,omitempty" tf:"cidr_block,omitempty"` // display_name is a field for users to identify CIDR blocks. @@ -87,7 +87,7 @@ type CidrBlocksObservation struct { type CidrBlocksParameters struct { - // `cidr_block< must be specified in CIDR notation. + // cidr_block must be specified in CIDR notation. // +kubebuilder:validation:Optional CidrBlock *string `json:"cidrBlock" tf:"cidr_block,omitempty"` @@ -98,6 +98,10 @@ type CidrBlocksParameters struct { type ConfigInitParameters struct { + // Configuration setting for airflow data rentention mechanism. Structure is + // documented below. + DataRetentionConfig []DataRetentionConfigInitParameters `json:"dataRetentionConfig,omitempty" tf:"data_retention_config,omitempty"` + // The configuration settings for Cloud SQL instance used internally // by Apache Airflow software. DatabaseConfig []DatabaseConfigInitParameters `json:"databaseConfig,omitempty" tf:"database_config,omitempty"` @@ -168,6 +172,10 @@ type ConfigObservation struct { // reside in a simulated directory with this prefix. DagGcsPrefix *string `json:"dagGcsPrefix,omitempty" tf:"dag_gcs_prefix,omitempty"` + // Configuration setting for airflow data rentention mechanism. Structure is + // documented below. + DataRetentionConfig []DataRetentionConfigObservation `json:"dataRetentionConfig,omitempty" tf:"data_retention_config,omitempty"` + // The configuration settings for Cloud SQL instance used internally // by Apache Airflow software. DatabaseConfig []DatabaseConfigObservation `json:"databaseConfig,omitempty" tf:"database_config,omitempty"` @@ -230,6 +238,11 @@ type ConfigObservation struct { type ConfigParameters struct { + // Configuration setting for airflow data rentention mechanism. Structure is + // documented below. + // +kubebuilder:validation:Optional + DataRetentionConfig []DataRetentionConfigParameters `json:"dataRetentionConfig,omitempty" tf:"data_retention_config,omitempty"` + // The configuration settings for Cloud SQL instance used internally // by Apache Airflow software. // +kubebuilder:validation:Optional @@ -301,6 +314,28 @@ type ConfigParameters struct { WorkloadsConfig []WorkloadsConfigParameters `json:"workloadsConfig,omitempty" tf:"workloads_config,omitempty"` } +type DataRetentionConfigInitParameters struct { + + // The configuration setting for Task Logs. Structure is + // documented below. + TaskLogsRetentionConfig []TaskLogsRetentionConfigInitParameters `json:"taskLogsRetentionConfig,omitempty" tf:"task_logs_retention_config,omitempty"` +} + +type DataRetentionConfigObservation struct { + + // The configuration setting for Task Logs. Structure is + // documented below. + TaskLogsRetentionConfig []TaskLogsRetentionConfigObservation `json:"taskLogsRetentionConfig,omitempty" tf:"task_logs_retention_config,omitempty"` +} + +type DataRetentionConfigParameters struct { + + // The configuration setting for Task Logs. Structure is + // documented below. + // +kubebuilder:validation:Optional + TaskLogsRetentionConfig []TaskLogsRetentionConfigParameters `json:"taskLogsRetentionConfig" tf:"task_logs_retention_config,omitempty"` +} + type DatabaseConfigInitParameters struct { // Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, @@ -308,6 +343,12 @@ type DatabaseConfigInitParameters struct { // Value custom is returned only in response, if Airflow web server parameters were // manually changed to a non-standard values. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + // The Compute Engine zone in which to deploy the VMs running the + // Apache Airflow software, specified as the zone name or + // relative resource name (e.g. "projects/{project}/zones/{zone}"). Must + // belong to the enclosing environment's project and region. + Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` } type DatabaseConfigObservation struct { @@ -317,6 +358,12 @@ type DatabaseConfigObservation struct { // Value custom is returned only in response, if Airflow web server parameters were // manually changed to a non-standard values. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + // The Compute Engine zone in which to deploy the VMs running the + // Apache Airflow software, specified as the zone name or + // relative resource name (e.g. "projects/{project}/zones/{zone}"). Must + // belong to the enclosing environment's project and region. + Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` } type DatabaseConfigParameters struct { @@ -326,7 +373,14 @@ type DatabaseConfigParameters struct { // Value custom is returned only in response, if Airflow web server parameters were // manually changed to a non-standard values. // +kubebuilder:validation:Optional - MachineType *string `json:"machineType" tf:"machine_type,omitempty"` + MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + // The Compute Engine zone in which to deploy the VMs running the + // Apache Airflow software, specified as the zone name or + // relative resource name (e.g. "projects/{project}/zones/{zone}"). Must + // belong to the enclosing environment's project and region. + // +kubebuilder:validation:Optional + Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` } type EncryptionConfigInitParameters struct { @@ -383,6 +437,9 @@ type EnvironmentInitParameters struct { // Selector for a Project in cloudplatform to populate project. // +kubebuilder:validation:Optional ProjectSelector *v1.Selector `json:"projectSelector,omitempty" tf:"-"` + + // Configuration options for storage used by Composer environment. Structure is documented below. + StorageConfig []StorageConfigInitParameters `json:"storageConfig,omitempty" tf:"storage_config,omitempty"` } type EnvironmentObservation struct { @@ -390,6 +447,9 @@ type EnvironmentObservation struct { // Configuration parameters for this environment Structure is documented below. Config []ConfigObservation `json:"config,omitempty" tf:"config,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{region}}/environments/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -411,6 +471,13 @@ type EnvironmentObservation struct { // The location or Compute Engine region for the environment. Region *string `json:"region,omitempty" tf:"region,omitempty"` + + // Configuration options for storage used by Composer environment. Structure is documented below. + StorageConfig []StorageConfigObservation `json:"storageConfig,omitempty" tf:"storage_config,omitempty"` + + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type EnvironmentParameters struct { @@ -449,6 +516,10 @@ type EnvironmentParameters struct { // The location or Compute Engine region for the environment. // +kubebuilder:validation:Required Region *string `json:"region" tf:"region,omitempty"` + + // Configuration options for storage used by Composer environment. Structure is documented below. + // +kubebuilder:validation:Optional + StorageConfig []StorageConfigParameters `json:"storageConfig,omitempty" tf:"storage_config,omitempty"` } type IPAllocationPolicyInitParameters struct { @@ -904,6 +975,10 @@ type PrivateEnvironmentConfigInitParameters struct { // The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block CloudSQLIPv4CidrBlock *string `json:"cloudSqlIpv4CidrBlock,omitempty" tf:"cloud_sql_ipv4_cidr_block,omitempty"` + // Mode of internal communication within the Composer environment. Must be one + // of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". + ConnectionType *string `json:"connectionType,omitempty" tf:"connection_type,omitempty"` + // If true, access to the public endpoint of the GKE cluster is denied. // If this field is set to true, the ip_allocation_policy.use_ip_aliases field must // also be set to true for Cloud Composer 1 environments. @@ -937,6 +1012,10 @@ type PrivateEnvironmentConfigObservation struct { // The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block CloudSQLIPv4CidrBlock *string `json:"cloudSqlIpv4CidrBlock,omitempty" tf:"cloud_sql_ipv4_cidr_block,omitempty"` + // Mode of internal communication within the Composer environment. Must be one + // of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". + ConnectionType *string `json:"connectionType,omitempty" tf:"connection_type,omitempty"` + // If true, access to the public endpoint of the GKE cluster is denied. // If this field is set to true, the ip_allocation_policy.use_ip_aliases field must // also be set to true for Cloud Composer 1 environments. @@ -973,6 +1052,11 @@ type PrivateEnvironmentConfigParameters struct { // +kubebuilder:validation:Optional CloudSQLIPv4CidrBlock *string `json:"cloudSqlIpv4CidrBlock,omitempty" tf:"cloud_sql_ipv4_cidr_block,omitempty"` + // Mode of internal communication within the Composer environment. Must be one + // of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". + // +kubebuilder:validation:Optional + ConnectionType *string `json:"connectionType,omitempty" tf:"connection_type,omitempty"` + // If true, access to the public endpoint of the GKE cluster is denied. // If this field is set to true, the ip_allocation_policy.use_ip_aliases field must // also be set to true for Cloud Composer 1 environments. @@ -1213,6 +1297,89 @@ type SoftwareConfigParameters struct { SchedulerCount *float64 `json:"schedulerCount,omitempty" tf:"scheduler_count,omitempty"` } +type StorageConfigInitParameters struct { + + // Name of an existing Cloud Storage bucket to be used by the environment. + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` +} + +type StorageConfigObservation struct { + + // Name of an existing Cloud Storage bucket to be used by the environment. + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` +} + +type StorageConfigParameters struct { + + // Name of an existing Cloud Storage bucket to be used by the environment. + // +kubebuilder:validation:Optional + Bucket *string `json:"bucket" tf:"bucket,omitempty"` +} + +type TaskLogsRetentionConfigInitParameters struct { + + // The mode of storage for Airflow workers task logs. Values for storage mode are + // CLOUD_LOGGING_ONLY to only store logs in cloud logging and + // CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + StorageMode *string `json:"storageMode,omitempty" tf:"storage_mode,omitempty"` +} + +type TaskLogsRetentionConfigObservation struct { + + // The mode of storage for Airflow workers task logs. Values for storage mode are + // CLOUD_LOGGING_ONLY to only store logs in cloud logging and + // CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + StorageMode *string `json:"storageMode,omitempty" tf:"storage_mode,omitempty"` +} + +type TaskLogsRetentionConfigParameters struct { + + // The mode of storage for Airflow workers task logs. Values for storage mode are + // CLOUD_LOGGING_ONLY to only store logs in cloud logging and + // CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + // +kubebuilder:validation:Optional + StorageMode *string `json:"storageMode,omitempty" tf:"storage_mode,omitempty"` +} + +type TriggererInitParameters struct { + + // The number of CPUs for a single Airflow worker. + CPU *float64 `json:"cpu,omitempty" tf:"cpu,omitempty"` + + // The number of Airflow triggerers. + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` + + // The amount of memory (GB) for a single Airflow worker. + MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` +} + +type TriggererObservation struct { + + // The number of CPUs for a single Airflow worker. + CPU *float64 `json:"cpu,omitempty" tf:"cpu,omitempty"` + + // The number of Airflow triggerers. + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` + + // The amount of memory (GB) for a single Airflow worker. + MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` +} + +type TriggererParameters struct { + + // The number of CPUs for a single Airflow worker. + // +kubebuilder:validation:Optional + CPU *float64 `json:"cpu" tf:"cpu,omitempty"` + + // The number of Airflow triggerers. + // +kubebuilder:validation:Optional + Count *float64 `json:"count" tf:"count,omitempty"` + + // The amount of memory (GB) for a single Airflow worker. + // +kubebuilder:validation:Optional + MemoryGb *float64 `json:"memoryGb" tf:"memory_gb,omitempty"` +} + type WebServerConfigInitParameters struct { // Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, @@ -1372,6 +1539,9 @@ type WorkloadsConfigInitParameters struct { // Configuration for resources used by Airflow schedulers. Scheduler []SchedulerInitParameters `json:"scheduler,omitempty" tf:"scheduler,omitempty"` + // Configuration for resources used by Airflow triggerer. + Triggerer []TriggererInitParameters `json:"triggerer,omitempty" tf:"triggerer,omitempty"` + // Configuration for resources used by Airflow web server. WebServer []WebServerInitParameters `json:"webServer,omitempty" tf:"web_server,omitempty"` @@ -1384,6 +1554,9 @@ type WorkloadsConfigObservation struct { // Configuration for resources used by Airflow schedulers. Scheduler []SchedulerObservation `json:"scheduler,omitempty" tf:"scheduler,omitempty"` + // Configuration for resources used by Airflow triggerer. + Triggerer []TriggererObservation `json:"triggerer,omitempty" tf:"triggerer,omitempty"` + // Configuration for resources used by Airflow web server. WebServer []WebServerObservation `json:"webServer,omitempty" tf:"web_server,omitempty"` @@ -1397,6 +1570,10 @@ type WorkloadsConfigParameters struct { // +kubebuilder:validation:Optional Scheduler []SchedulerParameters `json:"scheduler,omitempty" tf:"scheduler,omitempty"` + // Configuration for resources used by Airflow triggerer. + // +kubebuilder:validation:Optional + Triggerer []TriggererParameters `json:"triggerer,omitempty" tf:"triggerer,omitempty"` + // Configuration for resources used by Airflow web server. // +kubebuilder:validation:Optional WebServer []WebServerParameters `json:"webServer,omitempty" tf:"web_server,omitempty"` diff --git a/apis/composer/v1beta1/zz_generated.deepcopy.go b/apis/composer/v1beta1/zz_generated.deepcopy.go index fb55cdfe2..691eacd32 100644 --- a/apis/composer/v1beta1/zz_generated.deepcopy.go +++ b/apis/composer/v1beta1/zz_generated.deepcopy.go @@ -178,6 +178,13 @@ func (in *CidrBlocksParameters) DeepCopy() *CidrBlocksParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { *out = *in + if in.DataRetentionConfig != nil { + in, out := &in.DataRetentionConfig, &out.DataRetentionConfig + *out = make([]DataRetentionConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DatabaseConfig != nil { in, out := &in.DatabaseConfig, &out.DatabaseConfig *out = make([]DatabaseConfigInitParameters, len(*in)) @@ -295,6 +302,13 @@ func (in *ConfigObservation) DeepCopyInto(out *ConfigObservation) { *out = new(string) **out = **in } + if in.DataRetentionConfig != nil { + in, out := &in.DataRetentionConfig, &out.DataRetentionConfig + *out = make([]DataRetentionConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DatabaseConfig != nil { in, out := &in.DatabaseConfig, &out.DatabaseConfig *out = make([]DatabaseConfigObservation, len(*in)) @@ -407,6 +421,13 @@ func (in *ConfigObservation) DeepCopy() *ConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigParameters) DeepCopyInto(out *ConfigParameters) { *out = *in + if in.DataRetentionConfig != nil { + in, out := &in.DataRetentionConfig, &out.DataRetentionConfig + *out = make([]DataRetentionConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DatabaseConfig != nil { in, out := &in.DatabaseConfig, &out.DatabaseConfig *out = make([]DatabaseConfigParameters, len(*in)) @@ -511,6 +532,72 @@ func (in *ConfigParameters) DeepCopy() *ConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataRetentionConfigInitParameters) DeepCopyInto(out *DataRetentionConfigInitParameters) { + *out = *in + if in.TaskLogsRetentionConfig != nil { + in, out := &in.TaskLogsRetentionConfig, &out.TaskLogsRetentionConfig + *out = make([]TaskLogsRetentionConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataRetentionConfigInitParameters. +func (in *DataRetentionConfigInitParameters) DeepCopy() *DataRetentionConfigInitParameters { + if in == nil { + return nil + } + out := new(DataRetentionConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataRetentionConfigObservation) DeepCopyInto(out *DataRetentionConfigObservation) { + *out = *in + if in.TaskLogsRetentionConfig != nil { + in, out := &in.TaskLogsRetentionConfig, &out.TaskLogsRetentionConfig + *out = make([]TaskLogsRetentionConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataRetentionConfigObservation. +func (in *DataRetentionConfigObservation) DeepCopy() *DataRetentionConfigObservation { + if in == nil { + return nil + } + out := new(DataRetentionConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataRetentionConfigParameters) DeepCopyInto(out *DataRetentionConfigParameters) { + *out = *in + if in.TaskLogsRetentionConfig != nil { + in, out := &in.TaskLogsRetentionConfig, &out.TaskLogsRetentionConfig + *out = make([]TaskLogsRetentionConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataRetentionConfigParameters. +func (in *DataRetentionConfigParameters) DeepCopy() *DataRetentionConfigParameters { + if in == nil { + return nil + } + out := new(DataRetentionConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DatabaseConfigInitParameters) DeepCopyInto(out *DatabaseConfigInitParameters) { *out = *in @@ -519,6 +606,11 @@ func (in *DatabaseConfigInitParameters) DeepCopyInto(out *DatabaseConfigInitPara *out = new(string) **out = **in } + if in.Zone != nil { + in, out := &in.Zone, &out.Zone + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseConfigInitParameters. @@ -539,6 +631,11 @@ func (in *DatabaseConfigObservation) DeepCopyInto(out *DatabaseConfigObservation *out = new(string) **out = **in } + if in.Zone != nil { + in, out := &in.Zone, &out.Zone + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseConfigObservation. @@ -559,6 +656,11 @@ func (in *DatabaseConfigParameters) DeepCopyInto(out *DatabaseConfigParameters) *out = new(string) **out = **in } + if in.Zone != nil { + in, out := &in.Zone, &out.Zone + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseConfigParameters. @@ -699,6 +801,13 @@ func (in *EnvironmentInitParameters) DeepCopyInto(out *EnvironmentInitParameters *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.StorageConfig != nil { + in, out := &in.StorageConfig, &out.StorageConfig + *out = make([]StorageConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentInitParameters. @@ -753,6 +862,22 @@ func (in *EnvironmentObservation) DeepCopyInto(out *EnvironmentObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -784,6 +909,29 @@ func (in *EnvironmentObservation) DeepCopyInto(out *EnvironmentObservation) { *out = new(string) **out = **in } + if in.StorageConfig != nil { + in, out := &in.StorageConfig, &out.StorageConfig + *out = make([]StorageConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentObservation. @@ -842,6 +990,13 @@ func (in *EnvironmentParameters) DeepCopyInto(out *EnvironmentParameters) { *out = new(string) **out = **in } + if in.StorageConfig != nil { + in, out := &in.StorageConfig, &out.StorageConfig + *out = make([]StorageConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentParameters. @@ -1495,6 +1650,11 @@ func (in *PrivateEnvironmentConfigInitParameters) DeepCopyInto(out *PrivateEnvir *out = new(string) **out = **in } + if in.ConnectionType != nil { + in, out := &in.ConnectionType, &out.ConnectionType + *out = new(string) + **out = **in + } if in.EnablePrivateEndpoint != nil { in, out := &in.EnablePrivateEndpoint, &out.EnablePrivateEndpoint *out = new(bool) @@ -1545,6 +1705,11 @@ func (in *PrivateEnvironmentConfigObservation) DeepCopyInto(out *PrivateEnvironm *out = new(string) **out = **in } + if in.ConnectionType != nil { + in, out := &in.ConnectionType, &out.ConnectionType + *out = new(string) + **out = **in + } if in.EnablePrivateEndpoint != nil { in, out := &in.EnablePrivateEndpoint, &out.EnablePrivateEndpoint *out = new(bool) @@ -1595,6 +1760,11 @@ func (in *PrivateEnvironmentConfigParameters) DeepCopyInto(out *PrivateEnvironme *out = new(string) **out = **in } + if in.ConnectionType != nil { + in, out := &in.ConnectionType, &out.ConnectionType + *out = new(string) + **out = **in + } if in.EnablePrivateEndpoint != nil { in, out := &in.EnablePrivateEndpoint, &out.EnablePrivateEndpoint *out = new(bool) @@ -2137,6 +2307,216 @@ func (in *SoftwareConfigParameters) DeepCopy() *SoftwareConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageConfigInitParameters) DeepCopyInto(out *StorageConfigInitParameters) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageConfigInitParameters. +func (in *StorageConfigInitParameters) DeepCopy() *StorageConfigInitParameters { + if in == nil { + return nil + } + out := new(StorageConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageConfigObservation) DeepCopyInto(out *StorageConfigObservation) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageConfigObservation. +func (in *StorageConfigObservation) DeepCopy() *StorageConfigObservation { + if in == nil { + return nil + } + out := new(StorageConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageConfigParameters) DeepCopyInto(out *StorageConfigParameters) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageConfigParameters. +func (in *StorageConfigParameters) DeepCopy() *StorageConfigParameters { + if in == nil { + return nil + } + out := new(StorageConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TaskLogsRetentionConfigInitParameters) DeepCopyInto(out *TaskLogsRetentionConfigInitParameters) { + *out = *in + if in.StorageMode != nil { + in, out := &in.StorageMode, &out.StorageMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TaskLogsRetentionConfigInitParameters. +func (in *TaskLogsRetentionConfigInitParameters) DeepCopy() *TaskLogsRetentionConfigInitParameters { + if in == nil { + return nil + } + out := new(TaskLogsRetentionConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TaskLogsRetentionConfigObservation) DeepCopyInto(out *TaskLogsRetentionConfigObservation) { + *out = *in + if in.StorageMode != nil { + in, out := &in.StorageMode, &out.StorageMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TaskLogsRetentionConfigObservation. +func (in *TaskLogsRetentionConfigObservation) DeepCopy() *TaskLogsRetentionConfigObservation { + if in == nil { + return nil + } + out := new(TaskLogsRetentionConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TaskLogsRetentionConfigParameters) DeepCopyInto(out *TaskLogsRetentionConfigParameters) { + *out = *in + if in.StorageMode != nil { + in, out := &in.StorageMode, &out.StorageMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TaskLogsRetentionConfigParameters. +func (in *TaskLogsRetentionConfigParameters) DeepCopy() *TaskLogsRetentionConfigParameters { + if in == nil { + return nil + } + out := new(TaskLogsRetentionConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggererInitParameters) DeepCopyInto(out *TriggererInitParameters) { + *out = *in + if in.CPU != nil { + in, out := &in.CPU, &out.CPU + *out = new(float64) + **out = **in + } + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } + if in.MemoryGb != nil { + in, out := &in.MemoryGb, &out.MemoryGb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggererInitParameters. +func (in *TriggererInitParameters) DeepCopy() *TriggererInitParameters { + if in == nil { + return nil + } + out := new(TriggererInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggererObservation) DeepCopyInto(out *TriggererObservation) { + *out = *in + if in.CPU != nil { + in, out := &in.CPU, &out.CPU + *out = new(float64) + **out = **in + } + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } + if in.MemoryGb != nil { + in, out := &in.MemoryGb, &out.MemoryGb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggererObservation. +func (in *TriggererObservation) DeepCopy() *TriggererObservation { + if in == nil { + return nil + } + out := new(TriggererObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggererParameters) DeepCopyInto(out *TriggererParameters) { + *out = *in + if in.CPU != nil { + in, out := &in.CPU, &out.CPU + *out = new(float64) + **out = **in + } + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } + if in.MemoryGb != nil { + in, out := &in.MemoryGb, &out.MemoryGb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggererParameters. +func (in *TriggererParameters) DeepCopy() *TriggererParameters { + if in == nil { + return nil + } + out := new(TriggererParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebServerConfigInitParameters) DeepCopyInto(out *WebServerConfigInitParameters) { *out = *in @@ -2483,6 +2863,13 @@ func (in *WorkloadsConfigInitParameters) DeepCopyInto(out *WorkloadsConfigInitPa (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Triggerer != nil { + in, out := &in.Triggerer, &out.Triggerer + *out = make([]TriggererInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.WebServer != nil { in, out := &in.WebServer, &out.WebServer *out = make([]WebServerInitParameters, len(*in)) @@ -2519,6 +2906,13 @@ func (in *WorkloadsConfigObservation) DeepCopyInto(out *WorkloadsConfigObservati (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Triggerer != nil { + in, out := &in.Triggerer, &out.Triggerer + *out = make([]TriggererObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.WebServer != nil { in, out := &in.WebServer, &out.WebServer *out = make([]WebServerObservation, len(*in)) @@ -2555,6 +2949,13 @@ func (in *WorkloadsConfigParameters) DeepCopyInto(out *WorkloadsConfigParameters (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Triggerer != nil { + in, out := &in.Triggerer, &out.Triggerer + *out = make([]TriggererParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.WebServer != nil { in, out := &in.WebServer, &out.WebServer *out = make([]WebServerParameters, len(*in)) diff --git a/apis/compute/v1beta1/zz_address_types.go b/apis/compute/v1beta1/zz_address_types.go index e7bfc70ef..1037b1067 100755 --- a/apis/compute/v1beta1/zz_address_types.go +++ b/apis/compute/v1beta1/zz_address_types.go @@ -55,6 +55,10 @@ type AddressInitParameters struct { // Possible values are: VM, NETLB. IPv6EndpointType *string `json:"ipv6EndpointType,omitempty" tf:"ipv6_endpoint_type,omitempty"` + // Labels to apply to this address. A list of key->value pairs. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // The URL of the network in which to reserve the address. This field // can only be used with INTERNAL type with the VPC_PEERING and // IPSEC_INTERCONNECT purposes. @@ -122,6 +126,10 @@ type AddressObservation struct { // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/addresses/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -135,6 +143,14 @@ type AddressObservation struct { // Possible values are: VM, NETLB. IPv6EndpointType *string `json:"ipv6EndpointType,omitempty" tf:"ipv6_endpoint_type,omitempty"` + // The fingerprint used for optimistic locking of this resource. Used + // internally during updates. + LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` + + // Labels to apply to this address. A list of key->value pairs. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // The URL of the network in which to reserve the address. This field // can only be used with INTERNAL type with the VPC_PEERING and // IPSEC_INTERCONNECT purposes. @@ -169,6 +185,11 @@ type AddressObservation struct { // GCE_ENDPOINT/DNS_RESOLVER purposes. Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The URLs of the resources that are using this address. Users []*string `json:"users,omitempty" tf:"users,omitempty"` } @@ -204,6 +225,11 @@ type AddressParameters struct { // +kubebuilder:validation:Optional IPv6EndpointType *string `json:"ipv6EndpointType,omitempty" tf:"ipv6_endpoint_type,omitempty"` + // Labels to apply to this address. A list of key->value pairs. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // The URL of the network in which to reserve the address. This field // can only be used with INTERNAL type with the VPC_PEERING and // IPSEC_INTERCONNECT purposes. diff --git a/apis/compute/v1beta1/zz_autoscaler_types.go b/apis/compute/v1beta1/zz_autoscaler_types.go index 6d9f8e53e..acd7f722d 100755 --- a/apis/compute/v1beta1/zz_autoscaler_types.go +++ b/apis/compute/v1beta1/zz_autoscaler_types.go @@ -172,8 +172,6 @@ type AutoscalingPolicyInitParameters struct { MinReplicas *float64 `json:"minReplicas,omitempty" tf:"min_replicas,omitempty"` // Defines operating mode for this policy. - // Default value is ON. - // Possible values are: OFF, ONLY_UP, ON. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` // Defines scale in controls to reduce the risk of response latency @@ -226,8 +224,6 @@ type AutoscalingPolicyObservation struct { MinReplicas *float64 `json:"minReplicas,omitempty" tf:"min_replicas,omitempty"` // Defines operating mode for this policy. - // Default value is ON. - // Possible values are: OFF, ONLY_UP, ON. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` // Defines scale in controls to reduce the risk of response latency @@ -286,8 +282,6 @@ type AutoscalingPolicyParameters struct { MinReplicas *float64 `json:"minReplicas" tf:"min_replicas,omitempty"` // Defines operating mode for this policy. - // Default value is ON. - // Possible values are: OFF, ONLY_UP, ON. // +kubebuilder:validation:Optional Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` diff --git a/apis/compute/v1beta1/zz_backendservice_types.go b/apis/compute/v1beta1/zz_backendservice_types.go index 5fb21b60e..c9f3452a0 100755 --- a/apis/compute/v1beta1/zz_backendservice_types.go +++ b/apis/compute/v1beta1/zz_backendservice_types.go @@ -566,7 +566,7 @@ type BackendServiceInitParameters struct { // load balancing cannot be used with the other. For more information, refer to // Choosing a load balancer. // Default value is EXTERNAL. - // Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + // Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. LoadBalancingScheme *string `json:"loadBalancingScheme,omitempty" tf:"load_balancing_scheme,omitempty"` // A list of locality load balancing policies to be used in order of @@ -588,8 +588,8 @@ type BackendServiceInitParameters struct { LogConfig []LogConfigInitParameters `json:"logConfig,omitempty" tf:"log_config,omitempty"` // Settings controlling eviction of unhealthy hosts from the load balancing pool. - // This field is applicable only when the load_balancing_scheme is set - // to INTERNAL_SELF_MANAGED. + // Applicable backend service types can be a global backend service with the + // loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. // Structure is documented below. OutlierDetection []OutlierDetectionInitParameters `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -604,8 +604,10 @@ type BackendServiceInitParameters struct { // The protocol this BackendService uses to communicate with backends. // The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - // types and may result in errors if used with the GA API. - // Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + // types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + // the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + // with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + // Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. Protocol *string `json:"protocol,omitempty" tf:"protocol,omitempty"` // The security policy associated with this backend service. @@ -719,7 +721,7 @@ type BackendServiceObservation struct { // load balancing cannot be used with the other. For more information, refer to // Choosing a load balancer. // Default value is EXTERNAL. - // Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + // Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. LoadBalancingScheme *string `json:"loadBalancingScheme,omitempty" tf:"load_balancing_scheme,omitempty"` // A list of locality load balancing policies to be used in order of @@ -741,8 +743,8 @@ type BackendServiceObservation struct { LogConfig []LogConfigObservation `json:"logConfig,omitempty" tf:"log_config,omitempty"` // Settings controlling eviction of unhealthy hosts from the load balancing pool. - // This field is applicable only when the load_balancing_scheme is set - // to INTERNAL_SELF_MANAGED. + // Applicable backend service types can be a global backend service with the + // loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. // Structure is documented below. OutlierDetection []OutlierDetectionObservation `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -757,8 +759,10 @@ type BackendServiceObservation struct { // The protocol this BackendService uses to communicate with backends. // The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - // types and may result in errors if used with the GA API. - // Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + // types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + // the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + // with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + // Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. Protocol *string `json:"protocol,omitempty" tf:"protocol,omitempty"` // The security policy associated with this backend service. @@ -886,7 +890,7 @@ type BackendServiceParameters struct { // load balancing cannot be used with the other. For more information, refer to // Choosing a load balancer. // Default value is EXTERNAL. - // Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + // Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. // +kubebuilder:validation:Optional LoadBalancingScheme *string `json:"loadBalancingScheme,omitempty" tf:"load_balancing_scheme,omitempty"` @@ -912,8 +916,8 @@ type BackendServiceParameters struct { LogConfig []LogConfigParameters `json:"logConfig,omitempty" tf:"log_config,omitempty"` // Settings controlling eviction of unhealthy hosts from the load balancing pool. - // This field is applicable only when the load_balancing_scheme is set - // to INTERNAL_SELF_MANAGED. + // Applicable backend service types can be a global backend service with the + // loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. // Structure is documented below. // +kubebuilder:validation:Optional OutlierDetection []OutlierDetectionParameters `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -931,8 +935,10 @@ type BackendServiceParameters struct { // The protocol this BackendService uses to communicate with backends. // The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - // types and may result in errors if used with the GA API. - // Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + // types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + // the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + // with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + // Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. // +kubebuilder:validation:Optional Protocol *string `json:"protocol,omitempty" tf:"protocol,omitempty"` diff --git a/apis/compute/v1beta1/zz_disk_types.go b/apis/compute/v1beta1/zz_disk_types.go index fb9e8cd22..9df1f9b9b 100755 --- a/apis/compute/v1beta1/zz_disk_types.go +++ b/apis/compute/v1beta1/zz_disk_types.go @@ -152,6 +152,10 @@ type DiskInitParameters struct { // Structure is documented below. DiskEncryptionKey []DiskEncryptionKeyInitParameters `json:"diskEncryptionKey,omitempty" tf:"disk_encryption_key,omitempty"` + // Whether this disk is using confidential compute mode. + // Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // A list of features to enable on the guest operating system. // Applicable only for bootable disks. // Structure is documented below. @@ -258,6 +262,17 @@ type DiskObservation struct { // Structure is documented below. DiskEncryptionKey []DiskEncryptionKeyObservation `json:"diskEncryptionKey,omitempty" tf:"disk_encryption_key,omitempty"` + // The unique identifier for the resource. This identifier is defined by the server. + DiskID *string `json:"diskId,omitempty" tf:"disk_id,omitempty"` + + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + + // Whether this disk is using confidential compute mode. + // Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // A list of features to enable on the guest operating system. // Applicable only for bootable disks. // Structure is documented below. @@ -370,6 +385,11 @@ type DiskObservation struct { // used. SourceSnapshotID *string `json:"sourceSnapshotId,omitempty" tf:"source_snapshot_id,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // URL of the disk type resource describing which disk type to use to // create the disk. Provide this when creating the disk. Type *string `json:"type,omitempty" tf:"type,omitempty"` @@ -407,6 +427,11 @@ type DiskParameters struct { // +kubebuilder:validation:Optional DiskEncryptionKey []DiskEncryptionKeyParameters `json:"diskEncryptionKey,omitempty" tf:"disk_encryption_key,omitempty"` + // Whether this disk is using confidential compute mode. + // Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + // +kubebuilder:validation:Optional + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // A list of features to enable on the guest operating system. // Applicable only for bootable disks. // Structure is documented below. diff --git a/apis/compute/v1beta1/zz_externalvpngateway_types.go b/apis/compute/v1beta1/zz_externalvpngateway_types.go index 8b7bde795..96c1d716d 100755 --- a/apis/compute/v1beta1/zz_externalvpngateway_types.go +++ b/apis/compute/v1beta1/zz_externalvpngateway_types.go @@ -39,6 +39,8 @@ type ExternalVPNGatewayInitParameters struct { Interface []InterfaceInitParameters `json:"interface,omitempty" tf:"interface,omitempty"` // Labels for the external VPN gateway resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -56,6 +58,9 @@ type ExternalVPNGatewayObservation struct { // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/global/externalVpnGateways/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -68,6 +73,8 @@ type ExternalVPNGatewayObservation struct { LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` // Labels for the external VPN gateway resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -81,6 +88,11 @@ type ExternalVPNGatewayObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ExternalVPNGatewayParameters struct { @@ -95,6 +107,8 @@ type ExternalVPNGatewayParameters struct { Interface []InterfaceParameters `json:"interface,omitempty" tf:"interface,omitempty"` // Labels for the external VPN gateway resource. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/compute/v1beta1/zz_forwardingrule_types.go b/apis/compute/v1beta1/zz_forwardingrule_types.go index 97d33e6e9..2b1cc1688 100755 --- a/apis/compute/v1beta1/zz_forwardingrule_types.go +++ b/apis/compute/v1beta1/zz_forwardingrule_types.go @@ -31,7 +31,10 @@ import ( type ForwardingRuleInitParameters struct { - // This field can only be used: + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The allPorts field has the following limitations: AllPorts *bool `json:"allPorts,omitempty" tf:"all_ports,omitempty"` // This field is used along with the backend_service field for @@ -90,9 +93,18 @@ type ForwardingRuleInitParameters struct { // The valid IP protocols are different for different load balancing products // as described in Load balancing // features. + // A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + // backend service with UNSPECIFIED protocol. + // A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. // Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` + // The IP address version that will be used by this forwarding rule. + // Valid options are IPV4 and IPV6. + // If not set, the IPv4 address will be used by default. + // Possible values are: IPV4, IPV6. + IPVersion *string `json:"ipVersion,omitempty" tf:"ip_version,omitempty"` + // Indicates whether or not this load balancer can be used as a collector for // packet mirroring. To prevent mirroring loops, instances behind this // load balancer will not have their traffic mirrored even if a @@ -147,16 +159,16 @@ type ForwardingRuleInitParameters struct { // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` - // This field can only be used: + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The portRange field has the following limitations: PortRange *string `json:"portRange,omitempty" tf:"port_range,omitempty"` - // and port_range fields are mutually exclusive. - // For external forwarding rules, two or more forwarding rules cannot use the - // same [IPAddress, IPProtocol] pair, and cannot have - // overlapping portRanges. - // For internal forwarding rules within the same VPC network, two or more - // forwarding rules cannot use the same [IPAddress, IPProtocol] - // pair, and cannot have overlapping portRanges. + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The ports field has the following limitations: // +listType=set Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -164,6 +176,9 @@ type ForwardingRuleInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // this is used in psc consumer forwardingrule to make provider recreate the forwardingrule when the status is closed + RecreateClosedPsc *bool `json:"recreateClosedPsc,omitempty" tf:"recreate_closed_psc,omitempty"` + // Service Directory resources to register this forwarding rule with. // Currently, only supports a single Service Directory resource. // Structure is documented below. @@ -220,7 +235,10 @@ type ForwardingRuleInitParameters struct { type ForwardingRuleObservation struct { - // This field can only be used: + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The allPorts field has the following limitations: AllPorts *bool `json:"allPorts,omitempty" tf:"all_ports,omitempty"` // This field is used along with the backend_service field for @@ -250,6 +268,10 @@ type ForwardingRuleObservation struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -268,9 +290,18 @@ type ForwardingRuleObservation struct { // The valid IP protocols are different for different load balancing products // as described in Load balancing // features. + // A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + // backend service with UNSPECIFIED protocol. + // A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. // Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` + // The IP address version that will be used by this forwarding rule. + // Valid options are IPV4 and IPV6. + // If not set, the IPv4 address will be used by default. + // Possible values are: IPV4, IPV6. + IPVersion *string `json:"ipVersion,omitempty" tf:"ip_version,omitempty"` + // Indicates whether or not this load balancer can be used as a collector for // packet mirroring. To prevent mirroring loops, instances behind this // load balancer will not have their traffic mirrored even if a @@ -319,16 +350,16 @@ type ForwardingRuleObservation struct { // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` - // This field can only be used: + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The portRange field has the following limitations: PortRange *string `json:"portRange,omitempty" tf:"port_range,omitempty"` - // and port_range fields are mutually exclusive. - // For external forwarding rules, two or more forwarding rules cannot use the - // same [IPAddress, IPProtocol] pair, and cannot have - // overlapping portRanges. - // For internal forwarding rules within the same VPC network, two or more - // forwarding rules cannot use the same [IPAddress, IPProtocol] - // pair, and cannot have overlapping portRanges. + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The ports field has the following limitations: // +listType=set Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -342,6 +373,9 @@ type ForwardingRuleObservation struct { // The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED PscConnectionStatus *string `json:"pscConnectionStatus,omitempty" tf:"psc_connection_status,omitempty"` + // this is used in psc consumer forwardingrule to make provider recreate the forwardingrule when the status is closed + RecreateClosedPsc *bool `json:"recreateClosedPsc,omitempty" tf:"recreate_closed_psc,omitempty"` + // A reference to the region where the regional forwarding rule resides. // This field is not applicable to global forwarding rules. Region *string `json:"region,omitempty" tf:"region,omitempty"` @@ -385,11 +419,19 @@ type ForwardingRuleObservation struct { // validateForProxyless is set to true, the // IPAddress should be set to 0.0.0.0. Target *string `json:"target,omitempty" tf:"target,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ForwardingRuleParameters struct { - // This field can only be used: + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The allPorts field has the following limitations: // +kubebuilder:validation:Optional AllPorts *bool `json:"allPorts,omitempty" tf:"all_ports,omitempty"` @@ -454,10 +496,20 @@ type ForwardingRuleParameters struct { // The valid IP protocols are different for different load balancing products // as described in Load balancing // features. + // A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + // backend service with UNSPECIFIED protocol. + // A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. // Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. // +kubebuilder:validation:Optional IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` + // The IP address version that will be used by this forwarding rule. + // Valid options are IPV4 and IPV6. + // If not set, the IPv4 address will be used by default. + // Possible values are: IPV4, IPV6. + // +kubebuilder:validation:Optional + IPVersion *string `json:"ipVersion,omitempty" tf:"ip_version,omitempty"` + // Indicates whether or not this load balancer can be used as a collector for // packet mirroring. To prevent mirroring loops, instances behind this // load balancer will not have their traffic mirrored even if a @@ -518,17 +570,17 @@ type ForwardingRuleParameters struct { // +kubebuilder:validation:Optional NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` - // This field can only be used: + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The portRange field has the following limitations: // +kubebuilder:validation:Optional PortRange *string `json:"portRange,omitempty" tf:"port_range,omitempty"` - // and port_range fields are mutually exclusive. - // For external forwarding rules, two or more forwarding rules cannot use the - // same [IPAddress, IPProtocol] pair, and cannot have - // overlapping portRanges. - // For internal forwarding rules within the same VPC network, two or more - // forwarding rules cannot use the same [IPAddress, IPProtocol] - // pair, and cannot have overlapping portRanges. + // The ports, portRange, and allPorts fields are mutually exclusive. + // Only packets addressed to ports in the specified range will be forwarded + // to the backends configured with this forwarding rule. + // The ports field has the following limitations: // +kubebuilder:validation:Optional // +listType=set Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -538,6 +590,10 @@ type ForwardingRuleParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // this is used in psc consumer forwardingrule to make provider recreate the forwardingrule when the status is closed + // +kubebuilder:validation:Optional + RecreateClosedPsc *bool `json:"recreateClosedPsc,omitempty" tf:"recreate_closed_psc,omitempty"` + // A reference to the region where the regional forwarding rule resides. // This field is not applicable to global forwarding rules. // +kubebuilder:validation:Required diff --git a/apis/compute/v1beta1/zz_generated.deepcopy.go b/apis/compute/v1beta1/zz_generated.deepcopy.go index 5b6327519..5b127a942 100644 --- a/apis/compute/v1beta1/zz_generated.deepcopy.go +++ b/apis/compute/v1beta1/zz_generated.deepcopy.go @@ -422,6 +422,22 @@ func (in *AddressInitParameters) DeepCopyInto(out *AddressInitParameters) { *out = new(string) **out = **in } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -539,6 +555,22 @@ func (in *AddressObservation) DeepCopyInto(out *AddressObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -554,6 +586,27 @@ func (in *AddressObservation) DeepCopyInto(out *AddressObservation) { *out = new(string) **out = **in } + if in.LabelFingerprint != nil { + in, out := &in.LabelFingerprint, &out.LabelFingerprint + *out = new(string) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -594,6 +647,22 @@ func (in *AddressObservation) DeepCopyInto(out *AddressObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Users != nil { in, out := &in.Users, &out.Users *out = make([]*string, len(*in)) @@ -645,6 +714,22 @@ func (in *AddressParameters) DeepCopyInto(out *AddressParameters) { *out = new(string) **out = **in } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -857,6 +942,17 @@ func (in *AdvancedOptionsConfigInitParameters) DeepCopyInto(out *AdvancedOptions *out = new(string) **out = **in } + if in.UserIPRequestHeaders != nil { + in, out := &in.UserIPRequestHeaders, &out.UserIPRequestHeaders + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedOptionsConfigInitParameters. @@ -889,6 +985,17 @@ func (in *AdvancedOptionsConfigObservation) DeepCopyInto(out *AdvancedOptionsCon *out = new(string) **out = **in } + if in.UserIPRequestHeaders != nil { + in, out := &in.UserIPRequestHeaders, &out.UserIPRequestHeaders + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedOptionsConfigObservation. @@ -921,6 +1028,17 @@ func (in *AdvancedOptionsConfigParameters) DeepCopyInto(out *AdvancedOptionsConf *out = new(string) **out = **in } + if in.UserIPRequestHeaders != nil { + in, out := &in.UserIPRequestHeaders, &out.UserIPRequestHeaders + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedOptionsConfigParameters. @@ -1083,6 +1201,147 @@ func (in *AliasIPRangeParameters) DeepCopy() *AliasIPRangeParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllInstancesConfigInitParameters) DeepCopyInto(out *AllInstancesConfigInitParameters) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllInstancesConfigInitParameters. +func (in *AllInstancesConfigInitParameters) DeepCopy() *AllInstancesConfigInitParameters { + if in == nil { + return nil + } + out := new(AllInstancesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllInstancesConfigObservation) DeepCopyInto(out *AllInstancesConfigObservation) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllInstancesConfigObservation. +func (in *AllInstancesConfigObservation) DeepCopy() *AllInstancesConfigObservation { + if in == nil { + return nil + } + out := new(AllInstancesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllInstancesConfigParameters) DeepCopyInto(out *AllInstancesConfigParameters) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllInstancesConfigParameters. +func (in *AllInstancesConfigParameters) DeepCopy() *AllInstancesConfigParameters { + if in == nil { + return nil + } + out := new(AllInstancesConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AllowInitParameters) DeepCopyInto(out *AllowInitParameters) { *out = *in @@ -4967,6 +5226,11 @@ func (in *BootDiskInitParameters) DeepCopy() *BootDiskInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootDiskInitializeParamsInitParameters) DeepCopyInto(out *BootDiskInitializeParamsInitParameters) { *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(string) @@ -4979,6 +5243,16 @@ func (in *BootDiskInitializeParamsInitParameters) DeepCopyInto(out *BootDiskInit (*out)[key] = val } } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -5020,6 +5294,11 @@ func (in *BootDiskInitializeParamsInitParameters) DeepCopy() *BootDiskInitialize // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootDiskInitializeParamsObservation) DeepCopyInto(out *BootDiskInitializeParamsObservation) { *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(string) @@ -5032,6 +5311,16 @@ func (in *BootDiskInitializeParamsObservation) DeepCopyInto(out *BootDiskInitial (*out)[key] = val } } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -5073,6 +5362,11 @@ func (in *BootDiskInitializeParamsObservation) DeepCopy() *BootDiskInitializePar // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootDiskInitializeParamsParameters) DeepCopyInto(out *BootDiskInitializeParamsParameters) { *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(string) @@ -5085,6 +5379,16 @@ func (in *BootDiskInitializeParamsParameters) DeepCopyInto(out *BootDiskInitiali (*out)[key] = val } } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -9994,6 +10298,11 @@ func (in *DiskInitParameters) DeepCopyInto(out *DiskInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.GuestOsFeatures != nil { in, out := &in.GuestOsFeatures, &out.GuestOsFeatures *out = make([]GuestOsFeaturesInitParameters, len(*in)) @@ -10158,6 +10467,32 @@ func (in *DiskObservation) DeepCopyInto(out *DiskObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DiskID != nil { + in, out := &in.DiskID, &out.DiskID + *out = new(string) + **out = **in + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.GuestOsFeatures != nil { in, out := &in.GuestOsFeatures, &out.GuestOsFeatures *out = make([]GuestOsFeaturesObservation, len(*in)) @@ -10286,6 +10621,22 @@ func (in *DiskObservation) DeepCopyInto(out *DiskObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -10341,6 +10692,11 @@ func (in *DiskParameters) DeepCopyInto(out *DiskParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.GuestOsFeatures != nil { in, out := &in.GuestOsFeatures, &out.GuestOsFeatures *out = make([]GuestOsFeaturesParameters, len(*in)) @@ -11015,6 +11371,162 @@ func (in *ExprParameters) DeepCopy() *ExprParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPIPAddressInitParameters) DeepCopyInto(out *ExternalIPIPAddressInitParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPIPAddressInitParameters. +func (in *ExternalIPIPAddressInitParameters) DeepCopy() *ExternalIPIPAddressInitParameters { + if in == nil { + return nil + } + out := new(ExternalIPIPAddressInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPIPAddressObservation) DeepCopyInto(out *ExternalIPIPAddressObservation) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPIPAddressObservation. +func (in *ExternalIPIPAddressObservation) DeepCopy() *ExternalIPIPAddressObservation { + if in == nil { + return nil + } + out := new(ExternalIPIPAddressObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPIPAddressParameters) DeepCopyInto(out *ExternalIPIPAddressParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPIPAddressParameters. +func (in *ExternalIPIPAddressParameters) DeepCopy() *ExternalIPIPAddressParameters { + if in == nil { + return nil + } + out := new(ExternalIPIPAddressParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPInitParameters) DeepCopyInto(out *ExternalIPInitParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]IPAddressInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPInitParameters. +func (in *ExternalIPInitParameters) DeepCopy() *ExternalIPInitParameters { + if in == nil { + return nil + } + out := new(ExternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPObservation) DeepCopyInto(out *ExternalIPObservation) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]IPAddressObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPObservation. +func (in *ExternalIPObservation) DeepCopy() *ExternalIPObservation { + if in == nil { + return nil + } + out := new(ExternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPParameters) DeepCopyInto(out *ExternalIPParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]IPAddressParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPParameters. +func (in *ExternalIPParameters) DeepCopy() *ExternalIPParameters { + if in == nil { + return nil + } + out := new(ExternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExternalVPNGateway) DeepCopyInto(out *ExternalVPNGateway) { *out = *in @@ -11135,6 +11647,22 @@ func (in *ExternalVPNGatewayObservation) DeepCopyInto(out *ExternalVPNGatewayObs *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -11183,6 +11711,22 @@ func (in *ExternalVPNGatewayObservation) DeepCopyInto(out *ExternalVPNGatewayObs *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalVPNGatewayObservation. @@ -13476,6 +14020,11 @@ func (in *ForwardingRuleInitParameters) DeepCopyInto(out *ForwardingRuleInitPara *out = new(string) **out = **in } + if in.IPVersion != nil { + in, out := &in.IPVersion, &out.IPVersion + *out = new(string) + **out = **in + } if in.IsMirroringCollector != nil { in, out := &in.IsMirroringCollector, &out.IsMirroringCollector *out = new(bool) @@ -13548,6 +14097,11 @@ func (in *ForwardingRuleInitParameters) DeepCopyInto(out *ForwardingRuleInitPara *out = new(string) **out = **in } + if in.RecreateClosedPsc != nil { + in, out := &in.RecreateClosedPsc, &out.RecreateClosedPsc + *out = new(bool) + **out = **in + } if in.ServiceDirectoryRegistrations != nil { in, out := &in.ServiceDirectoryRegistrations, &out.ServiceDirectoryRegistrations *out = make([]ServiceDirectoryRegistrationsInitParameters, len(*in)) @@ -13683,6 +14237,22 @@ func (in *ForwardingRuleObservation) DeepCopyInto(out *ForwardingRuleObservation *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -13698,6 +14268,11 @@ func (in *ForwardingRuleObservation) DeepCopyInto(out *ForwardingRuleObservation *out = new(string) **out = **in } + if in.IPVersion != nil { + in, out := &in.IPVersion, &out.IPVersion + *out = new(string) + **out = **in + } if in.IsMirroringCollector != nil { in, out := &in.IsMirroringCollector, &out.IsMirroringCollector *out = new(bool) @@ -13775,6 +14350,11 @@ func (in *ForwardingRuleObservation) DeepCopyInto(out *ForwardingRuleObservation *out = new(string) **out = **in } + if in.RecreateClosedPsc != nil { + in, out := &in.RecreateClosedPsc, &out.RecreateClosedPsc + *out = new(bool) + **out = **in + } if in.Region != nil { in, out := &in.Region, &out.Region *out = new(string) @@ -13823,6 +14403,22 @@ func (in *ForwardingRuleObservation) DeepCopyInto(out *ForwardingRuleObservation *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForwardingRuleObservation. @@ -13893,6 +14489,11 @@ func (in *ForwardingRuleParameters) DeepCopyInto(out *ForwardingRuleParameters) *out = new(string) **out = **in } + if in.IPVersion != nil { + in, out := &in.IPVersion, &out.IPVersion + *out = new(string) + **out = **in + } if in.IsMirroringCollector != nil { in, out := &in.IsMirroringCollector, &out.IsMirroringCollector *out = new(bool) @@ -13965,6 +14566,11 @@ func (in *ForwardingRuleParameters) DeepCopyInto(out *ForwardingRuleParameters) *out = new(string) **out = **in } + if in.RecreateClosedPsc != nil { + in, out := &in.RecreateClosedPsc, &out.RecreateClosedPsc + *out = new(bool) + **out = **in + } if in.Region != nil { in, out := &in.Region, &out.Region *out = new(string) @@ -14597,6 +15203,13 @@ func (in *GlobalForwardingRuleInitParameters) DeepCopyInto(out *GlobalForwarding *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.ServiceDirectoryRegistrations != nil { + in, out := &in.ServiceDirectoryRegistrations, &out.ServiceDirectoryRegistrations + *out = make([]GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.SourceIPRanges != nil { in, out := &in.SourceIPRanges, &out.SourceIPRanges *out = make([]*string, len(*in)) @@ -14608,6 +15221,21 @@ func (in *GlobalForwardingRuleInitParameters) DeepCopyInto(out *GlobalForwarding } } } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.SubnetworkRef != nil { + in, out := &in.SubnetworkRef, &out.SubnetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SubnetworkSelector != nil { + in, out := &in.SubnetworkSelector, &out.SubnetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Target != nil { in, out := &in.Target, &out.Target *out = new(string) @@ -14680,6 +15308,22 @@ func (in *GlobalForwardingRuleObservation) DeepCopyInto(out *GlobalForwardingRul *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -14768,6 +15412,13 @@ func (in *GlobalForwardingRuleObservation) DeepCopyInto(out *GlobalForwardingRul *out = new(string) **out = **in } + if in.ServiceDirectoryRegistrations != nil { + in, out := &in.ServiceDirectoryRegistrations, &out.ServiceDirectoryRegistrations + *out = make([]GlobalForwardingRuleServiceDirectoryRegistrationsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.SourceIPRanges != nil { in, out := &in.SourceIPRanges, &out.SourceIPRanges *out = make([]*string, len(*in)) @@ -14779,11 +15430,32 @@ func (in *GlobalForwardingRuleObservation) DeepCopyInto(out *GlobalForwardingRul } } } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } if in.Target != nil { in, out := &in.Target, &out.Target *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalForwardingRuleObservation. @@ -14897,6 +15569,13 @@ func (in *GlobalForwardingRuleParameters) DeepCopyInto(out *GlobalForwardingRule *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.ServiceDirectoryRegistrations != nil { + in, out := &in.ServiceDirectoryRegistrations, &out.ServiceDirectoryRegistrations + *out = make([]GlobalForwardingRuleServiceDirectoryRegistrationsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.SourceIPRanges != nil { in, out := &in.SourceIPRanges, &out.SourceIPRanges *out = make([]*string, len(*in)) @@ -14908,6 +15587,21 @@ func (in *GlobalForwardingRuleParameters) DeepCopyInto(out *GlobalForwardingRule } } } + if in.Subnetwork != nil { + in, out := &in.Subnetwork, &out.Subnetwork + *out = new(string) + **out = **in + } + if in.SubnetworkRef != nil { + in, out := &in.SubnetworkRef, &out.SubnetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SubnetworkSelector != nil { + in, out := &in.SubnetworkSelector, &out.SubnetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Target != nil { in, out := &in.Target, &out.Target *out = new(string) @@ -14935,6 +15629,81 @@ func (in *GlobalForwardingRuleParameters) DeepCopy() *GlobalForwardingRuleParame return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters) DeepCopyInto(out *GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters) { + *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } + if in.ServiceDirectoryRegion != nil { + in, out := &in.ServiceDirectoryRegion, &out.ServiceDirectoryRegion + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters. +func (in *GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters) DeepCopy() *GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters { + if in == nil { + return nil + } + out := new(GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GlobalForwardingRuleServiceDirectoryRegistrationsObservation) DeepCopyInto(out *GlobalForwardingRuleServiceDirectoryRegistrationsObservation) { + *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } + if in.ServiceDirectoryRegion != nil { + in, out := &in.ServiceDirectoryRegion, &out.ServiceDirectoryRegion + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalForwardingRuleServiceDirectoryRegistrationsObservation. +func (in *GlobalForwardingRuleServiceDirectoryRegistrationsObservation) DeepCopy() *GlobalForwardingRuleServiceDirectoryRegistrationsObservation { + if in == nil { + return nil + } + out := new(GlobalForwardingRuleServiceDirectoryRegistrationsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GlobalForwardingRuleServiceDirectoryRegistrationsParameters) DeepCopyInto(out *GlobalForwardingRuleServiceDirectoryRegistrationsParameters) { + *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } + if in.ServiceDirectoryRegion != nil { + in, out := &in.ServiceDirectoryRegion, &out.ServiceDirectoryRegion + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalForwardingRuleServiceDirectoryRegistrationsParameters. +func (in *GlobalForwardingRuleServiceDirectoryRegistrationsParameters) DeepCopy() *GlobalForwardingRuleServiceDirectoryRegistrationsParameters { + if in == nil { + return nil + } + out := new(GlobalForwardingRuleServiceDirectoryRegistrationsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GlobalForwardingRuleSpec) DeepCopyInto(out *GlobalForwardingRuleSpec) { *out = *in @@ -18395,6 +19164,66 @@ func (in *Http2HealthCheckParameters) DeepCopy() *Http2HealthCheckParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAddressInitParameters) DeepCopyInto(out *IPAddressInitParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAddressInitParameters. +func (in *IPAddressInitParameters) DeepCopy() *IPAddressInitParameters { + if in == nil { + return nil + } + out := new(IPAddressInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAddressObservation) DeepCopyInto(out *IPAddressObservation) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAddressObservation. +func (in *IPAddressObservation) DeepCopy() *IPAddressObservation { + if in == nil { + return nil + } + out := new(IPAddressObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAddressParameters) DeepCopyInto(out *IPAddressParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAddressParameters. +func (in *IPAddressParameters) DeepCopy() *IPAddressParameters { + if in == nil { + return nil + } + out := new(IPAddressParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPv6AccessConfigInitParameters) DeepCopyInto(out *IPv6AccessConfigInitParameters) { *out = *in @@ -19242,6 +20071,22 @@ func (in *ImageObservation) DeepCopyInto(out *ImageObservation) { *out = new(float64) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Family != nil { in, out := &in.Family, &out.Family *out = new(string) @@ -19341,6 +20186,22 @@ func (in *ImageObservation) DeepCopyInto(out *ImageObservation) { } } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageObservation. @@ -19500,6 +20361,11 @@ func (in *ImageStatus) DeepCopy() *ImageStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InitializeParamsInitParameters) DeepCopyInto(out *InitializeParamsInitParameters) { *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(string) @@ -19522,6 +20388,16 @@ func (in *InitializeParamsInitParameters) DeepCopyInto(out *InitializeParamsInit (*out)[key] = val } } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -19563,6 +20439,11 @@ func (in *InitializeParamsInitParameters) DeepCopy() *InitializeParamsInitParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InitializeParamsObservation) DeepCopyInto(out *InitializeParamsObservation) { *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(string) @@ -19575,6 +20456,16 @@ func (in *InitializeParamsObservation) DeepCopyInto(out *InitializeParamsObserva (*out)[key] = val } } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -19616,6 +20507,11 @@ func (in *InitializeParamsObservation) DeepCopy() *InitializeParamsObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InitializeParamsParameters) DeepCopyInto(out *InitializeParamsParameters) { *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(string) @@ -19638,6 +20534,16 @@ func (in *InitializeParamsParameters) DeepCopyInto(out *InitializeParamsParamete (*out)[key] = val } } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -20643,6 +21549,16 @@ func (in *InstanceFromTemplateNetworkInterfaceInitParameters) DeepCopyInto(out * (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -20739,6 +21655,16 @@ func (in *InstanceFromTemplateNetworkInterfaceObservation) DeepCopyInto(out *Ins *out = new(string) **out = **in } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -20815,6 +21741,16 @@ func (in *InstanceFromTemplateNetworkInterfaceParameters) DeepCopyInto(out *Inst (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -21008,6 +21944,22 @@ func (in *InstanceFromTemplateObservation) DeepCopyInto(out *InstanceFromTemplat *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableDisplay != nil { in, out := &in.EnableDisplay, &out.EnableDisplay *out = new(bool) @@ -21186,6 +22138,22 @@ func (in *InstanceFromTemplateObservation) DeepCopyInto(out *InstanceFromTemplat *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Zone != nil { in, out := &in.Zone, &out.Zone *out = new(string) @@ -21788,6 +22756,11 @@ func (in *InstanceFromTemplateSchedulingParameters) DeepCopy() *InstanceFromTemp // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceFromTemplateScratchDiskInitParameters) DeepCopyInto(out *InstanceFromTemplateScratchDiskInitParameters) { *out = *in + if in.DeviceName != nil { + in, out := &in.DeviceName, &out.DeviceName + *out = new(string) + **out = **in + } if in.Interface != nil { in, out := &in.Interface, &out.Interface *out = new(string) @@ -21813,6 +22786,11 @@ func (in *InstanceFromTemplateScratchDiskInitParameters) DeepCopy() *InstanceFro // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceFromTemplateScratchDiskObservation) DeepCopyInto(out *InstanceFromTemplateScratchDiskObservation) { *out = *in + if in.DeviceName != nil { + in, out := &in.DeviceName, &out.DeviceName + *out = new(string) + **out = **in + } if in.Interface != nil { in, out := &in.Interface, &out.Interface *out = new(string) @@ -21838,6 +22816,11 @@ func (in *InstanceFromTemplateScratchDiskObservation) DeepCopy() *InstanceFromTe // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceFromTemplateScratchDiskParameters) DeepCopyInto(out *InstanceFromTemplateScratchDiskParameters) { *out = *in + if in.DeviceName != nil { + in, out := &in.DeviceName, &out.DeviceName + *out = new(string) + **out = **in + } if in.Interface != nil { in, out := &in.Interface, &out.Interface *out = new(string) @@ -22225,6 +23208,13 @@ func (in *InstanceGroupManager) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceGroupManagerInitParameters) DeepCopyInto(out *InstanceGroupManagerInitParameters) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]AllInstancesConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoHealingPolicies != nil { in, out := &in.AutoHealingPolicies, &out.AutoHealingPolicies *out = make([]AutoHealingPoliciesInitParameters, len(*in)) @@ -22273,6 +23263,20 @@ func (in *InstanceGroupManagerInitParameters) DeepCopyInto(out *InstanceGroupMan (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StatefulExternalIP != nil { + in, out := &in.StatefulExternalIP, &out.StatefulExternalIP + *out = make([]StatefulExternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.StatefulInternalIP != nil { + in, out := &in.StatefulInternalIP, &out.StatefulInternalIP + *out = make([]StatefulInternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TargetPools != nil { in, out := &in.TargetPools, &out.TargetPools *out = make([]*string, len(*in)) @@ -22447,6 +23451,13 @@ func (in *InstanceGroupManagerNamedPortParameters) DeepCopy() *InstanceGroupMana // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceGroupManagerObservation) DeepCopyInto(out *InstanceGroupManagerObservation) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]AllInstancesConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoHealingPolicies != nil { in, out := &in.AutoHealingPolicies, &out.AutoHealingPolicies *out = make([]AutoHealingPoliciesObservation, len(*in)) @@ -22459,6 +23470,11 @@ func (in *InstanceGroupManagerObservation) DeepCopyInto(out *InstanceGroupManage *out = new(string) **out = **in } + if in.CreationTimestamp != nil { + in, out := &in.CreationTimestamp, &out.CreationTimestamp + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -22520,6 +23536,20 @@ func (in *InstanceGroupManagerObservation) DeepCopyInto(out *InstanceGroupManage (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StatefulExternalIP != nil { + in, out := &in.StatefulExternalIP, &out.StatefulExternalIP + *out = make([]StatefulExternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.StatefulInternalIP != nil { + in, out := &in.StatefulInternalIP, &out.StatefulInternalIP + *out = make([]StatefulInternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Status != nil { in, out := &in.Status, &out.Status *out = make([]StatusObservation, len(*in)) @@ -22587,6 +23617,13 @@ func (in *InstanceGroupManagerObservation) DeepCopy() *InstanceGroupManagerObser // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceGroupManagerParameters) DeepCopyInto(out *InstanceGroupManagerParameters) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]AllInstancesConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoHealingPolicies != nil { in, out := &in.AutoHealingPolicies, &out.AutoHealingPolicies *out = make([]AutoHealingPoliciesParameters, len(*in)) @@ -22635,6 +23672,20 @@ func (in *InstanceGroupManagerParameters) DeepCopyInto(out *InstanceGroupManager (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StatefulExternalIP != nil { + in, out := &in.StatefulExternalIP, &out.StatefulExternalIP + *out = make([]StatefulExternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.StatefulInternalIP != nil { + in, out := &in.StatefulInternalIP, &out.StatefulInternalIP + *out = make([]StatefulInternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TargetPools != nil { in, out := &in.TargetPools, &out.TargetPools *out = make([]*string, len(*in)) @@ -23852,6 +24903,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableDisplay != nil { in, out := &in.EnableDisplay, &out.EnableDisplay *out = new(bool) @@ -24029,6 +25096,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Zone != nil { in, out := &in.Zone, &out.Zone *out = new(string) @@ -24793,6 +25876,27 @@ func (in *InstanceTemplateDiskInitParameters) DeepCopyInto(out *InstanceTemplate *out = new(string) **out = **in } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ResourcePolicies != nil { in, out := &in.ResourcePolicies, &out.ResourcePolicies *out = make([]*string, len(*in)) @@ -24926,6 +26030,27 @@ func (in *InstanceTemplateDiskObservation) DeepCopyInto(out *InstanceTemplateDis *out = new(string) **out = **in } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ResourcePolicies != nil { in, out := &in.ResourcePolicies, &out.ResourcePolicies *out = make([]*string, len(*in)) @@ -25049,6 +26174,27 @@ func (in *InstanceTemplateDiskParameters) DeepCopyInto(out *InstanceTemplateDisk *out = new(string) **out = **in } + if in.ProvisionedIops != nil { + in, out := &in.ProvisionedIops, &out.ProvisionedIops + *out = new(float64) + **out = **in + } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ResourcePolicies != nil { in, out := &in.ResourcePolicies, &out.ResourcePolicies *out = make([]*string, len(*in)) @@ -25316,6 +26462,22 @@ func (in *InstanceTemplateInitParameters) DeepCopyInto(out *InstanceTemplateInit (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ResourcePolicies != nil { in, out := &in.ResourcePolicies, &out.ResourcePolicies *out = make([]*string, len(*in)) @@ -25662,6 +26824,16 @@ func (in *InstanceTemplateNetworkInterfaceInitParameters) DeepCopyInto(out *Inst (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -25758,6 +26930,16 @@ func (in *InstanceTemplateNetworkInterfaceObservation) DeepCopyInto(out *Instanc *out = new(string) **out = **in } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -25834,6 +27016,16 @@ func (in *InstanceTemplateNetworkInterfaceParameters) DeepCopyInto(out *Instance (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -25995,6 +27187,22 @@ func (in *InstanceTemplateObservation) DeepCopyInto(out *InstanceTemplateObserva (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.GuestAccelerator != nil { in, out := &in.GuestAccelerator, &out.GuestAccelerator *out = make([]InstanceTemplateGuestAcceleratorObservation, len(*in)) @@ -26096,6 +27304,22 @@ func (in *InstanceTemplateObservation) DeepCopyInto(out *InstanceTemplateObserva (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ResourcePolicies != nil { in, out := &in.ResourcePolicies, &out.ResourcePolicies *out = make([]*string, len(*in)) @@ -26154,6 +27378,22 @@ func (in *InstanceTemplateObservation) DeepCopyInto(out *InstanceTemplateObserva *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceTemplateObservation. @@ -26291,6 +27531,22 @@ func (in *InstanceTemplateParameters) DeepCopyInto(out *InstanceTemplateParamete (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ResourcePolicies != nil { in, out := &in.ResourcePolicies, &out.ResourcePolicies *out = make([]*string, len(*in)) @@ -27305,6 +28561,11 @@ func (in *InterconnectAttachmentInitParameters) DeepCopyInto(out *InterconnectAt *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.StackType != nil { + in, out := &in.StackType, &out.StackType + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -27481,6 +28742,11 @@ func (in *InterconnectAttachmentObservation) DeepCopyInto(out *InterconnectAttac *out = new(string) **out = **in } + if in.StackType != nil { + in, out := &in.StackType, &out.StackType + *out = new(string) + **out = **in + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) @@ -27593,6 +28859,11 @@ func (in *InterconnectAttachmentParameters) DeepCopyInto(out *InterconnectAttach *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.StackType != nil { + in, out := &in.StackType, &out.StackType + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -27725,6 +28996,162 @@ func (in *InterfaceParameters) DeepCopy() *InterfaceParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalIPIPAddressInitParameters) DeepCopyInto(out *InternalIPIPAddressInitParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalIPIPAddressInitParameters. +func (in *InternalIPIPAddressInitParameters) DeepCopy() *InternalIPIPAddressInitParameters { + if in == nil { + return nil + } + out := new(InternalIPIPAddressInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalIPIPAddressObservation) DeepCopyInto(out *InternalIPIPAddressObservation) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalIPIPAddressObservation. +func (in *InternalIPIPAddressObservation) DeepCopy() *InternalIPIPAddressObservation { + if in == nil { + return nil + } + out := new(InternalIPIPAddressObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalIPIPAddressParameters) DeepCopyInto(out *InternalIPIPAddressParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalIPIPAddressParameters. +func (in *InternalIPIPAddressParameters) DeepCopy() *InternalIPIPAddressParameters { + if in == nil { + return nil + } + out := new(InternalIPIPAddressParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalIPInitParameters) DeepCopyInto(out *InternalIPInitParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]InternalIPIPAddressInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalIPInitParameters. +func (in *InternalIPInitParameters) DeepCopy() *InternalIPInitParameters { + if in == nil { + return nil + } + out := new(InternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalIPObservation) DeepCopyInto(out *InternalIPObservation) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]InternalIPIPAddressObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalIPObservation. +func (in *InternalIPObservation) DeepCopy() *InternalIPObservation { + if in == nil { + return nil + } + out := new(InternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalIPParameters) DeepCopyInto(out *InternalIPParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]InternalIPIPAddressParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalIPParameters. +func (in *InternalIPParameters) DeepCopy() *InternalIPParameters { + if in == nil { + return nil + } + out := new(InternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IntervalInitParameters) DeepCopyInto(out *IntervalInitParameters) { *out = *in @@ -29878,6 +31305,67 @@ func (in *MaxScaledInReplicasParameters) DeepCopy() *MaxScaledInReplicasParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Md5AuthenticationKeyInitParameters) DeepCopyInto(out *Md5AuthenticationKeyInitParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Md5AuthenticationKeyInitParameters. +func (in *Md5AuthenticationKeyInitParameters) DeepCopy() *Md5AuthenticationKeyInitParameters { + if in == nil { + return nil + } + out := new(Md5AuthenticationKeyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Md5AuthenticationKeyObservation) DeepCopyInto(out *Md5AuthenticationKeyObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Md5AuthenticationKeyObservation. +func (in *Md5AuthenticationKeyObservation) DeepCopy() *Md5AuthenticationKeyObservation { + if in == nil { + return nil + } + out := new(Md5AuthenticationKeyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Md5AuthenticationKeyParameters) DeepCopyInto(out *Md5AuthenticationKeyParameters) { + *out = *in + out.KeySecretRef = in.KeySecretRef + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Md5AuthenticationKeyParameters. +func (in *Md5AuthenticationKeyParameters) DeepCopy() *Md5AuthenticationKeyParameters { + if in == nil { + return nil + } + out := new(Md5AuthenticationKeyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetadataFiltersFilterLabelsInitParameters) DeepCopyInto(out *MetadataFiltersFilterLabelsInitParameters) { *out = *in @@ -31781,6 +33269,16 @@ func (in *NetworkInterfaceInitParameters) DeepCopyInto(out *NetworkInterfaceInit (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -31877,6 +33375,16 @@ func (in *NetworkInterfaceObservation) DeepCopyInto(out *NetworkInterfaceObserva *out = new(string) **out = **in } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -31953,6 +33461,16 @@ func (in *NetworkInterfaceParameters) DeepCopyInto(out *NetworkInterfaceParamete (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } + if in.InternalIPv6PrefixLength != nil { + in, out := &in.InternalIPv6PrefixLength, &out.InternalIPv6PrefixLength + *out = new(float64) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -32100,6 +33618,11 @@ func (in *NetworkObservation) DeepCopyInto(out *NetworkObservation) { *out = new(string) **out = **in } + if in.NumericID != nil { + in, out := &in.NumericID, &out.NumericID + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -33109,11 +34632,6 @@ func (in *NodeGroupInitParameters) DeepCopyInto(out *NodeGroupInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Size != nil { - in, out := &in.Size, &out.Size - *out = new(float64) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupInitParameters. @@ -33303,11 +34821,6 @@ func (in *NodeGroupParameters) DeepCopyInto(out *NodeGroupParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Size != nil { - in, out := &in.Size, &out.Size - *out = new(float64) - **out = **in - } if in.Zone != nil { in, out := &in.Zone, &out.Zone *out = new(string) @@ -40327,6 +41840,11 @@ func (in *PerInstanceConfigInitParameters) DeepCopyInto(out *PerInstanceConfigIn *out = new(string) **out = **in } + if in.RemoveInstanceOnDestroy != nil { + in, out := &in.RemoveInstanceOnDestroy, &out.RemoveInstanceOnDestroy + *out = new(bool) + **out = **in + } if in.RemoveInstanceStateOnDestroy != nil { in, out := &in.RemoveInstanceStateOnDestroy, &out.RemoveInstanceStateOnDestroy *out = new(bool) @@ -40431,6 +41949,11 @@ func (in *PerInstanceConfigObservation) DeepCopyInto(out *PerInstanceConfigObser *out = new(string) **out = **in } + if in.RemoveInstanceOnDestroy != nil { + in, out := &in.RemoveInstanceOnDestroy, &out.RemoveInstanceOnDestroy + *out = new(bool) + **out = **in + } if in.RemoveInstanceStateOnDestroy != nil { in, out := &in.RemoveInstanceStateOnDestroy, &out.RemoveInstanceStateOnDestroy *out = new(bool) @@ -40498,6 +42021,11 @@ func (in *PerInstanceConfigParameters) DeepCopyInto(out *PerInstanceConfigParame *out = new(string) **out = **in } + if in.RemoveInstanceOnDestroy != nil { + in, out := &in.RemoveInstanceOnDestroy, &out.RemoveInstanceOnDestroy + *out = new(bool) + **out = **in + } if in.RemoveInstanceStateOnDestroy != nil { in, out := &in.RemoveInstanceStateOnDestroy, &out.RemoveInstanceStateOnDestroy *out = new(bool) @@ -40875,6 +42403,102 @@ func (in *PreservedStateDiskParameters) DeepCopy() *PreservedStateDiskParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateExternalIPInitParameters) DeepCopyInto(out *PreservedStateExternalIPInitParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]ExternalIPIPAddressInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateExternalIPInitParameters. +func (in *PreservedStateExternalIPInitParameters) DeepCopy() *PreservedStateExternalIPInitParameters { + if in == nil { + return nil + } + out := new(PreservedStateExternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateExternalIPObservation) DeepCopyInto(out *PreservedStateExternalIPObservation) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]ExternalIPIPAddressObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateExternalIPObservation. +func (in *PreservedStateExternalIPObservation) DeepCopy() *PreservedStateExternalIPObservation { + if in == nil { + return nil + } + out := new(PreservedStateExternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateExternalIPParameters) DeepCopyInto(out *PreservedStateExternalIPParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]ExternalIPIPAddressParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateExternalIPParameters. +func (in *PreservedStateExternalIPParameters) DeepCopy() *PreservedStateExternalIPParameters { + if in == nil { + return nil + } + out := new(PreservedStateExternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PreservedStateInitParameters) DeepCopyInto(out *PreservedStateInitParameters) { *out = *in @@ -40885,6 +42509,20 @@ func (in *PreservedStateInitParameters) DeepCopyInto(out *PreservedStateInitPara (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = make([]ExternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InternalIP != nil { + in, out := &in.InternalIP, &out.InternalIP + *out = make([]InternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Metadata != nil { in, out := &in.Metadata, &out.Metadata *out = make(map[string]*string, len(*in)) @@ -40913,6 +42551,162 @@ func (in *PreservedStateInitParameters) DeepCopy() *PreservedStateInitParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateInternalIPIPAddressInitParameters) DeepCopyInto(out *PreservedStateInternalIPIPAddressInitParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateInternalIPIPAddressInitParameters. +func (in *PreservedStateInternalIPIPAddressInitParameters) DeepCopy() *PreservedStateInternalIPIPAddressInitParameters { + if in == nil { + return nil + } + out := new(PreservedStateInternalIPIPAddressInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateInternalIPIPAddressObservation) DeepCopyInto(out *PreservedStateInternalIPIPAddressObservation) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateInternalIPIPAddressObservation. +func (in *PreservedStateInternalIPIPAddressObservation) DeepCopy() *PreservedStateInternalIPIPAddressObservation { + if in == nil { + return nil + } + out := new(PreservedStateInternalIPIPAddressObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateInternalIPIPAddressParameters) DeepCopyInto(out *PreservedStateInternalIPIPAddressParameters) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateInternalIPIPAddressParameters. +func (in *PreservedStateInternalIPIPAddressParameters) DeepCopy() *PreservedStateInternalIPIPAddressParameters { + if in == nil { + return nil + } + out := new(PreservedStateInternalIPIPAddressParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateInternalIPInitParameters) DeepCopyInto(out *PreservedStateInternalIPInitParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]PreservedStateInternalIPIPAddressInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateInternalIPInitParameters. +func (in *PreservedStateInternalIPInitParameters) DeepCopy() *PreservedStateInternalIPInitParameters { + if in == nil { + return nil + } + out := new(PreservedStateInternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateInternalIPObservation) DeepCopyInto(out *PreservedStateInternalIPObservation) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]PreservedStateInternalIPIPAddressObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateInternalIPObservation. +func (in *PreservedStateInternalIPObservation) DeepCopy() *PreservedStateInternalIPObservation { + if in == nil { + return nil + } + out := new(PreservedStateInternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreservedStateInternalIPParameters) DeepCopyInto(out *PreservedStateInternalIPParameters) { + *out = *in + if in.AutoDelete != nil { + in, out := &in.AutoDelete, &out.AutoDelete + *out = new(string) + **out = **in + } + if in.IPAddress != nil { + in, out := &in.IPAddress, &out.IPAddress + *out = make([]PreservedStateInternalIPIPAddressParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreservedStateInternalIPParameters. +func (in *PreservedStateInternalIPParameters) DeepCopy() *PreservedStateInternalIPParameters { + if in == nil { + return nil + } + out := new(PreservedStateInternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PreservedStateObservation) DeepCopyInto(out *PreservedStateObservation) { *out = *in @@ -40923,6 +42717,20 @@ func (in *PreservedStateObservation) DeepCopyInto(out *PreservedStateObservation (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = make([]ExternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InternalIP != nil { + in, out := &in.InternalIP, &out.InternalIP + *out = make([]InternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Metadata != nil { in, out := &in.Metadata, &out.Metadata *out = make(map[string]*string, len(*in)) @@ -40961,6 +42769,20 @@ func (in *PreservedStateParameters) DeepCopyInto(out *PreservedStateParameters) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = make([]ExternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InternalIP != nil { + in, out := &in.InternalIP, &out.InternalIP + *out = make([]InternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Metadata != nil { in, out := &in.Metadata, &out.Metadata *out = make(map[string]*string, len(*in)) @@ -45458,6 +47280,22 @@ func (in *RegionDiskObservation) DeepCopyInto(out *RegionDiskObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.GuestOsFeatures != nil { in, out := &in.GuestOsFeatures, &out.GuestOsFeatures *out = make([]RegionDiskGuestOsFeaturesObservation, len(*in)) @@ -45575,6 +47413,22 @@ func (in *RegionDiskObservation) DeepCopyInto(out *RegionDiskObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -47189,53 +49043,143 @@ func (in *RegionHealthCheckSSLHealthCheckParameters) DeepCopyInto(out *RegionHea } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckSSLHealthCheckParameters. -func (in *RegionHealthCheckSSLHealthCheckParameters) DeepCopy() *RegionHealthCheckSSLHealthCheckParameters { - if in == nil { - return nil - } - out := new(RegionHealthCheckSSLHealthCheckParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegionHealthCheckSpec) DeepCopyInto(out *RegionHealthCheckSpec) { - *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckSpec. -func (in *RegionHealthCheckSpec) DeepCopy() *RegionHealthCheckSpec { - if in == nil { - return nil - } - out := new(RegionHealthCheckSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegionHealthCheckStatus) DeepCopyInto(out *RegionHealthCheckStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckStatus. -func (in *RegionHealthCheckStatus) DeepCopy() *RegionHealthCheckStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckSSLHealthCheckParameters. +func (in *RegionHealthCheckSSLHealthCheckParameters) DeepCopy() *RegionHealthCheckSSLHealthCheckParameters { + if in == nil { + return nil + } + out := new(RegionHealthCheckSSLHealthCheckParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionHealthCheckSpec) DeepCopyInto(out *RegionHealthCheckSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckSpec. +func (in *RegionHealthCheckSpec) DeepCopy() *RegionHealthCheckSpec { + if in == nil { + return nil + } + out := new(RegionHealthCheckSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionHealthCheckStatus) DeepCopyInto(out *RegionHealthCheckStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckStatus. +func (in *RegionHealthCheckStatus) DeepCopy() *RegionHealthCheckStatus { + if in == nil { + return nil + } + out := new(RegionHealthCheckStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionHealthCheckTCPHealthCheckInitParameters) DeepCopyInto(out *RegionHealthCheckTCPHealthCheckInitParameters) { + *out = *in + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) + **out = **in + } + if in.PortName != nil { + in, out := &in.PortName, &out.PortName + *out = new(string) + **out = **in + } + if in.PortSpecification != nil { + in, out := &in.PortSpecification, &out.PortSpecification + *out = new(string) + **out = **in + } + if in.ProxyHeader != nil { + in, out := &in.ProxyHeader, &out.ProxyHeader + *out = new(string) + **out = **in + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = new(string) + **out = **in + } + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckTCPHealthCheckInitParameters. +func (in *RegionHealthCheckTCPHealthCheckInitParameters) DeepCopy() *RegionHealthCheckTCPHealthCheckInitParameters { + if in == nil { + return nil + } + out := new(RegionHealthCheckTCPHealthCheckInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionHealthCheckTCPHealthCheckObservation) DeepCopyInto(out *RegionHealthCheckTCPHealthCheckObservation) { + *out = *in + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(float64) + **out = **in + } + if in.PortName != nil { + in, out := &in.PortName, &out.PortName + *out = new(string) + **out = **in + } + if in.PortSpecification != nil { + in, out := &in.PortSpecification, &out.PortSpecification + *out = new(string) + **out = **in + } + if in.ProxyHeader != nil { + in, out := &in.ProxyHeader, &out.ProxyHeader + *out = new(string) + **out = **in + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = new(string) + **out = **in + } + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckTCPHealthCheckObservation. +func (in *RegionHealthCheckTCPHealthCheckObservation) DeepCopy() *RegionHealthCheckTCPHealthCheckObservation { if in == nil { return nil } - out := new(RegionHealthCheckStatus) + out := new(RegionHealthCheckTCPHealthCheckObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegionHealthCheckTCPHealthCheckInitParameters) DeepCopyInto(out *RegionHealthCheckTCPHealthCheckInitParameters) { +func (in *RegionHealthCheckTCPHealthCheckParameters) DeepCopyInto(out *RegionHealthCheckTCPHealthCheckParameters) { *out = *in if in.Port != nil { in, out := &in.Port, &out.Port @@ -47269,133 +49213,184 @@ func (in *RegionHealthCheckTCPHealthCheckInitParameters) DeepCopyInto(out *Regio } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckTCPHealthCheckInitParameters. -func (in *RegionHealthCheckTCPHealthCheckInitParameters) DeepCopy() *RegionHealthCheckTCPHealthCheckInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckTCPHealthCheckParameters. +func (in *RegionHealthCheckTCPHealthCheckParameters) DeepCopy() *RegionHealthCheckTCPHealthCheckParameters { if in == nil { return nil } - out := new(RegionHealthCheckTCPHealthCheckInitParameters) + out := new(RegionHealthCheckTCPHealthCheckParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegionHealthCheckTCPHealthCheckObservation) DeepCopyInto(out *RegionHealthCheckTCPHealthCheckObservation) { +func (in *RegionInstanceGroupManager) DeepCopyInto(out *RegionInstanceGroupManager) { *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } - if in.PortName != nil { - in, out := &in.PortName, &out.PortName - *out = new(string) - **out = **in - } - if in.PortSpecification != nil { - in, out := &in.PortSpecification, &out.PortSpecification - *out = new(string) - **out = **in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManager. +func (in *RegionInstanceGroupManager) DeepCopy() *RegionInstanceGroupManager { + if in == nil { + return nil } - if in.ProxyHeader != nil { - in, out := &in.ProxyHeader, &out.ProxyHeader - *out = new(string) - **out = **in + out := new(RegionInstanceGroupManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RegionInstanceGroupManager) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c } - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(string) - **out = **in + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerAllInstancesConfigInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerAllInstancesConfigInitParameters) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(string) - **out = **in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckTCPHealthCheckObservation. -func (in *RegionHealthCheckTCPHealthCheckObservation) DeepCopy() *RegionHealthCheckTCPHealthCheckObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerAllInstancesConfigInitParameters. +func (in *RegionInstanceGroupManagerAllInstancesConfigInitParameters) DeepCopy() *RegionInstanceGroupManagerAllInstancesConfigInitParameters { if in == nil { return nil } - out := new(RegionHealthCheckTCPHealthCheckObservation) + out := new(RegionInstanceGroupManagerAllInstancesConfigInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegionHealthCheckTCPHealthCheckParameters) DeepCopyInto(out *RegionHealthCheckTCPHealthCheckParameters) { +func (in *RegionInstanceGroupManagerAllInstancesConfigObservation) DeepCopyInto(out *RegionInstanceGroupManagerAllInstancesConfigObservation) { *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(float64) - **out = **in - } - if in.PortName != nil { - in, out := &in.PortName, &out.PortName - *out = new(string) - **out = **in - } - if in.PortSpecification != nil { - in, out := &in.PortSpecification, &out.PortSpecification - *out = new(string) - **out = **in - } - if in.ProxyHeader != nil { - in, out := &in.ProxyHeader, &out.ProxyHeader - *out = new(string) - **out = **in - } - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(string) - **out = **in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(string) - **out = **in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionHealthCheckTCPHealthCheckParameters. -func (in *RegionHealthCheckTCPHealthCheckParameters) DeepCopy() *RegionHealthCheckTCPHealthCheckParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerAllInstancesConfigObservation. +func (in *RegionInstanceGroupManagerAllInstancesConfigObservation) DeepCopy() *RegionInstanceGroupManagerAllInstancesConfigObservation { if in == nil { return nil } - out := new(RegionHealthCheckTCPHealthCheckParameters) + out := new(RegionInstanceGroupManagerAllInstancesConfigObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegionInstanceGroupManager) DeepCopyInto(out *RegionInstanceGroupManager) { +func (in *RegionInstanceGroupManagerAllInstancesConfigParameters) DeepCopyInto(out *RegionInstanceGroupManagerAllInstancesConfigParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManager. -func (in *RegionInstanceGroupManager) DeepCopy() *RegionInstanceGroupManager { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerAllInstancesConfigParameters. +func (in *RegionInstanceGroupManagerAllInstancesConfigParameters) DeepCopy() *RegionInstanceGroupManagerAllInstancesConfigParameters { if in == nil { return nil } - out := new(RegionInstanceGroupManager) + out := new(RegionInstanceGroupManagerAllInstancesConfigParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RegionInstanceGroupManager) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerAutoHealingPoliciesInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerAutoHealingPoliciesInitParameters) { *out = *in @@ -47494,6 +49489,13 @@ func (in *RegionInstanceGroupManagerAutoHealingPoliciesParameters) DeepCopy() *R // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerInitParameters) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]RegionInstanceGroupManagerAllInstancesConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoHealingPolicies != nil { in, out := &in.AutoHealingPolicies, &out.AutoHealingPolicies *out = make([]RegionInstanceGroupManagerAutoHealingPoliciesInitParameters, len(*in)) @@ -47568,6 +49570,20 @@ func (in *RegionInstanceGroupManagerInitParameters) DeepCopyInto(out *RegionInst (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StatefulExternalIP != nil { + in, out := &in.StatefulExternalIP, &out.StatefulExternalIP + *out = make([]RegionInstanceGroupManagerStatefulExternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.StatefulInternalIP != nil { + in, out := &in.StatefulInternalIP, &out.StatefulInternalIP + *out = make([]RegionInstanceGroupManagerStatefulInternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TargetPools != nil { in, out := &in.TargetPools, &out.TargetPools *out = make([]*string, len(*in)) @@ -47802,6 +49818,13 @@ func (in *RegionInstanceGroupManagerNamedPortParameters) DeepCopy() *RegionInsta // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerObservation) DeepCopyInto(out *RegionInstanceGroupManagerObservation) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]RegionInstanceGroupManagerAllInstancesConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoHealingPolicies != nil { in, out := &in.AutoHealingPolicies, &out.AutoHealingPolicies *out = make([]RegionInstanceGroupManagerAutoHealingPoliciesObservation, len(*in)) @@ -47814,6 +49837,11 @@ func (in *RegionInstanceGroupManagerObservation) DeepCopyInto(out *RegionInstanc *out = new(string) **out = **in } + if in.CreationTimestamp != nil { + in, out := &in.CreationTimestamp, &out.CreationTimestamp + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -47896,6 +49924,20 @@ func (in *RegionInstanceGroupManagerObservation) DeepCopyInto(out *RegionInstanc (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StatefulExternalIP != nil { + in, out := &in.StatefulExternalIP, &out.StatefulExternalIP + *out = make([]RegionInstanceGroupManagerStatefulExternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.StatefulInternalIP != nil { + in, out := &in.StatefulInternalIP, &out.StatefulInternalIP + *out = make([]RegionInstanceGroupManagerStatefulInternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Status != nil { in, out := &in.Status, &out.Status *out = make([]RegionInstanceGroupManagerStatusObservation, len(*in)) @@ -47958,6 +50000,13 @@ func (in *RegionInstanceGroupManagerObservation) DeepCopy() *RegionInstanceGroup // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerParameters) DeepCopyInto(out *RegionInstanceGroupManagerParameters) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]RegionInstanceGroupManagerAllInstancesConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoHealingPolicies != nil { in, out := &in.AutoHealingPolicies, &out.AutoHealingPolicies *out = make([]RegionInstanceGroupManagerAutoHealingPoliciesParameters, len(*in)) @@ -48032,6 +50081,20 @@ func (in *RegionInstanceGroupManagerParameters) DeepCopyInto(out *RegionInstance (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.StatefulExternalIP != nil { + in, out := &in.StatefulExternalIP, &out.StatefulExternalIP + *out = make([]RegionInstanceGroupManagerStatefulExternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.StatefulInternalIP != nil { + in, out := &in.StatefulInternalIP, &out.StatefulInternalIP + *out = make([]RegionInstanceGroupManagerStatefulInternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TargetPools != nil { in, out := &in.TargetPools, &out.TargetPools *out = make([]*string, len(*in)) @@ -48189,6 +50252,156 @@ func (in *RegionInstanceGroupManagerStatefulDiskParameters) DeepCopy() *RegionIn return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatefulExternalIPInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatefulExternalIPInitParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatefulExternalIPInitParameters. +func (in *RegionInstanceGroupManagerStatefulExternalIPInitParameters) DeepCopy() *RegionInstanceGroupManagerStatefulExternalIPInitParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatefulExternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatefulExternalIPObservation) DeepCopyInto(out *RegionInstanceGroupManagerStatefulExternalIPObservation) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatefulExternalIPObservation. +func (in *RegionInstanceGroupManagerStatefulExternalIPObservation) DeepCopy() *RegionInstanceGroupManagerStatefulExternalIPObservation { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatefulExternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatefulExternalIPParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatefulExternalIPParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatefulExternalIPParameters. +func (in *RegionInstanceGroupManagerStatefulExternalIPParameters) DeepCopy() *RegionInstanceGroupManagerStatefulExternalIPParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatefulExternalIPParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatefulInternalIPInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatefulInternalIPInitParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatefulInternalIPInitParameters. +func (in *RegionInstanceGroupManagerStatefulInternalIPInitParameters) DeepCopy() *RegionInstanceGroupManagerStatefulInternalIPInitParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatefulInternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatefulInternalIPObservation) DeepCopyInto(out *RegionInstanceGroupManagerStatefulInternalIPObservation) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatefulInternalIPObservation. +func (in *RegionInstanceGroupManagerStatefulInternalIPObservation) DeepCopy() *RegionInstanceGroupManagerStatefulInternalIPObservation { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatefulInternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatefulInternalIPParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatefulInternalIPParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatefulInternalIPParameters. +func (in *RegionInstanceGroupManagerStatefulInternalIPParameters) DeepCopy() *RegionInstanceGroupManagerStatefulInternalIPParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatefulInternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerStatus) DeepCopyInto(out *RegionInstanceGroupManagerStatus) { *out = *in @@ -48206,6 +50419,56 @@ func (in *RegionInstanceGroupManagerStatus) DeepCopy() *RegionInstanceGroupManag return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters. +func (in *RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters) DeepCopy() *RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatusAllInstancesConfigObservation) DeepCopyInto(out *RegionInstanceGroupManagerStatusAllInstancesConfigObservation) { + *out = *in + if in.Effective != nil { + in, out := &in.Effective, &out.Effective + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatusAllInstancesConfigObservation. +func (in *RegionInstanceGroupManagerStatusAllInstancesConfigObservation) DeepCopy() *RegionInstanceGroupManagerStatusAllInstancesConfigObservation { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatusAllInstancesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStatusAllInstancesConfigParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatusAllInstancesConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStatusAllInstancesConfigParameters. +func (in *RegionInstanceGroupManagerStatusAllInstancesConfigParameters) DeepCopy() *RegionInstanceGroupManagerStatusAllInstancesConfigParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStatusAllInstancesConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerStatusInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatusInitParameters) { *out = *in @@ -48224,6 +50487,13 @@ func (in *RegionInstanceGroupManagerStatusInitParameters) DeepCopy() *RegionInst // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerStatusObservation) DeepCopyInto(out *RegionInstanceGroupManagerStatusObservation) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]RegionInstanceGroupManagerStatusAllInstancesConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.IsStable != nil { in, out := &in.IsStable, &out.IsStable *out = new(bool) @@ -49468,6 +51738,11 @@ func (in *RegionPerInstanceConfigInitParameters) DeepCopyInto(out *RegionPerInst *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.RemoveInstanceOnDestroy != nil { + in, out := &in.RemoveInstanceOnDestroy, &out.RemoveInstanceOnDestroy + *out = new(bool) + **out = **in + } if in.RemoveInstanceStateOnDestroy != nil { in, out := &in.RemoveInstanceStateOnDestroy, &out.RemoveInstanceStateOnDestroy *out = new(bool) @@ -49562,6 +51837,11 @@ func (in *RegionPerInstanceConfigObservation) DeepCopyInto(out *RegionPerInstanc *out = new(string) **out = **in } + if in.RemoveInstanceOnDestroy != nil { + in, out := &in.RemoveInstanceOnDestroy, &out.RemoveInstanceOnDestroy + *out = new(bool) + **out = **in + } if in.RemoveInstanceStateOnDestroy != nil { in, out := &in.RemoveInstanceStateOnDestroy, &out.RemoveInstanceStateOnDestroy *out = new(bool) @@ -49639,6 +51919,11 @@ func (in *RegionPerInstanceConfigParameters) DeepCopyInto(out *RegionPerInstance *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.RemoveInstanceOnDestroy != nil { + in, out := &in.RemoveInstanceOnDestroy, &out.RemoveInstanceOnDestroy + *out = new(bool) + **out = **in + } if in.RemoveInstanceStateOnDestroy != nil { in, out := &in.RemoveInstanceStateOnDestroy, &out.RemoveInstanceStateOnDestroy *out = new(bool) @@ -49791,6 +52076,20 @@ func (in *RegionPerInstanceConfigPreservedStateInitParameters) DeepCopyInto(out (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = make([]PreservedStateExternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InternalIP != nil { + in, out := &in.InternalIP, &out.InternalIP + *out = make([]PreservedStateInternalIPInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Metadata != nil { in, out := &in.Metadata, &out.Metadata *out = make(map[string]*string, len(*in)) @@ -49829,6 +52128,20 @@ func (in *RegionPerInstanceConfigPreservedStateObservation) DeepCopyInto(out *Re (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = make([]PreservedStateExternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InternalIP != nil { + in, out := &in.InternalIP, &out.InternalIP + *out = make([]PreservedStateInternalIPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Metadata != nil { in, out := &in.Metadata, &out.Metadata *out = make(map[string]*string, len(*in)) @@ -49867,6 +52180,20 @@ func (in *RegionPerInstanceConfigPreservedStateParameters) DeepCopyInto(out *Reg (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = make([]PreservedStateExternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InternalIP != nil { + in, out := &in.InternalIP, &out.InternalIP + *out = make([]PreservedStateInternalIPParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Metadata != nil { in, out := &in.Metadata, &out.Metadata *out = make(map[string]*string, len(*in)) @@ -50400,6 +52727,17 @@ func (in *RegionTargetHTTPSProxy) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionTargetHTTPSProxyInitParameters) DeepCopyInto(out *RegionTargetHTTPSProxyInitParameters) { *out = *in + if in.CertificateManagerCertificates != nil { + in, out := &in.CertificateManagerCertificates, &out.CertificateManagerCertificates + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -50433,6 +52771,11 @@ func (in *RegionTargetHTTPSProxyInitParameters) DeepCopyInto(out *RegionTargetHT *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SSLPolicy != nil { + in, out := &in.SSLPolicy, &out.SSLPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -50495,6 +52838,17 @@ func (in *RegionTargetHTTPSProxyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionTargetHTTPSProxyObservation) DeepCopyInto(out *RegionTargetHTTPSProxyObservation) { *out = *in + if in.CertificateManagerCertificates != nil { + in, out := &in.CertificateManagerCertificates, &out.CertificateManagerCertificates + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.CreationTimestamp != nil { in, out := &in.CreationTimestamp, &out.CreationTimestamp *out = new(string) @@ -50536,6 +52890,11 @@ func (in *RegionTargetHTTPSProxyObservation) DeepCopyInto(out *RegionTargetHTTPS } } } + if in.SSLPolicy != nil { + in, out := &in.SSLPolicy, &out.SSLPolicy + *out = new(string) + **out = **in + } if in.SelfLink != nil { in, out := &in.SelfLink, &out.SelfLink *out = new(string) @@ -50561,6 +52920,17 @@ func (in *RegionTargetHTTPSProxyObservation) DeepCopy() *RegionTargetHTTPSProxyO // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionTargetHTTPSProxyParameters) DeepCopyInto(out *RegionTargetHTTPSProxyParameters) { *out = *in + if in.CertificateManagerCertificates != nil { + in, out := &in.CertificateManagerCertificates, &out.CertificateManagerCertificates + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -50599,6 +52969,11 @@ func (in *RegionTargetHTTPSProxyParameters) DeepCopyInto(out *RegionTargetHTTPSP *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SSLPolicy != nil { + in, out := &in.SSLPolicy, &out.SSLPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -58589,6 +60964,13 @@ func (in *RouterPeerInitParameters) DeepCopyInto(out *RouterPeerInitParameters) *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Md5AuthenticationKey != nil { + in, out := &in.Md5AuthenticationKey, &out.Md5AuthenticationKey + *out = make([]Md5AuthenticationKeyInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PeerAsn != nil { in, out := &in.PeerAsn, &out.PeerAsn *out = new(float64) @@ -58766,6 +61148,13 @@ func (in *RouterPeerObservation) DeepCopyInto(out *RouterPeerObservation) { *out = new(string) **out = **in } + if in.Md5AuthenticationKey != nil { + in, out := &in.Md5AuthenticationKey, &out.Md5AuthenticationKey + *out = make([]Md5AuthenticationKeyObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PeerAsn != nil { in, out := &in.PeerAsn, &out.PeerAsn *out = new(float64) @@ -58886,6 +61275,13 @@ func (in *RouterPeerParameters) DeepCopyInto(out *RouterPeerParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Md5AuthenticationKey != nil { + in, out := &in.Md5AuthenticationKey, &out.Md5AuthenticationKey + *out = make([]Md5AuthenticationKeyParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PeerAsn != nil { in, out := &in.PeerAsn, &out.PeerAsn *out = new(float64) @@ -60882,6 +63278,11 @@ func (in *SchedulingParameters) DeepCopy() *SchedulingParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScratchDiskInitParameters) DeepCopyInto(out *ScratchDiskInitParameters) { *out = *in + if in.DeviceName != nil { + in, out := &in.DeviceName, &out.DeviceName + *out = new(string) + **out = **in + } if in.Interface != nil { in, out := &in.Interface, &out.Interface *out = new(string) @@ -60907,6 +63308,11 @@ func (in *ScratchDiskInitParameters) DeepCopy() *ScratchDiskInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScratchDiskObservation) DeepCopyInto(out *ScratchDiskObservation) { *out = *in + if in.DeviceName != nil { + in, out := &in.DeviceName, &out.DeviceName + *out = new(string) + **out = **in + } if in.Interface != nil { in, out := &in.Interface, &out.Interface *out = new(string) @@ -60932,6 +63338,11 @@ func (in *ScratchDiskObservation) DeepCopy() *ScratchDiskObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScratchDiskParameters) DeepCopyInto(out *ScratchDiskParameters) { *out = *in + if in.DeviceName != nil { + in, out := &in.DeviceName, &out.DeviceName + *out = new(string) + **out = **in + } if in.Interface != nil { in, out := &in.Interface, &out.Interface *out = new(string) @@ -63310,6 +65721,22 @@ func (in *SnapshotObservation) DeepCopyInto(out *SnapshotObservation) { *out = new(float64) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -63397,6 +65824,22 @@ func (in *SnapshotObservation) DeepCopyInto(out *SnapshotObservation) { } } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Zone != nil { in, out := &in.Zone, &out.Zone *out = new(string) @@ -64227,6 +66670,81 @@ func (in *StatefulDiskParameters) DeepCopy() *StatefulDiskParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulExternalIPInitParameters) DeepCopyInto(out *StatefulExternalIPInitParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulExternalIPInitParameters. +func (in *StatefulExternalIPInitParameters) DeepCopy() *StatefulExternalIPInitParameters { + if in == nil { + return nil + } + out := new(StatefulExternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulExternalIPObservation) DeepCopyInto(out *StatefulExternalIPObservation) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulExternalIPObservation. +func (in *StatefulExternalIPObservation) DeepCopy() *StatefulExternalIPObservation { + if in == nil { + return nil + } + out := new(StatefulExternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulExternalIPParameters) DeepCopyInto(out *StatefulExternalIPParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulExternalIPParameters. +func (in *StatefulExternalIPParameters) DeepCopy() *StatefulExternalIPParameters { + if in == nil { + return nil + } + out := new(StatefulExternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StatefulInitParameters) DeepCopyInto(out *StatefulInitParameters) { *out = *in @@ -64242,6 +66760,81 @@ func (in *StatefulInitParameters) DeepCopy() *StatefulInitParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulInternalIPInitParameters) DeepCopyInto(out *StatefulInternalIPInitParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulInternalIPInitParameters. +func (in *StatefulInternalIPInitParameters) DeepCopy() *StatefulInternalIPInitParameters { + if in == nil { + return nil + } + out := new(StatefulInternalIPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulInternalIPObservation) DeepCopyInto(out *StatefulInternalIPObservation) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulInternalIPObservation. +func (in *StatefulInternalIPObservation) DeepCopy() *StatefulInternalIPObservation { + if in == nil { + return nil + } + out := new(StatefulInternalIPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulInternalIPParameters) DeepCopyInto(out *StatefulInternalIPParameters) { + *out = *in + if in.DeleteRule != nil { + in, out := &in.DeleteRule, &out.DeleteRule + *out = new(string) + **out = **in + } + if in.InterfaceName != nil { + in, out := &in.InterfaceName, &out.InterfaceName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulInternalIPParameters. +func (in *StatefulInternalIPParameters) DeepCopy() *StatefulInternalIPParameters { + if in == nil { + return nil + } + out := new(StatefulInternalIPParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StatefulObservation) DeepCopyInto(out *StatefulObservation) { *out = *in @@ -64334,6 +66927,56 @@ func (in *StatefulPerInstanceConfigsParameters) DeepCopy() *StatefulPerInstanceC return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatusAllInstancesConfigInitParameters) DeepCopyInto(out *StatusAllInstancesConfigInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusAllInstancesConfigInitParameters. +func (in *StatusAllInstancesConfigInitParameters) DeepCopy() *StatusAllInstancesConfigInitParameters { + if in == nil { + return nil + } + out := new(StatusAllInstancesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatusAllInstancesConfigObservation) DeepCopyInto(out *StatusAllInstancesConfigObservation) { + *out = *in + if in.Effective != nil { + in, out := &in.Effective, &out.Effective + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusAllInstancesConfigObservation. +func (in *StatusAllInstancesConfigObservation) DeepCopy() *StatusAllInstancesConfigObservation { + if in == nil { + return nil + } + out := new(StatusAllInstancesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatusAllInstancesConfigParameters) DeepCopyInto(out *StatusAllInstancesConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusAllInstancesConfigParameters. +func (in *StatusAllInstancesConfigParameters) DeepCopy() *StatusAllInstancesConfigParameters { + if in == nil { + return nil + } + out := new(StatusAllInstancesConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StatusInitParameters) DeepCopyInto(out *StatusInitParameters) { *out = *in @@ -64352,6 +66995,13 @@ func (in *StatusInitParameters) DeepCopy() *StatusInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StatusObservation) DeepCopyInto(out *StatusObservation) { *out = *in + if in.AllInstancesConfig != nil { + in, out := &in.AllInstancesConfig, &out.AllInstancesConfig + *out = make([]StatusAllInstancesConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.IsStable != nil { in, out := &in.IsStable, &out.IsStable *out = new(bool) @@ -64947,6 +67597,11 @@ func (in *SubnetworkInitParameters_2) DeepCopyInto(out *SubnetworkInitParameters *out = new(string) **out = **in } + if in.ExternalIPv6Prefix != nil { + in, out := &in.ExternalIPv6Prefix, &out.ExternalIPv6Prefix + *out = new(string) + **out = **in + } if in.IPCidrRange != nil { in, out := &in.IPCidrRange, &out.IPCidrRange *out = new(string) @@ -65288,6 +67943,11 @@ func (in *SubnetworkObservation_2) DeepCopyInto(out *SubnetworkObservation_2) { *out = new(string) **out = **in } + if in.InternalIPv6Prefix != nil { + in, out := &in.InternalIPv6Prefix, &out.InternalIPv6Prefix + *out = new(string) + **out = **in + } if in.LogConfig != nil { in, out := &in.LogConfig, &out.LogConfig *out = make([]SubnetworkLogConfigObservation, len(*in)) @@ -65419,6 +68079,11 @@ func (in *SubnetworkParameters_2) DeepCopyInto(out *SubnetworkParameters_2) { *out = new(string) **out = **in } + if in.ExternalIPv6Prefix != nil { + in, out := &in.ExternalIPv6Prefix, &out.ExternalIPv6Prefix + *out = new(string) + **out = **in + } if in.IPCidrRange != nil { in, out := &in.IPCidrRange, &out.IPCidrRange *out = new(string) @@ -66338,6 +69003,17 @@ func (in *TargetHTTPSProxy) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TargetHTTPSProxyInitParameters) DeepCopyInto(out *TargetHTTPSProxyInitParameters) { *out = *in + if in.CertificateManagerCertificates != nil { + in, out := &in.CertificateManagerCertificates, &out.CertificateManagerCertificates + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.CertificateMap != nil { in, out := &in.CertificateMap, &out.CertificateMap *out = new(string) @@ -66396,6 +69072,11 @@ func (in *TargetHTTPSProxyInitParameters) DeepCopyInto(out *TargetHTTPSProxyInit *out = new(string) **out = **in } + if in.ServerTLSPolicy != nil { + in, out := &in.ServerTLSPolicy, &out.ServerTLSPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -66458,6 +69139,17 @@ func (in *TargetHTTPSProxyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TargetHTTPSProxyObservation) DeepCopyInto(out *TargetHTTPSProxyObservation) { *out = *in + if in.CertificateManagerCertificates != nil { + in, out := &in.CertificateManagerCertificates, &out.CertificateManagerCertificates + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.CertificateMap != nil { in, out := &in.CertificateMap, &out.CertificateMap *out = new(string) @@ -66524,6 +69216,11 @@ func (in *TargetHTTPSProxyObservation) DeepCopyInto(out *TargetHTTPSProxyObserva *out = new(string) **out = **in } + if in.ServerTLSPolicy != nil { + in, out := &in.ServerTLSPolicy, &out.ServerTLSPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -66544,6 +69241,17 @@ func (in *TargetHTTPSProxyObservation) DeepCopy() *TargetHTTPSProxyObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TargetHTTPSProxyParameters) DeepCopyInto(out *TargetHTTPSProxyParameters) { *out = *in + if in.CertificateManagerCertificates != nil { + in, out := &in.CertificateManagerCertificates, &out.CertificateManagerCertificates + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.CertificateMap != nil { in, out := &in.CertificateMap, &out.CertificateMap *out = new(string) @@ -66602,6 +69310,11 @@ func (in *TargetHTTPSProxyParameters) DeepCopyInto(out *TargetHTTPSProxyParamete *out = new(string) **out = **in } + if in.ServerTLSPolicy != nil { + in, out := &in.ServerTLSPolicy, &out.ServerTLSPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -70554,6 +73267,22 @@ func (in *VPNTunnelInitParameters) DeepCopyInto(out *VPNTunnelInitParameters) { *out = new(float64) **out = **in } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.LocalTrafficSelector != nil { in, out := &in.LocalTrafficSelector, &out.LocalTrafficSelector *out = make([]*string, len(*in)) @@ -70723,6 +73452,22 @@ func (in *VPNTunnelObservation) DeepCopyInto(out *VPNTunnelObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -70733,6 +73478,27 @@ func (in *VPNTunnelObservation) DeepCopyInto(out *VPNTunnelObservation) { *out = new(float64) **out = **in } + if in.LabelFingerprint != nil { + in, out := &in.LabelFingerprint, &out.LabelFingerprint + *out = new(string) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.LocalTrafficSelector != nil { in, out := &in.LocalTrafficSelector, &out.LocalTrafficSelector *out = make([]*string, len(*in)) @@ -70805,6 +73571,22 @@ func (in *VPNTunnelObservation) DeepCopyInto(out *VPNTunnelObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.TunnelID != nil { in, out := &in.TunnelID, &out.TunnelID *out = new(string) @@ -70845,6 +73627,22 @@ func (in *VPNTunnelParameters) DeepCopyInto(out *VPNTunnelParameters) { *out = new(float64) **out = **in } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.LocalTrafficSelector != nil { in, out := &in.LocalTrafficSelector, &out.LocalTrafficSelector *out = make([]*string, len(*in)) diff --git a/apis/compute/v1beta1/zz_generated.resolvers.go b/apis/compute/v1beta1/zz_generated.resolvers.go index 3d35db792..11bf496b3 100644 --- a/apis/compute/v1beta1/zz_generated.resolvers.go +++ b/apis/compute/v1beta1/zz_generated.resolvers.go @@ -1237,6 +1237,25 @@ func (mg *GlobalForwardingRule) ResolveReferences(ctx context.Context, c client. } mg.Spec.ForProvider.Project = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ProjectRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Subnetwork", "SubnetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Subnetwork), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.SubnetworkRef, + Selector: mg.Spec.ForProvider.SubnetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Subnetwork") + } + mg.Spec.ForProvider.Subnetwork = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SubnetworkRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "TargetSSLProxy", "TargetSSLProxyList") if err != nil { @@ -1313,6 +1332,25 @@ func (mg *GlobalForwardingRule) ResolveReferences(ctx context.Context, c client. } mg.Spec.InitProvider.Project = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ProjectRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Subnetwork", "SubnetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Subnetwork), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.SubnetworkRef, + Selector: mg.Spec.InitProvider.SubnetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Subnetwork") + } + mg.Spec.InitProvider.Subnetwork = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SubnetworkRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "TargetSSLProxy", "TargetSSLProxyList") if err != nil { diff --git a/apis/compute/v1beta1/zz_globalforwardingrule_types.go b/apis/compute/v1beta1/zz_globalforwardingrule_types.go index 284010a88..f917cfa7b 100755 --- a/apis/compute/v1beta1/zz_globalforwardingrule_types.go +++ b/apis/compute/v1beta1/zz_globalforwardingrule_types.go @@ -137,7 +137,7 @@ type GlobalForwardingRuleInitParameters struct { // For more information about forwarding rules, refer to // Forwarding rule concepts. // Default value is EXTERNAL. - // Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + // Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. LoadBalancingScheme *string `json:"loadBalancingScheme,omitempty" tf:"load_balancing_scheme,omitempty"` // Opaque filter criteria used by Loadbalancer to restrict routing @@ -180,7 +180,7 @@ type GlobalForwardingRuleInitParameters struct { // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` - // This field can only be used: + // The portRange field has the following limitations: PortRange *string `json:"portRange,omitempty" tf:"port_range,omitempty"` // The ID of the project in which the resource belongs. @@ -197,9 +197,32 @@ type GlobalForwardingRuleInitParameters struct { // +kubebuilder:validation:Optional ProjectSelector *v1.Selector `json:"projectSelector,omitempty" tf:"-"` + // Service Directory resources to register this forwarding rule with. + // Currently, only supports a single Service Directory resource. + // Structure is documented below. + ServiceDirectoryRegistrations []GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters `json:"serviceDirectoryRegistrations,omitempty" tf:"service_directory_registrations,omitempty"` + // If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). SourceIPRanges []*string `json:"sourceIpRanges,omitempty" tf:"source_ip_ranges,omitempty"` + // This field identifies the subnetwork that the load balanced IP should + // belong to for this Forwarding Rule, used in internal load balancing and + // network load balancing with IPv6. + // If the network specified is in auto subnet mode, this field is optional. + // However, a subnetwork must be specified if the network is in custom subnet + // mode or when creating external forwarding rule with IPv6. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Subnetwork + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + + // Reference to a Subnetwork in compute to populate subnetwork. + // +kubebuilder:validation:Optional + SubnetworkRef *v1.Reference `json:"subnetworkRef,omitempty" tf:"-"` + + // Selector for a Subnetwork in compute to populate subnetwork. + // +kubebuilder:validation:Optional + SubnetworkSelector *v1.Selector `json:"subnetworkSelector,omitempty" tf:"-"` + // The URL of the target resource to receive the matched traffic. For // regional forwarding rules, this target must be in the same region as the // forwarding rule. For global forwarding rules, this target must be a global @@ -227,6 +250,10 @@ type GlobalForwardingRuleObservation struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/global/forwardingRules/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -264,7 +291,7 @@ type GlobalForwardingRuleObservation struct { // For more information about forwarding rules, refer to // Forwarding rule concepts. // Default value is EXTERNAL. - // Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + // Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. LoadBalancingScheme *string `json:"loadBalancingScheme,omitempty" tf:"load_balancing_scheme,omitempty"` // Opaque filter criteria used by Loadbalancer to restrict routing @@ -297,7 +324,7 @@ type GlobalForwardingRuleObservation struct { // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` - // This field can only be used: + // The portRange field has the following limitations: PortRange *string `json:"portRange,omitempty" tf:"port_range,omitempty"` // The ID of the project in which the resource belongs. @@ -313,15 +340,33 @@ type GlobalForwardingRuleObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // Service Directory resources to register this forwarding rule with. + // Currently, only supports a single Service Directory resource. + // Structure is documented below. + ServiceDirectoryRegistrations []GlobalForwardingRuleServiceDirectoryRegistrationsObservation `json:"serviceDirectoryRegistrations,omitempty" tf:"service_directory_registrations,omitempty"` + // If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). SourceIPRanges []*string `json:"sourceIpRanges,omitempty" tf:"source_ip_ranges,omitempty"` + // This field identifies the subnetwork that the load balanced IP should + // belong to for this Forwarding Rule, used in internal load balancing and + // network load balancing with IPv6. + // If the network specified is in auto subnet mode, this field is optional. + // However, a subnetwork must be specified if the network is in custom subnet + // mode or when creating external forwarding rule with IPv6. + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + // The URL of the target resource to receive the matched traffic. For // regional forwarding rules, this target must be in the same region as the // forwarding rule. For global forwarding rules, this target must be a global // load balancing resource. // The forwarded traffic must be of a type appropriate to the target object. Target *string `json:"target,omitempty" tf:"target,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type GlobalForwardingRuleParameters struct { @@ -375,7 +420,7 @@ type GlobalForwardingRuleParameters struct { // For more information about forwarding rules, refer to // Forwarding rule concepts. // Default value is EXTERNAL. - // Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + // Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. // +kubebuilder:validation:Optional LoadBalancingScheme *string `json:"loadBalancingScheme,omitempty" tf:"load_balancing_scheme,omitempty"` @@ -422,7 +467,7 @@ type GlobalForwardingRuleParameters struct { // +kubebuilder:validation:Optional NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` - // This field can only be used: + // The portRange field has the following limitations: // +kubebuilder:validation:Optional PortRange *string `json:"portRange,omitempty" tf:"port_range,omitempty"` @@ -441,10 +486,35 @@ type GlobalForwardingRuleParameters struct { // +kubebuilder:validation:Optional ProjectSelector *v1.Selector `json:"projectSelector,omitempty" tf:"-"` + // Service Directory resources to register this forwarding rule with. + // Currently, only supports a single Service Directory resource. + // Structure is documented below. + // +kubebuilder:validation:Optional + ServiceDirectoryRegistrations []GlobalForwardingRuleServiceDirectoryRegistrationsParameters `json:"serviceDirectoryRegistrations,omitempty" tf:"service_directory_registrations,omitempty"` + // If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). // +kubebuilder:validation:Optional SourceIPRanges []*string `json:"sourceIpRanges,omitempty" tf:"source_ip_ranges,omitempty"` + // This field identifies the subnetwork that the load balanced IP should + // belong to for this Forwarding Rule, used in internal load balancing and + // network load balancing with IPv6. + // If the network specified is in auto subnet mode, this field is optional. + // However, a subnetwork must be specified if the network is in custom subnet + // mode or when creating external forwarding rule with IPv6. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Subnetwork + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + + // Reference to a Subnetwork in compute to populate subnetwork. + // +kubebuilder:validation:Optional + SubnetworkRef *v1.Reference `json:"subnetworkRef,omitempty" tf:"-"` + + // Selector for a Subnetwork in compute to populate subnetwork. + // +kubebuilder:validation:Optional + SubnetworkSelector *v1.Selector `json:"subnetworkSelector,omitempty" tf:"-"` + // The URL of the target resource to receive the matched traffic. For // regional forwarding rules, this target must be in the same region as the // forwarding rule. For global forwarding rules, this target must be a global @@ -464,6 +534,44 @@ type GlobalForwardingRuleParameters struct { TargetSelector *v1.Selector `json:"targetSelector,omitempty" tf:"-"` } +type GlobalForwardingRuleServiceDirectoryRegistrationsInitParameters struct { + + // Service Directory namespace to register the forwarding rule under. + Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` + + // [Optional] Service Directory region to register this global forwarding rule under. + // Default to "us-central1". Only used for PSC for Google APIs. All PSC for + // Google APIs Forwarding Rules on the same network should use the same Service + // Directory region. + ServiceDirectoryRegion *string `json:"serviceDirectoryRegion,omitempty" tf:"service_directory_region,omitempty"` +} + +type GlobalForwardingRuleServiceDirectoryRegistrationsObservation struct { + + // Service Directory namespace to register the forwarding rule under. + Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` + + // [Optional] Service Directory region to register this global forwarding rule under. + // Default to "us-central1". Only used for PSC for Google APIs. All PSC for + // Google APIs Forwarding Rules on the same network should use the same Service + // Directory region. + ServiceDirectoryRegion *string `json:"serviceDirectoryRegion,omitempty" tf:"service_directory_region,omitempty"` +} + +type GlobalForwardingRuleServiceDirectoryRegistrationsParameters struct { + + // Service Directory namespace to register the forwarding rule under. + // +kubebuilder:validation:Optional + Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` + + // [Optional] Service Directory region to register this global forwarding rule under. + // Default to "us-central1". Only used for PSC for Google APIs. All PSC for + // Google APIs Forwarding Rules on the same network should use the same Service + // Directory region. + // +kubebuilder:validation:Optional + ServiceDirectoryRegion *string `json:"serviceDirectoryRegion,omitempty" tf:"service_directory_region,omitempty"` +} + type MetadataFiltersInitParameters struct { // The list of label value pairs that must match labels in the diff --git a/apis/compute/v1beta1/zz_image_types.go b/apis/compute/v1beta1/zz_image_types.go index ecd33dc85..4aae61ecc 100755 --- a/apis/compute/v1beta1/zz_image_types.go +++ b/apis/compute/v1beta1/zz_image_types.go @@ -70,21 +70,21 @@ type ImageEncryptionKeyParameters struct { type ImageGuestOsFeaturesInitParameters struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ImageGuestOsFeaturesObservation struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ImageGuestOsFeaturesParameters struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. // +kubebuilder:validation:Optional Type *string `json:"type" tf:"type,omitempty"` } @@ -118,6 +118,8 @@ type ImageInitParameters struct { ImageEncryptionKey []ImageEncryptionKeyInitParameters `json:"imageEncryptionKey,omitempty" tf:"image_encryption_key,omitempty"` // Labels to apply to this Image. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -167,6 +169,9 @@ type ImageObservation struct { // Size of the image when restored onto a persistent disk (in GB). DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The name of the image family to which this image belongs. You can // create disks by specifying an image family instead of a specific // image name. The image family always returns its latest image that is @@ -194,6 +199,8 @@ type ImageObservation struct { LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` // Labels to apply to this Image. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -228,6 +235,11 @@ type ImageObservation struct { // (regional or multi-regional). // Reference link: https://cloud.google.com/compute/docs/reference/rest/v1/images StorageLocations []*string `json:"storageLocations,omitempty" tf:"storage_locations,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ImageParameters struct { @@ -264,6 +276,8 @@ type ImageParameters struct { ImageEncryptionKey []ImageEncryptionKeyParameters `json:"imageEncryptionKey,omitempty" tf:"image_encryption_key,omitempty"` // Labels to apply to this Image. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/compute/v1beta1/zz_instance_types.go b/apis/compute/v1beta1/zz_instance_types.go index e91140c06..7995ab086 100755 --- a/apis/compute/v1beta1/zz_instance_types.go +++ b/apis/compute/v1beta1/zz_instance_types.go @@ -268,19 +268,19 @@ type BootDiskParameters struct { type ConfidentialInstanceConfigInitParameters struct { - // Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + // Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` } type ConfidentialInstanceConfigObservation struct { - // Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + // Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` } type ConfidentialInstanceConfigParameters struct { - // Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + // Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. // +kubebuilder:validation:Optional EnableConfidentialCompute *bool `json:"enableConfidentialCompute" tf:"enable_confidential_compute,omitempty"` } @@ -393,6 +393,10 @@ type IPv6AccessConfigParameters struct { type InitializeParamsInitParameters struct { + // Whether this disk is using confidential compute mode. + // Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // The image from which to initialize this disk. This can be // one of: the image's self_link, projects/{project}/global/images/{image}, // projects/{project}/global/images/family/{family}, global/images/{image}, @@ -414,8 +418,28 @@ type InitializeParamsInitParameters struct { ImageSelector *v1.Selector `json:"imageSelector,omitempty" tf:"-"` // A map of key/value label pairs to assign to the instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` + // Indicates how many IOPS to provision for the disk. + // This sets the number of I/O operations per second that the disk can handle. + // For more details,see the Hyperdisk documentation. + // Note: Updating currently is only supported for hyperdisk skus via disk update + // api/gcloud without the need to delete and recreate the disk, hyperdisk allows + // for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + // you'll need to manually delete and recreate it. + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // Indicates how much throughput to provision for the disk. + // This sets the number of throughput mb per second that the disk can handle. + // For more details,see the Hyperdisk documentation. + // Note: Updating currently is only supported for hyperdisk skus via disk update + // api/gcloud without the need to delete and recreate the disk, hyperdisk allows + // for an update of throughput every 4 hours. To update your hyperdisk more + // frequently, you'll need to manually delete and recreate it. + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -424,12 +448,16 @@ type InitializeParamsInitParameters struct { // will inherit the size of its base image. Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. + // The type of reservation from which this instance can consume resources. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type InitializeParamsObservation struct { + // Whether this disk is using confidential compute mode. + // Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // The image from which to initialize this disk. This can be // one of: the image's self_link, projects/{project}/global/images/{image}, // projects/{project}/global/images/family/{family}, global/images/{image}, @@ -442,8 +470,28 @@ type InitializeParamsObservation struct { Image *string `json:"image,omitempty" tf:"image,omitempty"` // A map of key/value label pairs to assign to the instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` + // Indicates how many IOPS to provision for the disk. + // This sets the number of I/O operations per second that the disk can handle. + // For more details,see the Hyperdisk documentation. + // Note: Updating currently is only supported for hyperdisk skus via disk update + // api/gcloud without the need to delete and recreate the disk, hyperdisk allows + // for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + // you'll need to manually delete and recreate it. + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // Indicates how much throughput to provision for the disk. + // This sets the number of throughput mb per second that the disk can handle. + // For more details,see the Hyperdisk documentation. + // Note: Updating currently is only supported for hyperdisk skus via disk update + // api/gcloud without the need to delete and recreate the disk, hyperdisk allows + // for an update of throughput every 4 hours. To update your hyperdisk more + // frequently, you'll need to manually delete and recreate it. + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -452,12 +500,17 @@ type InitializeParamsObservation struct { // will inherit the size of its base image. Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. + // The type of reservation from which this instance can consume resources. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type InitializeParamsParameters struct { + // Whether this disk is using confidential compute mode. + // Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + // +kubebuilder:validation:Optional + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // The image from which to initialize this disk. This can be // one of: the image's self_link, projects/{project}/global/images/{image}, // projects/{project}/global/images/family/{family}, global/images/{image}, @@ -480,9 +533,31 @@ type InitializeParamsParameters struct { ImageSelector *v1.Selector `json:"imageSelector,omitempty" tf:"-"` // A map of key/value label pairs to assign to the instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +kubebuilder:validation:Optional Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` + // Indicates how many IOPS to provision for the disk. + // This sets the number of I/O operations per second that the disk can handle. + // For more details,see the Hyperdisk documentation. + // Note: Updating currently is only supported for hyperdisk skus via disk update + // api/gcloud without the need to delete and recreate the disk, hyperdisk allows + // for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + // you'll need to manually delete and recreate it. + // +kubebuilder:validation:Optional + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // Indicates how much throughput to provision for the disk. + // This sets the number of throughput mb per second that the disk can handle. + // For more details,see the Hyperdisk documentation. + // Note: Updating currently is only supported for hyperdisk skus via disk update + // api/gcloud without the need to delete and recreate the disk, hyperdisk allows + // for an update of throughput every 4 hours. To update your hyperdisk more + // frequently, you'll need to manually delete and recreate it. + // +kubebuilder:validation:Optional + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. // +kubebuilder:validation:Optional // +mapType=granular @@ -493,7 +568,7 @@ type InitializeParamsParameters struct { // +kubebuilder:validation:Optional Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. + // The type of reservation from which this instance can consume resources. // +kubebuilder:validation:Optional Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -630,6 +705,8 @@ type InstanceInitParameters struct { Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` // A map of key/value label pairs to assign to the instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -745,6 +822,9 @@ type InstanceObservation struct { // "RUNNING" or "TERMINATED". DesiredStatus *string `json:"desiredStatus,omitempty" tf:"desired_status,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Enable Virtual Displays on this instance. // Note: allow_stopping_for_update must be set to true or your instance must have a desired_status of TERMINATED in order to update this field. EnableDisplay *bool `json:"enableDisplay,omitempty" tf:"enable_display,omitempty"` @@ -773,6 +853,8 @@ type InstanceObservation struct { LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` // A map of key/value label pairs to assign to the instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -856,6 +938,10 @@ type InstanceObservation struct { // The unique fingerprint of the tags. TagsFingerprint *string `json:"tagsFingerprint,omitempty" tf:"tags_fingerprint,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The zone that the machine should be created in. If it is not provided, the provider zone is used. Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` } @@ -925,6 +1011,8 @@ type InstanceParameters struct { Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` // A map of key/value label pairs to assign to the instance. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -1083,6 +1171,10 @@ type NetworkInterfaceInitParameters struct { // specified, then this instance will have no external IPv6 Internet access. Structure documented below. IPv6AccessConfig []IPv6AccessConfigInitParameters `json:"ipv6AccessConfig,omitempty" tf:"ipv6_access_config,omitempty"` + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // The name or self_link of the network to attach this interface to. // Either network or subnetwork must be provided. If network isn't provided it will // be inferred from the subnetwork. @@ -1160,6 +1252,10 @@ type NetworkInterfaceObservation struct { // This field is always inherited from its subnetwork. IPv6AccessType *string `json:"ipv6AccessType,omitempty" tf:"ipv6_access_type,omitempty"` + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1220,6 +1316,12 @@ type NetworkInterfaceParameters struct { // +kubebuilder:validation:Optional IPv6AccessConfig []IPv6AccessConfigParameters `json:"ipv6AccessConfig,omitempty" tf:"ipv6_access_config,omitempty"` + // +kubebuilder:validation:Optional + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + // +kubebuilder:validation:Optional + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // The name or self_link of the network to attach this interface to. // Either network or subnetwork must be provided. If network isn't provided it will // be inferred from the subnetwork. @@ -1437,7 +1539,7 @@ type SchedulingInitParameters struct { Preemptible *bool `json:"preemptible,omitempty" tf:"preemptible,omitempty"` // Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - // preemptible should be true and auto_restart should be + // preemptible should be true and automatic_restart should be // false. For more info about // SPOT, read here ProvisioningModel *string `json:"provisioningModel,omitempty" tf:"provisioning_model,omitempty"` @@ -1478,7 +1580,7 @@ type SchedulingObservation struct { Preemptible *bool `json:"preemptible,omitempty" tf:"preemptible,omitempty"` // Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - // preemptible should be true and auto_restart should be + // preemptible should be true and automatic_restart should be // false. For more info about // SPOT, read here ProvisioningModel *string `json:"provisioningModel,omitempty" tf:"provisioning_model,omitempty"` @@ -1526,7 +1628,7 @@ type SchedulingParameters struct { Preemptible *bool `json:"preemptible,omitempty" tf:"preemptible,omitempty"` // Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - // preemptible should be true and auto_restart should be + // preemptible should be true and automatic_restart should be // false. For more info about // SPOT, read here // +kubebuilder:validation:Optional @@ -1535,6 +1637,10 @@ type SchedulingParameters struct { type ScratchDiskInitParameters struct { + // Name with which attached disk will be accessible. + // On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + // The disk interface to use for attaching this disk; either SCSI or NVME. Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` @@ -1545,6 +1651,10 @@ type ScratchDiskInitParameters struct { type ScratchDiskObservation struct { + // Name with which attached disk will be accessible. + // On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + // The disk interface to use for attaching this disk; either SCSI or NVME. Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` @@ -1555,6 +1665,11 @@ type ScratchDiskObservation struct { type ScratchDiskParameters struct { + // Name with which attached disk will be accessible. + // On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. + // +kubebuilder:validation:Optional + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + // The disk interface to use for attaching this disk; either SCSI or NVME. // +kubebuilder:validation:Optional Interface *string `json:"interface" tf:"interface,omitempty"` diff --git a/apis/compute/v1beta1/zz_instancefromtemplate_types.go b/apis/compute/v1beta1/zz_instancefromtemplate_types.go index 2c4ef93d2..69eb9ee48 100755 --- a/apis/compute/v1beta1/zz_instancefromtemplate_types.go +++ b/apis/compute/v1beta1/zz_instancefromtemplate_types.go @@ -30,10 +30,16 @@ import ( ) type BootDiskInitializeParamsInitParameters struct { + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + Image *string `json:"image,omitempty" tf:"image,omitempty"` Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -43,10 +49,16 @@ type BootDiskInitializeParamsInitParameters struct { } type BootDiskInitializeParamsObservation struct { + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + Image *string `json:"image,omitempty" tf:"image,omitempty"` Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -57,12 +69,21 @@ type BootDiskInitializeParamsObservation struct { type BootDiskInitializeParamsParameters struct { + // +kubebuilder:validation:Optional + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` + // +kubebuilder:validation:Optional Image *string `json:"image,omitempty" tf:"image,omitempty"` // +kubebuilder:validation:Optional Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` + // +kubebuilder:validation:Optional + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // +kubebuilder:validation:Optional + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // +kubebuilder:validation:Optional // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -352,6 +373,10 @@ type InstanceFromTemplateNetworkInterfaceInitParameters struct { IPv6AccessConfig []NetworkInterfaceIPv6AccessConfigInitParameters `json:"ipv6AccessConfig,omitempty" tf:"ipv6_access_config,omitempty"` + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // +crossplane:generate:reference:type=Network Network *string `json:"network,omitempty" tf:"network,omitempty"` @@ -394,6 +419,10 @@ type InstanceFromTemplateNetworkInterfaceObservation struct { IPv6AccessType *string `json:"ipv6AccessType,omitempty" tf:"ipv6_access_type,omitempty"` + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -424,6 +453,12 @@ type InstanceFromTemplateNetworkInterfaceParameters struct { // +kubebuilder:validation:Optional IPv6AccessConfig []NetworkInterfaceIPv6AccessConfigParameters `json:"ipv6AccessConfig,omitempty" tf:"ipv6_access_config,omitempty"` + // +kubebuilder:validation:Optional + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + // +kubebuilder:validation:Optional + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // +crossplane:generate:reference:type=Network // +kubebuilder:validation:Optional Network *string `json:"network,omitempty" tf:"network,omitempty"` @@ -502,6 +537,9 @@ type InstanceFromTemplateObservation struct { DesiredStatus *string `json:"desiredStatus,omitempty" tf:"desired_status,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + EnableDisplay *bool `json:"enableDisplay,omitempty" tf:"enable_display,omitempty"` GuestAccelerator []InstanceFromTemplateGuestAcceleratorObservation `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` @@ -565,6 +603,9 @@ type InstanceFromTemplateObservation struct { TagsFingerprint *string `json:"tagsFingerprint,omitempty" tf:"tags_fingerprint,omitempty"` + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The zone that the machine should be created in. If not // set, the provider zone is used. Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` @@ -792,12 +833,22 @@ type InstanceFromTemplateSchedulingParameters struct { } type InstanceFromTemplateScratchDiskInitParameters struct { + + // A unique name for the resource, required by GCE. + // Changing this forces a new resource to be created. + DeviceName *string `json:"deviceName,omitempty" tf:"device_name"` + Interface *string `json:"interface,omitempty" tf:"interface"` Size *float64 `json:"size,omitempty" tf:"size"` } type InstanceFromTemplateScratchDiskObservation struct { + + // A unique name for the resource, required by GCE. + // Changing this forces a new resource to be created. + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` Size *float64 `json:"size,omitempty" tf:"size,omitempty"` @@ -805,6 +856,11 @@ type InstanceFromTemplateScratchDiskObservation struct { type InstanceFromTemplateScratchDiskParameters struct { + // A unique name for the resource, required by GCE. + // Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + DeviceName *string `json:"deviceName,omitempty" tf:"device_name"` + // +kubebuilder:validation:Optional Interface *string `json:"interface,omitempty" tf:"interface"` diff --git a/apis/compute/v1beta1/zz_instancegroupmanager_types.go b/apis/compute/v1beta1/zz_instancegroupmanager_types.go index 18bb8c782..f190f1372 100755 --- a/apis/compute/v1beta1/zz_instancegroupmanager_types.go +++ b/apis/compute/v1beta1/zz_instancegroupmanager_types.go @@ -29,6 +29,41 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AllInstancesConfigInitParameters struct { + + // , The label key-value pairs that you want to patch onto the instance. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // , The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata. + // +mapType=granular + Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type AllInstancesConfigObservation struct { + + // , The label key-value pairs that you want to patch onto the instance. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // , The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata. + // +mapType=granular + Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type AllInstancesConfigParameters struct { + + // , The label key-value pairs that you want to patch onto the instance. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // , The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata. + // +kubebuilder:validation:Optional + // +mapType=granular + Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type AutoHealingPoliciesInitParameters struct { // The health check resource that signals autohealing. @@ -83,6 +118,11 @@ type AutoHealingPoliciesParameters struct { type InstanceGroupManagerInitParameters struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + AllInstancesConfig []AllInstancesConfigInitParameters `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // The autohealing policies for this managed instance // group. You can specify only one value. Structure is documented below. For more information, see the official documentation. AutoHealingPolicies []AutoHealingPoliciesInitParameters `json:"autoHealingPolicies,omitempty" tf:"auto_healing_policies,omitempty"` @@ -120,6 +160,12 @@ type InstanceGroupManagerInitParameters struct { // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. StatefulDisk []StatefulDiskInitParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` + // External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulExternalIP []StatefulExternalIPInitParameters `json:"statefulExternalIp,omitempty" tf:"stateful_external_ip,omitempty"` + + // Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulInternalIP []StatefulInternalIPInitParameters `json:"statefulInternalIp,omitempty" tf:"stateful_internal_ip,omitempty"` + // The full URL of all target pools to which new // instances in the group are added. Updating the target pools attribute does // not affect existing instances. @@ -137,8 +183,9 @@ type InstanceGroupManagerInitParameters struct { TargetPoolsSelector *v1.Selector `json:"targetPoolsSelector,omitempty" tf:"-"` // The target number of running instances for this managed - // instance group. This value should always be explicitly set unless this resource is attached to - // an autoscaler, in which case it should never be set. Defaults to 0. + // instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + // when using one. If a value is required, such as to specify a creation-time target size for the MIG, + // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API @@ -191,6 +238,11 @@ type InstanceGroupManagerNamedPortParameters struct { type InstanceGroupManagerObservation struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + AllInstancesConfig []AllInstancesConfigObservation `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // The autohealing policies for this managed instance // group. You can specify only one value. Structure is documented below. For more information, see the official documentation. AutoHealingPolicies []AutoHealingPoliciesObservation `json:"autoHealingPolicies,omitempty" tf:"auto_healing_policies,omitempty"` @@ -203,6 +255,8 @@ type InstanceGroupManagerObservation struct { // name. BaseInstanceName *string `json:"baseInstanceName,omitempty" tf:"base_instance_name,omitempty"` + CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` + // An optional textual description of the instance // group manager. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -242,6 +296,12 @@ type InstanceGroupManagerObservation struct { // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. StatefulDisk []StatefulDiskObservation `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` + // External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulExternalIP []StatefulExternalIPObservation `json:"statefulExternalIp,omitempty" tf:"stateful_external_ip,omitempty"` + + // Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulInternalIP []StatefulInternalIPObservation `json:"statefulInternalIp,omitempty" tf:"stateful_internal_ip,omitempty"` + // The status of this managed instance group. Status []StatusObservation `json:"status,omitempty" tf:"status,omitempty"` @@ -252,8 +312,9 @@ type InstanceGroupManagerObservation struct { TargetPools []*string `json:"targetPools,omitempty" tf:"target_pools,omitempty"` // The target number of running instances for this managed - // instance group. This value should always be explicitly set unless this resource is attached to - // an autoscaler, in which case it should never be set. Defaults to 0. + // instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + // when using one. If a value is required, such as to specify a creation-time target size for the MIG, + // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API @@ -281,6 +342,12 @@ type InstanceGroupManagerObservation struct { type InstanceGroupManagerParameters struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + // +kubebuilder:validation:Optional + AllInstancesConfig []AllInstancesConfigParameters `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // The autohealing policies for this managed instance // group. You can specify only one value. Structure is documented below. For more information, see the official documentation. // +kubebuilder:validation:Optional @@ -326,6 +393,14 @@ type InstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional StatefulDisk []StatefulDiskParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` + // External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + // +kubebuilder:validation:Optional + StatefulExternalIP []StatefulExternalIPParameters `json:"statefulExternalIp,omitempty" tf:"stateful_external_ip,omitempty"` + + // Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + // +kubebuilder:validation:Optional + StatefulInternalIP []StatefulInternalIPParameters `json:"statefulInternalIp,omitempty" tf:"stateful_internal_ip,omitempty"` + // The full URL of all target pools to which new // instances in the group are added. Updating the target pools attribute does // not affect existing instances. @@ -344,8 +419,9 @@ type InstanceGroupManagerParameters struct { TargetPoolsSelector *v1.Selector `json:"targetPoolsSelector,omitempty" tf:"-"` // The target number of running instances for this managed - // instance group. This value should always be explicitly set unless this resource is attached to - // an autoscaler, in which case it should never be set. Defaults to 0. + // instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + // when using one. If a value is required, such as to specify a creation-time target size for the MIG, + // lifecycle. Defaults to 0. // +kubebuilder:validation:Optional TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` @@ -437,9 +513,67 @@ type StatefulDiskParameters struct { DeviceName *string `json:"deviceName" tf:"device_name,omitempty"` } +type StatefulExternalIPInitParameters struct { + + // , A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the external Ip. Possible value: nic0 + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type StatefulExternalIPObservation struct { + + // , A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the external Ip. Possible value: nic0 + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type StatefulExternalIPParameters struct { + + // , A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group. + // +kubebuilder:validation:Optional + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the external Ip. Possible value: nic0 + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + type StatefulInitParameters struct { } +type StatefulInternalIPInitParameters struct { + + // , A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the internal Ip. Possible value: nic0 + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type StatefulInternalIPObservation struct { + + // , A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the internal Ip. Possible value: nic0 + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type StatefulInternalIPParameters struct { + + // , A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group. + // +kubebuilder:validation:Optional + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the internal Ip. Possible value: nic0 + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + type StatefulObservation struct { // A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. @@ -452,11 +586,26 @@ type StatefulObservation struct { type StatefulParameters struct { } +type StatusAllInstancesConfigInitParameters struct { +} + +type StatusAllInstancesConfigObservation struct { + Effective *bool `json:"effective,omitempty" tf:"effective,omitempty"` +} + +type StatusAllInstancesConfigParameters struct { +} + type StatusInitParameters struct { } type StatusObservation struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + AllInstancesConfig []StatusAllInstancesConfigObservation `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified. IsStable *bool `json:"isStable,omitempty" tf:"is_stable,omitempty"` diff --git a/apis/compute/v1beta1/zz_instancetemplate_types.go b/apis/compute/v1beta1/zz_instancetemplate_types.go index ed9e420e5..95de44831 100755 --- a/apis/compute/v1beta1/zz_instancetemplate_types.go +++ b/apis/compute/v1beta1/zz_instancetemplate_types.go @@ -168,19 +168,19 @@ type InstanceTemplateAdvancedMachineFeaturesParameters struct { type InstanceTemplateConfidentialInstanceConfigInitParameters struct { - // Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + // Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` } type InstanceTemplateConfidentialInstanceConfigObservation struct { - // Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + // Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` } type InstanceTemplateConfidentialInstanceConfigParameters struct { - // Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + // Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. // +kubebuilder:validation:Optional EnableConfidentialCompute *bool `json:"enableConfidentialCompute" tf:"enable_confidential_compute,omitempty"` } @@ -231,6 +231,16 @@ type InstanceTemplateDiskInitParameters struct { // read-write mode. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + // Indicates how many IOPS to provision for the disk. This + // sets the number of I/O operations per second that the disk can handle. + // Values must be between 10,000 and 120,000. For more details, see the + // Extreme persistent disk documentation. + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported. ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` @@ -322,6 +332,16 @@ type InstanceTemplateDiskObservation struct { // read-write mode. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + // Indicates how many IOPS to provision for the disk. This + // sets the number of I/O operations per second that the disk can handle. + // Values must be between 10,000 and 120,000. For more details, see the + // Extreme persistent disk documentation. + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported. ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` @@ -414,6 +434,18 @@ type InstanceTemplateDiskParameters struct { // +kubebuilder:validation:Optional Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + // Indicates how many IOPS to provision for the disk. This + // sets the number of I/O operations per second that the disk can handle. + // Values must be between 10,000 and 120,000. For more details, see the + // Extreme persistent disk documentation. + // +kubebuilder:validation:Optional + ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + + // A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. + // +kubebuilder:validation:Optional + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported. // +kubebuilder:validation:Optional ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` @@ -576,6 +608,10 @@ type InstanceTemplateInitParameters struct { // Structure is documented below. ReservationAffinity []InstanceTemplateReservationAffinityInitParameters `json:"reservationAffinity,omitempty" tf:"reservation_affinity,omitempty"` + // A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` @@ -728,6 +764,10 @@ type InstanceTemplateNetworkInterfaceInitParameters struct { // specified, then this instance will have no external IPv6 Internet access. Structure documented below. IPv6AccessConfig []InstanceTemplateNetworkInterfaceIPv6AccessConfigInitParameters `json:"ipv6AccessConfig,omitempty" tf:"ipv6_access_config,omitempty"` + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // The name or self_link of the network to attach this interface to. // Use network attribute for Legacy or Auto subnetted networks and // subnetwork for custom subnetted networks. @@ -793,6 +833,10 @@ type InstanceTemplateNetworkInterfaceObservation struct { IPv6AccessType *string `json:"ipv6AccessType,omitempty" tf:"ipv6_access_type,omitempty"` + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // The name of the instance template. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -844,6 +888,12 @@ type InstanceTemplateNetworkInterfaceParameters struct { // +kubebuilder:validation:Optional IPv6AccessConfig []InstanceTemplateNetworkInterfaceIPv6AccessConfigParameters `json:"ipv6AccessConfig,omitempty" tf:"ipv6_access_config,omitempty"` + // +kubebuilder:validation:Optional + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` + + // +kubebuilder:validation:Optional + InternalIPv6PrefixLength *float64 `json:"internalIpv6PrefixLength,omitempty" tf:"internal_ipv6_prefix_length,omitempty"` + // The name or self_link of the network to attach this interface to. // Use network attribute for Legacy or Auto subnetted networks and // subnetwork for custom subnetted networks. @@ -936,6 +986,9 @@ type InstanceTemplateObservation struct { // documented below. Disk []InstanceTemplateDiskObservation `json:"disk,omitempty" tf:"disk,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // List of the type and count of accelerator cards attached to the instance. Structure documented below. GuestAccelerator []InstanceTemplateGuestAcceleratorObservation `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` @@ -1003,6 +1056,10 @@ type InstanceTemplateObservation struct { // Structure is documented below. ReservationAffinity []InstanceTemplateReservationAffinityObservation `json:"reservationAffinity,omitempty" tf:"reservation_affinity,omitempty"` + // A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` @@ -1030,6 +1087,10 @@ type InstanceTemplateObservation struct { // The unique fingerprint of the tags. TagsFingerprint *string `json:"tagsFingerprint,omitempty" tf:"tags_fingerprint,omitempty"` + + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type InstanceTemplateParameters struct { @@ -1132,6 +1193,11 @@ type InstanceTemplateParameters struct { // +kubebuilder:validation:Optional ReservationAffinity []InstanceTemplateReservationAffinityParameters `json:"reservationAffinity,omitempty" tf:"reservation_affinity,omitempty"` + // A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. + // +kubebuilder:validation:Optional + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. // +kubebuilder:validation:Optional ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` @@ -1250,7 +1316,7 @@ type InstanceTemplateSchedulingInitParameters struct { Preemptible *bool `json:"preemptible,omitempty" tf:"preemptible,omitempty"` // Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - // preemptible should be true and auto_restart should be + // preemptible should be true and automatic_restart should be // false. For more info about // SPOT, read here ProvisioningModel *string `json:"provisioningModel,omitempty" tf:"provisioning_model,omitempty"` @@ -1378,7 +1444,7 @@ type InstanceTemplateSchedulingObservation struct { Preemptible *bool `json:"preemptible,omitempty" tf:"preemptible,omitempty"` // Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - // preemptible should be true and auto_restart should be + // preemptible should be true and automatic_restart should be // false. For more info about // SPOT, read here ProvisioningModel *string `json:"provisioningModel,omitempty" tf:"provisioning_model,omitempty"` @@ -1424,7 +1490,7 @@ type InstanceTemplateSchedulingParameters struct { Preemptible *bool `json:"preemptible,omitempty" tf:"preemptible,omitempty"` // Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - // preemptible should be true and auto_restart should be + // preemptible should be true and automatic_restart should be // false. For more info about // SPOT, read here // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta1/zz_interconnectattachment_types.go b/apis/compute/v1beta1/zz_interconnectattachment_types.go index a7be66058..8a5b3b198 100755 --- a/apis/compute/v1beta1/zz_interconnectattachment_types.go +++ b/apis/compute/v1beta1/zz_interconnectattachment_types.go @@ -114,6 +114,13 @@ type InterconnectAttachmentInitParameters struct { // +kubebuilder:validation:Optional RouterSelector *v1.Selector `json:"routerSelector,omitempty" tf:"-"` + // The stack type for this interconnect attachment to identify whether the IPv6 + // feature is enabled or not. If not specified, IPV4_ONLY will be used. + // This field can be both set at interconnect attachments creation and update + // interconnect attachment operations. + // Possible values are: IPV4_IPV6, IPV4_ONLY. + StackType *string `json:"stackType,omitempty" tf:"stack_type,omitempty"` + // The type of InterconnectAttachment you wish to create. Defaults to // DEDICATED. // Possible values are: DEDICATED, PARTNER, PARTNER_PROVIDER. @@ -238,6 +245,13 @@ type InterconnectAttachmentObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // The stack type for this interconnect attachment to identify whether the IPv6 + // feature is enabled or not. If not specified, IPV4_ONLY will be used. + // This field can be both set at interconnect attachments creation and update + // interconnect attachment operations. + // Possible values are: IPV4_IPV6, IPV4_ONLY. + StackType *string `json:"stackType,omitempty" tf:"stack_type,omitempty"` + // [Output Only] The current state of this attachment's functionality. State *string `json:"state,omitempty" tf:"state,omitempty"` @@ -351,6 +365,14 @@ type InterconnectAttachmentParameters struct { // +kubebuilder:validation:Optional RouterSelector *v1.Selector `json:"routerSelector,omitempty" tf:"-"` + // The stack type for this interconnect attachment to identify whether the IPv6 + // feature is enabled or not. If not specified, IPV4_ONLY will be used. + // This field can be both set at interconnect attachments creation and update + // interconnect attachment operations. + // Possible values are: IPV4_IPV6, IPV4_ONLY. + // +kubebuilder:validation:Optional + StackType *string `json:"stackType,omitempty" tf:"stack_type,omitempty"` + // The type of InterconnectAttachment you wish to create. Defaults to // DEDICATED. // Possible values are: DEDICATED, PARTNER, PARTNER_PROVIDER. diff --git a/apis/compute/v1beta1/zz_network_types.go b/apis/compute/v1beta1/zz_network_types.go index d578b0939..bab5f30c3 100755 --- a/apis/compute/v1beta1/zz_network_types.go +++ b/apis/compute/v1beta1/zz_network_types.go @@ -129,6 +129,9 @@ type NetworkObservation struct { // Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL. NetworkFirewallPolicyEnforcementOrder *string `json:"networkFirewallPolicyEnforcementOrder,omitempty" tf:"network_firewall_policy_enforcement_order,omitempty"` + // The unique identifier for the resource. This identifier is defined by the server. + NumericID *string `json:"numericId,omitempty" tf:"numeric_id,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/compute/v1beta1/zz_networkendpointgroup_types.go b/apis/compute/v1beta1/zz_networkendpointgroup_types.go index 0def23bf5..d4db2e987 100755 --- a/apis/compute/v1beta1/zz_networkendpointgroup_types.go +++ b/apis/compute/v1beta1/zz_networkendpointgroup_types.go @@ -52,9 +52,9 @@ type NetworkEndpointGroupInitParameters struct { // that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, // INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or // CONNECTION balancing modes. - // Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + // Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. // Default value is GCE_VM_IP_PORT. - // Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + // Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. NetworkEndpointType *string `json:"networkEndpointType,omitempty" tf:"network_endpoint_type,omitempty"` // Reference to a Network to populate network. @@ -107,9 +107,9 @@ type NetworkEndpointGroupObservation struct { // that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, // INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or // CONNECTION balancing modes. - // Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + // Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. // Default value is GCE_VM_IP_PORT. - // Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + // Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. NetworkEndpointType *string `json:"networkEndpointType,omitempty" tf:"network_endpoint_type,omitempty"` // The ID of the project in which the resource belongs. @@ -155,9 +155,9 @@ type NetworkEndpointGroupParameters struct { // that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, // INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or // CONNECTION balancing modes. - // Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + // Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. // Default value is GCE_VM_IP_PORT. - // Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + // Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. // +kubebuilder:validation:Optional NetworkEndpointType *string `json:"networkEndpointType,omitempty" tf:"network_endpoint_type,omitempty"` diff --git a/apis/compute/v1beta1/zz_networkfirewallpolicy_types.go b/apis/compute/v1beta1/zz_networkfirewallpolicy_types.go index 3dd5bb9c8..cbd79869c 100755 --- a/apis/compute/v1beta1/zz_networkfirewallpolicy_types.go +++ b/apis/compute/v1beta1/zz_networkfirewallpolicy_types.go @@ -34,7 +34,8 @@ type NetworkFirewallPolicyInitParameters struct { // An optional description of this resource. Provide this property when you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` } @@ -55,7 +56,8 @@ type NetworkFirewallPolicyObservation struct { // The unique identifier for the resource. This identifier is defined by the server. NetworkFirewallPolicyID *string `json:"networkFirewallPolicyId,omitempty" tf:"network_firewall_policy_id,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` // Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. @@ -74,7 +76,8 @@ type NetworkFirewallPolicyParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` } diff --git a/apis/compute/v1beta1/zz_nodegroup_types.go b/apis/compute/v1beta1/zz_nodegroup_types.go index f546e268b..0066807dd 100755 --- a/apis/compute/v1beta1/zz_nodegroup_types.go +++ b/apis/compute/v1beta1/zz_nodegroup_types.go @@ -97,13 +97,14 @@ type NodeGroupInitParameters struct { // If you use sole-tenant nodes for your workloads, you can use the node // group autoscaler to automatically manage the sizes of your node groups. + // One of initial_size or autoscaling_policy must be configured on resource creation. // Structure is documented below. AutoscalingPolicy []NodeGroupAutoscalingPolicyInitParameters `json:"autoscalingPolicy,omitempty" tf:"autoscaling_policy,omitempty"` // An optional textual description of the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The initial number of nodes in the node group. One of initial_size or size must be specified. + // The initial number of nodes in the node group. One of initial_size or autoscaling_policy must be configured on resource creation. InitialSize *float64 `json:"initialSize,omitempty" tf:"initial_size,omitempty"` // Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. @@ -133,15 +134,13 @@ type NodeGroupInitParameters struct { // Share settings for the node group. // Structure is documented below. ShareSettings []ShareSettingsInitParameters `json:"shareSettings,omitempty" tf:"share_settings,omitempty"` - - // The total number of nodes in the node group. One of initial_size or size must be specified. - Size *float64 `json:"size,omitempty" tf:"size,omitempty"` } type NodeGroupObservation struct { // If you use sole-tenant nodes for your workloads, you can use the node // group autoscaler to automatically manage the sizes of your node groups. + // One of initial_size or autoscaling_policy must be configured on resource creation. // Structure is documented below. AutoscalingPolicy []NodeGroupAutoscalingPolicyObservation `json:"autoscalingPolicy,omitempty" tf:"autoscaling_policy,omitempty"` @@ -154,7 +153,7 @@ type NodeGroupObservation struct { // an identifier for the resource with format projects/{{project}}/zones/{{zone}}/nodeGroups/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // The initial number of nodes in the node group. One of initial_size or size must be specified. + // The initial number of nodes in the node group. One of initial_size or autoscaling_policy must be configured on resource creation. InitialSize *float64 `json:"initialSize,omitempty" tf:"initial_size,omitempty"` // Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. @@ -178,7 +177,7 @@ type NodeGroupObservation struct { // Structure is documented below. ShareSettings []ShareSettingsObservation `json:"shareSettings,omitempty" tf:"share_settings,omitempty"` - // The total number of nodes in the node group. One of initial_size or size must be specified. + // The total number of nodes in the node group. Size *float64 `json:"size,omitempty" tf:"size,omitempty"` // Zone where this node group is located @@ -189,6 +188,7 @@ type NodeGroupParameters struct { // If you use sole-tenant nodes for your workloads, you can use the node // group autoscaler to automatically manage the sizes of your node groups. + // One of initial_size or autoscaling_policy must be configured on resource creation. // Structure is documented below. // +kubebuilder:validation:Optional AutoscalingPolicy []NodeGroupAutoscalingPolicyParameters `json:"autoscalingPolicy,omitempty" tf:"autoscaling_policy,omitempty"` @@ -197,7 +197,7 @@ type NodeGroupParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The initial number of nodes in the node group. One of initial_size or size must be specified. + // The initial number of nodes in the node group. One of initial_size or autoscaling_policy must be configured on resource creation. // +kubebuilder:validation:Optional InitialSize *float64 `json:"initialSize,omitempty" tf:"initial_size,omitempty"` @@ -234,10 +234,6 @@ type NodeGroupParameters struct { // +kubebuilder:validation:Optional ShareSettings []ShareSettingsParameters `json:"shareSettings,omitempty" tf:"share_settings,omitempty"` - // The total number of nodes in the node group. One of initial_size or size must be specified. - // +kubebuilder:validation:Optional - Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // Zone where this node group is located // +kubebuilder:validation:Required Zone *string `json:"zone" tf:"zone,omitempty"` diff --git a/apis/compute/v1beta1/zz_perinstanceconfig_types.go b/apis/compute/v1beta1/zz_perinstanceconfig_types.go index 7d244b607..582d5ad97 100755 --- a/apis/compute/v1beta1/zz_perinstanceconfig_types.go +++ b/apis/compute/v1beta1/zz_perinstanceconfig_types.go @@ -29,6 +29,140 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type ExternalIPInitParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []IPAddressInitParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type ExternalIPObservation struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []IPAddressObservation `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type ExternalIPParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + // +kubebuilder:validation:Optional + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + // +kubebuilder:validation:Optional + IPAddress []IPAddressParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName" tf:"interface_name,omitempty"` +} + +type IPAddressInitParameters struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type IPAddressObservation struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type IPAddressParameters struct { + + // The URL of the reservation for this IP address. + // +kubebuilder:validation:Optional + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type InternalIPIPAddressInitParameters struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type InternalIPIPAddressObservation struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type InternalIPIPAddressParameters struct { + + // The URL of the reservation for this IP address. + // +kubebuilder:validation:Optional + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type InternalIPInitParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []InternalIPIPAddressInitParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type InternalIPObservation struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []InternalIPIPAddressObservation `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type InternalIPParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + // +kubebuilder:validation:Optional + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + // +kubebuilder:validation:Optional + IPAddress []InternalIPIPAddressParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName" tf:"interface_name,omitempty"` +} + type PerInstanceConfigInitParameters struct { // The instance group manager this instance config is part of. @@ -62,6 +196,10 @@ type PerInstanceConfigInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // When true, deleting this config will immediately remove the underlying instance. + // When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + RemoveInstanceOnDestroy *bool `json:"removeInstanceOnDestroy,omitempty" tf:"remove_instance_on_destroy,omitempty"` + // When true, deleting this config will immediately remove any specified state from the underlying instance. // When false, deleting this config will not immediately remove any state from the underlying instance. // State will be removed on the next instance recreation or update. @@ -108,6 +246,10 @@ type PerInstanceConfigObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // When true, deleting this config will immediately remove the underlying instance. + // When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + RemoveInstanceOnDestroy *bool `json:"removeInstanceOnDestroy,omitempty" tf:"remove_instance_on_destroy,omitempty"` + // When true, deleting this config will immediately remove any specified state from the underlying instance. // When false, deleting this config will not immediately remove any state from the underlying instance. // State will be removed on the next instance recreation or update. @@ -156,6 +298,11 @@ type PerInstanceConfigParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // When true, deleting this config will immediately remove the underlying instance. + // When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + // +kubebuilder:validation:Optional + RemoveInstanceOnDestroy *bool `json:"removeInstanceOnDestroy,omitempty" tf:"remove_instance_on_destroy,omitempty"` + // When true, deleting this config will immediately remove any specified state from the underlying instance. // When false, deleting this config will not immediately remove any state from the underlying instance. // State will be removed on the next instance recreation or update. @@ -279,6 +426,14 @@ type PreservedStateInitParameters struct { // Structure is documented below. Disk []PreservedStateDiskInitParameters `json:"disk,omitempty" tf:"disk,omitempty"` + // Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + ExternalIP []ExternalIPInitParameters `json:"externalIp,omitempty" tf:"external_ip,omitempty"` + + // Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + InternalIP []InternalIPInitParameters `json:"internalIp,omitempty" tf:"internal_ip,omitempty"` + // Preserved metadata defined for this instance. This is a list of key->value pairs. // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -290,6 +445,14 @@ type PreservedStateObservation struct { // Structure is documented below. Disk []PreservedStateDiskObservation `json:"disk,omitempty" tf:"disk,omitempty"` + // Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + ExternalIP []ExternalIPObservation `json:"externalIp,omitempty" tf:"external_ip,omitempty"` + + // Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + InternalIP []InternalIPObservation `json:"internalIp,omitempty" tf:"internal_ip,omitempty"` + // Preserved metadata defined for this instance. This is a list of key->value pairs. // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -302,6 +465,16 @@ type PreservedStateParameters struct { // +kubebuilder:validation:Optional Disk []PreservedStateDiskParameters `json:"disk,omitempty" tf:"disk,omitempty"` + // Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + // +kubebuilder:validation:Optional + ExternalIP []ExternalIPParameters `json:"externalIp,omitempty" tf:"external_ip,omitempty"` + + // Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + // +kubebuilder:validation:Optional + InternalIP []InternalIPParameters `json:"internalIp,omitempty" tf:"internal_ip,omitempty"` + // Preserved metadata defined for this instance. This is a list of key->value pairs. // +kubebuilder:validation:Optional // +mapType=granular diff --git a/apis/compute/v1beta1/zz_regionautoscaler_types.go b/apis/compute/v1beta1/zz_regionautoscaler_types.go index 64973b457..b033bd652 100755 --- a/apis/compute/v1beta1/zz_regionautoscaler_types.go +++ b/apis/compute/v1beta1/zz_regionautoscaler_types.go @@ -276,8 +276,6 @@ type RegionAutoscalerAutoscalingPolicyInitParameters struct { MinReplicas *float64 `json:"minReplicas,omitempty" tf:"min_replicas,omitempty"` // Defines operating mode for this policy. - // Default value is ON. - // Possible values are: OFF, ONLY_UP, ON. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` // Defines scale in controls to reduce the risk of response latency @@ -330,8 +328,6 @@ type RegionAutoscalerAutoscalingPolicyObservation struct { MinReplicas *float64 `json:"minReplicas,omitempty" tf:"min_replicas,omitempty"` // Defines operating mode for this policy. - // Default value is ON. - // Possible values are: OFF, ONLY_UP, ON. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` // Defines scale in controls to reduce the risk of response latency @@ -390,8 +386,6 @@ type RegionAutoscalerAutoscalingPolicyParameters struct { MinReplicas *float64 `json:"minReplicas" tf:"min_replicas,omitempty"` // Defines operating mode for this policy. - // Default value is ON. - // Possible values are: OFF, ONLY_UP, ON. // +kubebuilder:validation:Optional Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` diff --git a/apis/compute/v1beta1/zz_regiondisk_types.go b/apis/compute/v1beta1/zz_regiondisk_types.go index d56169d0d..daba21d22 100755 --- a/apis/compute/v1beta1/zz_regiondisk_types.go +++ b/apis/compute/v1beta1/zz_regiondisk_types.go @@ -232,6 +232,10 @@ type RegionDiskObservation struct { // Structure is documented below. DiskEncryptionKey []RegionDiskDiskEncryptionKeyObservation `json:"diskEncryptionKey,omitempty" tf:"disk_encryption_key,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // A list of features to enable on the guest operating system. // Applicable only for bootable disks. // Structure is documented below. @@ -314,6 +318,11 @@ type RegionDiskObservation struct { // used. SourceSnapshotID *string `json:"sourceSnapshotId,omitempty" tf:"source_snapshot_id,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // URL of the disk type resource describing which disk type to use to // create the disk. Provide this when creating the disk. Type *string `json:"type,omitempty" tf:"type,omitempty"` diff --git a/apis/compute/v1beta1/zz_regioninstancegroupmanager_types.go b/apis/compute/v1beta1/zz_regioninstancegroupmanager_types.go index 716d49981..78845847d 100755 --- a/apis/compute/v1beta1/zz_regioninstancegroupmanager_types.go +++ b/apis/compute/v1beta1/zz_regioninstancegroupmanager_types.go @@ -29,6 +29,41 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type RegionInstanceGroupManagerAllInstancesConfigInitParameters struct { + + // , The label key-value pairs that you want to patch onto the instance. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // , The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata. + // +mapType=granular + Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RegionInstanceGroupManagerAllInstancesConfigObservation struct { + + // , The label key-value pairs that you want to patch onto the instance. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // , The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata. + // +mapType=granular + Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RegionInstanceGroupManagerAllInstancesConfigParameters struct { + + // , The label key-value pairs that you want to patch onto the instance. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // , The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata. + // +kubebuilder:validation:Optional + // +mapType=granular + Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type RegionInstanceGroupManagerAutoHealingPoliciesInitParameters struct { // The health check resource that signals autohealing. @@ -83,6 +118,11 @@ type RegionInstanceGroupManagerAutoHealingPoliciesParameters struct { type RegionInstanceGroupManagerInitParameters struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + AllInstancesConfig []RegionInstanceGroupManagerAllInstancesConfigInitParameters `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // The autohealing policies for this managed instance // group. You can specify only one value. Structure is documented below. For more information, see the official documentation. AutoHealingPolicies []RegionInstanceGroupManagerAutoHealingPoliciesInitParameters `json:"autoHealingPolicies,omitempty" tf:"auto_healing_policies,omitempty"` @@ -137,6 +177,12 @@ type RegionInstanceGroupManagerInitParameters struct { // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy. StatefulDisk []RegionInstanceGroupManagerStatefulDiskInitParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` + // External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulExternalIP []RegionInstanceGroupManagerStatefulExternalIPInitParameters `json:"statefulExternalIp,omitempty" tf:"stateful_external_ip,omitempty"` + + // Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulInternalIP []RegionInstanceGroupManagerStatefulInternalIPInitParameters `json:"statefulInternalIp,omitempty" tf:"stateful_internal_ip,omitempty"` + // The full URL of all target pools to which new // instances in the group are added. Updating the target pools attribute does // not affect existing instances. @@ -154,8 +200,9 @@ type RegionInstanceGroupManagerInitParameters struct { TargetPoolsSelector *v1.Selector `json:"targetPoolsSelector,omitempty" tf:"-"` // The target number of running instances for this managed - // instance group. This value should always be explicitly set unless this resource is attached to - // an autoscaler, in which case it should never be set. Defaults to 0. + // instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + // when using one. If a value is required, such as to specify a creation-time target size for the MIG, + // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API @@ -227,6 +274,11 @@ type RegionInstanceGroupManagerNamedPortParameters struct { type RegionInstanceGroupManagerObservation struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + AllInstancesConfig []RegionInstanceGroupManagerAllInstancesConfigObservation `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // The autohealing policies for this managed instance // group. You can specify only one value. Structure is documented below. For more information, see the official documentation. AutoHealingPolicies []RegionInstanceGroupManagerAutoHealingPoliciesObservation `json:"autoHealingPolicies,omitempty" tf:"auto_healing_policies,omitempty"` @@ -239,6 +291,8 @@ type RegionInstanceGroupManagerObservation struct { // name. BaseInstanceName *string `json:"baseInstanceName,omitempty" tf:"base_instance_name,omitempty"` + CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` + // An optional textual description of the instance // group manager. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -254,7 +308,7 @@ type RegionInstanceGroupManagerObservation struct { // The fingerprint of the instance group manager. Fingerprint *string `json:"fingerprint,omitempty" tf:"fingerprint,omitempty"` - // an identifier for the resource with format {{disk.name}} + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // The full URL of the instance group created by the manager. @@ -293,6 +347,12 @@ type RegionInstanceGroupManagerObservation struct { // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy. StatefulDisk []RegionInstanceGroupManagerStatefulDiskObservation `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` + // External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulExternalIP []RegionInstanceGroupManagerStatefulExternalIPObservation `json:"statefulExternalIp,omitempty" tf:"stateful_external_ip,omitempty"` + + // Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + StatefulInternalIP []RegionInstanceGroupManagerStatefulInternalIPObservation `json:"statefulInternalIp,omitempty" tf:"stateful_internal_ip,omitempty"` + Status []RegionInstanceGroupManagerStatusObservation `json:"status,omitempty" tf:"status,omitempty"` // The full URL of all target pools to which new @@ -302,8 +362,9 @@ type RegionInstanceGroupManagerObservation struct { TargetPools []*string `json:"targetPools,omitempty" tf:"target_pools,omitempty"` // The target number of running instances for this managed - // instance group. This value should always be explicitly set unless this resource is attached to - // an autoscaler, in which case it should never be set. Defaults to 0. + // instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + // when using one. If a value is required, such as to specify a creation-time target size for the MIG, + // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API @@ -327,6 +388,12 @@ type RegionInstanceGroupManagerObservation struct { type RegionInstanceGroupManagerParameters struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + // +kubebuilder:validation:Optional + AllInstancesConfig []RegionInstanceGroupManagerAllInstancesConfigParameters `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // The autohealing policies for this managed instance // group. You can specify only one value. Structure is documented below. For more information, see the official documentation. // +kubebuilder:validation:Optional @@ -393,6 +460,14 @@ type RegionInstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional StatefulDisk []RegionInstanceGroupManagerStatefulDiskParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` + // External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + // +kubebuilder:validation:Optional + StatefulExternalIP []RegionInstanceGroupManagerStatefulExternalIPParameters `json:"statefulExternalIp,omitempty" tf:"stateful_external_ip,omitempty"` + + // Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below. + // +kubebuilder:validation:Optional + StatefulInternalIP []RegionInstanceGroupManagerStatefulInternalIPParameters `json:"statefulInternalIp,omitempty" tf:"stateful_internal_ip,omitempty"` + // The full URL of all target pools to which new // instances in the group are added. Updating the target pools attribute does // not affect existing instances. @@ -411,8 +486,9 @@ type RegionInstanceGroupManagerParameters struct { TargetPoolsSelector *v1.Selector `json:"targetPoolsSelector,omitempty" tf:"-"` // The target number of running instances for this managed - // instance group. This value should always be explicitly set unless this resource is attached to - // an autoscaler, in which case it should never be set. Defaults to 0. + // instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + // when using one. If a value is required, such as to specify a creation-time target size for the MIG, + // lifecycle. Defaults to 0. // +kubebuilder:validation:Optional TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` @@ -468,11 +544,84 @@ type RegionInstanceGroupManagerStatefulDiskParameters struct { DeviceName *string `json:"deviceName" tf:"device_name,omitempty"` } +type RegionInstanceGroupManagerStatefulExternalIPInitParameters struct { + + // , A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the external Ip. Possible value: nic0. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type RegionInstanceGroupManagerStatefulExternalIPObservation struct { + + // , A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the external Ip. Possible value: nic0. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type RegionInstanceGroupManagerStatefulExternalIPParameters struct { + + // , A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group. + // +kubebuilder:validation:Optional + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the external Ip. Possible value: nic0. + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type RegionInstanceGroupManagerStatefulInternalIPInitParameters struct { + + // , A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the internal Ip. Possible value: nic0. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type RegionInstanceGroupManagerStatefulInternalIPObservation struct { + + // , A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group. + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the internal Ip. Possible value: nic0. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type RegionInstanceGroupManagerStatefulInternalIPParameters struct { + + // , A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group. + // +kubebuilder:validation:Optional + DeleteRule *string `json:"deleteRule,omitempty" tf:"delete_rule,omitempty"` + + // , The network interface name of the internal Ip. Possible value: nic0. + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters struct { +} + +type RegionInstanceGroupManagerStatusAllInstancesConfigObservation struct { + Effective *bool `json:"effective,omitempty" tf:"effective,omitempty"` +} + +type RegionInstanceGroupManagerStatusAllInstancesConfigParameters struct { +} + type RegionInstanceGroupManagerStatusInitParameters struct { } type RegionInstanceGroupManagerStatusObservation struct { + // Properties to set on all instances in the group. After setting + // allInstancesConfig on the group, you must update the group's instances to + // apply the configuration. + AllInstancesConfig []RegionInstanceGroupManagerStatusAllInstancesConfigObservation `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` + // A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified. IsStable *bool `json:"isStable,omitempty" tf:"is_stable,omitempty"` diff --git a/apis/compute/v1beta1/zz_regionnetworkendpointgroup_types.go b/apis/compute/v1beta1/zz_regionnetworkendpointgroup_types.go index 48e1e4fa2..5af317489 100755 --- a/apis/compute/v1beta1/zz_regionnetworkendpointgroup_types.go +++ b/apis/compute/v1beta1/zz_regionnetworkendpointgroup_types.go @@ -258,17 +258,17 @@ type CloudRunParameters struct { type RegionNetworkEndpointGroupInitParameters struct { - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. AppEngine []AppEngineInitParameters `json:"appEngine,omitempty" tf:"app_engine,omitempty"` - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. CloudFunction []CloudFunctionInitParameters `json:"cloudFunction,omitempty" tf:"cloud_function,omitempty"` - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. CloudRun []CloudRunInitParameters `json:"cloudRun,omitempty" tf:"cloud_run,omitempty"` @@ -277,16 +277,16 @@ type RegionNetworkEndpointGroupInitParameters struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // This field is only used for PSC. + // This field is only used for PSC and INTERNET NEGs. // The URL of the network to which all network endpoints in the NEG belong. Uses // "default" project network if unspecified. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) Network *string `json:"network,omitempty" tf:"network,omitempty"` - // Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + // Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. // Default value is SERVERLESS. - // Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + // Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. NetworkEndpointType *string `json:"networkEndpointType,omitempty" tf:"network_endpoint_type,omitempty"` // Reference to a Network in compute to populate network. @@ -301,6 +301,7 @@ type RegionNetworkEndpointGroupInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // This field is only used for PSC and INTERNET NEGs. // The target service url used to set up private service connection to // a Google API or a PSC Producer Service Attachment. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.ServiceAttachment @@ -315,7 +316,7 @@ type RegionNetworkEndpointGroupInitParameters struct { // +kubebuilder:validation:Optional PscTargetServiceSelector *v1.Selector `json:"pscTargetServiceSelector,omitempty" tf:"-"` - // This field is only used for PSC. + // This field is only used for PSC NEGs. // Optional URL of the subnetwork to which all network endpoints in the NEG belong. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Subnetwork // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) @@ -332,17 +333,17 @@ type RegionNetworkEndpointGroupInitParameters struct { type RegionNetworkEndpointGroupObservation struct { - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. AppEngine []AppEngineObservation `json:"appEngine,omitempty" tf:"app_engine,omitempty"` - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. CloudFunction []CloudFunctionObservation `json:"cloudFunction,omitempty" tf:"cloud_function,omitempty"` - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. CloudRun []CloudRunObservation `json:"cloudRun,omitempty" tf:"cloud_run,omitempty"` @@ -354,50 +355,51 @@ type RegionNetworkEndpointGroupObservation struct { // an identifier for the resource with format projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // This field is only used for PSC. + // This field is only used for PSC and INTERNET NEGs. // The URL of the network to which all network endpoints in the NEG belong. Uses // "default" project network if unspecified. Network *string `json:"network,omitempty" tf:"network,omitempty"` - // Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + // Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. // Default value is SERVERLESS. - // Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + // Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. NetworkEndpointType *string `json:"networkEndpointType,omitempty" tf:"network_endpoint_type,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // This field is only used for PSC and INTERNET NEGs. // The target service url used to set up private service connection to // a Google API or a PSC Producer Service Attachment. PscTargetService *string `json:"pscTargetService,omitempty" tf:"psc_target_service,omitempty"` - // A reference to the region where the Serverless NEGs Reside. + // A reference to the region where the regional NEGs reside. Region *string `json:"region,omitempty" tf:"region,omitempty"` // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` - // This field is only used for PSC. + // This field is only used for PSC NEGs. // Optional URL of the subnetwork to which all network endpoints in the NEG belong. Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` } type RegionNetworkEndpointGroupParameters struct { - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. // +kubebuilder:validation:Optional AppEngine []AppEngineParameters `json:"appEngine,omitempty" tf:"app_engine,omitempty"` - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. // +kubebuilder:validation:Optional CloudFunction []CloudFunctionParameters `json:"cloudFunction,omitempty" tf:"cloud_function,omitempty"` - // Only valid when networkEndpointType is "SERVERLESS". + // This field is only used for SERVERLESS NEGs. // Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. // Structure is documented below. // +kubebuilder:validation:Optional @@ -408,7 +410,7 @@ type RegionNetworkEndpointGroupParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // This field is only used for PSC. + // This field is only used for PSC and INTERNET NEGs. // The URL of the network to which all network endpoints in the NEG belong. Uses // "default" project network if unspecified. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network @@ -416,9 +418,9 @@ type RegionNetworkEndpointGroupParameters struct { // +kubebuilder:validation:Optional Network *string `json:"network,omitempty" tf:"network,omitempty"` - // Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + // Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. // Default value is SERVERLESS. - // Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + // Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. // +kubebuilder:validation:Optional NetworkEndpointType *string `json:"networkEndpointType,omitempty" tf:"network_endpoint_type,omitempty"` @@ -435,6 +437,7 @@ type RegionNetworkEndpointGroupParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // This field is only used for PSC and INTERNET NEGs. // The target service url used to set up private service connection to // a Google API or a PSC Producer Service Attachment. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.ServiceAttachment @@ -450,11 +453,11 @@ type RegionNetworkEndpointGroupParameters struct { // +kubebuilder:validation:Optional PscTargetServiceSelector *v1.Selector `json:"pscTargetServiceSelector,omitempty" tf:"-"` - // A reference to the region where the Serverless NEGs Reside. + // A reference to the region where the regional NEGs reside. // +kubebuilder:validation:Required Region *string `json:"region" tf:"region,omitempty"` - // This field is only used for PSC. + // This field is only used for PSC NEGs. // Optional URL of the subnetwork to which all network endpoints in the NEG belong. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Subnetwork // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) @@ -497,7 +500,7 @@ type RegionNetworkEndpointGroupStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// RegionNetworkEndpointGroup is the Schema for the RegionNetworkEndpointGroups API. A regional NEG that can support Serverless Products. +// RegionNetworkEndpointGroup is the Schema for the RegionNetworkEndpointGroups API. A regional NEG that can support Serverless Products and proxying traffic to external backends. // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/compute/v1beta1/zz_regionnetworkfirewallpolicy_types.go b/apis/compute/v1beta1/zz_regionnetworkfirewallpolicy_types.go index 58758fd5b..41ce0f340 100755 --- a/apis/compute/v1beta1/zz_regionnetworkfirewallpolicy_types.go +++ b/apis/compute/v1beta1/zz_regionnetworkfirewallpolicy_types.go @@ -34,7 +34,8 @@ type RegionNetworkFirewallPolicyInitParameters struct { // An optional description of this resource. Provide this property when you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` } @@ -52,10 +53,11 @@ type RegionNetworkFirewallPolicyObservation struct { // an identifier for the resource with format projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The location of this resource. + // The region of this resource. Region *string `json:"region,omitempty" tf:"region,omitempty"` // The unique identifier for the resource. This identifier is defined by the server. @@ -77,11 +79,12 @@ type RegionNetworkFirewallPolicyParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The location of this resource. + // The region of this resource. // +kubebuilder:validation:Optional Region *string `json:"region,omitempty" tf:"region,omitempty"` } diff --git a/apis/compute/v1beta1/zz_regionperinstanceconfig_types.go b/apis/compute/v1beta1/zz_regionperinstanceconfig_types.go index 7fe62c107..fa579acc4 100755 --- a/apis/compute/v1beta1/zz_regionperinstanceconfig_types.go +++ b/apis/compute/v1beta1/zz_regionperinstanceconfig_types.go @@ -29,6 +29,140 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type ExternalIPIPAddressInitParameters struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type ExternalIPIPAddressObservation struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type ExternalIPIPAddressParameters struct { + + // The URL of the reservation for this IP address. + // +kubebuilder:validation:Optional + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type PreservedStateExternalIPInitParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []ExternalIPIPAddressInitParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type PreservedStateExternalIPObservation struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []ExternalIPIPAddressObservation `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type PreservedStateExternalIPParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + // +kubebuilder:validation:Optional + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + // +kubebuilder:validation:Optional + IPAddress []ExternalIPIPAddressParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName" tf:"interface_name,omitempty"` +} + +type PreservedStateInternalIPIPAddressInitParameters struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type PreservedStateInternalIPIPAddressObservation struct { + + // The URL of the reservation for this IP address. + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type PreservedStateInternalIPIPAddressParameters struct { + + // The URL of the reservation for this IP address. + // +kubebuilder:validation:Optional + Address *string `json:"address,omitempty" tf:"address,omitempty"` +} + +type PreservedStateInternalIPInitParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []PreservedStateInternalIPIPAddressInitParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type PreservedStateInternalIPObservation struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + IPAddress []PreservedStateInternalIPIPAddressObservation `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + InterfaceName *string `json:"interfaceName,omitempty" tf:"interface_name,omitempty"` +} + +type PreservedStateInternalIPParameters struct { + + // These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + // Default value is NEVER. + // Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + // +kubebuilder:validation:Optional + AutoDelete *string `json:"autoDelete,omitempty" tf:"auto_delete,omitempty"` + + // Ip address representation + // Structure is documented below. + // +kubebuilder:validation:Optional + IPAddress []PreservedStateInternalIPIPAddressParameters `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + InterfaceName *string `json:"interfaceName" tf:"interface_name,omitempty"` +} + type RegionPerInstanceConfigInitParameters struct { // The minimal action to perform on the instance during an update. @@ -76,6 +210,10 @@ type RegionPerInstanceConfigInitParameters struct { // +kubebuilder:validation:Optional RegionSelector *v1.Selector `json:"regionSelector,omitempty" tf:"-"` + // When true, deleting this config will immediately remove the underlying instance. + // When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + RemoveInstanceOnDestroy *bool `json:"removeInstanceOnDestroy,omitempty" tf:"remove_instance_on_destroy,omitempty"` + // When true, deleting this config will immediately remove any specified state from the underlying instance. // When false, deleting this config will not immediately remove any state from the underlying instance. // State will be removed on the next instance recreation or update. @@ -112,6 +250,10 @@ type RegionPerInstanceConfigObservation struct { // The region instance group manager this instance config is part of. RegionInstanceGroupManager *string `json:"regionInstanceGroupManager,omitempty" tf:"region_instance_group_manager,omitempty"` + // When true, deleting this config will immediately remove the underlying instance. + // When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + RemoveInstanceOnDestroy *bool `json:"removeInstanceOnDestroy,omitempty" tf:"remove_instance_on_destroy,omitempty"` + // When true, deleting this config will immediately remove any specified state from the underlying instance. // When false, deleting this config will not immediately remove any state from the underlying instance. // State will be removed on the next instance recreation or update. @@ -172,6 +314,11 @@ type RegionPerInstanceConfigParameters struct { // +kubebuilder:validation:Optional RegionSelector *v1.Selector `json:"regionSelector,omitempty" tf:"-"` + // When true, deleting this config will immediately remove the underlying instance. + // When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + // +kubebuilder:validation:Optional + RemoveInstanceOnDestroy *bool `json:"removeInstanceOnDestroy,omitempty" tf:"remove_instance_on_destroy,omitempty"` + // When true, deleting this config will immediately remove any specified state from the underlying instance. // When false, deleting this config will not immediately remove any state from the underlying instance. // State will be removed on the next instance recreation or update. @@ -281,6 +428,14 @@ type RegionPerInstanceConfigPreservedStateInitParameters struct { // Structure is documented below. Disk []RegionPerInstanceConfigPreservedStateDiskInitParameters `json:"disk,omitempty" tf:"disk,omitempty"` + // Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + ExternalIP []PreservedStateExternalIPInitParameters `json:"externalIp,omitempty" tf:"external_ip,omitempty"` + + // Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + InternalIP []PreservedStateInternalIPInitParameters `json:"internalIp,omitempty" tf:"internal_ip,omitempty"` + // Preserved metadata defined for this instance. This is a list of key->value pairs. // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -292,6 +447,14 @@ type RegionPerInstanceConfigPreservedStateObservation struct { // Structure is documented below. Disk []RegionPerInstanceConfigPreservedStateDiskObservation `json:"disk,omitempty" tf:"disk,omitempty"` + // Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + ExternalIP []PreservedStateExternalIPObservation `json:"externalIp,omitempty" tf:"external_ip,omitempty"` + + // Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + InternalIP []PreservedStateInternalIPObservation `json:"internalIp,omitempty" tf:"internal_ip,omitempty"` + // Preserved metadata defined for this instance. This is a list of key->value pairs. // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -304,6 +467,16 @@ type RegionPerInstanceConfigPreservedStateParameters struct { // +kubebuilder:validation:Optional Disk []RegionPerInstanceConfigPreservedStateDiskParameters `json:"disk,omitempty" tf:"disk,omitempty"` + // Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + // +kubebuilder:validation:Optional + ExternalIP []PreservedStateExternalIPParameters `json:"externalIp,omitempty" tf:"external_ip,omitempty"` + + // Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + // Structure is documented below. + // +kubebuilder:validation:Optional + InternalIP []PreservedStateInternalIPParameters `json:"internalIp,omitempty" tf:"internal_ip,omitempty"` + // Preserved metadata defined for this instance. This is a list of key->value pairs. // +kubebuilder:validation:Optional // +mapType=granular diff --git a/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go b/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go index 2a8a000ed..3b776ab63 100755 --- a/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go +++ b/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go @@ -31,6 +31,12 @@ import ( type RegionTargetHTTPSProxyInitParameters struct { + // URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates fields can not be defined together. + // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + CertificateManagerCertificates []*string `json:"certificateManagerCertificates,omitempty" tf:"certificate_manager_certificates,omitempty"` + // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -38,9 +44,9 @@ type RegionTargetHTTPSProxyInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // A list of RegionSslCertificate resources that are used to authenticate - // connections between users and the load balancer. Currently, exactly - // one SSL certificate must be specified. + // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + // sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. // +crossplane:generate:reference:type=RegionSSLCertificate SSLCertificates []*string `json:"sslCertificates,omitempty" tf:"ssl_certificates,omitempty"` @@ -52,6 +58,11 @@ type RegionTargetHTTPSProxyInitParameters struct { // +kubebuilder:validation:Optional SSLCertificatesSelector *v1.Selector `json:"sslCertificatesSelector,omitempty" tf:"-"` + // A reference to the Region SslPolicy resource that will be associated with + // the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + // resource will not have any SSL policy configured. + SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // A reference to the RegionUrlMap resource that defines the mapping from URL // to the RegionBackendService. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.RegionURLMap @@ -69,6 +80,12 @@ type RegionTargetHTTPSProxyInitParameters struct { type RegionTargetHTTPSProxyObservation struct { + // URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates fields can not be defined together. + // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + CertificateManagerCertificates []*string `json:"certificateManagerCertificates,omitempty" tf:"certificate_manager_certificates,omitempty"` + // Creation timestamp in RFC3339 text format. CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` @@ -89,11 +106,16 @@ type RegionTargetHTTPSProxyObservation struct { // If it is not provided, the provider region is used. Region *string `json:"region,omitempty" tf:"region,omitempty"` - // A list of RegionSslCertificate resources that are used to authenticate - // connections between users and the load balancer. Currently, exactly - // one SSL certificate must be specified. + // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + // sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. SSLCertificates []*string `json:"sslCertificates,omitempty" tf:"ssl_certificates,omitempty"` + // A reference to the Region SslPolicy resource that will be associated with + // the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + // resource will not have any SSL policy configured. + SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` @@ -104,6 +126,13 @@ type RegionTargetHTTPSProxyObservation struct { type RegionTargetHTTPSProxyParameters struct { + // URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates fields can not be defined together. + // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + // +kubebuilder:validation:Optional + CertificateManagerCertificates []*string `json:"certificateManagerCertificates,omitempty" tf:"certificate_manager_certificates,omitempty"` + // An optional description of this resource. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -118,9 +147,9 @@ type RegionTargetHTTPSProxyParameters struct { // +kubebuilder:validation:Required Region *string `json:"region" tf:"region,omitempty"` - // A list of RegionSslCertificate resources that are used to authenticate - // connections between users and the load balancer. Currently, exactly - // one SSL certificate must be specified. + // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + // sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. // +crossplane:generate:reference:type=RegionSSLCertificate // +kubebuilder:validation:Optional SSLCertificates []*string `json:"sslCertificates,omitempty" tf:"ssl_certificates,omitempty"` @@ -133,6 +162,12 @@ type RegionTargetHTTPSProxyParameters struct { // +kubebuilder:validation:Optional SSLCertificatesSelector *v1.Selector `json:"sslCertificatesSelector,omitempty" tf:"-"` + // A reference to the Region SslPolicy resource that will be associated with + // the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + // resource will not have any SSL policy configured. + // +kubebuilder:validation:Optional + SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // A reference to the RegionUrlMap resource that defines the mapping from URL // to the RegionBackendService. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.RegionURLMap diff --git a/apis/compute/v1beta1/zz_routernat_types.go b/apis/compute/v1beta1/zz_routernat_types.go index 334d4a4f4..ce744bf77 100755 --- a/apis/compute/v1beta1/zz_routernat_types.go +++ b/apis/compute/v1beta1/zz_routernat_types.go @@ -94,8 +94,8 @@ type RouterNATInitParameters struct { // Mutually exclusive with enableEndpointIndependentMapping. EnableDynamicPortAllocation *bool `json:"enableDynamicPortAllocation,omitempty" tf:"enable_dynamic_port_allocation,omitempty"` - // Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - // see the official documentation. + // Enable endpoint independent mapping. + // For more information see the official documentation. EnableEndpointIndependentMapping *bool `json:"enableEndpointIndependentMapping,omitempty" tf:"enable_endpoint_independent_mapping,omitempty"` // Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. @@ -109,7 +109,7 @@ type RouterNATInitParameters struct { // This field can only be set when enableDynamicPortAllocation is enabled. MaxPortsPerVM *float64 `json:"maxPortsPerVm,omitempty" tf:"max_ports_per_vm,omitempty"` - // Minimum number of ports allocated to a VM from this NAT. + // Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. MinPortsPerVM *float64 `json:"minPortsPerVm,omitempty" tf:"min_ports_per_vm,omitempty"` // How external IPs should be allocated for this NAT. Valid values are @@ -212,8 +212,8 @@ type RouterNATObservation struct { // Mutually exclusive with enableEndpointIndependentMapping. EnableDynamicPortAllocation *bool `json:"enableDynamicPortAllocation,omitempty" tf:"enable_dynamic_port_allocation,omitempty"` - // Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - // see the official documentation. + // Enable endpoint independent mapping. + // For more information see the official documentation. EnableEndpointIndependentMapping *bool `json:"enableEndpointIndependentMapping,omitempty" tf:"enable_endpoint_independent_mapping,omitempty"` // an identifier for the resource with format {{project}}/{{region}}/{{router}}/{{name}} @@ -230,7 +230,7 @@ type RouterNATObservation struct { // This field can only be set when enableDynamicPortAllocation is enabled. MaxPortsPerVM *float64 `json:"maxPortsPerVm,omitempty" tf:"max_ports_per_vm,omitempty"` - // Minimum number of ports allocated to a VM from this NAT. + // Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. MinPortsPerVM *float64 `json:"minPortsPerVm,omitempty" tf:"min_ports_per_vm,omitempty"` // How external IPs should be allocated for this NAT. Valid values are @@ -309,8 +309,8 @@ type RouterNATParameters struct { // +kubebuilder:validation:Optional EnableDynamicPortAllocation *bool `json:"enableDynamicPortAllocation,omitempty" tf:"enable_dynamic_port_allocation,omitempty"` - // Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - // see the official documentation. + // Enable endpoint independent mapping. + // For more information see the official documentation. // +kubebuilder:validation:Optional EnableEndpointIndependentMapping *bool `json:"enableEndpointIndependentMapping,omitempty" tf:"enable_endpoint_independent_mapping,omitempty"` @@ -328,7 +328,7 @@ type RouterNATParameters struct { // +kubebuilder:validation:Optional MaxPortsPerVM *float64 `json:"maxPortsPerVm,omitempty" tf:"max_ports_per_vm,omitempty"` - // Minimum number of ports allocated to a VM from this NAT. + // Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. // +kubebuilder:validation:Optional MinPortsPerVM *float64 `json:"minPortsPerVm,omitempty" tf:"min_ports_per_vm,omitempty"` @@ -602,7 +602,6 @@ type RouterNATStatus struct { type RouterNAT struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.natIpAllocateOption) || (has(self.initProvider) && has(self.initProvider.natIpAllocateOption))",message="spec.forProvider.natIpAllocateOption is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.sourceSubnetworkIpRangesToNat) || (has(self.initProvider) && has(self.initProvider.sourceSubnetworkIpRangesToNat))",message="spec.forProvider.sourceSubnetworkIpRangesToNat is a required parameter" Spec RouterNATSpec `json:"spec"` Status RouterNATStatus `json:"status,omitempty"` diff --git a/apis/compute/v1beta1/zz_routerpeer_terraformed.go b/apis/compute/v1beta1/zz_routerpeer_terraformed.go index 20c12143f..54cd0a04d 100755 --- a/apis/compute/v1beta1/zz_routerpeer_terraformed.go +++ b/apis/compute/v1beta1/zz_routerpeer_terraformed.go @@ -37,7 +37,7 @@ func (mg *RouterPeer) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this RouterPeer func (tr *RouterPeer) GetConnectionDetailsMapping() map[string]string { - return nil + return map[string]string{"md5_authentication_key[*].key": "spec.forProvider.md5AuthenticationKey[*].keySecretRef"} } // GetObservation of this RouterPeer diff --git a/apis/compute/v1beta1/zz_routerpeer_types.go b/apis/compute/v1beta1/zz_routerpeer_types.go index a8ba20401..5fb7303a2 100755 --- a/apis/compute/v1beta1/zz_routerpeer_types.go +++ b/apis/compute/v1beta1/zz_routerpeer_types.go @@ -123,6 +123,43 @@ type BfdParameters struct { SessionInitializationMode *string `json:"sessionInitializationMode" tf:"session_initialization_mode,omitempty"` } +type Md5AuthenticationKeyInitParameters struct { + + // Name of this BGP peer. The name must be 1-63 characters long, + // and comply with RFC1035. Specifically, the name must be 1-63 characters + // long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which + // means the first character must be a lowercase letter, and all + // following characters must be a dash, lowercase letter, or digit, + // except the last character, which cannot be a dash. + Name *string `json:"name,omitempty" tf:"name,omitempty"` +} + +type Md5AuthenticationKeyObservation struct { + + // Name of this BGP peer. The name must be 1-63 characters long, + // and comply with RFC1035. Specifically, the name must be 1-63 characters + // long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which + // means the first character must be a lowercase letter, and all + // following characters must be a dash, lowercase letter, or digit, + // except the last character, which cannot be a dash. + Name *string `json:"name,omitempty" tf:"name,omitempty"` +} + +type Md5AuthenticationKeyParameters struct { + + // +kubebuilder:validation:Required + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` + + // Name of this BGP peer. The name must be 1-63 characters long, + // and comply with RFC1035. Specifically, the name must be 1-63 characters + // long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which + // means the first character must be a lowercase letter, and all + // following characters must be a dash, lowercase letter, or digit, + // except the last character, which cannot be a dash. + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` +} + type RouterPeerAdvertisedIPRangesInitParameters struct { // User-specified description for the IP range. @@ -164,7 +201,7 @@ type RouterPeerInitParameters struct { AdvertiseMode *string `json:"advertiseMode,omitempty" tf:"advertise_mode,omitempty"` // User-specified list of prefix groups to advertise in custom - // mode, which can take one of the following options: + // mode, which currently supports the following option: AdvertisedGroups []*string `json:"advertisedGroups,omitempty" tf:"advertised_groups,omitempty"` // User-specified list of individual IP ranges to advertise in @@ -216,6 +253,8 @@ type RouterPeerInitParameters struct { // +kubebuilder:validation:Optional InterfaceSelector *v1.Selector `json:"interfaceSelector,omitempty" tf:"-"` + Md5AuthenticationKey []Md5AuthenticationKeyInitParameters `json:"md5AuthenticationKey,omitempty" tf:"md5_authentication_key,omitempty"` + // Peer BGP Autonomous System Number (ASN). // Each BGP interface may use a different value. PeerAsn *float64 `json:"peerAsn,omitempty" tf:"peer_asn,omitempty"` @@ -284,7 +323,7 @@ type RouterPeerObservation struct { AdvertiseMode *string `json:"advertiseMode,omitempty" tf:"advertise_mode,omitempty"` // User-specified list of prefix groups to advertise in custom - // mode, which can take one of the following options: + // mode, which currently supports the following option: AdvertisedGroups []*string `json:"advertisedGroups,omitempty" tf:"advertised_groups,omitempty"` // User-specified list of individual IP ranges to advertise in @@ -332,6 +371,8 @@ type RouterPeerObservation struct { // The resource that configures and manages this BGP peer. ManagementType *string `json:"managementType,omitempty" tf:"management_type,omitempty"` + Md5AuthenticationKey []Md5AuthenticationKeyObservation `json:"md5AuthenticationKey,omitempty" tf:"md5_authentication_key,omitempty"` + // Peer BGP Autonomous System Number (ASN). // Each BGP interface may use a different value. PeerAsn *float64 `json:"peerAsn,omitempty" tf:"peer_asn,omitempty"` @@ -374,7 +415,7 @@ type RouterPeerParameters struct { AdvertiseMode *string `json:"advertiseMode,omitempty" tf:"advertise_mode,omitempty"` // User-specified list of prefix groups to advertise in custom - // mode, which can take one of the following options: + // mode, which currently supports the following option: // +kubebuilder:validation:Optional AdvertisedGroups []*string `json:"advertisedGroups,omitempty" tf:"advertised_groups,omitempty"` @@ -435,6 +476,9 @@ type RouterPeerParameters struct { // +kubebuilder:validation:Optional InterfaceSelector *v1.Selector `json:"interfaceSelector,omitempty" tf:"-"` + // +kubebuilder:validation:Optional + Md5AuthenticationKey []Md5AuthenticationKeyParameters `json:"md5AuthenticationKey,omitempty" tf:"md5_authentication_key,omitempty"` + // Peer BGP Autonomous System Number (ASN). // Each BGP interface may use a different value. // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta1/zz_securitypolicy_types.go b/apis/compute/v1beta1/zz_securitypolicy_types.go index 9f2357471..9b2202e36 100755 --- a/apis/compute/v1beta1/zz_securitypolicy_types.go +++ b/apis/compute/v1beta1/zz_securitypolicy_types.go @@ -59,6 +59,10 @@ type AdvancedOptionsConfigInitParameters struct { // Log level to use. Defaults to NORMAL. LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` + + // An optional list of case-insensitive request header names to use for resolving the callers client IP address. + // +listType=set + UserIPRequestHeaders []*string `json:"userIpRequestHeaders,omitempty" tf:"user_ip_request_headers,omitempty"` } type AdvancedOptionsConfigObservation struct { @@ -72,6 +76,10 @@ type AdvancedOptionsConfigObservation struct { // Log level to use. Defaults to NORMAL. LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` + + // An optional list of case-insensitive request header names to use for resolving the callers client IP address. + // +listType=set + UserIPRequestHeaders []*string `json:"userIpRequestHeaders,omitempty" tf:"user_ip_request_headers,omitempty"` } type AdvancedOptionsConfigParameters struct { @@ -88,6 +96,11 @@ type AdvancedOptionsConfigParameters struct { // Log level to use. Defaults to NORMAL. // +kubebuilder:validation:Optional LogLevel *string `json:"logLevel,omitempty" tf:"log_level,omitempty"` + + // An optional list of case-insensitive request header names to use for resolving the callers client IP address. + // +kubebuilder:validation:Optional + // +listType=set + UserIPRequestHeaders []*string `json:"userIpRequestHeaders,omitempty" tf:"user_ip_request_headers,omitempty"` } type BanThresholdInitParameters struct { @@ -121,21 +134,27 @@ type BanThresholdParameters struct { type ConfigInitParameters struct { - // field in config. + // Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation + // to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs + // (can be used to override the default behavior). // +listType=set SrcIPRanges []*string `json:"srcIpRanges,omitempty" tf:"src_ip_ranges,omitempty"` } type ConfigObservation struct { - // field in config. + // Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation + // to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs + // (can be used to override the default behavior). // +listType=set SrcIPRanges []*string `json:"srcIpRanges,omitempty" tf:"src_ip_ranges,omitempty"` } type ConfigParameters struct { - // field in config. + // Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation + // to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs + // (can be used to override the default behavior). // +kubebuilder:validation:Optional // +listType=set SrcIPRanges []*string `json:"srcIpRanges" tf:"src_ip_ranges,omitempty"` @@ -228,7 +247,7 @@ type Layer7DdosDefenseConfigInitParameters struct { // If set to true, enables CAAP for L7 DDoS detection. Enable *bool `json:"enable,omitempty" tf:"enable,omitempty"` - // Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. + // Rule visibility can be one of the following: RuleVisibility *string `json:"ruleVisibility,omitempty" tf:"rule_visibility,omitempty"` } @@ -237,7 +256,7 @@ type Layer7DdosDefenseConfigObservation struct { // If set to true, enables CAAP for L7 DDoS detection. Enable *bool `json:"enable,omitempty" tf:"enable,omitempty"` - // Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. + // Rule visibility can be one of the following: RuleVisibility *string `json:"ruleVisibility,omitempty" tf:"rule_visibility,omitempty"` } @@ -247,33 +266,33 @@ type Layer7DdosDefenseConfigParameters struct { // +kubebuilder:validation:Optional Enable *bool `json:"enable,omitempty" tf:"enable,omitempty"` - // Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. + // Rule visibility can be one of the following: // +kubebuilder:validation:Optional RuleVisibility *string `json:"ruleVisibility,omitempty" tf:"rule_visibility,omitempty"` } type RateLimitOptionsInitParameters struct { - // Can only be specified if the action for the rule is "rate_based_ban". + // Can only be specified if the action for the rule is rate_based_ban. // If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. BanDurationSec *float64 `json:"banDurationSec,omitempty" tf:"ban_duration_sec,omitempty"` - // Can only be specified if the action for the rule is "rate_based_ban". - // If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - // exceed this 'ban_threshold'. Structure is documented below. + // Can only be specified if the action for the rule is rate_based_ban. + // If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + // exceed this ban_threshold. Structure is documented below. BanThreshold []BanThresholdInitParameters `json:"banThreshold,omitempty" tf:"ban_threshold,omitempty"` - // Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only. + // Action to take for requests that are under the configured rate limit threshold. Valid option is allow only. ConformAction *string `json:"conformAction,omitempty" tf:"conform_action,omitempty"` - // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to "ALL". + // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. EnforceOnKey *string `json:"enforceOnKey,omitempty" tf:"enforce_on_key,omitempty"` - // Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + // Rate limit key name applicable only for the following key types: EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` // When a request is denied, returns the HTTP response code specified. - // Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + // Valid options are deny() where valid values for status are 403, 404, 429, and 502. ExceedAction *string `json:"exceedAction,omitempty" tf:"exceed_action,omitempty"` // block supports: @@ -285,26 +304,26 @@ type RateLimitOptionsInitParameters struct { type RateLimitOptionsObservation struct { - // Can only be specified if the action for the rule is "rate_based_ban". + // Can only be specified if the action for the rule is rate_based_ban. // If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. BanDurationSec *float64 `json:"banDurationSec,omitempty" tf:"ban_duration_sec,omitempty"` - // Can only be specified if the action for the rule is "rate_based_ban". - // If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - // exceed this 'ban_threshold'. Structure is documented below. + // Can only be specified if the action for the rule is rate_based_ban. + // If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + // exceed this ban_threshold. Structure is documented below. BanThreshold []BanThresholdObservation `json:"banThreshold,omitempty" tf:"ban_threshold,omitempty"` - // Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only. + // Action to take for requests that are under the configured rate limit threshold. Valid option is allow only. ConformAction *string `json:"conformAction,omitempty" tf:"conform_action,omitempty"` - // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to "ALL". + // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. EnforceOnKey *string `json:"enforceOnKey,omitempty" tf:"enforce_on_key,omitempty"` - // Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + // Rate limit key name applicable only for the following key types: EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` // When a request is denied, returns the HTTP response code specified. - // Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + // Valid options are deny() where valid values for status are 403, 404, 429, and 502. ExceedAction *string `json:"exceedAction,omitempty" tf:"exceed_action,omitempty"` // block supports: @@ -316,31 +335,31 @@ type RateLimitOptionsObservation struct { type RateLimitOptionsParameters struct { - // Can only be specified if the action for the rule is "rate_based_ban". + // Can only be specified if the action for the rule is rate_based_ban. // If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. // +kubebuilder:validation:Optional BanDurationSec *float64 `json:"banDurationSec,omitempty" tf:"ban_duration_sec,omitempty"` - // Can only be specified if the action for the rule is "rate_based_ban". - // If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - // exceed this 'ban_threshold'. Structure is documented below. + // Can only be specified if the action for the rule is rate_based_ban. + // If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + // exceed this ban_threshold. Structure is documented below. // +kubebuilder:validation:Optional BanThreshold []BanThresholdParameters `json:"banThreshold,omitempty" tf:"ban_threshold,omitempty"` - // Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only. + // Action to take for requests that are under the configured rate limit threshold. Valid option is allow only. // +kubebuilder:validation:Optional ConformAction *string `json:"conformAction" tf:"conform_action,omitempty"` - // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to "ALL". + // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. // +kubebuilder:validation:Optional EnforceOnKey *string `json:"enforceOnKey,omitempty" tf:"enforce_on_key,omitempty"` - // Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + // Rate limit key name applicable only for the following key types: // +kubebuilder:validation:Optional EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` // When a request is denied, returns the HTTP response code specified. - // Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + // Valid options are deny() where valid values for status are 403, 404, 429, and 502. // +kubebuilder:validation:Optional ExceedAction *string `json:"exceedAction" tf:"exceed_action,omitempty"` @@ -501,10 +520,10 @@ type RuleInitParameters struct { // Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. Priority *float64 `json:"priority,omitempty" tf:"priority,omitempty"` - // Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for other actions. Structure is documented below. + // Must be specified if the action is rate_based_ban or throttle. Cannot be specified for other actions. Structure is documented below. RateLimitOptions []RateLimitOptionsInitParameters `json:"rateLimitOptions,omitempty" tf:"rate_limit_options,omitempty"` - // Can be specified if the action is "redirect". Cannot be specified for other actions. Structure is documented below. + // Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. RedirectOptions []RedirectOptionsInitParameters `json:"redirectOptions,omitempty" tf:"redirect_options,omitempty"` } @@ -585,10 +604,10 @@ type RuleObservation struct { // Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. Priority *float64 `json:"priority,omitempty" tf:"priority,omitempty"` - // Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for other actions. Structure is documented below. + // Must be specified if the action is rate_based_ban or throttle. Cannot be specified for other actions. Structure is documented below. RateLimitOptions []RateLimitOptionsObservation `json:"rateLimitOptions,omitempty" tf:"rate_limit_options,omitempty"` - // Can be specified if the action is "redirect". Cannot be specified for other actions. Structure is documented below. + // Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. RedirectOptions []RedirectOptionsObservation `json:"redirectOptions,omitempty" tf:"redirect_options,omitempty"` } @@ -621,11 +640,11 @@ type RuleParameters struct { // +kubebuilder:validation:Optional Priority *float64 `json:"priority" tf:"priority,omitempty"` - // Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for other actions. Structure is documented below. + // Must be specified if the action is rate_based_ban or throttle. Cannot be specified for other actions. Structure is documented below. // +kubebuilder:validation:Optional RateLimitOptions []RateLimitOptionsParameters `json:"rateLimitOptions,omitempty" tf:"rate_limit_options,omitempty"` - // Can be specified if the action is "redirect". Cannot be specified for other actions. Structure is documented below. + // Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. // +kubebuilder:validation:Optional RedirectOptions []RedirectOptionsParameters `json:"redirectOptions,omitempty" tf:"redirect_options,omitempty"` } diff --git a/apis/compute/v1beta1/zz_serviceattachment_types.go b/apis/compute/v1beta1/zz_serviceattachment_types.go index e6cabde79..884931af9 100755 --- a/apis/compute/v1beta1/zz_serviceattachment_types.go +++ b/apis/compute/v1beta1/zz_serviceattachment_types.go @@ -127,7 +127,6 @@ type ServiceAttachmentInitParameters struct { // This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. // If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . // If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - // For newly created service attachment, this boolean defaults to true. ReconcileConnections *bool `json:"reconcileConnections,omitempty" tf:"reconcile_connections,omitempty"` // The URL of a forwarding rule that represents the service identified by @@ -196,7 +195,6 @@ type ServiceAttachmentObservation struct { // This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. // If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . // If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - // For newly created service attachment, this boolean defaults to true. ReconcileConnections *bool `json:"reconcileConnections,omitempty" tf:"reconcile_connections,omitempty"` // URL of the region where the resource resides. @@ -266,7 +264,6 @@ type ServiceAttachmentParameters struct { // This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. // If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . // If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - // For newly created service attachment, this boolean defaults to true. // +kubebuilder:validation:Optional ReconcileConnections *bool `json:"reconcileConnections,omitempty" tf:"reconcile_connections,omitempty"` diff --git a/apis/compute/v1beta1/zz_snapshot_types.go b/apis/compute/v1beta1/zz_snapshot_types.go index 985f7732e..6deaab15a 100755 --- a/apis/compute/v1beta1/zz_snapshot_types.go +++ b/apis/compute/v1beta1/zz_snapshot_types.go @@ -86,6 +86,8 @@ type SnapshotInitParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Labels to apply to this Snapshot. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -151,6 +153,9 @@ type SnapshotObservation struct { // Size of the snapshot, specified in GB. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/global/snapshots/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -159,6 +164,8 @@ type SnapshotObservation struct { LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` // Labels to apply to this Snapshot. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -208,6 +215,11 @@ type SnapshotObservation struct { // Cloud Storage bucket storage location of the snapshot (regional or multi-regional). StorageLocations []*string `json:"storageLocations,omitempty" tf:"storage_locations,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // A reference to the zone where the disk is hosted. Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` } @@ -228,6 +240,8 @@ type SnapshotParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Labels to apply to this Snapshot. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/compute/v1beta1/zz_subnetwork_types.go b/apis/compute/v1beta1/zz_subnetwork_types.go index 6e92e89fa..b7d9bf301 100755 --- a/apis/compute/v1beta1/zz_subnetwork_types.go +++ b/apis/compute/v1beta1/zz_subnetwork_types.go @@ -83,6 +83,9 @@ type SubnetworkInitParameters_2 struct { // creation time. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The range of external IPv6 addresses that are owned by this subnetwork. + ExternalIPv6Prefix *string `json:"externalIpv6Prefix,omitempty" tf:"external_ipv6_prefix,omitempty"` + // The range of internal addresses that are owned by this subnetwork. // Provide this property when you create the subnetwork. For example, // 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and @@ -95,9 +98,10 @@ type SubnetworkInitParameters_2 struct { // Possible values are: EXTERNAL, INTERNAL. IPv6AccessType *string `json:"ipv6AccessType,omitempty" tf:"ipv6_access_type,omitempty"` - // Denotes the logging options for the subnetwork flow logs. If logging is enabled - // logs will be exported to Stackdriver. This field cannot be set if the purpose of this - // subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + // This field denotes the VPC flow logging options for this subnetwork. If + // logging is enabled, logs are exported to Cloud Logging. Flow logging + // isn't supported if the subnet purpose field is set to subnetwork is + // REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. // Structure is documented below. LogConfig []SubnetworkLogConfigInitParameters `json:"logConfig,omitempty" tf:"log_config,omitempty"` @@ -125,20 +129,20 @@ type SubnetworkInitParameters_2 struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - // A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - // A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + // The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + // A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. // A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. // A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + // A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + // Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. // If unspecified, the purpose defaults to PRIVATE_RFC_1918. - // The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. Purpose *string `json:"purpose,omitempty" tf:"purpose,omitempty"` // The role of subnetwork. + // Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. // The value can be set to ACTIVE or BACKUP. - // An ACTIVE subnetwork is one that is currently being used. + // An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. // A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - // Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. // Possible values are: ACTIVE, BACKUP. Role *string `json:"role,omitempty" tf:"role,omitempty"` @@ -307,9 +311,13 @@ type SubnetworkObservation_2 struct { // The range of internal IPv6 addresses that are owned by this subnetwork. IPv6CidrRange *string `json:"ipv6CidrRange,omitempty" tf:"ipv6_cidr_range,omitempty"` - // Denotes the logging options for the subnetwork flow logs. If logging is enabled - // logs will be exported to Stackdriver. This field cannot be set if the purpose of this - // subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + // The internal IPv6 address range that is assigned to this subnetwork. + InternalIPv6Prefix *string `json:"internalIpv6Prefix,omitempty" tf:"internal_ipv6_prefix,omitempty"` + + // This field denotes the VPC flow logging options for this subnetwork. If + // logging is enabled, logs are exported to Cloud Logging. Flow logging + // isn't supported if the subnet purpose field is set to subnetwork is + // REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. // Structure is documented below. LogConfig []SubnetworkLogConfigObservation `json:"logConfig,omitempty" tf:"log_config,omitempty"` @@ -328,23 +336,23 @@ type SubnetworkObservation_2 struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - // A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - // A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + // The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + // A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. // A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. // A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + // A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + // Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. // If unspecified, the purpose defaults to PRIVATE_RFC_1918. - // The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. Purpose *string `json:"purpose,omitempty" tf:"purpose,omitempty"` // The GCP region for this subnetwork. Region *string `json:"region,omitempty" tf:"region,omitempty"` // The role of subnetwork. + // Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. // The value can be set to ACTIVE or BACKUP. - // An ACTIVE subnetwork is one that is currently being used. + // An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. // A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - // Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. // Possible values are: ACTIVE, BACKUP. Role *string `json:"role,omitempty" tf:"role,omitempty"` @@ -377,6 +385,10 @@ type SubnetworkParameters_2 struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The range of external IPv6 addresses that are owned by this subnetwork. + // +kubebuilder:validation:Optional + ExternalIPv6Prefix *string `json:"externalIpv6Prefix,omitempty" tf:"external_ipv6_prefix,omitempty"` + // The range of internal addresses that are owned by this subnetwork. // Provide this property when you create the subnetwork. For example, // 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and @@ -391,9 +403,10 @@ type SubnetworkParameters_2 struct { // +kubebuilder:validation:Optional IPv6AccessType *string `json:"ipv6AccessType,omitempty" tf:"ipv6_access_type,omitempty"` - // Denotes the logging options for the subnetwork flow logs. If logging is enabled - // logs will be exported to Stackdriver. This field cannot be set if the purpose of this - // subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + // This field denotes the VPC flow logging options for this subnetwork. If + // logging is enabled, logs are exported to Cloud Logging. Flow logging + // isn't supported if the subnet purpose field is set to subnetwork is + // REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. // Structure is documented below. // +kubebuilder:validation:Optional LogConfig []SubnetworkLogConfigParameters `json:"logConfig,omitempty" tf:"log_config,omitempty"` @@ -426,13 +439,13 @@ type SubnetworkParameters_2 struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - // A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - // A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + // The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + // A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. // A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. // A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + // A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + // Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. // If unspecified, the purpose defaults to PRIVATE_RFC_1918. - // The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. // +kubebuilder:validation:Optional Purpose *string `json:"purpose,omitempty" tf:"purpose,omitempty"` @@ -441,10 +454,10 @@ type SubnetworkParameters_2 struct { Region *string `json:"region" tf:"region,omitempty"` // The role of subnetwork. + // Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. // The value can be set to ACTIVE or BACKUP. - // An ACTIVE subnetwork is one that is currently being used. + // An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. // A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - // Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. // Possible values are: ACTIVE, BACKUP. // +kubebuilder:validation:Optional Role *string `json:"role,omitempty" tf:"role,omitempty"` diff --git a/apis/compute/v1beta1/zz_targethttpsproxy_types.go b/apis/compute/v1beta1/zz_targethttpsproxy_types.go index f93c961ed..caddd2c23 100755 --- a/apis/compute/v1beta1/zz_targethttpsproxy_types.go +++ b/apis/compute/v1beta1/zz_targethttpsproxy_types.go @@ -31,6 +31,12 @@ import ( type TargetHTTPSProxyInitParameters struct { + // URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates fields can not be defined together. + // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + CertificateManagerCertificates []*string `json:"certificateManagerCertificates,omitempty" tf:"certificate_manager_certificates,omitempty"` + // A reference to the CertificateMap resource uri that identifies a certificate map // associated with the given target proxy. This field can only be set for global target proxies. // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}. @@ -63,8 +69,9 @@ type TargetHTTPSProxyInitParameters struct { // Possible values are: NONE, ENABLE, DISABLE. QuicOverride *string `json:"quicOverride,omitempty" tf:"quic_override,omitempty"` - // A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - // connections between users and the load balancer. At least one resource must be specified. + // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates can not be defined together. // +crossplane:generate:reference:type=SSLCertificate SSLCertificates []*string `json:"sslCertificates,omitempty" tf:"ssl_certificates,omitempty"` @@ -81,6 +88,17 @@ type TargetHTTPSProxyInitParameters struct { // resource will not have any SSL policy configured. SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // A URL referring to a networksecurity.ServerTlsPolicy + // resource that describes how the proxy should authenticate inbound + // traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + // attached to globalForwardingRules with the loadBalancingScheme + // set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + // For details which ServerTlsPolicy resources are accepted with + // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + // loadBalancingScheme consult ServerTlsPolicy documentation. + // If left blank, communications are not encrypted. + ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` + // A reference to the UrlMap resource that defines the mapping from URL // to the BackendService. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.URLMap @@ -98,6 +116,12 @@ type TargetHTTPSProxyInitParameters struct { type TargetHTTPSProxyObservation struct { + // URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates fields can not be defined together. + // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + CertificateManagerCertificates []*string `json:"certificateManagerCertificates,omitempty" tf:"certificate_manager_certificates,omitempty"` + // A reference to the CertificateMap resource uri that identifies a certificate map // associated with the given target proxy. This field can only be set for global target proxies. // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}. @@ -139,8 +163,9 @@ type TargetHTTPSProxyObservation struct { // Possible values are: NONE, ENABLE, DISABLE. QuicOverride *string `json:"quicOverride,omitempty" tf:"quic_override,omitempty"` - // A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - // connections between users and the load balancer. At least one resource must be specified. + // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates can not be defined together. SSLCertificates []*string `json:"sslCertificates,omitempty" tf:"ssl_certificates,omitempty"` // A reference to the SslPolicy resource that will be associated with @@ -151,6 +176,17 @@ type TargetHTTPSProxyObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // A URL referring to a networksecurity.ServerTlsPolicy + // resource that describes how the proxy should authenticate inbound + // traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + // attached to globalForwardingRules with the loadBalancingScheme + // set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + // For details which ServerTlsPolicy resources are accepted with + // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + // loadBalancingScheme consult ServerTlsPolicy documentation. + // If left blank, communications are not encrypted. + ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` + // A reference to the UrlMap resource that defines the mapping from URL // to the BackendService. URLMap *string `json:"urlMap,omitempty" tf:"url_map,omitempty"` @@ -158,6 +194,13 @@ type TargetHTTPSProxyObservation struct { type TargetHTTPSProxyParameters struct { + // URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates fields can not be defined together. + // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + // +kubebuilder:validation:Optional + CertificateManagerCertificates []*string `json:"certificateManagerCertificates,omitempty" tf:"certificate_manager_certificates,omitempty"` + // A reference to the CertificateMap resource uri that identifies a certificate map // associated with the given target proxy. This field can only be set for global target proxies. // Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}. @@ -196,8 +239,9 @@ type TargetHTTPSProxyParameters struct { // +kubebuilder:validation:Optional QuicOverride *string `json:"quicOverride,omitempty" tf:"quic_override,omitempty"` - // A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - // connections between users and the load balancer. At least one resource must be specified. + // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + // Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + // sslCertificates and certificateManagerCertificates can not be defined together. // +crossplane:generate:reference:type=SSLCertificate // +kubebuilder:validation:Optional SSLCertificates []*string `json:"sslCertificates,omitempty" tf:"ssl_certificates,omitempty"` @@ -216,6 +260,18 @@ type TargetHTTPSProxyParameters struct { // +kubebuilder:validation:Optional SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // A URL referring to a networksecurity.ServerTlsPolicy + // resource that describes how the proxy should authenticate inbound + // traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + // attached to globalForwardingRules with the loadBalancingScheme + // set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + // For details which ServerTlsPolicy resources are accepted with + // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + // loadBalancingScheme consult ServerTlsPolicy documentation. + // If left blank, communications are not encrypted. + // +kubebuilder:validation:Optional + ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` + // A reference to the UrlMap resource that defines the mapping from URL // to the BackendService. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.URLMap diff --git a/apis/compute/v1beta1/zz_vpntunnel_types.go b/apis/compute/v1beta1/zz_vpntunnel_types.go index bcf82fce5..4d6383ffe 100755 --- a/apis/compute/v1beta1/zz_vpntunnel_types.go +++ b/apis/compute/v1beta1/zz_vpntunnel_types.go @@ -39,6 +39,12 @@ type VPNTunnelInitParameters struct { // Acceptable IKE versions are 1 or 2. Default version is 2. IkeVersion *float64 `json:"ikeVersion,omitempty" tf:"ike_version,omitempty"` + // Labels to apply to this VpnTunnel. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Local traffic selector to use when establishing the VPN tunnel with // peer VPN gateway. The value should be a CIDR formatted string, // for example 192.168.0.0/16. The ranges should be disjoint. @@ -136,6 +142,9 @@ type VPNTunnelObservation struct { // Detailed status message for the VPN tunnel. DetailedStatus *string `json:"detailedStatus,omitempty" tf:"detailed_status,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -144,6 +153,16 @@ type VPNTunnelObservation struct { // Acceptable IKE versions are 1 or 2. Default version is 2. IkeVersion *float64 `json:"ikeVersion,omitempty" tf:"ike_version,omitempty"` + // The fingerprint used for optimistic locking of this resource. Used + // internally during updates. + LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` + + // Labels to apply to this VpnTunnel. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Local traffic selector to use when establishing the VPN tunnel with // peer VPN gateway. The value should be a CIDR formatted string, // for example 192.168.0.0/16. The ranges should be disjoint. @@ -193,6 +212,11 @@ type VPNTunnelObservation struct { // associated. TargetVPNGateway *string `json:"targetVpnGateway,omitempty" tf:"target_vpn_gateway,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The unique identifier for the resource. This identifier is defined by the server. TunnelID *string `json:"tunnelId,omitempty" tf:"tunnel_id,omitempty"` @@ -217,6 +241,13 @@ type VPNTunnelParameters struct { // +kubebuilder:validation:Optional IkeVersion *float64 `json:"ikeVersion,omitempty" tf:"ike_version,omitempty"` + // Labels to apply to this VpnTunnel. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Local traffic selector to use when establishing the VPN tunnel with // peer VPN gateway. The value should be a CIDR formatted string, // for example 192.168.0.0/16. The ranges should be disjoint. diff --git a/apis/container/v1beta1/zz_cluster_terraformed.go b/apis/container/v1beta1/zz_cluster_terraformed.go index 90cc09577..57e24ac76 100755 --- a/apis/container/v1beta1/zz_cluster_terraformed.go +++ b/apis/container/v1beta1/zz_cluster_terraformed.go @@ -157,5 +157,5 @@ func (tr *Cluster) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Cluster) GetTerraformSchemaVersion() int { - return 1 + return 2 } diff --git a/apis/container/v1beta1/zz_cluster_types.go b/apis/container/v1beta1/zz_cluster_types.go index 75690b43f..cff442162 100755 --- a/apis/container/v1beta1/zz_cluster_types.go +++ b/apis/container/v1beta1/zz_cluster_types.go @@ -29,6 +29,28 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AdditionalPodRangesConfigInitParameters struct { + + // The names of the Pod ranges to add to the cluster. + // +listType=set + PodRangeNames []*string `json:"podRangeNames,omitempty" tf:"pod_range_names,omitempty"` +} + +type AdditionalPodRangesConfigObservation struct { + + // The names of the Pod ranges to add to the cluster. + // +listType=set + PodRangeNames []*string `json:"podRangeNames,omitempty" tf:"pod_range_names,omitempty"` +} + +type AdditionalPodRangesConfigParameters struct { + + // The names of the Pod ranges to add to the cluster. + // +kubebuilder:validation:Optional + // +listType=set + PodRangeNames []*string `json:"podRangeNames" tf:"pod_range_names,omitempty"` +} + type AddonsConfigInitParameters struct { // . Structure is documented below. @@ -49,12 +71,14 @@ type AddonsConfigInitParameters struct { GCPFilestoreCsiDriverConfig []GCPFilestoreCsiDriverConfigInitParameters `json:"gcpFilestoreCsiDriverConfig,omitempty" tf:"gcp_filestore_csi_driver_config,omitempty"` // . - // Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + // Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. GcePersistentDiskCsiDriverConfig []GcePersistentDiskCsiDriverConfigInitParameters `json:"gcePersistentDiskCsiDriverConfig,omitempty" tf:"gce_persistent_disk_csi_driver_config,omitempty"` // The status of the GCSFuse CSI driver addon, // which allows the usage of a gcs bucket as volumes. - // It is disabled by default; set enabled = true to enable. + // It is disabled by default for Standard clusters; set enabled = true to enable. + // It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + // See Enable the Cloud Storage FUSE CSI driver for more information. GcsFuseCsiDriverConfig []GcsFuseCsiDriverConfigInitParameters `json:"gcsFuseCsiDriverConfig,omitempty" tf:"gcs_fuse_csi_driver_config,omitempty"` // . @@ -102,12 +126,14 @@ type AddonsConfigObservation struct { GCPFilestoreCsiDriverConfig []GCPFilestoreCsiDriverConfigObservation `json:"gcpFilestoreCsiDriverConfig,omitempty" tf:"gcp_filestore_csi_driver_config,omitempty"` // . - // Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + // Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. GcePersistentDiskCsiDriverConfig []GcePersistentDiskCsiDriverConfigObservation `json:"gcePersistentDiskCsiDriverConfig,omitempty" tf:"gce_persistent_disk_csi_driver_config,omitempty"` // The status of the GCSFuse CSI driver addon, // which allows the usage of a gcs bucket as volumes. - // It is disabled by default; set enabled = true to enable. + // It is disabled by default for Standard clusters; set enabled = true to enable. + // It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + // See Enable the Cloud Storage FUSE CSI driver for more information. GcsFuseCsiDriverConfig []GcsFuseCsiDriverConfigObservation `json:"gcsFuseCsiDriverConfig,omitempty" tf:"gcs_fuse_csi_driver_config,omitempty"` // . @@ -159,13 +185,15 @@ type AddonsConfigParameters struct { GCPFilestoreCsiDriverConfig []GCPFilestoreCsiDriverConfigParameters `json:"gcpFilestoreCsiDriverConfig,omitempty" tf:"gcp_filestore_csi_driver_config,omitempty"` // . - // Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + // Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. // +kubebuilder:validation:Optional GcePersistentDiskCsiDriverConfig []GcePersistentDiskCsiDriverConfigParameters `json:"gcePersistentDiskCsiDriverConfig,omitempty" tf:"gce_persistent_disk_csi_driver_config,omitempty"` // The status of the GCSFuse CSI driver addon, // which allows the usage of a gcs bucket as volumes. - // It is disabled by default; set enabled = true to enable. + // It is disabled by default for Standard clusters; set enabled = true to enable. + // It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + // See Enable the Cloud Storage FUSE CSI driver for more information. // +kubebuilder:validation:Optional GcsFuseCsiDriverConfig []GcsFuseCsiDriverConfigParameters `json:"gcsFuseCsiDriverConfig,omitempty" tf:"gcs_fuse_csi_driver_config,omitempty"` @@ -198,6 +226,45 @@ type AddonsConfigParameters struct { NetworkPolicyConfig []NetworkPolicyConfigParameters `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` } +type AdvancedDatapathObservabilityConfigInitParameters struct { + + // Whether or not to enable advanced datapath metrics. + EnableMetrics *bool `json:"enableMetrics,omitempty" tf:"enable_metrics,omitempty"` + + // Whether or not Relay is enabled. + EnableRelay *bool `json:"enableRelay,omitempty" tf:"enable_relay,omitempty"` + + // Mode used to make Relay available. + RelayMode *string `json:"relayMode,omitempty" tf:"relay_mode,omitempty"` +} + +type AdvancedDatapathObservabilityConfigObservation struct { + + // Whether or not to enable advanced datapath metrics. + EnableMetrics *bool `json:"enableMetrics,omitempty" tf:"enable_metrics,omitempty"` + + // Whether or not Relay is enabled. + EnableRelay *bool `json:"enableRelay,omitempty" tf:"enable_relay,omitempty"` + + // Mode used to make Relay available. + RelayMode *string `json:"relayMode,omitempty" tf:"relay_mode,omitempty"` +} + +type AdvancedDatapathObservabilityConfigParameters struct { + + // Whether or not to enable advanced datapath metrics. + // +kubebuilder:validation:Optional + EnableMetrics *bool `json:"enableMetrics" tf:"enable_metrics,omitempty"` + + // Whether or not Relay is enabled. + // +kubebuilder:validation:Optional + EnableRelay *bool `json:"enableRelay,omitempty" tf:"enable_relay,omitempty"` + + // Mode used to make Relay available. + // +kubebuilder:validation:Optional + RelayMode *string `json:"relayMode,omitempty" tf:"relay_mode,omitempty"` +} + type AdvancedMachineFeaturesInitParameters struct { // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. @@ -415,8 +482,7 @@ type BinaryAuthorizationInitParameters struct { Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` // Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - // and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - // deprecated enable_binary_authorization parameter being set to true. + // and PROJECT_SINGLETON_POLICY_ENFORCE. EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` } @@ -426,8 +492,7 @@ type BinaryAuthorizationObservation struct { Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` // Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - // and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - // deprecated enable_binary_authorization parameter being set to true. + // and PROJECT_SINGLETON_POLICY_ENFORCE. EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` } @@ -438,8 +503,7 @@ type BinaryAuthorizationParameters struct { Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` // Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - // and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - // deprecated enable_binary_authorization parameter being set to true. + // and PROJECT_SINGLETON_POLICY_ENFORCE. // +kubebuilder:validation:Optional EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` } @@ -579,6 +643,12 @@ type ClusterAutoscalingInitParameters struct { // Structure is documented below. AutoProvisioningDefaults []AutoProvisioningDefaultsInitParameters `json:"autoProvisioningDefaults,omitempty" tf:"auto_provisioning_defaults,omitempty"` + // Configuration + // options for the Autoscaling profile + // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability + // when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + AutoscalingProfile *string `json:"autoscalingProfile,omitempty" tf:"autoscaling_profile,omitempty"` + // Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied // for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` @@ -597,6 +667,12 @@ type ClusterAutoscalingObservation struct { // Structure is documented below. AutoProvisioningDefaults []AutoProvisioningDefaultsObservation `json:"autoProvisioningDefaults,omitempty" tf:"auto_provisioning_defaults,omitempty"` + // Configuration + // options for the Autoscaling profile + // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability + // when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + AutoscalingProfile *string `json:"autoscalingProfile,omitempty" tf:"autoscaling_profile,omitempty"` + // Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied // for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` @@ -616,6 +692,13 @@ type ClusterAutoscalingParameters struct { // +kubebuilder:validation:Optional AutoProvisioningDefaults []AutoProvisioningDefaultsParameters `json:"autoProvisioningDefaults,omitempty" tf:"auto_provisioning_defaults,omitempty"` + // Configuration + // options for the Autoscaling profile + // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability + // when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + // +kubebuilder:validation:Optional + AutoscalingProfile *string `json:"autoscalingProfile,omitempty" tf:"autoscaling_profile,omitempty"` + // Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied // for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard. // +kubebuilder:validation:Optional @@ -659,7 +742,7 @@ type ClusterInitParameters struct { // The IP address range of the Kubernetes pods // in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one // automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - // only work for routes-based clusters, where ip_allocation_policy is not defined. + // default a new cluster to routes-based, where ip_allocation_policy is not defined. ClusterIPv4Cidr *string `json:"clusterIpv4Cidr,omitempty" tf:"cluster_ipv4_cidr,omitempty"` // Configuration for Confidential Nodes feature. Structure is documented below documented below. @@ -688,6 +771,8 @@ type ClusterInitParameters struct { // GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below DefaultSnatStatus []DefaultSnatStatusInitParameters `json:"defaultSnatStatus,omitempty" tf:"default_snat_status,omitempty"` + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Description of the cluster. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -697,11 +782,6 @@ type ClusterInitParameters struct { // for available features. EnableAutopilot *bool `json:"enableAutopilot,omitempty" tf:"enable_autopilot,omitempty"` - // (DEPRECATED) Enable Binary Authorization for this cluster. - // If enabled, all container images will be validated by Google Binary Authorization. - // Deprecated in favor of binary_authorization. - EnableBinaryAuthorization *bool `json:"enableBinaryAuthorization,omitempty" tf:"enable_binary_authorization,omitempty"` - // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -730,15 +810,20 @@ type ClusterInitParameters struct { // See the official documentation. EnableTpu *bool `json:"enableTpu,omitempty" tf:"enable_tpu,omitempty"` + // Fleet configuration for the cluster. Structure is documented below. + Fleet []FleetInitParameters `json:"fleet,omitempty" tf:"fleet,omitempty"` + // Configuration for GKE Gateway API controller. Structure is documented below. GatewayAPIConfig []GatewayAPIConfigInitParameters `json:"gatewayApiConfig,omitempty" tf:"gateway_api_config,omitempty"` // Configuration of cluster IP allocation for - // VPC-native clusters. Adding this block enables IP aliasing, - // making the cluster VPC-native instead of routes-based. Structure is documented - // below. + // VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + // Structure is documented below. IPAllocationPolicy []IPAllocationPolicyInitParameters `json:"ipAllocationPolicy,omitempty" tf:"ip_allocation_policy,omitempty"` + // . Structure is documented below. + IdentityServiceConfig []IdentityServiceConfigInitParameters `json:"identityServiceConfig,omitempty" tf:"identity_service_config,omitempty"` + // The number of nodes to create in this // cluster's default node pool. In regional or multi-zonal clusters, this is the // number of nodes per zone. Must be set if node_pool is not set. If you're using @@ -821,8 +906,7 @@ type ClusterInitParameters struct { NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` // Determines whether alias IPs or routes will be used for pod IPs in the cluster. - // Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - // and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + // Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. NetworkingMode *string `json:"networkingMode,omitempty" tf:"networking_mode,omitempty"` // Parameters used in creating the default node pool. Structure is documented below. @@ -835,6 +919,11 @@ type ClusterInitParameters struct { // +listType=set NodeLocations []*string `json:"nodeLocations,omitempty" tf:"node_locations,omitempty"` + // Node pool configs that apply to auto-provisioned node pools in + // autopilot clusters and + // node auto-provisioning-enabled clusters. Structure is documented below. + NodePoolAutoConfig []NodePoolAutoConfigInitParameters `json:"nodePoolAutoConfig,omitempty" tf:"node_pool_auto_config,omitempty"` + // Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below. NodePoolDefaults []NodePoolDefaultsInitParameters `json:"nodePoolDefaults,omitempty" tf:"node_pool_defaults,omitempty"` @@ -943,7 +1032,7 @@ type ClusterObservation struct { // The IP address range of the Kubernetes pods // in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one // automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - // only work for routes-based clusters, where ip_allocation_policy is not defined. + // default a new cluster to routes-based, where ip_allocation_policy is not defined. ClusterIPv4Cidr *string `json:"clusterIpv4Cidr,omitempty" tf:"cluster_ipv4_cidr,omitempty"` // Configuration for Confidential Nodes feature. Structure is documented below documented below. @@ -972,6 +1061,8 @@ type ClusterObservation struct { // GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below DefaultSnatStatus []DefaultSnatStatusObservation `json:"defaultSnatStatus,omitempty" tf:"default_snat_status,omitempty"` + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Description of the cluster. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -981,11 +1072,6 @@ type ClusterObservation struct { // for available features. EnableAutopilot *bool `json:"enableAutopilot,omitempty" tf:"enable_autopilot,omitempty"` - // (DEPRECATED) Enable Binary Authorization for this cluster. - // If enabled, all container images will be validated by Google Binary Authorization. - // Deprecated in favor of binary_authorization. - EnableBinaryAuthorization *bool `json:"enableBinaryAuthorization,omitempty" tf:"enable_binary_authorization,omitempty"` - // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -1017,6 +1103,9 @@ type ClusterObservation struct { // The IP address of this cluster's Kubernetes master. Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + // Fleet configuration for the cluster. Structure is documented below. + Fleet []FleetObservation `json:"fleet,omitempty" tf:"fleet,omitempty"` + // Configuration for GKE Gateway API controller. Structure is documented below. GatewayAPIConfig []GatewayAPIConfigObservation `json:"gatewayApiConfig,omitempty" tf:"gateway_api_config,omitempty"` @@ -1024,11 +1113,13 @@ type ClusterObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // Configuration of cluster IP allocation for - // VPC-native clusters. Adding this block enables IP aliasing, - // making the cluster VPC-native instead of routes-based. Structure is documented - // below. + // VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + // Structure is documented below. IPAllocationPolicy []IPAllocationPolicyObservation `json:"ipAllocationPolicy,omitempty" tf:"ip_allocation_policy,omitempty"` + // . Structure is documented below. + IdentityServiceConfig []IdentityServiceConfigObservation `json:"identityServiceConfig,omitempty" tf:"identity_service_config,omitempty"` + // The number of nodes to create in this // cluster's default node pool. In regional or multi-zonal clusters, this is the // number of nodes per zone. Must be set if node_pool is not set. If you're using @@ -1117,8 +1208,7 @@ type ClusterObservation struct { NetworkPolicy []NetworkPolicyObservation `json:"networkPolicy,omitempty" tf:"network_policy,omitempty"` // Determines whether alias IPs or routes will be used for pod IPs in the cluster. - // Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - // and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + // Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. NetworkingMode *string `json:"networkingMode,omitempty" tf:"networking_mode,omitempty"` // Parameters used in creating the default node pool. Structure is documented below. @@ -1139,6 +1229,11 @@ type ClusterObservation struct { // google_container_node_pool resource instead of this property. NodePool []NodePoolObservation `json:"nodePool,omitempty" tf:"node_pool,omitempty"` + // Node pool configs that apply to auto-provisioned node pools in + // autopilot clusters and + // node auto-provisioning-enabled clusters. Structure is documented below. + NodePoolAutoConfig []NodePoolAutoConfigObservation `json:"nodePoolAutoConfig,omitempty" tf:"node_pool_auto_config,omitempty"` + // Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below. NodePoolDefaults []NodePoolDefaultsObservation `json:"nodePoolDefaults,omitempty" tf:"node_pool_defaults,omitempty"` @@ -1258,7 +1353,7 @@ type ClusterParameters struct { // The IP address range of the Kubernetes pods // in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one // automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - // only work for routes-based clusters, where ip_allocation_policy is not defined. + // default a new cluster to routes-based, where ip_allocation_policy is not defined. // +kubebuilder:validation:Optional ClusterIPv4Cidr *string `json:"clusterIpv4Cidr,omitempty" tf:"cluster_ipv4_cidr,omitempty"` @@ -1295,6 +1390,9 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional DefaultSnatStatus []DefaultSnatStatusParameters `json:"defaultSnatStatus,omitempty" tf:"default_snat_status,omitempty"` + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Description of the cluster. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1306,12 +1404,6 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional EnableAutopilot *bool `json:"enableAutopilot,omitempty" tf:"enable_autopilot,omitempty"` - // (DEPRECATED) Enable Binary Authorization for this cluster. - // If enabled, all container images will be validated by Google Binary Authorization. - // Deprecated in favor of binary_authorization. - // +kubebuilder:validation:Optional - EnableBinaryAuthorization *bool `json:"enableBinaryAuthorization,omitempty" tf:"enable_binary_authorization,omitempty"` - // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. // +kubebuilder:validation:Optional EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -1347,17 +1439,24 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional EnableTpu *bool `json:"enableTpu,omitempty" tf:"enable_tpu,omitempty"` + // Fleet configuration for the cluster. Structure is documented below. + // +kubebuilder:validation:Optional + Fleet []FleetParameters `json:"fleet,omitempty" tf:"fleet,omitempty"` + // Configuration for GKE Gateway API controller. Structure is documented below. // +kubebuilder:validation:Optional GatewayAPIConfig []GatewayAPIConfigParameters `json:"gatewayApiConfig,omitempty" tf:"gateway_api_config,omitempty"` // Configuration of cluster IP allocation for - // VPC-native clusters. Adding this block enables IP aliasing, - // making the cluster VPC-native instead of routes-based. Structure is documented - // below. + // VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + // Structure is documented below. // +kubebuilder:validation:Optional IPAllocationPolicy []IPAllocationPolicyParameters `json:"ipAllocationPolicy,omitempty" tf:"ip_allocation_policy,omitempty"` + // . Structure is documented below. + // +kubebuilder:validation:Optional + IdentityServiceConfig []IdentityServiceConfigParameters `json:"identityServiceConfig,omitempty" tf:"identity_service_config,omitempty"` + // The number of nodes to create in this // cluster's default node pool. In regional or multi-zonal clusters, this is the // number of nodes per zone. Must be set if node_pool is not set. If you're using @@ -1461,8 +1560,7 @@ type ClusterParameters struct { NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` // Determines whether alias IPs or routes will be used for pod IPs in the cluster. - // Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - // and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + // Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. // +kubebuilder:validation:Optional NetworkingMode *string `json:"networkingMode,omitempty" tf:"networking_mode,omitempty"` @@ -1478,6 +1576,12 @@ type ClusterParameters struct { // +listType=set NodeLocations []*string `json:"nodeLocations,omitempty" tf:"node_locations,omitempty"` + // Node pool configs that apply to auto-provisioned node pools in + // autopilot clusters and + // node auto-provisioning-enabled clusters. Structure is documented below. + // +kubebuilder:validation:Optional + NodePoolAutoConfig []NodePoolAutoConfigParameters `json:"nodePoolAutoConfig,omitempty" tf:"node_pool_auto_config,omitempty"` + // Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below. // +kubebuilder:validation:Optional NodePoolDefaults []NodePoolDefaultsParameters `json:"nodePoolDefaults,omitempty" tf:"node_pool_defaults,omitempty"` @@ -1573,19 +1677,22 @@ type ClusterParameters struct { type ConfidentialNodesInitParameters struct { - // Enable Confidential Nodes for this cluster. + // Enable Confidential GKE Nodes for this cluster, to + // enforce encryption of data in-use. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` } type ConfidentialNodesObservation struct { - // Enable Confidential Nodes for this cluster. + // Enable Confidential GKE Nodes for this cluster, to + // enforce encryption of data in-use. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` } type ConfidentialNodesParameters struct { - // Enable Confidential Nodes for this cluster. + // Enable Confidential GKE Nodes for this cluster, to + // enforce encryption of data in-use. // +kubebuilder:validation:Optional Enabled *bool `json:"enabled" tf:"enabled,omitempty"` } @@ -1754,6 +1861,24 @@ type DefaultSnatStatusParameters struct { Disabled *bool `json:"disabled" tf:"disabled,omitempty"` } +type EffectiveTaintsInitParameters struct { +} + +type EffectiveTaintsObservation struct { + + // Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. + Effect *string `json:"effect,omitempty" tf:"effect,omitempty"` + + // Key for taint. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // Value for taint. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EffectiveTaintsParameters struct { +} + type EnableK8SBetaApisInitParameters struct { // Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information. @@ -1817,6 +1942,25 @@ type ExclusionOptionsParameters struct { Scope *string `json:"scope" tf:"scope,omitempty"` } +type FastSocketInitParameters struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type FastSocketObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type FastSocketParameters struct { + + // Enables vertical pod autoscaling + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type FilterInitParameters struct { // Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details. @@ -1836,6 +1980,36 @@ type FilterParameters struct { EventType []*string `json:"eventType" tf:"event_type,omitempty"` } +type FleetInitParameters struct { + + // The name of the Fleet host project where this cluster will be registered. + Project *string `json:"project,omitempty" tf:"project,omitempty"` +} + +type FleetObservation struct { + + // The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. + Membership *string `json:"membership,omitempty" tf:"membership,omitempty"` + + // The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership. + MembershipID *string `json:"membershipId,omitempty" tf:"membership_id,omitempty"` + + // The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership. + MembershipLocation *string `json:"membershipLocation,omitempty" tf:"membership_location,omitempty"` + + PreRegistered *bool `json:"preRegistered,omitempty" tf:"pre_registered,omitempty"` + + // The name of the Fleet host project where this cluster will be registered. + Project *string `json:"project,omitempty" tf:"project,omitempty"` +} + +type FleetParameters struct { + + // The name of the Fleet host project where this cluster will be registered. + // +kubebuilder:validation:Optional + Project *string `json:"project,omitempty" tf:"project,omitempty"` +} + type GCPFilestoreCsiDriverConfigInitParameters struct { // Enables vertical pod autoscaling @@ -2171,6 +2345,11 @@ type HostMaintenancePolicyParameters struct { type IPAllocationPolicyInitParameters struct { + // The configuration for additional pod secondary ranges at + // the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + // secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. + AdditionalPodRangesConfig []AdditionalPodRangesConfigInitParameters `json:"additionalPodRangesConfig,omitempty" tf:"additional_pod_ranges_config,omitempty"` + // The IP address range for the cluster pod IPs. // Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) // to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) @@ -2206,6 +2385,11 @@ type IPAllocationPolicyInitParameters struct { type IPAllocationPolicyObservation struct { + // The configuration for additional pod secondary ranges at + // the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + // secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. + AdditionalPodRangesConfig []AdditionalPodRangesConfigObservation `json:"additionalPodRangesConfig,omitempty" tf:"additional_pod_ranges_config,omitempty"` + // The IP address range for the cluster pod IPs. // Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) // to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) @@ -2241,6 +2425,12 @@ type IPAllocationPolicyObservation struct { type IPAllocationPolicyParameters struct { + // The configuration for additional pod secondary ranges at + // the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + // secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. + // +kubebuilder:validation:Optional + AdditionalPodRangesConfig []AdditionalPodRangesConfigParameters `json:"additionalPodRangesConfig,omitempty" tf:"additional_pod_ranges_config,omitempty"` + // The IP address range for the cluster pod IPs. // Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) // to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) @@ -2280,6 +2470,25 @@ type IPAllocationPolicyParameters struct { StackType *string `json:"stackType,omitempty" tf:"stack_type,omitempty"` } +type IdentityServiceConfigInitParameters struct { + + // Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type IdentityServiceConfigObservation struct { + + // Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type IdentityServiceConfigParameters struct { + + // Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + type KubeletConfigInitParameters struct { // If true, enables CPU CFS quota enforcement for @@ -2349,30 +2558,46 @@ type KubeletConfigParameters struct { type LinuxNodeConfigInitParameters struct { + // Possible cgroup modes that can be used. + // Accepted values are: + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as - // net.core.wmem_max, to a string value. + // net.core.wmem_max, to a string value. Currently supported attributes can be found here. + // Note that validations happen all server side. All attributes are optional. // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } type LinuxNodeConfigObservation struct { + // Possible cgroup modes that can be used. + // Accepted values are: + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as - // net.core.wmem_max, to a string value. + // net.core.wmem_max, to a string value. Currently supported attributes can be found here. + // Note that validations happen all server side. All attributes are optional. // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } type LinuxNodeConfigParameters struct { + // Possible cgroup modes that can be used. + // Accepted values are: + // +kubebuilder:validation:Optional + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as - // net.core.wmem_max, to a string value. + // net.core.wmem_max, to a string value. Currently supported attributes can be found here. + // Note that validations happen all server side. All attributes are optional. // +kubebuilder:validation:Optional // +mapType=granular - Sysctls map[string]*string `json:"sysctls" tf:"sysctls,omitempty"` + Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } type LocalNvmeSsdBlockConfigInitParameters struct { @@ -2658,7 +2883,10 @@ type MeshCertificatesParameters struct { type MonitoringConfigInitParameters struct { - // The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.) + // Configuration for Advanced Datapath Monitoring. Structure is documented below. + AdvancedDatapathObservabilityConfig []AdvancedDatapathObservabilityConfigInitParameters `json:"advancedDatapathObservabilityConfig,omitempty" tf:"advanced_datapath_observability_config,omitempty"` + + // The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET. In beta provider, WORKLOADS is supported on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.) EnableComponents []*string `json:"enableComponents,omitempty" tf:"enable_components,omitempty"` // Configuration for Managed Service for Prometheus. Structure is documented below. @@ -2667,7 +2895,10 @@ type MonitoringConfigInitParameters struct { type MonitoringConfigObservation struct { - // The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.) + // Configuration for Advanced Datapath Monitoring. Structure is documented below. + AdvancedDatapathObservabilityConfig []AdvancedDatapathObservabilityConfigObservation `json:"advancedDatapathObservabilityConfig,omitempty" tf:"advanced_datapath_observability_config,omitempty"` + + // The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET. In beta provider, WORKLOADS is supported on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.) EnableComponents []*string `json:"enableComponents,omitempty" tf:"enable_components,omitempty"` // Configuration for Managed Service for Prometheus. Structure is documented below. @@ -2676,7 +2907,11 @@ type MonitoringConfigObservation struct { type MonitoringConfigParameters struct { - // The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.) + // Configuration for Advanced Datapath Monitoring. Structure is documented below. + // +kubebuilder:validation:Optional + AdvancedDatapathObservabilityConfig []AdvancedDatapathObservabilityConfigParameters `json:"advancedDatapathObservabilityConfig,omitempty" tf:"advanced_datapath_observability_config,omitempty"` + + // The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET. In beta provider, WORKLOADS is supported on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.) // +kubebuilder:validation:Optional EnableComponents []*string `json:"enableComponents,omitempty" tf:"enable_components,omitempty"` @@ -2697,6 +2932,9 @@ type NetworkConfigObservation struct { // endpoint via private networking. EnablePrivateNodes *bool `json:"enablePrivateNodes,omitempty" tf:"enable_private_nodes,omitempty"` + // Network bandwidth tier configuration. + NetworkPerformanceConfig []NetworkPerformanceConfigObservation `json:"networkPerformanceConfig,omitempty" tf:"network_performance_config,omitempty"` + PodCidrOverprovisionConfig []NetworkConfigPodCidrOverprovisionConfigObservation `json:"podCidrOverprovisionConfig,omitempty" tf:"pod_cidr_overprovision_config,omitempty"` PodIPv4CidrBlock *string `json:"podIpv4CidrBlock,omitempty" tf:"pod_ipv4_cidr_block,omitempty"` @@ -2720,6 +2958,18 @@ type NetworkConfigPodCidrOverprovisionConfigObservation struct { type NetworkConfigPodCidrOverprovisionConfigParameters struct { } +type NetworkPerformanceConfigInitParameters struct { +} + +type NetworkPerformanceConfigObservation struct { + + // Specifies the total network bandwidth tier for the NodePool. + TotalEgressBandwidthTier *string `json:"totalEgressBandwidthTier,omitempty" tf:"total_egress_bandwidth_tier,omitempty"` +} + +type NetworkPerformanceConfigParameters struct { +} + type NetworkPolicyConfigInitParameters struct { // The status of the Istio addon, which makes it easy to set up Istio for services in a @@ -2771,6 +3021,25 @@ type NetworkPolicyParameters struct { Provider *string `json:"provider,omitempty" tf:"provider,omitempty"` } +type NetworkTagsInitParameters struct { + + // List of network tags applied to auto-provisioned node pools. + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + +type NetworkTagsObservation struct { + + // List of network tags applied to auto-provisioned node pools. + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + +type NetworkTagsParameters struct { + + // List of network tags applied to auto-provisioned node pools. + // +kubebuilder:validation:Optional + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + type NodeAffinityInitParameters struct { // Key for taint. @@ -2822,6 +3091,25 @@ type NodeConfigAdvancedMachineFeaturesObservation struct { type NodeConfigAdvancedMachineFeaturesParameters struct { } +type NodeConfigConfidentialNodesInitParameters struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodeConfigConfidentialNodesObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodeConfigConfidentialNodesParameters struct { + + // Enables vertical pod autoscaling + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type NodeConfigDefaultsInitParameters struct { // The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. @@ -2841,6 +3129,24 @@ type NodeConfigDefaultsParameters struct { LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` } +type NodeConfigEffectiveTaintsInitParameters struct { +} + +type NodeConfigEffectiveTaintsObservation struct { + + // Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. + Effect *string `json:"effect,omitempty" tf:"effect,omitempty"` + + // Key for taint. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // Value for taint. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type NodeConfigEffectiveTaintsParameters struct { +} + type NodeConfigEphemeralStorageLocalSsdConfigInitParameters struct { } @@ -2854,6 +3160,18 @@ type NodeConfigEphemeralStorageLocalSsdConfigObservation struct { type NodeConfigEphemeralStorageLocalSsdConfigParameters struct { } +type NodeConfigFastSocketInitParameters struct { +} + +type NodeConfigFastSocketObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodeConfigFastSocketParameters struct { +} + type NodeConfigGcfsConfigInitParameters struct { } @@ -2921,6 +3239,9 @@ type NodeConfigInitParameters struct { // The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below documented below. + ConfidentialNodes []NodeConfigConfidentialNodesInitParameters `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Size of the disk attached to each node, specified // in GB. The smallest allowed disk size is 10GB. Defaults to 100GB. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` @@ -2929,9 +3250,18 @@ type NodeConfigInitParameters struct { // (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + // Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default. + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + // Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below. EphemeralStorageLocalSsdConfig []EphemeralStorageLocalSsdConfigInitParameters `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + // Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + // Node Pool must enable gvnic. + // GKE version 1.25.2-gke.1700 or later. + // Structure is documented below. + FastSocket []FastSocketInitParameters `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + // Parameters for the Google Container Filesystem (GCFS). // If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. // For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. @@ -2969,9 +3299,7 @@ type NodeConfigInitParameters struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // Linux node configuration, currently supported attributes can be found here. - // Note that validations happen all server side. All attributes are optional. - // Structure is documented below. + // Parameters that can be configured on Linux nodes. Structure is documented below. LinuxNodeConfig []LinuxNodeConfigInitParameters `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` // Parameters for the local NVMe SSDs. Structure is documented below. @@ -3024,6 +3352,10 @@ type NodeConfigInitParameters struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount @@ -3053,13 +3385,9 @@ type NodeConfigInitParameters struct { // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` - // A list of Kubernetes taints - // to apply to nodes. GKE's API can only set this field on cluster creation. - // However, GKE will add taints to your nodes if you enable certain features such - // as GPUs. Taint values can be updated safely in - // Kubernetes (eg. through kubectl), and it's recommended that you do not use - // this field to manage taints. If you do, lifecycle.ignore_changes is - // recommended. Structure is documented below. + // A list of + // Kubernetes taints + // to apply to nodes. Structure is documented below. Taint []TaintInitParameters `json:"taint,omitempty" tf:"taint,omitempty"` // Metadata configuration to expose to workloads on the node pool. @@ -3099,9 +3427,14 @@ type NodeConfigLinuxNodeConfigInitParameters struct { type NodeConfigLinuxNodeConfigObservation struct { + // Possible cgroup modes that can be used. + // Accepted values are: + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as - // net.core.wmem_max, to a string value. + // net.core.wmem_max, to a string value. Currently supported attributes can be found here. + // Note that validations happen all server side. All attributes are optional. // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } @@ -3131,6 +3464,9 @@ type NodeConfigObservation struct { // The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below documented below. + ConfidentialNodes []NodeConfigConfidentialNodesObservation `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Size of the disk attached to each node, specified // in GB. The smallest allowed disk size is 10GB. Defaults to 100GB. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` @@ -3139,9 +3475,21 @@ type NodeConfigObservation struct { // (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + // List of kubernetes taints applied to each node. Structure is documented above. + EffectiveTaints []EffectiveTaintsObservation `json:"effectiveTaints,omitempty" tf:"effective_taints,omitempty"` + + // Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default. + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + // Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below. EphemeralStorageLocalSsdConfig []EphemeralStorageLocalSsdConfigObservation `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + // Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + // Node Pool must enable gvnic. + // GKE version 1.25.2-gke.1700 or later. + // Structure is documented below. + FastSocket []FastSocketObservation `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + // Parameters for the Google Container Filesystem (GCFS). // If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. // For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. @@ -3179,9 +3527,7 @@ type NodeConfigObservation struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // Linux node configuration, currently supported attributes can be found here. - // Note that validations happen all server side. All attributes are optional. - // Structure is documented below. + // Parameters that can be configured on Linux nodes. Structure is documented below. LinuxNodeConfig []LinuxNodeConfigObservation `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` // Parameters for the local NVMe SSDs. Structure is documented below. @@ -3234,6 +3580,10 @@ type NodeConfigObservation struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -3253,13 +3603,9 @@ type NodeConfigObservation struct { // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` - // A list of Kubernetes taints - // to apply to nodes. GKE's API can only set this field on cluster creation. - // However, GKE will add taints to your nodes if you enable certain features such - // as GPUs. Taint values can be updated safely in - // Kubernetes (eg. through kubectl), and it's recommended that you do not use - // this field to manage taints. If you do, lifecycle.ignore_changes is - // recommended. Structure is documented below. + // A list of + // Kubernetes taints + // to apply to nodes. Structure is documented below. Taint []TaintObservation `json:"taint,omitempty" tf:"taint,omitempty"` // Metadata configuration to expose to workloads on the node pool. @@ -3278,6 +3624,10 @@ type NodeConfigParameters struct { // +kubebuilder:validation:Optional BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below documented below. + // +kubebuilder:validation:Optional + ConfidentialNodes []NodeConfigConfidentialNodesParameters `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Size of the disk attached to each node, specified // in GB. The smallest allowed disk size is 10GB. Defaults to 100GB. // +kubebuilder:validation:Optional @@ -3288,10 +3638,21 @@ type NodeConfigParameters struct { // +kubebuilder:validation:Optional DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + // Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default. + // +kubebuilder:validation:Optional + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + // Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below. // +kubebuilder:validation:Optional EphemeralStorageLocalSsdConfig []EphemeralStorageLocalSsdConfigParameters `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + // Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + // Node Pool must enable gvnic. + // GKE version 1.25.2-gke.1700 or later. + // Structure is documented below. + // +kubebuilder:validation:Optional + FastSocket []FastSocketParameters `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + // Parameters for the Google Container Filesystem (GCFS). // If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. // For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. @@ -3336,9 +3697,7 @@ type NodeConfigParameters struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // Linux node configuration, currently supported attributes can be found here. - // Note that validations happen all server side. All attributes are optional. - // Structure is documented below. + // Parameters that can be configured on Linux nodes. Structure is documented below. // +kubebuilder:validation:Optional LinuxNodeConfig []LinuxNodeConfigParameters `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` @@ -3403,6 +3762,11 @@ type NodeConfigParameters struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +kubebuilder:validation:Optional + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount @@ -3437,13 +3801,9 @@ type NodeConfigParameters struct { // +kubebuilder:validation:Optional Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` - // A list of Kubernetes taints - // to apply to nodes. GKE's API can only set this field on cluster creation. - // However, GKE will add taints to your nodes if you enable certain features such - // as GPUs. Taint values can be updated safely in - // Kubernetes (eg. through kubectl), and it's recommended that you do not use - // this field to manage taints. If you do, lifecycle.ignore_changes is - // recommended. Structure is documented below. + // A list of + // Kubernetes taints + // to apply to nodes. Structure is documented below. // +kubebuilder:validation:Optional Taint []TaintParameters `json:"taint,omitempty" tf:"taint,omitempty"` @@ -3543,6 +3903,25 @@ type NodeConfigWorkloadMetadataConfigObservation struct { type NodeConfigWorkloadMetadataConfigParameters struct { } +type NodePoolAutoConfigInitParameters struct { + + // The network tag config for the cluster's automatically provisioned node pools. + NetworkTags []NetworkTagsInitParameters `json:"networkTags,omitempty" tf:"network_tags,omitempty"` +} + +type NodePoolAutoConfigObservation struct { + + // The network tag config for the cluster's automatically provisioned node pools. + NetworkTags []NetworkTagsObservation `json:"networkTags,omitempty" tf:"network_tags,omitempty"` +} + +type NodePoolAutoConfigParameters struct { + + // The network tag config for the cluster's automatically provisioned node pools. + // +kubebuilder:validation:Optional + NetworkTags []NetworkTagsParameters `json:"networkTags,omitempty" tf:"network_tags,omitempty"` +} + type NodePoolDefaultsInitParameters struct { // Subset of NodeConfig message that has defaults. @@ -3580,6 +3959,18 @@ type NodePoolManagementObservation struct { type NodePoolManagementParameters struct { } +type NodePoolNodeConfigConfidentialNodesInitParameters struct { +} + +type NodePoolNodeConfigConfidentialNodesObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolNodeConfigConfidentialNodesParameters struct { +} + type NodePoolNodeConfigInitParameters struct { } @@ -3592,6 +3983,9 @@ type NodePoolNodeConfigObservation struct { // The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below documented below. + ConfidentialNodes []NodePoolNodeConfigConfidentialNodesObservation `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Size of the disk attached to each node, specified // in GB. The smallest allowed disk size is 10GB. Defaults to 100GB. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` @@ -3600,9 +3994,21 @@ type NodePoolNodeConfigObservation struct { // (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + // List of kubernetes taints applied to each node. Structure is documented above. + EffectiveTaints []NodeConfigEffectiveTaintsObservation `json:"effectiveTaints,omitempty" tf:"effective_taints,omitempty"` + + // Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default. + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + // Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below. EphemeralStorageLocalSsdConfig []NodeConfigEphemeralStorageLocalSsdConfigObservation `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + // Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + // Node Pool must enable gvnic. + // GKE version 1.25.2-gke.1700 or later. + // Structure is documented below. + FastSocket []NodeConfigFastSocketObservation `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + // The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. GcfsConfig []NodeConfigGcfsConfigObservation `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` @@ -3635,9 +4041,7 @@ type NodePoolNodeConfigObservation struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // Linux node configuration, currently supported attributes can be found here. - // Note that validations happen all server side. All attributes are optional. - // Structure is documented below. + // Parameters that can be configured on Linux nodes. Structure is documented below. LinuxNodeConfig []NodeConfigLinuxNodeConfigObservation `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` // Parameters for the local NVMe SSDs. Structure is documented below. @@ -3689,6 +4093,10 @@ type NodePoolNodeConfigObservation struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -3707,13 +4115,9 @@ type NodePoolNodeConfigObservation struct { // List of network tags applied to auto-provisioned node pools. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` - // A list of Kubernetes taints - // to apply to nodes. GKE's API can only set this field on cluster creation. - // However, GKE will add taints to your nodes if you enable certain features such - // as GPUs. Taint values can be updated safely in - // Kubernetes (eg. through kubectl), and it's recommended that you do not use - // this field to manage taints. If you do, lifecycle.ignore_changes is - // recommended. Structure is documented below. + // A list of + // Kubernetes taints + // to apply to nodes. Structure is documented below. Taint []NodeConfigTaintObservation `json:"taint,omitempty" tf:"taint,omitempty"` // Metadata configuration to expose to workloads on the node pool. @@ -3839,6 +4243,8 @@ type PlacementPolicyObservation struct { // location. PolicyName *string `json:"policyName,omitempty" tf:"policy_name,omitempty"` + TpuTopology *string `json:"tpuTopology,omitempty" tf:"tpu_topology,omitempty"` + // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -4213,7 +4619,7 @@ type SecurityPostureConfigInitParameters struct { // Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` - // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE. VulnerabilityMode *string `json:"vulnerabilityMode,omitempty" tf:"vulnerability_mode,omitempty"` } @@ -4222,7 +4628,7 @@ type SecurityPostureConfigObservation struct { // Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC. Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` - // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE. VulnerabilityMode *string `json:"vulnerabilityMode,omitempty" tf:"vulnerability_mode,omitempty"` } @@ -4232,7 +4638,7 @@ type SecurityPostureConfigParameters struct { // +kubebuilder:validation:Optional Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` - // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE. // +kubebuilder:validation:Optional VulnerabilityMode *string `json:"vulnerabilityMode,omitempty" tf:"vulnerability_mode,omitempty"` } @@ -4359,13 +4765,13 @@ type StandardRolloutPolicyParameters struct { type TaintInitParameters struct { // Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. - Effect *string `json:"effect,omitempty" tf:"effect"` + Effect *string `json:"effect,omitempty" tf:"effect,omitempty"` // Key for taint. - Key *string `json:"key,omitempty" tf:"key"` + Key *string `json:"key,omitempty" tf:"key,omitempty"` // Value for taint. - Value *string `json:"value,omitempty" tf:"value"` + Value *string `json:"value,omitempty" tf:"value,omitempty"` } type TaintObservation struct { @@ -4384,15 +4790,15 @@ type TaintParameters struct { // Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. // +kubebuilder:validation:Optional - Effect *string `json:"effect,omitempty" tf:"effect"` + Effect *string `json:"effect" tf:"effect,omitempty"` // Key for taint. // +kubebuilder:validation:Optional - Key *string `json:"key,omitempty" tf:"key"` + Key *string `json:"key" tf:"key,omitempty"` // Value for taint. // +kubebuilder:validation:Optional - Value *string `json:"value,omitempty" tf:"value"` + Value *string `json:"value" tf:"value,omitempty"` } type UpgradeOptionsInitParameters struct { diff --git a/apis/container/v1beta1/zz_generated.deepcopy.go b/apis/container/v1beta1/zz_generated.deepcopy.go index c5049958d..929e470d4 100644 --- a/apis/container/v1beta1/zz_generated.deepcopy.go +++ b/apis/container/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,84 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalPodRangesConfigInitParameters) DeepCopyInto(out *AdditionalPodRangesConfigInitParameters) { + *out = *in + if in.PodRangeNames != nil { + in, out := &in.PodRangeNames, &out.PodRangeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalPodRangesConfigInitParameters. +func (in *AdditionalPodRangesConfigInitParameters) DeepCopy() *AdditionalPodRangesConfigInitParameters { + if in == nil { + return nil + } + out := new(AdditionalPodRangesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalPodRangesConfigObservation) DeepCopyInto(out *AdditionalPodRangesConfigObservation) { + *out = *in + if in.PodRangeNames != nil { + in, out := &in.PodRangeNames, &out.PodRangeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalPodRangesConfigObservation. +func (in *AdditionalPodRangesConfigObservation) DeepCopy() *AdditionalPodRangesConfigObservation { + if in == nil { + return nil + } + out := new(AdditionalPodRangesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalPodRangesConfigParameters) DeepCopyInto(out *AdditionalPodRangesConfigParameters) { + *out = *in + if in.PodRangeNames != nil { + in, out := &in.PodRangeNames, &out.PodRangeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalPodRangesConfigParameters. +func (in *AdditionalPodRangesConfigParameters) DeepCopy() *AdditionalPodRangesConfigParameters { + if in == nil { + return nil + } + out := new(AdditionalPodRangesConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AddonsConfigInitParameters) DeepCopyInto(out *AddonsConfigInitParameters) { *out = *in @@ -280,6 +358,96 @@ func (in *AddonsConfigParameters) DeepCopy() *AddonsConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedDatapathObservabilityConfigInitParameters) DeepCopyInto(out *AdvancedDatapathObservabilityConfigInitParameters) { + *out = *in + if in.EnableMetrics != nil { + in, out := &in.EnableMetrics, &out.EnableMetrics + *out = new(bool) + **out = **in + } + if in.EnableRelay != nil { + in, out := &in.EnableRelay, &out.EnableRelay + *out = new(bool) + **out = **in + } + if in.RelayMode != nil { + in, out := &in.RelayMode, &out.RelayMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedDatapathObservabilityConfigInitParameters. +func (in *AdvancedDatapathObservabilityConfigInitParameters) DeepCopy() *AdvancedDatapathObservabilityConfigInitParameters { + if in == nil { + return nil + } + out := new(AdvancedDatapathObservabilityConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedDatapathObservabilityConfigObservation) DeepCopyInto(out *AdvancedDatapathObservabilityConfigObservation) { + *out = *in + if in.EnableMetrics != nil { + in, out := &in.EnableMetrics, &out.EnableMetrics + *out = new(bool) + **out = **in + } + if in.EnableRelay != nil { + in, out := &in.EnableRelay, &out.EnableRelay + *out = new(bool) + **out = **in + } + if in.RelayMode != nil { + in, out := &in.RelayMode, &out.RelayMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedDatapathObservabilityConfigObservation. +func (in *AdvancedDatapathObservabilityConfigObservation) DeepCopy() *AdvancedDatapathObservabilityConfigObservation { + if in == nil { + return nil + } + out := new(AdvancedDatapathObservabilityConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedDatapathObservabilityConfigParameters) DeepCopyInto(out *AdvancedDatapathObservabilityConfigParameters) { + *out = *in + if in.EnableMetrics != nil { + in, out := &in.EnableMetrics, &out.EnableMetrics + *out = new(bool) + **out = **in + } + if in.EnableRelay != nil { + in, out := &in.EnableRelay, &out.EnableRelay + *out = new(bool) + **out = **in + } + if in.RelayMode != nil { + in, out := &in.RelayMode, &out.RelayMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedDatapathObservabilityConfigParameters. +func (in *AdvancedDatapathObservabilityConfigParameters) DeepCopy() *AdvancedDatapathObservabilityConfigParameters { + if in == nil { + return nil + } + out := new(AdvancedDatapathObservabilityConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdvancedMachineFeaturesInitParameters) DeepCopyInto(out *AdvancedMachineFeaturesInitParameters) { *out = *in @@ -1224,6 +1392,11 @@ func (in *ClusterAutoscalingInitParameters) DeepCopyInto(out *ClusterAutoscaling (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AutoscalingProfile != nil { + in, out := &in.AutoscalingProfile, &out.AutoscalingProfile + *out = new(string) + **out = **in + } if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) @@ -1258,6 +1431,11 @@ func (in *ClusterAutoscalingObservation) DeepCopyInto(out *ClusterAutoscalingObs (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AutoscalingProfile != nil { + in, out := &in.AutoscalingProfile, &out.AutoscalingProfile + *out = new(string) + **out = **in + } if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) @@ -1292,6 +1470,11 @@ func (in *ClusterAutoscalingParameters) DeepCopyInto(out *ClusterAutoscalingPara (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AutoscalingProfile != nil { + in, out := &in.AutoscalingProfile, &out.AutoscalingProfile + *out = new(string) + **out = **in + } if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) @@ -1402,6 +1585,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1412,11 +1600,6 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(bool) **out = **in } - if in.EnableBinaryAuthorization != nil { - in, out := &in.EnableBinaryAuthorization, &out.EnableBinaryAuthorization - *out = new(bool) - **out = **in - } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -1454,6 +1637,13 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(bool) **out = **in } + if in.Fleet != nil { + in, out := &in.Fleet, &out.Fleet + *out = make([]FleetInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GatewayAPIConfig != nil { in, out := &in.GatewayAPIConfig, &out.GatewayAPIConfig *out = make([]GatewayAPIConfigInitParameters, len(*in)) @@ -1468,6 +1658,13 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IdentityServiceConfig != nil { + in, out := &in.IdentityServiceConfig, &out.IdentityServiceConfig + *out = make([]IdentityServiceConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.InitialNodeCount != nil { in, out := &in.InitialNodeCount, &out.InitialNodeCount *out = new(float64) @@ -1575,6 +1772,13 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { } } } + if in.NodePoolAutoConfig != nil { + in, out := &in.NodePoolAutoConfig, &out.NodePoolAutoConfig + *out = make([]NodePoolAutoConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodePoolDefaults != nil { in, out := &in.NodePoolDefaults, &out.NodePoolDefaults *out = make([]NodePoolDefaultsInitParameters, len(*in)) @@ -1819,6 +2023,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1829,11 +2038,6 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(bool) **out = **in } - if in.EnableBinaryAuthorization != nil { - in, out := &in.EnableBinaryAuthorization, &out.EnableBinaryAuthorization - *out = new(bool) - **out = **in - } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -1876,6 +2080,13 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.Fleet != nil { + in, out := &in.Fleet, &out.Fleet + *out = make([]FleetObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GatewayAPIConfig != nil { in, out := &in.GatewayAPIConfig, &out.GatewayAPIConfig *out = make([]GatewayAPIConfigObservation, len(*in)) @@ -1895,6 +2106,13 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IdentityServiceConfig != nil { + in, out := &in.IdentityServiceConfig, &out.IdentityServiceConfig + *out = make([]IdentityServiceConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.InitialNodeCount != nil { in, out := &in.InitialNodeCount, &out.InitialNodeCount *out = new(float64) @@ -2014,6 +2232,13 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.NodePoolAutoConfig != nil { + in, out := &in.NodePoolAutoConfig, &out.NodePoolAutoConfig + *out = make([]NodePoolAutoConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodePoolDefaults != nil { in, out := &in.NodePoolDefaults, &out.NodePoolDefaults *out = make([]NodePoolDefaultsObservation, len(*in)) @@ -2236,6 +2461,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2246,11 +2476,6 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(bool) **out = **in } - if in.EnableBinaryAuthorization != nil { - in, out := &in.EnableBinaryAuthorization, &out.EnableBinaryAuthorization - *out = new(bool) - **out = **in - } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -2288,6 +2513,13 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(bool) **out = **in } + if in.Fleet != nil { + in, out := &in.Fleet, &out.Fleet + *out = make([]FleetParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GatewayAPIConfig != nil { in, out := &in.GatewayAPIConfig, &out.GatewayAPIConfig *out = make([]GatewayAPIConfigParameters, len(*in)) @@ -2302,6 +2534,13 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IdentityServiceConfig != nil { + in, out := &in.IdentityServiceConfig, &out.IdentityServiceConfig + *out = make([]IdentityServiceConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.InitialNodeCount != nil { in, out := &in.InitialNodeCount, &out.InitialNodeCount *out = new(float64) @@ -2414,6 +2653,13 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { } } } + if in.NodePoolAutoConfig != nil { + in, out := &in.NodePoolAutoConfig, &out.NodePoolAutoConfig + *out = make([]NodePoolAutoConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodePoolDefaults != nil { in, out := &in.NodePoolDefaults, &out.NodePoolDefaults *out = make([]NodePoolDefaultsParameters, len(*in)) @@ -3105,6 +3351,66 @@ func (in *DefaultSnatStatusParameters) DeepCopy() *DefaultSnatStatusParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EffectiveTaintsInitParameters) DeepCopyInto(out *EffectiveTaintsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EffectiveTaintsInitParameters. +func (in *EffectiveTaintsInitParameters) DeepCopy() *EffectiveTaintsInitParameters { + if in == nil { + return nil + } + out := new(EffectiveTaintsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EffectiveTaintsObservation) DeepCopyInto(out *EffectiveTaintsObservation) { + *out = *in + if in.Effect != nil { + in, out := &in.Effect, &out.Effect + *out = new(string) + **out = **in + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EffectiveTaintsObservation. +func (in *EffectiveTaintsObservation) DeepCopy() *EffectiveTaintsObservation { + if in == nil { + return nil + } + out := new(EffectiveTaintsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EffectiveTaintsParameters) DeepCopyInto(out *EffectiveTaintsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EffectiveTaintsParameters. +func (in *EffectiveTaintsParameters) DeepCopy() *EffectiveTaintsParameters { + if in == nil { + return nil + } + out := new(EffectiveTaintsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EnableK8SBetaApisInitParameters) DeepCopyInto(out *EnableK8SBetaApisInitParameters) { *out = *in @@ -3304,40 +3610,100 @@ func (in *ExclusionOptionsParameters) DeepCopy() *ExclusionOptionsParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FilterInitParameters) DeepCopyInto(out *FilterInitParameters) { +func (in *FastSocketInitParameters) DeepCopyInto(out *FastSocketInitParameters) { *out = *in - if in.EventType != nil { - in, out := &in.EventType, &out.EventType - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterInitParameters. -func (in *FilterInitParameters) DeepCopy() *FilterInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FastSocketInitParameters. +func (in *FastSocketInitParameters) DeepCopy() *FastSocketInitParameters { if in == nil { return nil } - out := new(FilterInitParameters) + out := new(FastSocketInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FilterObservation) DeepCopyInto(out *FilterObservation) { +func (in *FastSocketObservation) DeepCopyInto(out *FastSocketObservation) { *out = *in - if in.EventType != nil { - in, out := &in.EventType, &out.EventType - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FastSocketObservation. +func (in *FastSocketObservation) DeepCopy() *FastSocketObservation { + if in == nil { + return nil + } + out := new(FastSocketObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FastSocketParameters) DeepCopyInto(out *FastSocketParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FastSocketParameters. +func (in *FastSocketParameters) DeepCopy() *FastSocketParameters { + if in == nil { + return nil + } + out := new(FastSocketParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilterInitParameters) DeepCopyInto(out *FilterInitParameters) { + *out = *in + if in.EventType != nil { + in, out := &in.EventType, &out.EventType + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterInitParameters. +func (in *FilterInitParameters) DeepCopy() *FilterInitParameters { + if in == nil { + return nil + } + out := new(FilterInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilterObservation) DeepCopyInto(out *FilterObservation) { + *out = *in + if in.EventType != nil { + in, out := &in.EventType, &out.EventType + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] *out = new(string) **out = **in } @@ -3381,6 +3747,86 @@ func (in *FilterParameters) DeepCopy() *FilterParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetInitParameters) DeepCopyInto(out *FleetInitParameters) { + *out = *in + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetInitParameters. +func (in *FleetInitParameters) DeepCopy() *FleetInitParameters { + if in == nil { + return nil + } + out := new(FleetInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetObservation) DeepCopyInto(out *FleetObservation) { + *out = *in + if in.Membership != nil { + in, out := &in.Membership, &out.Membership + *out = new(string) + **out = **in + } + if in.MembershipID != nil { + in, out := &in.MembershipID, &out.MembershipID + *out = new(string) + **out = **in + } + if in.MembershipLocation != nil { + in, out := &in.MembershipLocation, &out.MembershipLocation + *out = new(string) + **out = **in + } + if in.PreRegistered != nil { + in, out := &in.PreRegistered, &out.PreRegistered + *out = new(bool) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetObservation. +func (in *FleetObservation) DeepCopy() *FleetObservation { + if in == nil { + return nil + } + out := new(FleetObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetParameters) DeepCopyInto(out *FleetParameters) { + *out = *in + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetParameters. +func (in *FleetParameters) DeepCopy() *FleetParameters { + if in == nil { + return nil + } + out := new(FleetParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPFilestoreCsiDriverConfigInitParameters) DeepCopyInto(out *GCPFilestoreCsiDriverConfigInitParameters) { *out = *in @@ -4356,6 +4802,13 @@ func (in *HostMaintenancePolicyParameters) DeepCopy() *HostMaintenancePolicyPara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPAllocationPolicyInitParameters) DeepCopyInto(out *IPAllocationPolicyInitParameters) { *out = *in + if in.AdditionalPodRangesConfig != nil { + in, out := &in.AdditionalPodRangesConfig, &out.AdditionalPodRangesConfig + *out = make([]AdditionalPodRangesConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ClusterIPv4CidrBlock != nil { in, out := &in.ClusterIPv4CidrBlock, &out.ClusterIPv4CidrBlock *out = new(string) @@ -4403,6 +4856,13 @@ func (in *IPAllocationPolicyInitParameters) DeepCopy() *IPAllocationPolicyInitPa // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPAllocationPolicyObservation) DeepCopyInto(out *IPAllocationPolicyObservation) { *out = *in + if in.AdditionalPodRangesConfig != nil { + in, out := &in.AdditionalPodRangesConfig, &out.AdditionalPodRangesConfig + *out = make([]AdditionalPodRangesConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ClusterIPv4CidrBlock != nil { in, out := &in.ClusterIPv4CidrBlock, &out.ClusterIPv4CidrBlock *out = new(string) @@ -4450,6 +4910,13 @@ func (in *IPAllocationPolicyObservation) DeepCopy() *IPAllocationPolicyObservati // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPAllocationPolicyParameters) DeepCopyInto(out *IPAllocationPolicyParameters) { *out = *in + if in.AdditionalPodRangesConfig != nil { + in, out := &in.AdditionalPodRangesConfig, &out.AdditionalPodRangesConfig + *out = make([]AdditionalPodRangesConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ClusterIPv4CidrBlock != nil { in, out := &in.ClusterIPv4CidrBlock, &out.ClusterIPv4CidrBlock *out = new(string) @@ -4494,6 +4961,66 @@ func (in *IPAllocationPolicyParameters) DeepCopy() *IPAllocationPolicyParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityServiceConfigInitParameters) DeepCopyInto(out *IdentityServiceConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityServiceConfigInitParameters. +func (in *IdentityServiceConfigInitParameters) DeepCopy() *IdentityServiceConfigInitParameters { + if in == nil { + return nil + } + out := new(IdentityServiceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityServiceConfigObservation) DeepCopyInto(out *IdentityServiceConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityServiceConfigObservation. +func (in *IdentityServiceConfigObservation) DeepCopy() *IdentityServiceConfigObservation { + if in == nil { + return nil + } + out := new(IdentityServiceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityServiceConfigParameters) DeepCopyInto(out *IdentityServiceConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityServiceConfigParameters. +func (in *IdentityServiceConfigParameters) DeepCopy() *IdentityServiceConfigParameters { + if in == nil { + return nil + } + out := new(IdentityServiceConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeletConfigInitParameters) DeepCopyInto(out *KubeletConfigInitParameters) { *out = *in @@ -4602,6 +5129,11 @@ func (in *KubeletConfigParameters) DeepCopy() *KubeletConfigParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinuxNodeConfigInitParameters) DeepCopyInto(out *LinuxNodeConfigInitParameters) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -4633,6 +5165,11 @@ func (in *LinuxNodeConfigInitParameters) DeepCopy() *LinuxNodeConfigInitParamete // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinuxNodeConfigObservation) DeepCopyInto(out *LinuxNodeConfigObservation) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -4664,6 +5201,11 @@ func (in *LinuxNodeConfigObservation) DeepCopy() *LinuxNodeConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinuxNodeConfigParameters) DeepCopyInto(out *LinuxNodeConfigParameters) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -5471,6 +6013,13 @@ func (in *MeshCertificatesParameters) DeepCopy() *MeshCertificatesParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MonitoringConfigInitParameters) DeepCopyInto(out *MonitoringConfigInitParameters) { *out = *in + if in.AdvancedDatapathObservabilityConfig != nil { + in, out := &in.AdvancedDatapathObservabilityConfig, &out.AdvancedDatapathObservabilityConfig + *out = make([]AdvancedDatapathObservabilityConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EnableComponents != nil { in, out := &in.EnableComponents, &out.EnableComponents *out = make([]*string, len(*in)) @@ -5504,6 +6053,13 @@ func (in *MonitoringConfigInitParameters) DeepCopy() *MonitoringConfigInitParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MonitoringConfigObservation) DeepCopyInto(out *MonitoringConfigObservation) { *out = *in + if in.AdvancedDatapathObservabilityConfig != nil { + in, out := &in.AdvancedDatapathObservabilityConfig, &out.AdvancedDatapathObservabilityConfig + *out = make([]AdvancedDatapathObservabilityConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EnableComponents != nil { in, out := &in.EnableComponents, &out.EnableComponents *out = make([]*string, len(*in)) @@ -5537,6 +6093,13 @@ func (in *MonitoringConfigObservation) DeepCopy() *MonitoringConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MonitoringConfigParameters) DeepCopyInto(out *MonitoringConfigParameters) { *out = *in + if in.AdvancedDatapathObservabilityConfig != nil { + in, out := &in.AdvancedDatapathObservabilityConfig, &out.AdvancedDatapathObservabilityConfig + *out = make([]AdvancedDatapathObservabilityConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EnableComponents != nil { in, out := &in.EnableComponents, &out.EnableComponents *out = make([]*string, len(*in)) @@ -5582,6 +6145,66 @@ func (in *NetworkConfigInitParameters) DeepCopy() *NetworkConfigInitParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigNetworkPerformanceConfigInitParameters) DeepCopyInto(out *NetworkConfigNetworkPerformanceConfigInitParameters) { + *out = *in + if in.TotalEgressBandwidthTier != nil { + in, out := &in.TotalEgressBandwidthTier, &out.TotalEgressBandwidthTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigNetworkPerformanceConfigInitParameters. +func (in *NetworkConfigNetworkPerformanceConfigInitParameters) DeepCopy() *NetworkConfigNetworkPerformanceConfigInitParameters { + if in == nil { + return nil + } + out := new(NetworkConfigNetworkPerformanceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigNetworkPerformanceConfigObservation) DeepCopyInto(out *NetworkConfigNetworkPerformanceConfigObservation) { + *out = *in + if in.TotalEgressBandwidthTier != nil { + in, out := &in.TotalEgressBandwidthTier, &out.TotalEgressBandwidthTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigNetworkPerformanceConfigObservation. +func (in *NetworkConfigNetworkPerformanceConfigObservation) DeepCopy() *NetworkConfigNetworkPerformanceConfigObservation { + if in == nil { + return nil + } + out := new(NetworkConfigNetworkPerformanceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigNetworkPerformanceConfigParameters) DeepCopyInto(out *NetworkConfigNetworkPerformanceConfigParameters) { + *out = *in + if in.TotalEgressBandwidthTier != nil { + in, out := &in.TotalEgressBandwidthTier, &out.TotalEgressBandwidthTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigNetworkPerformanceConfigParameters. +func (in *NetworkConfigNetworkPerformanceConfigParameters) DeepCopy() *NetworkConfigNetworkPerformanceConfigParameters { + if in == nil { + return nil + } + out := new(NetworkConfigNetworkPerformanceConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkConfigObservation) DeepCopyInto(out *NetworkConfigObservation) { *out = *in @@ -5595,6 +6218,13 @@ func (in *NetworkConfigObservation) DeepCopyInto(out *NetworkConfigObservation) *out = new(bool) **out = **in } + if in.NetworkPerformanceConfig != nil { + in, out := &in.NetworkPerformanceConfig, &out.NetworkPerformanceConfig + *out = make([]NetworkPerformanceConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PodCidrOverprovisionConfig != nil { in, out := &in.PodCidrOverprovisionConfig, &out.PodCidrOverprovisionConfig *out = make([]NetworkConfigPodCidrOverprovisionConfigObservation, len(*in)) @@ -5690,11 +6320,61 @@ func (in *NetworkConfigPodCidrOverprovisionConfigParameters) DeepCopy() *Network } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyConfigInitParameters) DeepCopyInto(out *NetworkPolicyConfigInitParameters) { +func (in *NetworkPerformanceConfigInitParameters) DeepCopyInto(out *NetworkPerformanceConfigInitParameters) { *out = *in - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled - *out = new(bool) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPerformanceConfigInitParameters. +func (in *NetworkPerformanceConfigInitParameters) DeepCopy() *NetworkPerformanceConfigInitParameters { + if in == nil { + return nil + } + out := new(NetworkPerformanceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPerformanceConfigObservation) DeepCopyInto(out *NetworkPerformanceConfigObservation) { + *out = *in + if in.TotalEgressBandwidthTier != nil { + in, out := &in.TotalEgressBandwidthTier, &out.TotalEgressBandwidthTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPerformanceConfigObservation. +func (in *NetworkPerformanceConfigObservation) DeepCopy() *NetworkPerformanceConfigObservation { + if in == nil { + return nil + } + out := new(NetworkPerformanceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPerformanceConfigParameters) DeepCopyInto(out *NetworkPerformanceConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPerformanceConfigParameters. +func (in *NetworkPerformanceConfigParameters) DeepCopy() *NetworkPerformanceConfigParameters { + if in == nil { + return nil + } + out := new(NetworkPerformanceConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyConfigInitParameters) DeepCopyInto(out *NetworkPolicyConfigInitParameters) { + *out = *in + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = new(bool) **out = **in } } @@ -5824,6 +6504,84 @@ func (in *NetworkPolicyParameters) DeepCopy() *NetworkPolicyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkTagsInitParameters) DeepCopyInto(out *NetworkTagsInitParameters) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkTagsInitParameters. +func (in *NetworkTagsInitParameters) DeepCopy() *NetworkTagsInitParameters { + if in == nil { + return nil + } + out := new(NetworkTagsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkTagsObservation) DeepCopyInto(out *NetworkTagsObservation) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkTagsObservation. +func (in *NetworkTagsObservation) DeepCopy() *NetworkTagsObservation { + if in == nil { + return nil + } + out := new(NetworkTagsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkTagsParameters) DeepCopyInto(out *NetworkTagsParameters) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkTagsParameters. +func (in *NetworkTagsParameters) DeepCopy() *NetworkTagsParameters { + if in == nil { + return nil + } + out := new(NetworkTagsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeAffinityInitParameters) DeepCopyInto(out *NodeAffinityInitParameters) { *out = *in @@ -5982,6 +6740,66 @@ func (in *NodeConfigAdvancedMachineFeaturesParameters) DeepCopy() *NodeConfigAdv return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigConfidentialNodesInitParameters) DeepCopyInto(out *NodeConfigConfidentialNodesInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigConfidentialNodesInitParameters. +func (in *NodeConfigConfidentialNodesInitParameters) DeepCopy() *NodeConfigConfidentialNodesInitParameters { + if in == nil { + return nil + } + out := new(NodeConfigConfidentialNodesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigConfidentialNodesObservation) DeepCopyInto(out *NodeConfigConfidentialNodesObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigConfidentialNodesObservation. +func (in *NodeConfigConfidentialNodesObservation) DeepCopy() *NodeConfigConfidentialNodesObservation { + if in == nil { + return nil + } + out := new(NodeConfigConfidentialNodesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigConfidentialNodesParameters) DeepCopyInto(out *NodeConfigConfidentialNodesParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigConfidentialNodesParameters. +func (in *NodeConfigConfidentialNodesParameters) DeepCopy() *NodeConfigConfidentialNodesParameters { + if in == nil { + return nil + } + out := new(NodeConfigConfidentialNodesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigDefaultsInitParameters) DeepCopyInto(out *NodeConfigDefaultsInitParameters) { *out = *in @@ -6042,6 +6860,66 @@ func (in *NodeConfigDefaultsParameters) DeepCopy() *NodeConfigDefaultsParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigEffectiveTaintsInitParameters) DeepCopyInto(out *NodeConfigEffectiveTaintsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigEffectiveTaintsInitParameters. +func (in *NodeConfigEffectiveTaintsInitParameters) DeepCopy() *NodeConfigEffectiveTaintsInitParameters { + if in == nil { + return nil + } + out := new(NodeConfigEffectiveTaintsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigEffectiveTaintsObservation) DeepCopyInto(out *NodeConfigEffectiveTaintsObservation) { + *out = *in + if in.Effect != nil { + in, out := &in.Effect, &out.Effect + *out = new(string) + **out = **in + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigEffectiveTaintsObservation. +func (in *NodeConfigEffectiveTaintsObservation) DeepCopy() *NodeConfigEffectiveTaintsObservation { + if in == nil { + return nil + } + out := new(NodeConfigEffectiveTaintsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigEffectiveTaintsParameters) DeepCopyInto(out *NodeConfigEffectiveTaintsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigEffectiveTaintsParameters. +func (in *NodeConfigEffectiveTaintsParameters) DeepCopy() *NodeConfigEffectiveTaintsParameters { + if in == nil { + return nil + } + out := new(NodeConfigEffectiveTaintsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigEphemeralStorageLocalSsdConfigInitParameters) DeepCopyInto(out *NodeConfigEphemeralStorageLocalSsdConfigInitParameters) { *out = *in @@ -6092,6 +6970,56 @@ func (in *NodeConfigEphemeralStorageLocalSsdConfigParameters) DeepCopy() *NodeCo return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigFastSocketInitParameters) DeepCopyInto(out *NodeConfigFastSocketInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigFastSocketInitParameters. +func (in *NodeConfigFastSocketInitParameters) DeepCopy() *NodeConfigFastSocketInitParameters { + if in == nil { + return nil + } + out := new(NodeConfigFastSocketInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigFastSocketObservation) DeepCopyInto(out *NodeConfigFastSocketObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigFastSocketObservation. +func (in *NodeConfigFastSocketObservation) DeepCopy() *NodeConfigFastSocketObservation { + if in == nil { + return nil + } + out := new(NodeConfigFastSocketObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigFastSocketParameters) DeepCopyInto(out *NodeConfigFastSocketParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigFastSocketParameters. +func (in *NodeConfigFastSocketParameters) DeepCopy() *NodeConfigFastSocketParameters { + if in == nil { + return nil + } + out := new(NodeConfigFastSocketParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigGcfsConfigInitParameters) DeepCopyInto(out *NodeConfigGcfsConfigInitParameters) { *out = *in @@ -6466,6 +7394,13 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodeConfigConfidentialNodesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -6476,6 +7411,11 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) *out = new(string) **out = **in } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]EphemeralStorageLocalSsdConfigInitParameters, len(*in)) @@ -6483,6 +7423,13 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]FastSocketInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]GcfsConfigInitParameters, len(*in)) @@ -6633,6 +7580,22 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) (*out)[key] = outVal } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -6787,6 +7750,11 @@ func (in *NodeConfigLinuxNodeConfigInitParameters) DeepCopy() *NodeConfigLinuxNo // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigLinuxNodeConfigObservation) DeepCopyInto(out *NodeConfigLinuxNodeConfigObservation) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -6895,6 +7863,13 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodeConfigConfidentialNodesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -6905,6 +7880,18 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { *out = new(string) **out = **in } + if in.EffectiveTaints != nil { + in, out := &in.EffectiveTaints, &out.EffectiveTaints + *out = make([]EffectiveTaintsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]EphemeralStorageLocalSsdConfigObservation, len(*in)) @@ -6912,6 +7899,13 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]FastSocketObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]GcfsConfigObservation, len(*in)) @@ -7046,8 +8040,24 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.ResourceLabels != nil { - in, out := &in.ResourceLabels, &out.ResourceLabels + if in.ResourceLabels != nil { + in, out := &in.ResourceLabels, &out.ResourceLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) for key, val := range *in { var outVal *string @@ -7138,6 +8148,13 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodeConfigConfidentialNodesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -7148,6 +8165,11 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { *out = new(string) **out = **in } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]EphemeralStorageLocalSsdConfigParameters, len(*in)) @@ -7155,6 +8177,13 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]FastSocketParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]GcfsConfigParameters, len(*in)) @@ -7305,6 +8334,22 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { (*out)[key] = outVal } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -7814,6 +8859,72 @@ func (in *NodePool) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolAutoConfigInitParameters) DeepCopyInto(out *NodePoolAutoConfigInitParameters) { + *out = *in + if in.NetworkTags != nil { + in, out := &in.NetworkTags, &out.NetworkTags + *out = make([]NetworkTagsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigInitParameters. +func (in *NodePoolAutoConfigInitParameters) DeepCopy() *NodePoolAutoConfigInitParameters { + if in == nil { + return nil + } + out := new(NodePoolAutoConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolAutoConfigObservation) DeepCopyInto(out *NodePoolAutoConfigObservation) { + *out = *in + if in.NetworkTags != nil { + in, out := &in.NetworkTags, &out.NetworkTags + *out = make([]NetworkTagsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigObservation. +func (in *NodePoolAutoConfigObservation) DeepCopy() *NodePoolAutoConfigObservation { + if in == nil { + return nil + } + out := new(NodePoolAutoConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolAutoConfigParameters) DeepCopyInto(out *NodePoolAutoConfigParameters) { + *out = *in + if in.NetworkTags != nil { + in, out := &in.NetworkTags, &out.NetworkTags + *out = make([]NetworkTagsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigParameters. +func (in *NodePoolAutoConfigParameters) DeepCopy() *NodePoolAutoConfigParameters { + if in == nil { + return nil + } + out := new(NodePoolAutoConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolAutoscalingInitParameters) DeepCopyInto(out *NodePoolAutoscalingInitParameters) { *out = *in @@ -8283,6 +9394,13 @@ func (in *NodePoolNetworkConfigInitParameters) DeepCopyInto(out *NodePoolNetwork *out = new(bool) **out = **in } + if in.NetworkPerformanceConfig != nil { + in, out := &in.NetworkPerformanceConfig, &out.NetworkPerformanceConfig + *out = make([]NetworkConfigNetworkPerformanceConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PodCidrOverprovisionConfig != nil { in, out := &in.PodCidrOverprovisionConfig, &out.PodCidrOverprovisionConfig *out = make([]NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters, len(*in)) @@ -8325,6 +9443,13 @@ func (in *NodePoolNetworkConfigObservation) DeepCopyInto(out *NodePoolNetworkCon *out = new(bool) **out = **in } + if in.NetworkPerformanceConfig != nil { + in, out := &in.NetworkPerformanceConfig, &out.NetworkPerformanceConfig + *out = make([]NetworkConfigNetworkPerformanceConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PodCidrOverprovisionConfig != nil { in, out := &in.PodCidrOverprovisionConfig, &out.PodCidrOverprovisionConfig *out = make([]NodePoolNetworkConfigPodCidrOverprovisionConfigObservation, len(*in)) @@ -8367,6 +9492,13 @@ func (in *NodePoolNetworkConfigParameters) DeepCopyInto(out *NodePoolNetworkConf *out = new(bool) **out = **in } + if in.NetworkPerformanceConfig != nil { + in, out := &in.NetworkPerformanceConfig, &out.NetworkPerformanceConfig + *out = make([]NetworkConfigNetworkPerformanceConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PodCidrOverprovisionConfig != nil { in, out := &in.PodCidrOverprovisionConfig, &out.PodCidrOverprovisionConfig *out = make([]NodePoolNetworkConfigPodCidrOverprovisionConfigParameters, len(*in)) @@ -8386,132 +9518,302 @@ func (in *NodePoolNetworkConfigParameters) DeepCopyInto(out *NodePoolNetworkConf } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigParameters. -func (in *NodePoolNetworkConfigParameters) DeepCopy() *NodePoolNetworkConfigParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigParameters. +func (in *NodePoolNetworkConfigParameters) DeepCopy() *NodePoolNetworkConfigParameters { + if in == nil { + return nil + } + out := new(NodePoolNetworkConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) DeepCopyInto(out *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) { + *out = *in + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters. +func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) DeepCopy() *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters { + if in == nil { + return nil + } + out := new(NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) DeepCopyInto(out *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) { + *out = *in + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigPodCidrOverprovisionConfigObservation. +func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) DeepCopy() *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation { + if in == nil { + return nil + } + out := new(NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) DeepCopyInto(out *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) { + *out = *in + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigPodCidrOverprovisionConfigParameters. +func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) DeepCopy() *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters { + if in == nil { + return nil + } + out := new(NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) DeepCopyInto(out *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) { + *out = *in + if in.ThreadsPerCore != nil { + in, out := &in.ThreadsPerCore, &out.ThreadsPerCore + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigAdvancedMachineFeaturesInitParameters. +func (in *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) DeepCopy() *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigAdvancedMachineFeaturesObservation) DeepCopyInto(out *NodePoolNodeConfigAdvancedMachineFeaturesObservation) { + *out = *in + if in.ThreadsPerCore != nil { + in, out := &in.ThreadsPerCore, &out.ThreadsPerCore + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigAdvancedMachineFeaturesObservation. +func (in *NodePoolNodeConfigAdvancedMachineFeaturesObservation) DeepCopy() *NodePoolNodeConfigAdvancedMachineFeaturesObservation { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigAdvancedMachineFeaturesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigAdvancedMachineFeaturesParameters) DeepCopyInto(out *NodePoolNodeConfigAdvancedMachineFeaturesParameters) { + *out = *in + if in.ThreadsPerCore != nil { + in, out := &in.ThreadsPerCore, &out.ThreadsPerCore + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigAdvancedMachineFeaturesParameters. +func (in *NodePoolNodeConfigAdvancedMachineFeaturesParameters) DeepCopy() *NodePoolNodeConfigAdvancedMachineFeaturesParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigAdvancedMachineFeaturesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigConfidentialNodesInitParameters) DeepCopyInto(out *NodePoolNodeConfigConfidentialNodesInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigConfidentialNodesInitParameters. +func (in *NodePoolNodeConfigConfidentialNodesInitParameters) DeepCopy() *NodePoolNodeConfigConfidentialNodesInitParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigConfidentialNodesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigConfidentialNodesInitParameters_2) DeepCopyInto(out *NodePoolNodeConfigConfidentialNodesInitParameters_2) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigConfidentialNodesInitParameters_2. +func (in *NodePoolNodeConfigConfidentialNodesInitParameters_2) DeepCopy() *NodePoolNodeConfigConfidentialNodesInitParameters_2 { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigConfidentialNodesInitParameters_2) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigConfidentialNodesObservation) DeepCopyInto(out *NodePoolNodeConfigConfidentialNodesObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigConfidentialNodesObservation. +func (in *NodePoolNodeConfigConfidentialNodesObservation) DeepCopy() *NodePoolNodeConfigConfidentialNodesObservation { if in == nil { return nil } - out := new(NodePoolNetworkConfigParameters) + out := new(NodePoolNodeConfigConfidentialNodesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) DeepCopyInto(out *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) { +func (in *NodePoolNodeConfigConfidentialNodesObservation_2) DeepCopyInto(out *NodePoolNodeConfigConfidentialNodesObservation_2) { *out = *in - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters. -func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) DeepCopy() *NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigConfidentialNodesObservation_2. +func (in *NodePoolNodeConfigConfidentialNodesObservation_2) DeepCopy() *NodePoolNodeConfigConfidentialNodesObservation_2 { if in == nil { return nil } - out := new(NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters) + out := new(NodePoolNodeConfigConfidentialNodesObservation_2) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) DeepCopyInto(out *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) { +func (in *NodePoolNodeConfigConfidentialNodesParameters) DeepCopyInto(out *NodePoolNodeConfigConfidentialNodesParameters) { *out = *in - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled - *out = new(bool) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigPodCidrOverprovisionConfigObservation. -func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) DeepCopy() *NodePoolNetworkConfigPodCidrOverprovisionConfigObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigConfidentialNodesParameters. +func (in *NodePoolNodeConfigConfidentialNodesParameters) DeepCopy() *NodePoolNodeConfigConfidentialNodesParameters { if in == nil { return nil } - out := new(NodePoolNetworkConfigPodCidrOverprovisionConfigObservation) + out := new(NodePoolNodeConfigConfidentialNodesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) DeepCopyInto(out *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) { +func (in *NodePoolNodeConfigConfidentialNodesParameters_2) DeepCopyInto(out *NodePoolNodeConfigConfidentialNodesParameters_2) { *out = *in - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNetworkConfigPodCidrOverprovisionConfigParameters. -func (in *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) DeepCopy() *NodePoolNetworkConfigPodCidrOverprovisionConfigParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigConfidentialNodesParameters_2. +func (in *NodePoolNodeConfigConfidentialNodesParameters_2) DeepCopy() *NodePoolNodeConfigConfidentialNodesParameters_2 { if in == nil { return nil } - out := new(NodePoolNetworkConfigPodCidrOverprovisionConfigParameters) + out := new(NodePoolNodeConfigConfidentialNodesParameters_2) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) DeepCopyInto(out *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) { +func (in *NodePoolNodeConfigEffectiveTaintsInitParameters) DeepCopyInto(out *NodePoolNodeConfigEffectiveTaintsInitParameters) { *out = *in - if in.ThreadsPerCore != nil { - in, out := &in.ThreadsPerCore, &out.ThreadsPerCore - *out = new(float64) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigAdvancedMachineFeaturesInitParameters. -func (in *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) DeepCopy() *NodePoolNodeConfigAdvancedMachineFeaturesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigEffectiveTaintsInitParameters. +func (in *NodePoolNodeConfigEffectiveTaintsInitParameters) DeepCopy() *NodePoolNodeConfigEffectiveTaintsInitParameters { if in == nil { return nil } - out := new(NodePoolNodeConfigAdvancedMachineFeaturesInitParameters) + out := new(NodePoolNodeConfigEffectiveTaintsInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodePoolNodeConfigAdvancedMachineFeaturesObservation) DeepCopyInto(out *NodePoolNodeConfigAdvancedMachineFeaturesObservation) { +func (in *NodePoolNodeConfigEffectiveTaintsObservation) DeepCopyInto(out *NodePoolNodeConfigEffectiveTaintsObservation) { *out = *in - if in.ThreadsPerCore != nil { - in, out := &in.ThreadsPerCore, &out.ThreadsPerCore - *out = new(float64) + if in.Effect != nil { + in, out := &in.Effect, &out.Effect + *out = new(string) + **out = **in + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigAdvancedMachineFeaturesObservation. -func (in *NodePoolNodeConfigAdvancedMachineFeaturesObservation) DeepCopy() *NodePoolNodeConfigAdvancedMachineFeaturesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigEffectiveTaintsObservation. +func (in *NodePoolNodeConfigEffectiveTaintsObservation) DeepCopy() *NodePoolNodeConfigEffectiveTaintsObservation { if in == nil { return nil } - out := new(NodePoolNodeConfigAdvancedMachineFeaturesObservation) + out := new(NodePoolNodeConfigEffectiveTaintsObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodePoolNodeConfigAdvancedMachineFeaturesParameters) DeepCopyInto(out *NodePoolNodeConfigAdvancedMachineFeaturesParameters) { +func (in *NodePoolNodeConfigEffectiveTaintsParameters) DeepCopyInto(out *NodePoolNodeConfigEffectiveTaintsParameters) { *out = *in - if in.ThreadsPerCore != nil { - in, out := &in.ThreadsPerCore, &out.ThreadsPerCore - *out = new(float64) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigAdvancedMachineFeaturesParameters. -func (in *NodePoolNodeConfigAdvancedMachineFeaturesParameters) DeepCopy() *NodePoolNodeConfigAdvancedMachineFeaturesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigEffectiveTaintsParameters. +func (in *NodePoolNodeConfigEffectiveTaintsParameters) DeepCopy() *NodePoolNodeConfigEffectiveTaintsParameters { if in == nil { return nil } - out := new(NodePoolNodeConfigAdvancedMachineFeaturesParameters) + out := new(NodePoolNodeConfigEffectiveTaintsParameters) in.DeepCopyInto(out) return out } @@ -8576,6 +9878,66 @@ func (in *NodePoolNodeConfigEphemeralStorageLocalSsdConfigParameters) DeepCopy() return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigFastSocketInitParameters) DeepCopyInto(out *NodePoolNodeConfigFastSocketInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigFastSocketInitParameters. +func (in *NodePoolNodeConfigFastSocketInitParameters) DeepCopy() *NodePoolNodeConfigFastSocketInitParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigFastSocketInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigFastSocketObservation) DeepCopyInto(out *NodePoolNodeConfigFastSocketObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigFastSocketObservation. +func (in *NodePoolNodeConfigFastSocketObservation) DeepCopy() *NodePoolNodeConfigFastSocketObservation { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigFastSocketObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigFastSocketParameters) DeepCopyInto(out *NodePoolNodeConfigFastSocketParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigFastSocketParameters. +func (in *NodePoolNodeConfigFastSocketParameters) DeepCopy() *NodePoolNodeConfigFastSocketParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigFastSocketParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolNodeConfigGcfsConfigInitParameters) DeepCopyInto(out *NodePoolNodeConfigGcfsConfigInitParameters) { *out = *in @@ -8918,6 +10280,13 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodePoolNodeConfigConfidentialNodesInitParameters_2, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -8928,6 +10297,11 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf *out = new(string) **out = **in } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]NodePoolNodeConfigEphemeralStorageLocalSsdConfigInitParameters, len(*in)) @@ -8935,6 +10309,13 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]NodePoolNodeConfigFastSocketInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]NodePoolNodeConfigGcfsConfigInitParameters, len(*in)) @@ -9090,6 +10471,22 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf (*out)[key] = outVal } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -9269,6 +10666,11 @@ func (in *NodePoolNodeConfigKubeletConfigParameters) DeepCopy() *NodePoolNodeCon // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolNodeConfigLinuxNodeConfigInitParameters) DeepCopyInto(out *NodePoolNodeConfigLinuxNodeConfigInitParameters) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -9300,6 +10702,11 @@ func (in *NodePoolNodeConfigLinuxNodeConfigInitParameters) DeepCopy() *NodePoolN // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolNodeConfigLinuxNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigLinuxNodeConfigObservation) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -9331,6 +10738,11 @@ func (in *NodePoolNodeConfigLinuxNodeConfigObservation) DeepCopy() *NodePoolNode // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolNodeConfigLinuxNodeConfigParameters) DeepCopyInto(out *NodePoolNodeConfigLinuxNodeConfigParameters) { *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -9434,6 +10846,13 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodePoolNodeConfigConfidentialNodesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -9444,6 +10863,18 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs *out = new(string) **out = **in } + if in.EffectiveTaints != nil { + in, out := &in.EffectiveTaints, &out.EffectiveTaints + *out = make([]NodeConfigEffectiveTaintsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]NodeConfigEphemeralStorageLocalSsdConfigObservation, len(*in)) @@ -9451,6 +10882,13 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]NodeConfigFastSocketObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]NodeConfigGcfsConfigObservation, len(*in)) @@ -9601,6 +11039,22 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs (*out)[key] = outVal } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -9677,6 +11131,13 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodePoolNodeConfigConfidentialNodesObservation_2, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -9687,6 +11148,18 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO *out = new(string) **out = **in } + if in.EffectiveTaints != nil { + in, out := &in.EffectiveTaints, &out.EffectiveTaints + *out = make([]NodePoolNodeConfigEffectiveTaintsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]NodePoolNodeConfigEphemeralStorageLocalSsdConfigObservation, len(*in)) @@ -9694,6 +11167,13 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]NodePoolNodeConfigFastSocketObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]NodePoolNodeConfigGcfsConfigObservation, len(*in)) @@ -9849,6 +11329,22 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO (*out)[key] = outVal } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -9940,6 +11436,13 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa *out = new(string) **out = **in } + if in.ConfidentialNodes != nil { + in, out := &in.ConfidentialNodes, &out.ConfidentialNodes + *out = make([]NodePoolNodeConfigConfidentialNodesParameters_2, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -9950,6 +11453,11 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa *out = new(string) **out = **in } + if in.EnableConfidentialStorage != nil { + in, out := &in.EnableConfidentialStorage, &out.EnableConfidentialStorage + *out = new(bool) + **out = **in + } if in.EphemeralStorageLocalSsdConfig != nil { in, out := &in.EphemeralStorageLocalSsdConfig, &out.EphemeralStorageLocalSsdConfig *out = make([]NodePoolNodeConfigEphemeralStorageLocalSsdConfigParameters, len(*in)) @@ -9957,6 +11465,13 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.FastSocket != nil { + in, out := &in.FastSocket, &out.FastSocket + *out = make([]NodePoolNodeConfigFastSocketParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.GcfsConfig != nil { in, out := &in.GcfsConfig, &out.GcfsConfig *out = make([]NodePoolNodeConfigGcfsConfigParameters, len(*in)) @@ -10112,6 +11627,22 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa (*out)[key] = outVal } } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -11028,6 +12559,11 @@ func (in *NodePoolPlacementPolicyInitParameters) DeepCopyInto(out *NodePoolPlace *out = new(string) **out = **in } + if in.TpuTopology != nil { + in, out := &in.TpuTopology, &out.TpuTopology + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -11053,6 +12589,11 @@ func (in *NodePoolPlacementPolicyObservation) DeepCopyInto(out *NodePoolPlacemen *out = new(string) **out = **in } + if in.TpuTopology != nil { + in, out := &in.TpuTopology, &out.TpuTopology + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -11078,6 +12619,11 @@ func (in *NodePoolPlacementPolicyParameters) DeepCopyInto(out *NodePoolPlacement *out = new(string) **out = **in } + if in.TpuTopology != nil { + in, out := &in.TpuTopology, &out.TpuTopology + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -11478,6 +13024,11 @@ func (in *PlacementPolicyObservation) DeepCopyInto(out *PlacementPolicyObservati *out = new(string) **out = **in } + if in.TpuTopology != nil { + in, out := &in.TpuTopology, &out.TpuTopology + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) diff --git a/apis/container/v1beta1/zz_nodepool_types.go b/apis/container/v1beta1/zz_nodepool_types.go index 730acc7aa..6a28acf54 100755 --- a/apis/container/v1beta1/zz_nodepool_types.go +++ b/apis/container/v1beta1/zz_nodepool_types.go @@ -29,6 +29,20 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type NetworkConfigNetworkPerformanceConfigInitParameters struct { + TotalEgressBandwidthTier *string `json:"totalEgressBandwidthTier,omitempty" tf:"total_egress_bandwidth_tier,omitempty"` +} + +type NetworkConfigNetworkPerformanceConfigObservation struct { + TotalEgressBandwidthTier *string `json:"totalEgressBandwidthTier,omitempty" tf:"total_egress_bandwidth_tier,omitempty"` +} + +type NetworkConfigNetworkPerformanceConfigParameters struct { + + // +kubebuilder:validation:Optional + TotalEgressBandwidthTier *string `json:"totalEgressBandwidthTier" tf:"total_egress_bandwidth_tier,omitempty"` +} + type NodeConfigGuestAcceleratorGpuDriverInstallationConfigInitParameters struct { // The Kubernetes version for the nodes in this pool. Note that if this field @@ -249,29 +263,29 @@ type NodePoolInitParameters_2 struct { type NodePoolManagementInitParameters_2 struct { - // Whether the nodes will be automatically repaired. + // Whether the nodes will be automatically repaired. Enabled by default. AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` - // Whether the nodes will be automatically upgraded. + // Whether the nodes will be automatically upgraded. Enabled by default. AutoUpgrade *bool `json:"autoUpgrade,omitempty" tf:"auto_upgrade,omitempty"` } type NodePoolManagementObservation_2 struct { - // Whether the nodes will be automatically repaired. + // Whether the nodes will be automatically repaired. Enabled by default. AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` - // Whether the nodes will be automatically upgraded. + // Whether the nodes will be automatically upgraded. Enabled by default. AutoUpgrade *bool `json:"autoUpgrade,omitempty" tf:"auto_upgrade,omitempty"` } type NodePoolManagementParameters_2 struct { - // Whether the nodes will be automatically repaired. + // Whether the nodes will be automatically repaired. Enabled by default. // +kubebuilder:validation:Optional AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` - // Whether the nodes will be automatically upgraded. + // Whether the nodes will be automatically upgraded. Enabled by default. // +kubebuilder:validation:Optional AutoUpgrade *bool `json:"autoUpgrade,omitempty" tf:"auto_upgrade,omitempty"` } @@ -284,6 +298,8 @@ type NodePoolNetworkConfigInitParameters struct { // Whether nodes have internal IP addresses only. EnablePrivateNodes *bool `json:"enablePrivateNodes,omitempty" tf:"enable_private_nodes,omitempty"` + NetworkPerformanceConfig []NetworkConfigNetworkPerformanceConfigInitParameters `json:"networkPerformanceConfig,omitempty" tf:"network_performance_config,omitempty"` + PodCidrOverprovisionConfig []NodePoolNetworkConfigPodCidrOverprovisionConfigInitParameters `json:"podCidrOverprovisionConfig,omitempty" tf:"pod_cidr_overprovision_config,omitempty"` // The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use. @@ -301,6 +317,8 @@ type NodePoolNetworkConfigObservation struct { // Whether nodes have internal IP addresses only. EnablePrivateNodes *bool `json:"enablePrivateNodes,omitempty" tf:"enable_private_nodes,omitempty"` + NetworkPerformanceConfig []NetworkConfigNetworkPerformanceConfigObservation `json:"networkPerformanceConfig,omitempty" tf:"network_performance_config,omitempty"` + PodCidrOverprovisionConfig []NodePoolNetworkConfigPodCidrOverprovisionConfigObservation `json:"podCidrOverprovisionConfig,omitempty" tf:"pod_cidr_overprovision_config,omitempty"` // The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use. @@ -320,6 +338,9 @@ type NodePoolNetworkConfigParameters struct { // +kubebuilder:validation:Optional EnablePrivateNodes *bool `json:"enablePrivateNodes,omitempty" tf:"enable_private_nodes,omitempty"` + // +kubebuilder:validation:Optional + NetworkPerformanceConfig []NetworkConfigNetworkPerformanceConfigParameters `json:"networkPerformanceConfig,omitempty" tf:"network_performance_config,omitempty"` + // +kubebuilder:validation:Optional PodCidrOverprovisionConfig []NodePoolNetworkConfigPodCidrOverprovisionConfigParameters `json:"podCidrOverprovisionConfig,omitempty" tf:"pod_cidr_overprovision_config,omitempty"` @@ -360,6 +381,39 @@ type NodePoolNodeConfigAdvancedMachineFeaturesParameters struct { ThreadsPerCore *float64 `json:"threadsPerCore" tf:"threads_per_core,omitempty"` } +type NodePoolNodeConfigConfidentialNodesInitParameters_2 struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolNodeConfigConfidentialNodesObservation_2 struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolNodeConfigConfidentialNodesParameters_2 struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + +type NodePoolNodeConfigEffectiveTaintsInitParameters struct { +} + +type NodePoolNodeConfigEffectiveTaintsObservation struct { + Effect *string `json:"effect,omitempty" tf:"effect,omitempty"` + + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type NodePoolNodeConfigEffectiveTaintsParameters struct { +} + type NodePoolNodeConfigEphemeralStorageLocalSsdConfigInitParameters struct { LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` } @@ -374,16 +428,40 @@ type NodePoolNodeConfigEphemeralStorageLocalSsdConfigParameters struct { LocalSsdCount *float64 `json:"localSsdCount" tf:"local_ssd_count,omitempty"` } +type NodePoolNodeConfigFastSocketInitParameters struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolNodeConfigFastSocketObservation struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolNodeConfigFastSocketParameters struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type NodePoolNodeConfigGcfsConfigInitParameters struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` } type NodePoolNodeConfigGcfsConfigObservation struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` } type NodePoolNodeConfigGcfsConfigParameters struct { + // Makes nodes obtainable through the ProvisioningRequest API exclusively. // +kubebuilder:validation:Optional Enabled *bool `json:"enabled" tf:"enabled,omitempty"` } @@ -440,15 +518,20 @@ type NodePoolNodeConfigGuestAcceleratorParameters struct { } type NodePoolNodeConfigGvnicInitParameters struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` } type NodePoolNodeConfigGvnicObservation struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` } type NodePoolNodeConfigGvnicParameters struct { + // Makes nodes obtainable through the ProvisioningRequest API exclusively. // +kubebuilder:validation:Optional Enabled *bool `json:"enabled" tf:"enabled,omitempty"` } @@ -472,12 +555,19 @@ type NodePoolNodeConfigInitParameters_2 struct { BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below. + ConfidentialNodes []NodePoolNodeConfigConfidentialNodesInitParameters_2 `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + EphemeralStorageLocalSsdConfig []NodePoolNodeConfigEphemeralStorageLocalSsdConfigInitParameters `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + FastSocket []NodePoolNodeConfigFastSocketInitParameters `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + GcfsConfig []NodePoolNodeConfigGcfsConfigInitParameters `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` GuestAccelerator []NodePoolNodeConfigGuestAcceleratorInitParameters `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` @@ -526,6 +616,9 @@ type NodePoolNodeConfigInitParameters_2 struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -587,12 +680,14 @@ type NodePoolNodeConfigKubeletConfigParameters struct { } type NodePoolNodeConfigLinuxNodeConfigInitParameters struct { + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } type NodePoolNodeConfigLinuxNodeConfigObservation struct { + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` @@ -600,9 +695,12 @@ type NodePoolNodeConfigLinuxNodeConfigObservation struct { type NodePoolNodeConfigLinuxNodeConfigParameters struct { + // +kubebuilder:validation:Optional + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // +kubebuilder:validation:Optional // +mapType=granular - Sysctls map[string]*string `json:"sysctls" tf:"sysctls,omitempty"` + Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } type NodePoolNodeConfigLocalNvmeSsdBlockConfigInitParameters struct { @@ -624,12 +722,21 @@ type NodePoolNodeConfigObservation_2 struct { BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below. + ConfidentialNodes []NodePoolNodeConfigConfidentialNodesObservation_2 `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + EffectiveTaints []NodePoolNodeConfigEffectiveTaintsObservation `json:"effectiveTaints,omitempty" tf:"effective_taints,omitempty"` + + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + EphemeralStorageLocalSsdConfig []NodePoolNodeConfigEphemeralStorageLocalSsdConfigObservation `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + FastSocket []NodePoolNodeConfigFastSocketObservation `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + GcfsConfig []NodePoolNodeConfigGcfsConfigObservation `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` GuestAccelerator []NodePoolNodeConfigGuestAcceleratorObservation `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` @@ -678,6 +785,9 @@ type NodePoolNodeConfigObservation_2 struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` ShieldedInstanceConfig []NodePoolNodeConfigShieldedInstanceConfigObservation_2 `json:"shieldedInstanceConfig,omitempty" tf:"shielded_instance_config,omitempty"` @@ -701,15 +811,25 @@ type NodePoolNodeConfigParameters_2 struct { // +kubebuilder:validation:Optional BootDiskKMSKey *string `json:"bootDiskKmsKey,omitempty" tf:"boot_disk_kms_key,omitempty"` + // Configuration for Confidential Nodes feature. Structure is documented below. + // +kubebuilder:validation:Optional + ConfidentialNodes []NodePoolNodeConfigConfidentialNodesParameters_2 `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // +kubebuilder:validation:Optional DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` // +kubebuilder:validation:Optional DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` + // +kubebuilder:validation:Optional + EnableConfidentialStorage *bool `json:"enableConfidentialStorage,omitempty" tf:"enable_confidential_storage,omitempty"` + // +kubebuilder:validation:Optional EphemeralStorageLocalSsdConfig []NodePoolNodeConfigEphemeralStorageLocalSsdConfigParameters `json:"ephemeralStorageLocalSsdConfig,omitempty" tf:"ephemeral_storage_local_ssd_config,omitempty"` + // +kubebuilder:validation:Optional + FastSocket []NodePoolNodeConfigFastSocketParameters `json:"fastSocket,omitempty" tf:"fast_socket,omitempty"` + // +kubebuilder:validation:Optional GcfsConfig []NodePoolNodeConfigGcfsConfigParameters `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` @@ -778,6 +898,10 @@ type NodePoolNodeConfigParameters_2 struct { // +mapType=granular ResourceLabels map[string]*string `json:"resourceLabels,omitempty" tf:"resource_labels,omitempty"` + // +kubebuilder:validation:Optional + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) // +kubebuilder:validation:Optional @@ -877,11 +1001,11 @@ type NodePoolNodeConfigSoleTenantConfigParameters struct { } type NodePoolNodeConfigTaintInitParameters struct { - Effect *string `json:"effect,omitempty" tf:"effect"` + Effect *string `json:"effect,omitempty" tf:"effect,omitempty"` - Key *string `json:"key,omitempty" tf:"key"` + Key *string `json:"key,omitempty" tf:"key,omitempty"` - Value *string `json:"value,omitempty" tf:"value"` + Value *string `json:"value,omitempty" tf:"value,omitempty"` } type NodePoolNodeConfigTaintObservation struct { @@ -895,13 +1019,13 @@ type NodePoolNodeConfigTaintObservation struct { type NodePoolNodeConfigTaintParameters struct { // +kubebuilder:validation:Optional - Effect *string `json:"effect,omitempty" tf:"effect"` + Effect *string `json:"effect" tf:"effect,omitempty"` // +kubebuilder:validation:Optional - Key *string `json:"key,omitempty" tf:"key"` + Key *string `json:"key" tf:"key,omitempty"` // +kubebuilder:validation:Optional - Value *string `json:"value,omitempty" tf:"value"` + Value *string `json:"value" tf:"value,omitempty"` } type NodePoolNodeConfigWorkloadMetadataConfigInitParameters struct { @@ -1100,6 +1224,9 @@ type NodePoolPlacementPolicyInitParameters struct { // If not found, InvalidArgument error is returned. PolicyName *string `json:"policyName,omitempty" tf:"policy_name,omitempty"` + // The TPU placement topology for pod slice node pool. + TpuTopology *string `json:"tpuTopology,omitempty" tf:"tpu_topology,omitempty"` + // The type of the policy. Supports a single value: COMPACT. // Specifying COMPACT placement policy type places node pool's nodes in a closer // physical proximity in order to reduce network latency between nodes. @@ -1113,6 +1240,9 @@ type NodePoolPlacementPolicyObservation struct { // If not found, InvalidArgument error is returned. PolicyName *string `json:"policyName,omitempty" tf:"policy_name,omitempty"` + // The TPU placement topology for pod slice node pool. + TpuTopology *string `json:"tpuTopology,omitempty" tf:"tpu_topology,omitempty"` + // The type of the policy. Supports a single value: COMPACT. // Specifying COMPACT placement policy type places node pool's nodes in a closer // physical proximity in order to reduce network latency between nodes. @@ -1127,6 +1257,10 @@ type NodePoolPlacementPolicyParameters struct { // +kubebuilder:validation:Optional PolicyName *string `json:"policyName,omitempty" tf:"policy_name,omitempty"` + // The TPU placement topology for pod slice node pool. + // +kubebuilder:validation:Optional + TpuTopology *string `json:"tpuTopology,omitempty" tf:"tpu_topology,omitempty"` + // The type of the policy. Supports a single value: COMPACT. // Specifying COMPACT placement policy type places node pool's nodes in a closer // physical proximity in order to reduce network latency between nodes. diff --git a/apis/containeraws/v1beta1/zz_cluster_types.go b/apis/containeraws/v1beta1/zz_cluster_types.go index f3f441f3a..cde56f891 100755 --- a/apis/containeraws/v1beta1/zz_cluster_types.go +++ b/apis/containeraws/v1beta1/zz_cluster_types.go @@ -29,6 +29,25 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AdminGroupsInitParameters struct { + + // The name of the group, e.g. my-group@domain.com. + Group *string `json:"group,omitempty" tf:"group,omitempty"` +} + +type AdminGroupsObservation struct { + + // The name of the group, e.g. my-group@domain.com. + Group *string `json:"group,omitempty" tf:"group,omitempty"` +} + +type AdminGroupsParameters struct { + + // The name of the group, e.g. my-group@domain.com. + // +kubebuilder:validation:Optional + Group *string `json:"group" tf:"group,omitempty"` +} + type AdminUsersInitParameters struct { // The name of the user, e.g. my-gcp-id@gmail.com. @@ -50,18 +69,28 @@ type AdminUsersParameters struct { type AuthorizationInitParameters struct { + // Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []AdminGroupsInitParameters `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + // Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles AdminUsers []AdminUsersInitParameters `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` } type AuthorizationObservation struct { + // Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []AdminGroupsObservation `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + // Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles AdminUsers []AdminUsersObservation `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` } type AuthorizationParameters struct { + // Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + // +kubebuilder:validation:Optional + AdminGroups []AdminGroupsParameters `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + // Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles // +kubebuilder:validation:Optional AdminUsers []AdminUsersParameters `json:"adminUsers" tf:"admin_users,omitempty"` @@ -96,6 +125,25 @@ type AwsServicesAuthenticationParameters struct { RoleSessionName *string `json:"roleSessionName,omitempty" tf:"role_session_name,omitempty"` } +type BinaryAuthorizationInitParameters struct { + + // Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE + EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` +} + +type BinaryAuthorizationObservation struct { + + // Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE + EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` +} + +type BinaryAuthorizationParameters struct { + + // Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE + // +kubebuilder:validation:Optional + EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` +} + type ClusterInitParameters struct { // Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix and name , separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. @@ -108,6 +156,9 @@ type ClusterInitParameters struct { // The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region. AwsRegion *string `json:"awsRegion,omitempty" tf:"aws_region,omitempty"` + // Configuration options for the Binary Authorization feature. + BinaryAuthorization []BinaryAuthorizationInitParameters `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` + // Configuration related to the cluster control plane. ControlPlane []ControlPlaneInitParameters `json:"controlPlane,omitempty" tf:"control_plane,omitempty"` @@ -136,6 +187,9 @@ type ClusterObservation struct { // The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region. AwsRegion *string `json:"awsRegion,omitempty" tf:"aws_region,omitempty"` + // Configuration options for the Binary Authorization feature. + BinaryAuthorization []BinaryAuthorizationObservation `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` + // Configuration related to the cluster control plane. ControlPlane []ControlPlaneObservation `json:"controlPlane,omitempty" tf:"control_plane,omitempty"` @@ -145,6 +199,9 @@ type ClusterObservation struct { // Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + // Output only. The endpoint of the cluster's API server. Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` @@ -197,6 +254,10 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional AwsRegion *string `json:"awsRegion,omitempty" tf:"aws_region,omitempty"` + // Configuration options for the Binary Authorization feature. + // +kubebuilder:validation:Optional + BinaryAuthorization []BinaryAuthorizationParameters `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` + // Configuration related to the cluster control plane. // +kubebuilder:validation:Optional ControlPlane []ControlPlaneParameters `json:"controlPlane,omitempty" tf:"control_plane,omitempty"` @@ -435,7 +496,7 @@ type MainVolumeInitParameters struct { // Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` // Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3 @@ -453,7 +514,7 @@ type MainVolumeObservation struct { // Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` // Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3 @@ -474,7 +535,7 @@ type MainVolumeParameters struct { // +kubebuilder:validation:Optional SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. // +kubebuilder:validation:Optional Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` @@ -572,7 +633,7 @@ type RootVolumeInitParameters struct { // Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` // Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3 @@ -590,7 +651,7 @@ type RootVolumeObservation struct { // Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` // Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3 @@ -611,7 +672,7 @@ type RootVolumeParameters struct { // +kubebuilder:validation:Optional SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. // +kubebuilder:validation:Optional Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` diff --git a/apis/containeraws/v1beta1/zz_generated.deepcopy.go b/apis/containeraws/v1beta1/zz_generated.deepcopy.go index 9de3c74a6..7053b4dd5 100644 --- a/apis/containeraws/v1beta1/zz_generated.deepcopy.go +++ b/apis/containeraws/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,66 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminGroupsInitParameters) DeepCopyInto(out *AdminGroupsInitParameters) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminGroupsInitParameters. +func (in *AdminGroupsInitParameters) DeepCopy() *AdminGroupsInitParameters { + if in == nil { + return nil + } + out := new(AdminGroupsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminGroupsObservation) DeepCopyInto(out *AdminGroupsObservation) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminGroupsObservation. +func (in *AdminGroupsObservation) DeepCopy() *AdminGroupsObservation { + if in == nil { + return nil + } + out := new(AdminGroupsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminGroupsParameters) DeepCopyInto(out *AdminGroupsParameters) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminGroupsParameters. +func (in *AdminGroupsParameters) DeepCopy() *AdminGroupsParameters { + if in == nil { + return nil + } + out := new(AdminGroupsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdminUsersInitParameters) DeepCopyInto(out *AdminUsersInitParameters) { *out = *in @@ -88,6 +148,13 @@ func (in *AdminUsersParameters) DeepCopy() *AdminUsersParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationInitParameters) DeepCopyInto(out *AuthorizationInitParameters) { *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]AdminGroupsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdminUsers != nil { in, out := &in.AdminUsers, &out.AdminUsers *out = make([]AdminUsersInitParameters, len(*in)) @@ -110,6 +177,13 @@ func (in *AuthorizationInitParameters) DeepCopy() *AuthorizationInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationObservation) DeepCopyInto(out *AuthorizationObservation) { *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]AdminGroupsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdminUsers != nil { in, out := &in.AdminUsers, &out.AdminUsers *out = make([]AdminUsersObservation, len(*in)) @@ -132,6 +206,13 @@ func (in *AuthorizationObservation) DeepCopy() *AuthorizationObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationParameters) DeepCopyInto(out *AuthorizationParameters) { *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]AdminGroupsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdminUsers != nil { in, out := &in.AdminUsers, &out.AdminUsers *out = make([]AdminUsersParameters, len(*in)) @@ -394,6 +475,66 @@ func (in *AwsServicesAuthenticationParameters) DeepCopy() *AwsServicesAuthentica return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorizationInitParameters) DeepCopyInto(out *BinaryAuthorizationInitParameters) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationInitParameters. +func (in *BinaryAuthorizationInitParameters) DeepCopy() *BinaryAuthorizationInitParameters { + if in == nil { + return nil + } + out := new(BinaryAuthorizationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorizationObservation) DeepCopyInto(out *BinaryAuthorizationObservation) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationObservation. +func (in *BinaryAuthorizationObservation) DeepCopy() *BinaryAuthorizationObservation { + if in == nil { + return nil + } + out := new(BinaryAuthorizationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorizationParameters) DeepCopyInto(out *BinaryAuthorizationParameters) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationParameters. +func (in *BinaryAuthorizationParameters) DeepCopy() *BinaryAuthorizationParameters { + if in == nil { + return nil + } + out := new(BinaryAuthorizationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Cluster) DeepCopyInto(out *Cluster) { *out = *in @@ -452,6 +593,13 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(string) **out = **in } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = make([]BinaryAuthorizationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ControlPlane != nil { in, out := &in.ControlPlane, &out.ControlPlane *out = make([]ControlPlaneInitParameters, len(*in)) @@ -558,6 +706,13 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = make([]BinaryAuthorizationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ControlPlane != nil { in, out := &in.ControlPlane, &out.ControlPlane *out = make([]ControlPlaneObservation, len(*in)) @@ -575,6 +730,22 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Endpoint != nil { in, out := &in.Endpoint, &out.Endpoint *out = new(string) @@ -684,6 +855,13 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(string) **out = **in } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = make([]BinaryAuthorizationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ControlPlane != nil { in, out := &in.ControlPlane, &out.ControlPlane *out = make([]ControlPlaneParameters, len(*in)) @@ -2068,6 +2246,66 @@ func (in *MainVolumeParameters) DeepCopy() *MainVolumeParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementInitParameters) DeepCopyInto(out *ManagementInitParameters) { + *out = *in + if in.AutoRepair != nil { + in, out := &in.AutoRepair, &out.AutoRepair + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementInitParameters. +func (in *ManagementInitParameters) DeepCopy() *ManagementInitParameters { + if in == nil { + return nil + } + out := new(ManagementInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementObservation) DeepCopyInto(out *ManagementObservation) { + *out = *in + if in.AutoRepair != nil { + in, out := &in.AutoRepair, &out.AutoRepair + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementObservation. +func (in *ManagementObservation) DeepCopy() *ManagementObservation { + if in == nil { + return nil + } + out := new(ManagementObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementParameters) DeepCopyInto(out *ManagementParameters) { + *out = *in + if in.AutoRepair != nil { + in, out := &in.AutoRepair, &out.AutoRepair + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementParameters. +func (in *ManagementParameters) DeepCopy() *ManagementParameters { + if in == nil { + return nil + } + out := new(ManagementParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MaxPodsConstraintInitParameters) DeepCopyInto(out *MaxPodsConstraintInitParameters) { *out = *in @@ -2329,6 +2567,13 @@ func (in *NodePoolInitParameters) DeepCopyInto(out *NodePoolInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Management != nil { + in, out := &in.Management, &out.Management + *out = make([]ManagementInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxPodsConstraint != nil { in, out := &in.MaxPodsConstraint, &out.MaxPodsConstraint *out = make([]MaxPodsConstraintInitParameters, len(*in)) @@ -2346,6 +2591,13 @@ func (in *NodePoolInitParameters) DeepCopyInto(out *NodePoolInitParameters) { *out = new(string) **out = **in } + if in.UpdateSettings != nil { + in, out := &in.UpdateSettings, &out.UpdateSettings + *out = make([]UpdateSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Version != nil { in, out := &in.Version, &out.Version *out = new(string) @@ -2438,6 +2690,22 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -2453,6 +2721,13 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(string) **out = **in } + if in.Management != nil { + in, out := &in.Management, &out.Management + *out = make([]ManagementObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxPodsConstraint != nil { in, out := &in.MaxPodsConstraint, &out.MaxPodsConstraint *out = make([]MaxPodsConstraintObservation, len(*in)) @@ -2485,6 +2760,13 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(string) **out = **in } + if in.UpdateSettings != nil { + in, out := &in.UpdateSettings, &out.UpdateSettings + *out = make([]UpdateSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -2560,6 +2842,13 @@ func (in *NodePoolParameters) DeepCopyInto(out *NodePoolParameters) { *out = new(string) **out = **in } + if in.Management != nil { + in, out := &in.Management, &out.Management + *out = make([]ManagementParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxPodsConstraint != nil { in, out := &in.MaxPodsConstraint, &out.MaxPodsConstraint *out = make([]MaxPodsConstraintParameters, len(*in)) @@ -2577,6 +2866,13 @@ func (in *NodePoolParameters) DeepCopyInto(out *NodePoolParameters) { *out = new(string) **out = **in } + if in.UpdateSettings != nil { + in, out := &in.UpdateSettings, &out.UpdateSettings + *out = make([]UpdateSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Version != nil { in, out := &in.Version, &out.Version *out = new(string) @@ -2884,6 +3180,81 @@ func (in *SSHConfigParameters) DeepCopy() *SSHConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SurgeSettingsInitParameters) DeepCopyInto(out *SurgeSettingsInitParameters) { + *out = *in + if in.MaxSurge != nil { + in, out := &in.MaxSurge, &out.MaxSurge + *out = new(float64) + **out = **in + } + if in.MaxUnavailable != nil { + in, out := &in.MaxUnavailable, &out.MaxUnavailable + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SurgeSettingsInitParameters. +func (in *SurgeSettingsInitParameters) DeepCopy() *SurgeSettingsInitParameters { + if in == nil { + return nil + } + out := new(SurgeSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SurgeSettingsObservation) DeepCopyInto(out *SurgeSettingsObservation) { + *out = *in + if in.MaxSurge != nil { + in, out := &in.MaxSurge, &out.MaxSurge + *out = new(float64) + **out = **in + } + if in.MaxUnavailable != nil { + in, out := &in.MaxUnavailable, &out.MaxUnavailable + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SurgeSettingsObservation. +func (in *SurgeSettingsObservation) DeepCopy() *SurgeSettingsObservation { + if in == nil { + return nil + } + out := new(SurgeSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SurgeSettingsParameters) DeepCopyInto(out *SurgeSettingsParameters) { + *out = *in + if in.MaxSurge != nil { + in, out := &in.MaxSurge, &out.MaxSurge + *out = new(float64) + **out = **in + } + if in.MaxUnavailable != nil { + in, out := &in.MaxUnavailable, &out.MaxUnavailable + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SurgeSettingsParameters. +func (in *SurgeSettingsParameters) DeepCopy() *SurgeSettingsParameters { + if in == nil { + return nil + } + out := new(SurgeSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TaintsInitParameters) DeepCopyInto(out *TaintsInitParameters) { *out = *in @@ -2974,6 +3345,72 @@ func (in *TaintsParameters) DeepCopy() *TaintsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpdateSettingsInitParameters) DeepCopyInto(out *UpdateSettingsInitParameters) { + *out = *in + if in.SurgeSettings != nil { + in, out := &in.SurgeSettings, &out.SurgeSettings + *out = make([]SurgeSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpdateSettingsInitParameters. +func (in *UpdateSettingsInitParameters) DeepCopy() *UpdateSettingsInitParameters { + if in == nil { + return nil + } + out := new(UpdateSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpdateSettingsObservation) DeepCopyInto(out *UpdateSettingsObservation) { + *out = *in + if in.SurgeSettings != nil { + in, out := &in.SurgeSettings, &out.SurgeSettings + *out = make([]SurgeSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpdateSettingsObservation. +func (in *UpdateSettingsObservation) DeepCopy() *UpdateSettingsObservation { + if in == nil { + return nil + } + out := new(UpdateSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpdateSettingsParameters) DeepCopyInto(out *UpdateSettingsParameters) { + *out = *in + if in.SurgeSettings != nil { + in, out := &in.SurgeSettings, &out.SurgeSettings + *out = make([]SurgeSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpdateSettingsParameters. +func (in *UpdateSettingsParameters) DeepCopy() *UpdateSettingsParameters { + if in == nil { + return nil + } + out := new(UpdateSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadIdentityConfigInitParameters) DeepCopyInto(out *WorkloadIdentityConfigInitParameters) { *out = *in diff --git a/apis/containeraws/v1beta1/zz_nodepool_types.go b/apis/containeraws/v1beta1/zz_nodepool_types.go index e6b01b08d..2c8fe4264 100755 --- a/apis/containeraws/v1beta1/zz_nodepool_types.go +++ b/apis/containeraws/v1beta1/zz_nodepool_types.go @@ -271,7 +271,7 @@ type ConfigRootVolumeInitParameters struct { // Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` // Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3 @@ -289,7 +289,7 @@ type ConfigRootVolumeObservation struct { // Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` // Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3 @@ -310,7 +310,7 @@ type ConfigRootVolumeParameters struct { // +kubebuilder:validation:Optional SizeGib *float64 `json:"sizeGib,omitempty" tf:"size_gib,omitempty"` - // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + // Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. // +kubebuilder:validation:Optional Throughput *float64 `json:"throughput,omitempty" tf:"throughput,omitempty"` @@ -338,6 +338,25 @@ type ConfigSSHConfigParameters struct { EC2KeyPair *string `json:"ec2KeyPair" tf:"ec2_key_pair,omitempty"` } +type ManagementInitParameters struct { + + // Optional. Whether or not the nodes will be automatically repaired. + AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` +} + +type ManagementObservation struct { + + // Optional. Whether or not the nodes will be automatically repaired. + AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` +} + +type ManagementParameters struct { + + // Optional. Whether or not the nodes will be automatically repaired. + // +kubebuilder:validation:Optional + AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` +} + type MaxPodsConstraintInitParameters struct { // The maximum number of pods to schedule on a single node. @@ -369,6 +388,9 @@ type NodePoolInitParameters struct { // The configuration of the node pool. Config []ConfigInitParameters `json:"config,omitempty" tf:"config,omitempty"` + // The Management configuration for this node pool. + Management []ManagementInitParameters `json:"management,omitempty" tf:"management,omitempty"` + // The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. MaxPodsConstraint []MaxPodsConstraintInitParameters `json:"maxPodsConstraint,omitempty" tf:"max_pods_constraint,omitempty"` @@ -378,6 +400,9 @@ type NodePoolInitParameters struct { // The subnet where the node pool node run. SubnetID *string `json:"subnetId,omitempty" tf:"subnet_id,omitempty"` + // Optional. Update settings control the speed and disruption of the node pool update. + UpdateSettings []UpdateSettingsInitParameters `json:"updateSettings,omitempty" tf:"update_settings,omitempty"` + // The Kubernetes version to run on this node pool (e.g. 1.19.10-gke.1000). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig. Version *string `json:"version,omitempty" tf:"version,omitempty"` } @@ -400,6 +425,9 @@ type NodePoolObservation struct { // Output only. The time at which this node pool was created. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + // Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -409,6 +437,9 @@ type NodePoolObservation struct { // The location for the resource Location *string `json:"location,omitempty" tf:"location,omitempty"` + // The Management configuration for this node pool. + Management []ManagementObservation `json:"management,omitempty" tf:"management,omitempty"` + // The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. MaxPodsConstraint []MaxPodsConstraintObservation `json:"maxPodsConstraint,omitempty" tf:"max_pods_constraint,omitempty"` @@ -427,6 +458,9 @@ type NodePoolObservation struct { // Output only. A globally unique identifier for the node pool. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` + // Optional. Update settings control the speed and disruption of the node pool update. + UpdateSettings []UpdateSettingsObservation `json:"updateSettings,omitempty" tf:"update_settings,omitempty"` + // Output only. The time at which this node pool was last updated. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` @@ -466,6 +500,10 @@ type NodePoolParameters struct { // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` + // The Management configuration for this node pool. + // +kubebuilder:validation:Optional + Management []ManagementParameters `json:"management,omitempty" tf:"management,omitempty"` + // The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. // +kubebuilder:validation:Optional MaxPodsConstraint []MaxPodsConstraintParameters `json:"maxPodsConstraint,omitempty" tf:"max_pods_constraint,omitempty"` @@ -478,11 +516,44 @@ type NodePoolParameters struct { // +kubebuilder:validation:Optional SubnetID *string `json:"subnetId,omitempty" tf:"subnet_id,omitempty"` + // Optional. Update settings control the speed and disruption of the node pool update. + // +kubebuilder:validation:Optional + UpdateSettings []UpdateSettingsParameters `json:"updateSettings,omitempty" tf:"update_settings,omitempty"` + // The Kubernetes version to run on this node pool (e.g. 1.19.10-gke.1000). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig. // +kubebuilder:validation:Optional Version *string `json:"version,omitempty" tf:"version,omitempty"` } +type SurgeSettingsInitParameters struct { + + // Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process. + MaxSurge *float64 `json:"maxSurge,omitempty" tf:"max_surge,omitempty"` + + // Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready. + MaxUnavailable *float64 `json:"maxUnavailable,omitempty" tf:"max_unavailable,omitempty"` +} + +type SurgeSettingsObservation struct { + + // Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process. + MaxSurge *float64 `json:"maxSurge,omitempty" tf:"max_surge,omitempty"` + + // Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready. + MaxUnavailable *float64 `json:"maxUnavailable,omitempty" tf:"max_unavailable,omitempty"` +} + +type SurgeSettingsParameters struct { + + // Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process. + // +kubebuilder:validation:Optional + MaxSurge *float64 `json:"maxSurge,omitempty" tf:"max_surge,omitempty"` + + // Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready. + // +kubebuilder:validation:Optional + MaxUnavailable *float64 `json:"maxUnavailable,omitempty" tf:"max_unavailable,omitempty"` +} + type TaintsInitParameters struct { // The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE @@ -522,6 +593,25 @@ type TaintsParameters struct { Value *string `json:"value" tf:"value,omitempty"` } +type UpdateSettingsInitParameters struct { + + // Optional. Settings for surge update. + SurgeSettings []SurgeSettingsInitParameters `json:"surgeSettings,omitempty" tf:"surge_settings,omitempty"` +} + +type UpdateSettingsObservation struct { + + // Optional. Settings for surge update. + SurgeSettings []SurgeSettingsObservation `json:"surgeSettings,omitempty" tf:"surge_settings,omitempty"` +} + +type UpdateSettingsParameters struct { + + // Optional. Settings for surge update. + // +kubebuilder:validation:Optional + SurgeSettings []SurgeSettingsParameters `json:"surgeSettings,omitempty" tf:"surge_settings,omitempty"` +} + // NodePoolSpec defines the desired state of NodePool type NodePoolSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/containerazure/v1beta1/zz_cluster_types.go b/apis/containerazure/v1beta1/zz_cluster_types.go index f265cda43..2204d34f2 100755 --- a/apis/containerazure/v1beta1/zz_cluster_types.go +++ b/apis/containerazure/v1beta1/zz_cluster_types.go @@ -29,6 +29,25 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AdminGroupsInitParameters struct { + + // The name of the group, e.g. my-group@domain.com. + Group *string `json:"group,omitempty" tf:"group,omitempty"` +} + +type AdminGroupsObservation struct { + + // The name of the group, e.g. my-group@domain.com. + Group *string `json:"group,omitempty" tf:"group,omitempty"` +} + +type AdminGroupsParameters struct { + + // The name of the group, e.g. my-group@domain.com. + // +kubebuilder:validation:Optional + Group *string `json:"group" tf:"group,omitempty"` +} + type AdminUsersInitParameters struct { // The name of the user, e.g. my-gcp-id@gmail.com. @@ -50,18 +69,28 @@ type AdminUsersParameters struct { type AuthorizationInitParameters struct { + // Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []AdminGroupsInitParameters `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + // Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles AdminUsers []AdminUsersInitParameters `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` } type AuthorizationObservation struct { + // Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []AdminGroupsObservation `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + // Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles AdminUsers []AdminUsersObservation `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` } type AuthorizationParameters struct { + // Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + // +kubebuilder:validation:Optional + AdminGroups []AdminGroupsParameters `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + // Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles // +kubebuilder:validation:Optional AdminUsers []AdminUsersParameters `json:"adminUsers" tf:"admin_users,omitempty"` @@ -160,6 +189,9 @@ type ClusterObservation struct { // Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + // Output only. The endpoint of the cluster's API server. Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` diff --git a/apis/containerazure/v1beta1/zz_generated.deepcopy.go b/apis/containerazure/v1beta1/zz_generated.deepcopy.go index 1d654cc1d..a90f92bcb 100644 --- a/apis/containerazure/v1beta1/zz_generated.deepcopy.go +++ b/apis/containerazure/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,66 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminGroupsInitParameters) DeepCopyInto(out *AdminGroupsInitParameters) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminGroupsInitParameters. +func (in *AdminGroupsInitParameters) DeepCopy() *AdminGroupsInitParameters { + if in == nil { + return nil + } + out := new(AdminGroupsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminGroupsObservation) DeepCopyInto(out *AdminGroupsObservation) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminGroupsObservation. +func (in *AdminGroupsObservation) DeepCopy() *AdminGroupsObservation { + if in == nil { + return nil + } + out := new(AdminGroupsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminGroupsParameters) DeepCopyInto(out *AdminGroupsParameters) { + *out = *in + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminGroupsParameters. +func (in *AdminGroupsParameters) DeepCopy() *AdminGroupsParameters { + if in == nil { + return nil + } + out := new(AdminGroupsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdminUsersInitParameters) DeepCopyInto(out *AdminUsersInitParameters) { *out = *in @@ -88,6 +148,13 @@ func (in *AdminUsersParameters) DeepCopy() *AdminUsersParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationInitParameters) DeepCopyInto(out *AuthorizationInitParameters) { *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]AdminGroupsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdminUsers != nil { in, out := &in.AdminUsers, &out.AdminUsers *out = make([]AdminUsersInitParameters, len(*in)) @@ -110,6 +177,13 @@ func (in *AuthorizationInitParameters) DeepCopy() *AuthorizationInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationObservation) DeepCopyInto(out *AuthorizationObservation) { *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]AdminGroupsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdminUsers != nil { in, out := &in.AdminUsers, &out.AdminUsers *out = make([]AdminUsersObservation, len(*in)) @@ -132,6 +206,13 @@ func (in *AuthorizationObservation) DeepCopy() *AuthorizationObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationParameters) DeepCopyInto(out *AuthorizationParameters) { *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]AdminGroupsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AdminUsers != nil { in, out := &in.AdminUsers, &out.AdminUsers *out = make([]AdminUsersParameters, len(*in)) @@ -725,6 +806,22 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Endpoint != nil { in, out := &in.Endpoint, &out.Endpoint *out = new(string) @@ -942,6 +1039,22 @@ func (in *ClusterStatus) DeepCopy() *ClusterStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ProxyConfig != nil { in, out := &in.ProxyConfig, &out.ProxyConfig *out = make([]ConfigProxyConfigInitParameters, len(*in)) @@ -999,6 +1112,22 @@ func (in *ConfigInitParameters) DeepCopy() *ConfigInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigObservation) DeepCopyInto(out *ConfigObservation) { *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ProxyConfig != nil { in, out := &in.ProxyConfig, &out.ProxyConfig *out = make([]ConfigProxyConfigObservation, len(*in)) @@ -1056,6 +1185,22 @@ func (in *ConfigObservation) DeepCopy() *ConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigParameters) DeepCopyInto(out *ConfigParameters) { *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ProxyConfig != nil { in, out := &in.ProxyConfig, &out.ProxyConfig *out = make([]ConfigProxyConfigParameters, len(*in)) @@ -1754,6 +1899,66 @@ func (in *MainVolumeParameters) DeepCopy() *MainVolumeParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementInitParameters) DeepCopyInto(out *ManagementInitParameters) { + *out = *in + if in.AutoRepair != nil { + in, out := &in.AutoRepair, &out.AutoRepair + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementInitParameters. +func (in *ManagementInitParameters) DeepCopy() *ManagementInitParameters { + if in == nil { + return nil + } + out := new(ManagementInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementObservation) DeepCopyInto(out *ManagementObservation) { + *out = *in + if in.AutoRepair != nil { + in, out := &in.AutoRepair, &out.AutoRepair + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementObservation. +func (in *ManagementObservation) DeepCopy() *ManagementObservation { + if in == nil { + return nil + } + out := new(ManagementObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementParameters) DeepCopyInto(out *ManagementParameters) { + *out = *in + if in.AutoRepair != nil { + in, out := &in.AutoRepair, &out.AutoRepair + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementParameters. +func (in *ManagementParameters) DeepCopy() *ManagementParameters { + if in == nil { + return nil + } + out := new(ManagementParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MaxPodsConstraintInitParameters) DeepCopyInto(out *MaxPodsConstraintInitParameters) { *out = *in @@ -2005,6 +2210,13 @@ func (in *NodePoolInitParameters) DeepCopyInto(out *NodePoolInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Management != nil { + in, out := &in.Management, &out.Management + *out = make([]ManagementInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxPodsConstraint != nil { in, out := &in.MaxPodsConstraint, &out.MaxPodsConstraint *out = make([]MaxPodsConstraintInitParameters, len(*in)) @@ -2119,6 +2331,22 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -2134,6 +2362,13 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(string) **out = **in } + if in.Management != nil { + in, out := &in.Management, &out.Management + *out = make([]ManagementObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxPodsConstraint != nil { in, out := &in.MaxPodsConstraint, &out.MaxPodsConstraint *out = make([]MaxPodsConstraintObservation, len(*in)) @@ -2246,6 +2481,13 @@ func (in *NodePoolParameters) DeepCopyInto(out *NodePoolParameters) { *out = new(string) **out = **in } + if in.Management != nil { + in, out := &in.Management, &out.Management + *out = make([]ManagementParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxPodsConstraint != nil { in, out := &in.MaxPodsConstraint, &out.MaxPodsConstraint *out = make([]MaxPodsConstraintParameters, len(*in)) diff --git a/apis/containerazure/v1beta1/zz_nodepool_types.go b/apis/containerazure/v1beta1/zz_nodepool_types.go index a91dd746d..7b7a23cd9 100755 --- a/apis/containerazure/v1beta1/zz_nodepool_types.go +++ b/apis/containerazure/v1beta1/zz_nodepool_types.go @@ -60,6 +60,10 @@ type AutoscalingParameters struct { type ConfigInitParameters struct { + // Optional. The initial labels assigned to nodes of this node pool. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Proxy configuration for outbound HTTP(S) traffic. ProxyConfig []ConfigProxyConfigInitParameters `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` @@ -79,6 +83,10 @@ type ConfigInitParameters struct { type ConfigObservation struct { + // Optional. The initial labels assigned to nodes of this node pool. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Proxy configuration for outbound HTTP(S) traffic. ProxyConfig []ConfigProxyConfigObservation `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` @@ -98,6 +106,11 @@ type ConfigObservation struct { type ConfigParameters struct { + // Optional. The initial labels assigned to nodes of this node pool. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Proxy configuration for outbound HTTP(S) traffic. // +kubebuilder:validation:Optional ProxyConfig []ConfigProxyConfigParameters `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` @@ -187,6 +200,25 @@ type ConfigSSHConfigParameters struct { AuthorizedKey *string `json:"authorizedKey" tf:"authorized_key,omitempty"` } +type ManagementInitParameters struct { + + // Optional. Whether or not the nodes will be automatically repaired. + AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` +} + +type ManagementObservation struct { + + // Optional. Whether or not the nodes will be automatically repaired. + AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` +} + +type ManagementParameters struct { + + // Optional. Whether or not the nodes will be automatically repaired. + // +kubebuilder:validation:Optional + AutoRepair *bool `json:"autoRepair,omitempty" tf:"auto_repair,omitempty"` +} + type MaxPodsConstraintInitParameters struct { // The maximum number of pods to schedule on a single node. @@ -221,6 +253,9 @@ type NodePoolInitParameters struct { // The node configuration of the node pool. Config []ConfigInitParameters `json:"config,omitempty" tf:"config,omitempty"` + // The Management configuration for this node pool. + Management []ManagementInitParameters `json:"management,omitempty" tf:"management,omitempty"` + // The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. MaxPodsConstraint []MaxPodsConstraintInitParameters `json:"maxPodsConstraint,omitempty" tf:"max_pods_constraint,omitempty"` @@ -255,6 +290,9 @@ type NodePoolObservation struct { // Output only. The time at which this node pool was created. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + // Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -264,6 +302,9 @@ type NodePoolObservation struct { // The location for the resource Location *string `json:"location,omitempty" tf:"location,omitempty"` + // The Management configuration for this node pool. + Management []ManagementObservation `json:"management,omitempty" tf:"management,omitempty"` + // The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. MaxPodsConstraint []MaxPodsConstraintObservation `json:"maxPodsConstraint,omitempty" tf:"max_pods_constraint,omitempty"` @@ -325,6 +366,10 @@ type NodePoolParameters struct { // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` + // The Management configuration for this node pool. + // +kubebuilder:validation:Optional + Management []ManagementParameters `json:"management,omitempty" tf:"management,omitempty"` + // The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. // +kubebuilder:validation:Optional MaxPodsConstraint []MaxPodsConstraintParameters `json:"maxPodsConstraint,omitempty" tf:"max_pods_constraint,omitempty"` diff --git a/apis/dataflow/v1beta1/zz_generated.deepcopy.go b/apis/dataflow/v1beta1/zz_generated.deepcopy.go index fc2478272..052c39be8 100644 --- a/apis/dataflow/v1beta1/zz_generated.deepcopy.go +++ b/apis/dataflow/v1beta1/zz_generated.deepcopy.go @@ -224,6 +224,22 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { } } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableStreamingEngine != nil { in, out := &in.EnableStreamingEngine, &out.EnableStreamingEngine *out = new(bool) @@ -328,6 +344,22 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.TransformNameMapping != nil { in, out := &in.TransformNameMapping, &out.TransformNameMapping *out = make(map[string]string, len(*in)) diff --git a/apis/dataflow/v1beta1/zz_job_terraformed.go b/apis/dataflow/v1beta1/zz_job_terraformed.go index 96edbf738..de763e8f8 100755 --- a/apis/dataflow/v1beta1/zz_job_terraformed.go +++ b/apis/dataflow/v1beta1/zz_job_terraformed.go @@ -141,5 +141,5 @@ func (tr *Job) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Job) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/dataflow/v1beta1/zz_job_types.go b/apis/dataflow/v1beta1/zz_job_types.go index 55eea8b59..9c5aeb239 100755 --- a/apis/dataflow/v1beta1/zz_job_types.go +++ b/apis/dataflow/v1beta1/zz_job_types.go @@ -46,8 +46,7 @@ type JobInitParameters struct { // User labels to be specified for the job. Keys and values should follow the restrictions // specified in the labeling restrictions page. - // NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - // Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` // The machine type to use for the job. @@ -102,6 +101,9 @@ type JobObservation struct { // +listType=set AdditionalExperiments []*string `json:"additionalExperiments,omitempty" tf:"additional_experiments,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Enable/disable the use of Streaming Engine for the job. Note that Streaming Engine is enabled by default for pipelines developed against the Beam SDK for Python v2.21.0 or later when using Python 3. EnableStreamingEngine *bool `json:"enableStreamingEngine,omitempty" tf:"enable_streaming_engine,omitempty"` @@ -118,8 +120,7 @@ type JobObservation struct { // User labels to be specified for the job. Keys and values should follow the restrictions // specified in the labeling restrictions page. - // NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - // Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` // The machine type to use for the job. @@ -164,6 +165,10 @@ type JobObservation struct { // The GCS path to the Dataflow job template. TemplateGcsPath *string `json:"templateGcsPath,omitempty" tf:"template_gcs_path,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job. This field is not used outside of update. TransformNameMapping map[string]string `json:"transformNameMapping,omitempty" tf:"transform_name_mapping,omitempty"` @@ -195,8 +200,7 @@ type JobParameters struct { // User labels to be specified for the job. Keys and values should follow the restrictions // specified in the labeling restrictions page. - // NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - // Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional Labels map[string]string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -288,7 +292,7 @@ type JobStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// Job is the Schema for the Jobs API. Creates a job in Dataflow according to a provided config file. +// Job is the Schema for the Jobs API. Creates a job in Dataflow according to a provided config file. Dataflow jobs are different from most other Google resources. The Dataflow resource is considered 'existing' while it is in a nonterminal state. If it reaches a terminal state (e.g. 'FAILED', 'COMPLETE', 'CANCELLED'), it will be recreated on the next 'reconcile'. This resource does not support import // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/datafusion/v1beta1/zz_generated.deepcopy.go b/apis/datafusion/v1beta1/zz_generated.deepcopy.go index 8bd771411..4be1459c8 100644 --- a/apis/datafusion/v1beta1/zz_generated.deepcopy.go +++ b/apis/datafusion/v1beta1/zz_generated.deepcopy.go @@ -506,6 +506,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableRbac != nil { in, out := &in.EnableRbac, &out.EnableRbac *out = new(bool) @@ -617,6 +633,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) diff --git a/apis/datafusion/v1beta1/zz_instance_types.go b/apis/datafusion/v1beta1/zz_instance_types.go index 7ec689554..0b09f66aa 100755 --- a/apis/datafusion/v1beta1/zz_instance_types.go +++ b/apis/datafusion/v1beta1/zz_instance_types.go @@ -246,6 +246,10 @@ type InstanceObservation struct { // Display name for an instance. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Option to enable granular role-based access control. EnableRbac *bool `json:"enableRbac,omitempty" tf:"enable_rbac,omitempty"` @@ -305,6 +309,11 @@ type InstanceObservation struct { // The name of the tenant project. TenantProjectID *string `json:"tenantProjectId,omitempty" tf:"tenant_project_id,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Represents the type of Data Fusion instance. Each type is configured with // the default settings for processing and memory. Type *string `json:"type,omitempty" tf:"type,omitempty"` diff --git a/apis/datalossprevention/v1beta1/zz_jobtrigger_types.go b/apis/datalossprevention/v1beta1/zz_jobtrigger_types.go index f7f98e9ca..78ea9de6b 100755 --- a/apis/datalossprevention/v1beta1/zz_jobtrigger_types.go +++ b/apis/datalossprevention/v1beta1/zz_jobtrigger_types.go @@ -1478,7 +1478,7 @@ type InspectConfigRuleSetParameters struct { type InspectJobInitParameters struct { - // A task to execute on the completion of a job. + // Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. // Structure is documented below. Actions []ActionsInitParameters `json:"actions,omitempty" tf:"actions,omitempty"` @@ -1675,7 +1675,7 @@ type InspectJobInspectConfigParameters struct { type InspectJobObservation struct { - // A task to execute on the completion of a job. + // Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. // Structure is documented below. Actions []ActionsObservation `json:"actions,omitempty" tf:"actions,omitempty"` @@ -1693,7 +1693,7 @@ type InspectJobObservation struct { type InspectJobParameters struct { - // A task to execute on the completion of a job. + // Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. // Structure is documented below. // +kubebuilder:validation:Optional Actions []ActionsParameters `json:"actions,omitempty" tf:"actions,omitempty"` @@ -2605,7 +2605,7 @@ type StorageConfigInitParameters struct { // Structure is documented below. HybridOptions []HybridOptionsInitParameters `json:"hybridOptions,omitempty" tf:"hybrid_options,omitempty"` - // Information on where to inspect + // Configuration of the timespan of the items to include in scanning // Structure is documented below. TimespanConfig []TimespanConfigInitParameters `json:"timespanConfig,omitempty" tf:"timespan_config,omitempty"` } @@ -2628,7 +2628,7 @@ type StorageConfigObservation struct { // Structure is documented below. HybridOptions []HybridOptionsObservation `json:"hybridOptions,omitempty" tf:"hybrid_options,omitempty"` - // Information on where to inspect + // Configuration of the timespan of the items to include in scanning // Structure is documented below. TimespanConfig []TimespanConfigObservation `json:"timespanConfig,omitempty" tf:"timespan_config,omitempty"` } @@ -2655,7 +2655,7 @@ type StorageConfigParameters struct { // +kubebuilder:validation:Optional HybridOptions []HybridOptionsParameters `json:"hybridOptions,omitempty" tf:"hybrid_options,omitempty"` - // Information on where to inspect + // Configuration of the timespan of the items to include in scanning // Structure is documented below. // +kubebuilder:validation:Optional TimespanConfig []TimespanConfigParameters `json:"timespanConfig,omitempty" tf:"timespan_config,omitempty"` @@ -2853,16 +2853,17 @@ type TimespanConfigInitParameters struct { // When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid // scanning files that have not been modified since the last time the JobTrigger executed. This will - // be based on the time of the execution of the last run of the JobTrigger. + // be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + // used in the last run of the JobTrigger. EnableAutoPopulationOfTimespanConfig *bool `json:"enableAutoPopulationOfTimespanConfig,omitempty" tf:"enable_auto_population_of_timespan_config,omitempty"` - // Exclude files or rows newer than this value. If set to zero, no upper time limit is applied. + // Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied. EndTime *string `json:"endTime,omitempty" tf:"end_time,omitempty"` - // Exclude files or rows older than this value. + // Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied. StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` - // Information on where to inspect + // Specification of the field containing the timestamp of scanned items. // Structure is documented below. TimestampField []TimestampFieldInitParameters `json:"timestampField,omitempty" tf:"timestamp_field,omitempty"` } @@ -2871,16 +2872,17 @@ type TimespanConfigObservation struct { // When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid // scanning files that have not been modified since the last time the JobTrigger executed. This will - // be based on the time of the execution of the last run of the JobTrigger. + // be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + // used in the last run of the JobTrigger. EnableAutoPopulationOfTimespanConfig *bool `json:"enableAutoPopulationOfTimespanConfig,omitempty" tf:"enable_auto_population_of_timespan_config,omitempty"` - // Exclude files or rows newer than this value. If set to zero, no upper time limit is applied. + // Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied. EndTime *string `json:"endTime,omitempty" tf:"end_time,omitempty"` - // Exclude files or rows older than this value. + // Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied. StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` - // Information on where to inspect + // Specification of the field containing the timestamp of scanned items. // Structure is documented below. TimestampField []TimestampFieldObservation `json:"timestampField,omitempty" tf:"timestamp_field,omitempty"` } @@ -2889,22 +2891,23 @@ type TimespanConfigParameters struct { // When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid // scanning files that have not been modified since the last time the JobTrigger executed. This will - // be based on the time of the execution of the last run of the JobTrigger. + // be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + // used in the last run of the JobTrigger. // +kubebuilder:validation:Optional EnableAutoPopulationOfTimespanConfig *bool `json:"enableAutoPopulationOfTimespanConfig,omitempty" tf:"enable_auto_population_of_timespan_config,omitempty"` - // Exclude files or rows newer than this value. If set to zero, no upper time limit is applied. + // Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied. // +kubebuilder:validation:Optional EndTime *string `json:"endTime,omitempty" tf:"end_time,omitempty"` - // Exclude files or rows older than this value. + // Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied. // +kubebuilder:validation:Optional StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` - // Information on where to inspect + // Specification of the field containing the timestamp of scanned items. // Structure is documented below. // +kubebuilder:validation:Optional - TimestampField []TimestampFieldParameters `json:"timestampField" tf:"timestamp_field,omitempty"` + TimestampField []TimestampFieldParameters `json:"timestampField,omitempty" tf:"timestamp_field,omitempty"` } type TimestampFieldInitParameters struct { diff --git a/apis/dataplex/v1beta1/zz_asset_types.go b/apis/dataplex/v1beta1/zz_asset_types.go index 003575cae..1dabb6715 100755 --- a/apis/dataplex/v1beta1/zz_asset_types.go +++ b/apis/dataplex/v1beta1/zz_asset_types.go @@ -71,6 +71,9 @@ type AssetObservation struct { // Optional. User friendly display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -99,6 +102,10 @@ type AssetObservation struct { // Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` @@ -338,6 +345,9 @@ type ResourceSpecInitParameters struct { // Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: projects/{project_number}/buckets/{bucket_id} projects/{project_number}/datasets/{dataset_id} Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED + ReadAccessMode *string `json:"readAccessMode,omitempty" tf:"read_access_mode,omitempty"` + // Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -347,6 +357,9 @@ type ResourceSpecObservation struct { // Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: projects/{project_number}/buckets/{bucket_id} projects/{project_number}/datasets/{dataset_id} Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED + ReadAccessMode *string `json:"readAccessMode,omitempty" tf:"read_access_mode,omitempty"` + // Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -357,6 +370,10 @@ type ResourceSpecParameters struct { // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED + // +kubebuilder:validation:Optional + ReadAccessMode *string `json:"readAccessMode,omitempty" tf:"read_access_mode,omitempty"` + // Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET // +kubebuilder:validation:Optional Type *string `json:"type" tf:"type,omitempty"` diff --git a/apis/dataplex/v1beta1/zz_generated.deepcopy.go b/apis/dataplex/v1beta1/zz_generated.deepcopy.go index 631a485c5..69a4825b8 100644 --- a/apis/dataplex/v1beta1/zz_generated.deepcopy.go +++ b/apis/dataplex/v1beta1/zz_generated.deepcopy.go @@ -181,6 +181,22 @@ func (in *AssetObservation) DeepCopyInto(out *AssetObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -243,6 +259,22 @@ func (in *AssetObservation) DeepCopyInto(out *AssetObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -1212,6 +1244,22 @@ func (in *LakeObservation) DeepCopyInto(out *LakeObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1267,6 +1315,22 @@ func (in *LakeObservation) DeepCopyInto(out *LakeObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -1515,6 +1579,11 @@ func (in *ResourceSpecInitParameters) DeepCopyInto(out *ResourceSpecInitParamete *out = new(string) **out = **in } + if in.ReadAccessMode != nil { + in, out := &in.ReadAccessMode, &out.ReadAccessMode + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -1540,6 +1609,11 @@ func (in *ResourceSpecObservation) DeepCopyInto(out *ResourceSpecObservation) { *out = new(string) **out = **in } + if in.ReadAccessMode != nil { + in, out := &in.ReadAccessMode, &out.ReadAccessMode + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -1565,6 +1639,11 @@ func (in *ResourceSpecParameters) DeepCopyInto(out *ResourceSpecParameters) { *out = new(string) **out = **in } + if in.ReadAccessMode != nil { + in, out := &in.ReadAccessMode, &out.ReadAccessMode + *out = new(string) + **out = **in + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -2166,6 +2245,22 @@ func (in *ZoneObservation) DeepCopyInto(out *ZoneObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -2214,6 +2309,22 @@ func (in *ZoneObservation) DeepCopyInto(out *ZoneObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) diff --git a/apis/dataplex/v1beta1/zz_lake_types.go b/apis/dataplex/v1beta1/zz_lake_types.go index f32285e35..10f7fb5cc 100755 --- a/apis/dataplex/v1beta1/zz_lake_types.go +++ b/apis/dataplex/v1beta1/zz_lake_types.go @@ -77,6 +77,9 @@ type LakeObservation struct { // Optional. User friendly display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -102,6 +105,10 @@ type LakeObservation struct { // Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` diff --git a/apis/dataplex/v1beta1/zz_zone_types.go b/apis/dataplex/v1beta1/zz_zone_types.go index 490249fd6..508a3d3a6 100755 --- a/apis/dataplex/v1beta1/zz_zone_types.go +++ b/apis/dataplex/v1beta1/zz_zone_types.go @@ -233,6 +233,9 @@ type ZoneObservation struct { // Optional. User friendly display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -255,6 +258,10 @@ type ZoneObservation struct { // Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED Type *string `json:"type,omitempty" tf:"type,omitempty"` diff --git a/apis/dataproc/v1beta1/zz_cluster_terraformed.go b/apis/dataproc/v1beta1/zz_cluster_terraformed.go index 7d8b30f18..0b0c28575 100755 --- a/apis/dataproc/v1beta1/zz_cluster_terraformed.go +++ b/apis/dataproc/v1beta1/zz_cluster_terraformed.go @@ -141,5 +141,5 @@ func (tr *Cluster) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Cluster) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/dataproc/v1beta1/zz_cluster_types.go b/apis/dataproc/v1beta1/zz_cluster_types.go index ca63b6bdc..1339bae3f 100755 --- a/apis/dataproc/v1beta1/zz_cluster_types.go +++ b/apis/dataproc/v1beta1/zz_cluster_types.go @@ -106,6 +106,32 @@ type AutoscalingParameters struct { MinNodeCount *float64 `json:"minNodeCount,omitempty" tf:"min_node_count,omitempty"` } +type AuxiliaryNodeGroupsInitParameters struct { + + // Node group configuration. + NodeGroup []NodeGroupInitParameters `json:"nodeGroup,omitempty" tf:"node_group,omitempty"` + + NodeGroupID *string `json:"nodeGroupId,omitempty" tf:"node_group_id,omitempty"` +} + +type AuxiliaryNodeGroupsObservation struct { + + // Node group configuration. + NodeGroup []NodeGroupObservation `json:"nodeGroup,omitempty" tf:"node_group,omitempty"` + + NodeGroupID *string `json:"nodeGroupId,omitempty" tf:"node_group_id,omitempty"` +} + +type AuxiliaryNodeGroupsParameters struct { + + // Node group configuration. + // +kubebuilder:validation:Optional + NodeGroup []NodeGroupParameters `json:"nodeGroup" tf:"node_group,omitempty"` + + // +kubebuilder:validation:Optional + NodeGroupID *string `json:"nodeGroupId,omitempty" tf:"node_group_id,omitempty"` +} + type AuxiliaryServicesConfigInitParameters struct { // The config setting for metastore service with the cluster. @@ -165,6 +191,10 @@ type ClusterConfigInitParameters struct { // Structure defined below. AutoscalingConfig []AutoscalingConfigInitParameters `json:"autoscalingConfig,omitempty" tf:"autoscaling_config,omitempty"` + // A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + // Structure defined below. + AuxiliaryNodeGroups []AuxiliaryNodeGroupsInitParameters `json:"auxiliaryNodeGroups,omitempty" tf:"auxiliary_node_groups,omitempty"` + // The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. // Structure defined below. DataprocMetricConfig []DataprocMetricConfigInitParameters `json:"dataprocMetricConfig,omitempty" tf:"dataproc_metric_config,omitempty"` @@ -235,6 +265,10 @@ type ClusterConfigObservation struct { // Structure defined below. AutoscalingConfig []AutoscalingConfigObservation `json:"autoscalingConfig,omitempty" tf:"autoscaling_config,omitempty"` + // A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + // Structure defined below. + AuxiliaryNodeGroups []AuxiliaryNodeGroupsObservation `json:"auxiliaryNodeGroups,omitempty" tf:"auxiliary_node_groups,omitempty"` + // The name of the cloud storage bucket ultimately used to house the staging data // for the cluster. If staging_bucket is specified, it will contain this value, otherwise // it will be the auto generated name. @@ -311,6 +345,11 @@ type ClusterConfigParameters struct { // +kubebuilder:validation:Optional AutoscalingConfig []AutoscalingConfigParameters `json:"autoscalingConfig,omitempty" tf:"autoscaling_config,omitempty"` + // A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + // Structure defined below. + // +kubebuilder:validation:Optional + AuxiliaryNodeGroups []AuxiliaryNodeGroupsParameters `json:"auxiliaryNodeGroups,omitempty" tf:"auxiliary_node_groups,omitempty"` + // The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. // Structure defined below. // +kubebuilder:validation:Optional @@ -410,6 +449,9 @@ type ClusterConfigWorkerConfigInitParameters struct { // for details about which CPU families are available (and defaulted) for each zone. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` + // The minimum number of primary worker instances to create. If min_num_instances is set, cluster creation will succeed if the number of primary workers created is at least equal to the min_num_instances number. + MinNumInstances *float64 `json:"minNumInstances,omitempty" tf:"min_num_instances,omitempty"` + // Specifies the number of worker nodes to create. // If not specified, GCP will default to a predetermined computed value (currently 2). // There is currently a beta feature which allows you to run a @@ -447,6 +489,9 @@ type ClusterConfigWorkerConfigObservation struct { // for details about which CPU families are available (and defaulted) for each zone. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` + // The minimum number of primary worker instances to create. If min_num_instances is set, cluster creation will succeed if the number of primary workers created is at least equal to the min_num_instances number. + MinNumInstances *float64 `json:"minNumInstances,omitempty" tf:"min_num_instances,omitempty"` + // Specifies the number of worker nodes to create. // If not specified, GCP will default to a predetermined computed value (currently 2). // There is currently a beta feature which allows you to run a @@ -485,6 +530,10 @@ type ClusterConfigWorkerConfigParameters struct { // +kubebuilder:validation:Optional MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` + // The minimum number of primary worker instances to create. If min_num_instances is set, cluster creation will succeed if the number of primary workers created is at least equal to the min_num_instances number. + // +kubebuilder:validation:Optional + MinNumInstances *float64 `json:"minNumInstances,omitempty" tf:"min_num_instances,omitempty"` + // Specifies the number of worker nodes to create. // If not specified, GCP will default to a predetermined computed value (currently 2). // There is currently a beta feature which allows you to run a @@ -511,9 +560,7 @@ type ClusterInitParameters struct { // For more context see the docs GracefulDecommissionTimeout *string `json:"gracefulDecommissionTimeout,omitempty" tf:"graceful_decommission_timeout,omitempty"` - // The list of labels (key/value pairs) to be applied to - // instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - // which is the name of the cluster. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -540,6 +587,12 @@ type ClusterObservation struct { // Structure defined below. ClusterConfig []ClusterConfigObservation `json:"clusterConfig,omitempty" tf:"cluster_config,omitempty"` + // (Computed) The list of labels (key/value pairs) to be applied to + // instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name + // which is the name of the cluster. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Does not affect auto scaling decomissioning from an autoscaling policy. // Graceful decommissioning allows removing nodes from the cluster without interrupting jobs in progress. // Timeout specifies how long to wait for jobs in progress to finish before forcefully removing nodes (and potentially interrupting jobs). @@ -551,9 +604,7 @@ type ClusterObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` - // The list of labels (key/value pairs) to be applied to - // instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - // which is the name of the cluster. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -569,6 +620,10 @@ type ClusterObservation struct { // Defaults to global. Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Allows you to configure a virtual Dataproc on GKE cluster. // Structure defined below. VirtualClusterConfig []VirtualClusterConfigObservation `json:"virtualClusterConfig,omitempty" tf:"virtual_cluster_config,omitempty"` @@ -591,9 +646,7 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional GracefulDecommissionTimeout *string `json:"gracefulDecommissionTimeout,omitempty" tf:"graceful_decommission_timeout,omitempty"` - // The list of labels (key/value pairs) to be applied to - // instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - // which is the name of the cluster. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -1102,6 +1155,70 @@ type InitializationActionParameters struct { TimeoutSec *float64 `json:"timeoutSec,omitempty" tf:"timeout_sec,omitempty"` } +type InstanceFlexibilityPolicyInitParameters struct { + + // List of instance selection options that the group will use when creating new VMs. + InstanceSelectionList []InstanceSelectionListInitParameters `json:"instanceSelectionList,omitempty" tf:"instance_selection_list,omitempty"` +} + +type InstanceFlexibilityPolicyObservation struct { + + // List of instance selection options that the group will use when creating new VMs. + InstanceSelectionList []InstanceSelectionListObservation `json:"instanceSelectionList,omitempty" tf:"instance_selection_list,omitempty"` + + InstanceSelectionResults []InstanceSelectionResultsObservation `json:"instanceSelectionResults,omitempty" tf:"instance_selection_results,omitempty"` +} + +type InstanceFlexibilityPolicyParameters struct { + + // List of instance selection options that the group will use when creating new VMs. + // +kubebuilder:validation:Optional + InstanceSelectionList []InstanceSelectionListParameters `json:"instanceSelectionList,omitempty" tf:"instance_selection_list,omitempty"` +} + +type InstanceSelectionListInitParameters struct { + + // Full machine-type names, e.g. "n1-standard-16". + MachineTypes []*string `json:"machineTypes,omitempty" tf:"machine_types,omitempty"` + + // Preference of this instance selection. A lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference. + Rank *float64 `json:"rank,omitempty" tf:"rank,omitempty"` +} + +type InstanceSelectionListObservation struct { + + // Full machine-type names, e.g. "n1-standard-16". + MachineTypes []*string `json:"machineTypes,omitempty" tf:"machine_types,omitempty"` + + // Preference of this instance selection. A lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference. + Rank *float64 `json:"rank,omitempty" tf:"rank,omitempty"` +} + +type InstanceSelectionListParameters struct { + + // Full machine-type names, e.g. "n1-standard-16". + // +kubebuilder:validation:Optional + MachineTypes []*string `json:"machineTypes,omitempty" tf:"machine_types,omitempty"` + + // Preference of this instance selection. A lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference. + // +kubebuilder:validation:Optional + Rank *float64 `json:"rank,omitempty" tf:"rank,omitempty"` +} + +type InstanceSelectionResultsInitParameters struct { +} + +type InstanceSelectionResultsObservation struct { + + // The name of a Compute Engine machine type. + MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + VMCount *float64 `json:"vmCount,omitempty" tf:"vm_count,omitempty"` +} + +type InstanceSelectionResultsParameters struct { +} + type KerberosConfigInitParameters struct { // The admin server (IP or hostname) for the @@ -1440,13 +1557,99 @@ type LifecycleConfigParameters struct { IdleDeleteTTL *string `json:"idleDeleteTtl,omitempty" tf:"idle_delete_ttl,omitempty"` } +type MasterConfigAcceleratorsInitParameters struct { + + // The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8. + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80. + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type MasterConfigAcceleratorsObservation struct { + + // The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8. + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80. + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type MasterConfigAcceleratorsParameters struct { + + // The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8. + // +kubebuilder:validation:Optional + AcceleratorCount *float64 `json:"acceleratorCount" tf:"accelerator_count,omitempty"` + + // The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80. + // +kubebuilder:validation:Optional + AcceleratorType *string `json:"acceleratorType" tf:"accelerator_type,omitempty"` +} + +type MasterConfigDiskConfigInitParameters struct { + + // Size of the primary disk attached to each node, specified + // in GB. The primary disk contains the boot volume and system libraries, and the + // smallest allowed disk size is 10GB. GCP will default to a predetermined + // computed value if not set (currently 500GB). Note: If SSDs are not + // attached, it also contains the HDFS data blocks and Hadoop working directories. + BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` + + // The disk type of the primary disk attached to each node. + // One of "pd-ssd" or "pd-standard". Defaults to "pd-standard". + BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` + + // The amount of local SSD disks that will be + // attached to each master cluster node. Defaults to 0. + NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` +} + +type MasterConfigDiskConfigObservation struct { + + // Size of the primary disk attached to each node, specified + // in GB. The primary disk contains the boot volume and system libraries, and the + // smallest allowed disk size is 10GB. GCP will default to a predetermined + // computed value if not set (currently 500GB). Note: If SSDs are not + // attached, it also contains the HDFS data blocks and Hadoop working directories. + BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` + + // The disk type of the primary disk attached to each node. + // One of "pd-ssd" or "pd-standard". Defaults to "pd-standard". + BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` + + // The amount of local SSD disks that will be + // attached to each master cluster node. Defaults to 0. + NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` +} + +type MasterConfigDiskConfigParameters struct { + + // Size of the primary disk attached to each node, specified + // in GB. The primary disk contains the boot volume and system libraries, and the + // smallest allowed disk size is 10GB. GCP will default to a predetermined + // computed value if not set (currently 500GB). Note: If SSDs are not + // attached, it also contains the HDFS data blocks and Hadoop working directories. + // +kubebuilder:validation:Optional + BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` + + // The disk type of the primary disk attached to each node. + // One of "pd-ssd" or "pd-standard". Defaults to "pd-standard". + // +kubebuilder:validation:Optional + BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` + + // The amount of local SSD disks that will be + // attached to each master cluster node. Defaults to 0. + // +kubebuilder:validation:Optional + NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` +} + type MasterConfigInitParameters struct { // The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. - Accelerators []AcceleratorsInitParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + Accelerators []MasterConfigAcceleratorsInitParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` // Disk Config - DiskConfig []DiskConfigInitParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + DiskConfig []MasterConfigDiskConfigInitParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` // The URI for the image to use for this worker. See the guide // for more information. @@ -1471,10 +1674,10 @@ type MasterConfigInitParameters struct { type MasterConfigObservation struct { // The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. - Accelerators []AcceleratorsObservation `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + Accelerators []MasterConfigAcceleratorsObservation `json:"accelerators,omitempty" tf:"accelerators,omitempty"` // Disk Config - DiskConfig []DiskConfigObservation `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + DiskConfig []MasterConfigDiskConfigObservation `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` // The URI for the image to use for this worker. See the guide // for more information. @@ -1504,11 +1707,11 @@ type MasterConfigParameters struct { // The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. // +kubebuilder:validation:Optional - Accelerators []AcceleratorsParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + Accelerators []MasterConfigAcceleratorsParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` // Disk Config // +kubebuilder:validation:Optional - DiskConfig []DiskConfigParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + DiskConfig []MasterConfigDiskConfigParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` // The URI for the image to use for this worker. See the guide // for more information. @@ -1604,6 +1807,114 @@ type NodeGroupAffinityParameters struct { NodeGroupURI *string `json:"nodeGroupUri" tf:"node_group_uri,omitempty"` } +type NodeGroupConfigInitParameters struct { + + // The Compute Engine accelerator configuration for these instances. Can be specified multiple times. + Accelerators []AcceleratorsInitParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + + // Disk Config + DiskConfig []DiskConfigInitParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + + // The name of a Compute Engine machine type. + MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + // Minimum CPU platform to be used by this instance. + // The instance may be scheduled on the specified or a newer CPU platform. + // Specify the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge". + MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` + + // Specifies the number of master nodes to create. + // Please set a number greater than 0. Node Group must have at least 1 instance. + NumInstances *float64 `json:"numInstances,omitempty" tf:"num_instances,omitempty"` +} + +type NodeGroupConfigObservation struct { + + // The Compute Engine accelerator configuration for these instances. Can be specified multiple times. + Accelerators []AcceleratorsObservation `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + + // Disk Config + DiskConfig []DiskConfigObservation `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + + // List of worker instance names which have been assigned + // to the cluster. + InstanceNames []*string `json:"instanceNames,omitempty" tf:"instance_names,omitempty"` + + // The name of a Compute Engine machine type. + MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + // Minimum CPU platform to be used by this instance. + // The instance may be scheduled on the specified or a newer CPU platform. + // Specify the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge". + MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` + + // Specifies the number of master nodes to create. + // Please set a number greater than 0. Node Group must have at least 1 instance. + NumInstances *float64 `json:"numInstances,omitempty" tf:"num_instances,omitempty"` +} + +type NodeGroupConfigParameters struct { + + // The Compute Engine accelerator configuration for these instances. Can be specified multiple times. + // +kubebuilder:validation:Optional + Accelerators []AcceleratorsParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + + // Disk Config + // +kubebuilder:validation:Optional + DiskConfig []DiskConfigParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + + // The name of a Compute Engine machine type. + // +kubebuilder:validation:Optional + MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` + + // Minimum CPU platform to be used by this instance. + // The instance may be scheduled on the specified or a newer CPU platform. + // Specify the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge". + // +kubebuilder:validation:Optional + MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` + + // Specifies the number of master nodes to create. + // Please set a number greater than 0. Node Group must have at least 1 instance. + // +kubebuilder:validation:Optional + NumInstances *float64 `json:"numInstances,omitempty" tf:"num_instances,omitempty"` +} + +type NodeGroupInitParameters struct { + + // The node group instance group configuration. + NodeGroupConfig []NodeGroupConfigInitParameters `json:"nodeGroupConfig,omitempty" tf:"node_group_config,omitempty"` + + // The roles associated with the GKE node pool. + // One of "DEFAULT", "CONTROLLER", "SPARK_DRIVER" or "SPARK_EXECUTOR". + Roles []*string `json:"roles,omitempty" tf:"roles,omitempty"` +} + +type NodeGroupObservation struct { + + // The name of the cluster, unique within the project and + // zone. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The node group instance group configuration. + NodeGroupConfig []NodeGroupConfigObservation `json:"nodeGroupConfig,omitempty" tf:"node_group_config,omitempty"` + + // The roles associated with the GKE node pool. + // One of "DEFAULT", "CONTROLLER", "SPARK_DRIVER" or "SPARK_EXECUTOR". + Roles []*string `json:"roles,omitempty" tf:"roles,omitempty"` +} + +type NodeGroupParameters struct { + + // The node group instance group configuration. + // +kubebuilder:validation:Optional + NodeGroupConfig []NodeGroupConfigParameters `json:"nodeGroupConfig,omitempty" tf:"node_group_config,omitempty"` + + // The roles associated with the GKE node pool. + // One of "DEFAULT", "CONTROLLER", "SPARK_DRIVER" or "SPARK_EXECUTOR". + // +kubebuilder:validation:Optional + Roles []*string `json:"roles" tf:"roles,omitempty"` +} + type NodePoolConfigInitParameters struct { // The autoscaler configuration for this node pool. @@ -1768,6 +2079,9 @@ type PreemptibleWorkerConfigInitParameters struct { // Disk Config DiskConfig []PreemptibleWorkerConfigDiskConfigInitParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + // Instance flexibility Policy allowing a mixture of VM shapes and provisioning models. + InstanceFlexibilityPolicy []InstanceFlexibilityPolicyInitParameters `json:"instanceFlexibilityPolicy,omitempty" tf:"instance_flexibility_policy,omitempty"` + // Specifies the number of preemptible nodes to create. // Defaults to 0. NumInstances *float64 `json:"numInstances,omitempty" tf:"num_instances,omitempty"` @@ -1782,6 +2096,9 @@ type PreemptibleWorkerConfigObservation struct { // Disk Config DiskConfig []PreemptibleWorkerConfigDiskConfigObservation `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + // Instance flexibility Policy allowing a mixture of VM shapes and provisioning models. + InstanceFlexibilityPolicy []InstanceFlexibilityPolicyObservation `json:"instanceFlexibilityPolicy,omitempty" tf:"instance_flexibility_policy,omitempty"` + // List of worker instance names which have been assigned // to the cluster. InstanceNames []*string `json:"instanceNames,omitempty" tf:"instance_names,omitempty"` @@ -1801,6 +2118,10 @@ type PreemptibleWorkerConfigParameters struct { // +kubebuilder:validation:Optional DiskConfig []PreemptibleWorkerConfigDiskConfigParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + // Instance flexibility Policy allowing a mixture of VM shapes and provisioning models. + // +kubebuilder:validation:Optional + InstanceFlexibilityPolicy []InstanceFlexibilityPolicyParameters `json:"instanceFlexibilityPolicy,omitempty" tf:"instance_flexibility_policy,omitempty"` + // Specifies the number of preemptible nodes to create. // Defaults to 0. // +kubebuilder:validation:Optional diff --git a/apis/dataproc/v1beta1/zz_generated.deepcopy.go b/apis/dataproc/v1beta1/zz_generated.deepcopy.go index f1726fdde..7657a69da 100644 --- a/apis/dataproc/v1beta1/zz_generated.deepcopy.go +++ b/apis/dataproc/v1beta1/zz_generated.deepcopy.go @@ -472,6 +472,87 @@ func (in *AutoscalingPolicyStatus) DeepCopy() *AutoscalingPolicyStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuxiliaryNodeGroupsInitParameters) DeepCopyInto(out *AuxiliaryNodeGroupsInitParameters) { + *out = *in + if in.NodeGroup != nil { + in, out := &in.NodeGroup, &out.NodeGroup + *out = make([]NodeGroupInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NodeGroupID != nil { + in, out := &in.NodeGroupID, &out.NodeGroupID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuxiliaryNodeGroupsInitParameters. +func (in *AuxiliaryNodeGroupsInitParameters) DeepCopy() *AuxiliaryNodeGroupsInitParameters { + if in == nil { + return nil + } + out := new(AuxiliaryNodeGroupsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuxiliaryNodeGroupsObservation) DeepCopyInto(out *AuxiliaryNodeGroupsObservation) { + *out = *in + if in.NodeGroup != nil { + in, out := &in.NodeGroup, &out.NodeGroup + *out = make([]NodeGroupObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NodeGroupID != nil { + in, out := &in.NodeGroupID, &out.NodeGroupID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuxiliaryNodeGroupsObservation. +func (in *AuxiliaryNodeGroupsObservation) DeepCopy() *AuxiliaryNodeGroupsObservation { + if in == nil { + return nil + } + out := new(AuxiliaryNodeGroupsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuxiliaryNodeGroupsParameters) DeepCopyInto(out *AuxiliaryNodeGroupsParameters) { + *out = *in + if in.NodeGroup != nil { + in, out := &in.NodeGroup, &out.NodeGroup + *out = make([]NodeGroupParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NodeGroupID != nil { + in, out := &in.NodeGroupID, &out.NodeGroupID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuxiliaryNodeGroupsParameters. +func (in *AuxiliaryNodeGroupsParameters) DeepCopy() *AuxiliaryNodeGroupsParameters { + if in == nil { + return nil + } + out := new(AuxiliaryNodeGroupsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuxiliaryServicesConfigInitParameters) DeepCopyInto(out *AuxiliaryServicesConfigInitParameters) { *out = *in @@ -619,6 +700,129 @@ func (in *AuxiliaryServicesConfigParameters) DeepCopy() *AuxiliaryServicesConfig return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuxiliaryVersionsInitParameters) DeepCopyInto(out *AuxiliaryVersionsInitParameters) { + *out = *in + if in.ConfigOverrides != nil { + in, out := &in.ConfigOverrides, &out.ConfigOverrides + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuxiliaryVersionsInitParameters. +func (in *AuxiliaryVersionsInitParameters) DeepCopy() *AuxiliaryVersionsInitParameters { + if in == nil { + return nil + } + out := new(AuxiliaryVersionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuxiliaryVersionsObservation) DeepCopyInto(out *AuxiliaryVersionsObservation) { + *out = *in + if in.ConfigOverrides != nil { + in, out := &in.ConfigOverrides, &out.ConfigOverrides + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuxiliaryVersionsObservation. +func (in *AuxiliaryVersionsObservation) DeepCopy() *AuxiliaryVersionsObservation { + if in == nil { + return nil + } + out := new(AuxiliaryVersionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuxiliaryVersionsParameters) DeepCopyInto(out *AuxiliaryVersionsParameters) { + *out = *in + if in.ConfigOverrides != nil { + in, out := &in.ConfigOverrides, &out.ConfigOverrides + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuxiliaryVersionsParameters. +func (in *AuxiliaryVersionsParameters) DeepCopy() *AuxiliaryVersionsParameters { + if in == nil { + return nil + } + out := new(AuxiliaryVersionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BasicAlgorithmInitParameters) DeepCopyInto(out *BasicAlgorithmInitParameters) { *out = *in @@ -737,6 +941,13 @@ func (in *ClusterConfigInitParameters) DeepCopyInto(out *ClusterConfigInitParame (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AuxiliaryNodeGroups != nil { + in, out := &in.AuxiliaryNodeGroups, &out.AuxiliaryNodeGroups + *out = make([]AuxiliaryNodeGroupsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DataprocMetricConfig != nil { in, out := &in.DataprocMetricConfig, &out.DataprocMetricConfig *out = make([]DataprocMetricConfigInitParameters, len(*in)) @@ -853,6 +1064,13 @@ func (in *ClusterConfigObservation) DeepCopyInto(out *ClusterConfigObservation) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AuxiliaryNodeGroups != nil { + in, out := &in.AuxiliaryNodeGroups, &out.AuxiliaryNodeGroups + *out = make([]AuxiliaryNodeGroupsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Bucket != nil { in, out := &in.Bucket, &out.Bucket *out = new(string) @@ -974,6 +1192,13 @@ func (in *ClusterConfigParameters) DeepCopyInto(out *ClusterConfigParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AuxiliaryNodeGroups != nil { + in, out := &in.AuxiliaryNodeGroups, &out.AuxiliaryNodeGroups + *out = make([]AuxiliaryNodeGroupsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DataprocMetricConfig != nil { in, out := &in.DataprocMetricConfig, &out.DataprocMetricConfig *out = make([]DataprocMetricConfigParameters, len(*in)) @@ -1112,6 +1337,11 @@ func (in *ClusterConfigWorkerConfigInitParameters) DeepCopyInto(out *ClusterConf *out = new(string) **out = **in } + if in.MinNumInstances != nil { + in, out := &in.MinNumInstances, &out.MinNumInstances + *out = new(float64) + **out = **in + } if in.NumInstances != nil { in, out := &in.NumInstances, &out.NumInstances *out = new(float64) @@ -1172,6 +1402,11 @@ func (in *ClusterConfigWorkerConfigObservation) DeepCopyInto(out *ClusterConfigW *out = new(string) **out = **in } + if in.MinNumInstances != nil { + in, out := &in.MinNumInstances, &out.MinNumInstances + *out = new(float64) + **out = **in + } if in.NumInstances != nil { in, out := &in.NumInstances, &out.NumInstances *out = new(float64) @@ -1221,6 +1456,11 @@ func (in *ClusterConfigWorkerConfigParameters) DeepCopyInto(out *ClusterConfigWo *out = new(string) **out = **in } + if in.MinNumInstances != nil { + in, out := &in.MinNumInstances, &out.MinNumInstances + *out = new(float64) + **out = **in + } if in.NumInstances != nil { in, out := &in.NumInstances, &out.NumInstances *out = new(float64) @@ -1345,6 +1585,22 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.GracefulDecommissionTimeout != nil { in, out := &in.GracefulDecommissionTimeout, &out.GracefulDecommissionTimeout *out = new(string) @@ -1386,6 +1642,22 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.VirtualClusterConfig != nil { in, out := &in.VirtualClusterConfig, &out.VirtualClusterConfig *out = make([]VirtualClusterConfigObservation, len(*in)) @@ -2257,40 +2529,205 @@ func (in *ConfigLifecycleConfigParameters) DeepCopy() *ConfigLifecycleConfigPara } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMasterConfigInitParameters) DeepCopyInto(out *ConfigMasterConfigInitParameters) { +func (in *ConfigMasterConfigAcceleratorsInitParameters) DeepCopyInto(out *ConfigMasterConfigAcceleratorsInitParameters) { *out = *in - if in.Accelerators != nil { - in, out := &in.Accelerators, &out.Accelerators - *out = make([]MasterConfigAcceleratorsInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.DiskConfig != nil { - in, out := &in.DiskConfig, &out.DiskConfig - *out = make([]MasterConfigDiskConfigInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Image != nil { - in, out := &in.Image, &out.Image - *out = new(string) + if in.AcceleratorCount != nil { + in, out := &in.AcceleratorCount, &out.AcceleratorCount + *out = new(float64) **out = **in } - if in.MachineType != nil { - in, out := &in.MachineType, &out.MachineType + if in.AcceleratorType != nil { + in, out := &in.AcceleratorType, &out.AcceleratorType *out = new(string) **out = **in } - if in.MinCPUPlatform != nil { - in, out := &in.MinCPUPlatform, &out.MinCPUPlatform - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMasterConfigAcceleratorsInitParameters. +func (in *ConfigMasterConfigAcceleratorsInitParameters) DeepCopy() *ConfigMasterConfigAcceleratorsInitParameters { + if in == nil { + return nil } - if in.NumInstances != nil { - in, out := &in.NumInstances, &out.NumInstances - *out = new(float64) + out := new(ConfigMasterConfigAcceleratorsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMasterConfigAcceleratorsObservation) DeepCopyInto(out *ConfigMasterConfigAcceleratorsObservation) { + *out = *in + if in.AcceleratorCount != nil { + in, out := &in.AcceleratorCount, &out.AcceleratorCount + *out = new(float64) + **out = **in + } + if in.AcceleratorType != nil { + in, out := &in.AcceleratorType, &out.AcceleratorType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMasterConfigAcceleratorsObservation. +func (in *ConfigMasterConfigAcceleratorsObservation) DeepCopy() *ConfigMasterConfigAcceleratorsObservation { + if in == nil { + return nil + } + out := new(ConfigMasterConfigAcceleratorsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMasterConfigAcceleratorsParameters) DeepCopyInto(out *ConfigMasterConfigAcceleratorsParameters) { + *out = *in + if in.AcceleratorCount != nil { + in, out := &in.AcceleratorCount, &out.AcceleratorCount + *out = new(float64) + **out = **in + } + if in.AcceleratorType != nil { + in, out := &in.AcceleratorType, &out.AcceleratorType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMasterConfigAcceleratorsParameters. +func (in *ConfigMasterConfigAcceleratorsParameters) DeepCopy() *ConfigMasterConfigAcceleratorsParameters { + if in == nil { + return nil + } + out := new(ConfigMasterConfigAcceleratorsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMasterConfigDiskConfigInitParameters) DeepCopyInto(out *ConfigMasterConfigDiskConfigInitParameters) { + *out = *in + if in.BootDiskSizeGb != nil { + in, out := &in.BootDiskSizeGb, &out.BootDiskSizeGb + *out = new(float64) + **out = **in + } + if in.BootDiskType != nil { + in, out := &in.BootDiskType, &out.BootDiskType + *out = new(string) + **out = **in + } + if in.NumLocalSsds != nil { + in, out := &in.NumLocalSsds, &out.NumLocalSsds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMasterConfigDiskConfigInitParameters. +func (in *ConfigMasterConfigDiskConfigInitParameters) DeepCopy() *ConfigMasterConfigDiskConfigInitParameters { + if in == nil { + return nil + } + out := new(ConfigMasterConfigDiskConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMasterConfigDiskConfigObservation) DeepCopyInto(out *ConfigMasterConfigDiskConfigObservation) { + *out = *in + if in.BootDiskSizeGb != nil { + in, out := &in.BootDiskSizeGb, &out.BootDiskSizeGb + *out = new(float64) + **out = **in + } + if in.BootDiskType != nil { + in, out := &in.BootDiskType, &out.BootDiskType + *out = new(string) + **out = **in + } + if in.NumLocalSsds != nil { + in, out := &in.NumLocalSsds, &out.NumLocalSsds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMasterConfigDiskConfigObservation. +func (in *ConfigMasterConfigDiskConfigObservation) DeepCopy() *ConfigMasterConfigDiskConfigObservation { + if in == nil { + return nil + } + out := new(ConfigMasterConfigDiskConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMasterConfigDiskConfigParameters) DeepCopyInto(out *ConfigMasterConfigDiskConfigParameters) { + *out = *in + if in.BootDiskSizeGb != nil { + in, out := &in.BootDiskSizeGb, &out.BootDiskSizeGb + *out = new(float64) + **out = **in + } + if in.BootDiskType != nil { + in, out := &in.BootDiskType, &out.BootDiskType + *out = new(string) + **out = **in + } + if in.NumLocalSsds != nil { + in, out := &in.NumLocalSsds, &out.NumLocalSsds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMasterConfigDiskConfigParameters. +func (in *ConfigMasterConfigDiskConfigParameters) DeepCopy() *ConfigMasterConfigDiskConfigParameters { + if in == nil { + return nil + } + out := new(ConfigMasterConfigDiskConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMasterConfigInitParameters) DeepCopyInto(out *ConfigMasterConfigInitParameters) { + *out = *in + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]ConfigMasterConfigAcceleratorsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DiskConfig != nil { + in, out := &in.DiskConfig, &out.DiskConfig + *out = make([]ConfigMasterConfigDiskConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Image != nil { + in, out := &in.Image, &out.Image + *out = new(string) + **out = **in + } + if in.MachineType != nil { + in, out := &in.MachineType, &out.MachineType + *out = new(string) + **out = **in + } + if in.MinCPUPlatform != nil { + in, out := &in.MinCPUPlatform, &out.MinCPUPlatform + *out = new(string) + **out = **in + } + if in.NumInstances != nil { + in, out := &in.NumInstances, &out.NumInstances + *out = new(float64) **out = **in } if in.Preemptibility != nil { @@ -2315,14 +2752,14 @@ func (in *ConfigMasterConfigObservation) DeepCopyInto(out *ConfigMasterConfigObs *out = *in if in.Accelerators != nil { in, out := &in.Accelerators, &out.Accelerators - *out = make([]MasterConfigAcceleratorsObservation, len(*in)) + *out = make([]ConfigMasterConfigAcceleratorsObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.DiskConfig != nil { in, out := &in.DiskConfig, &out.DiskConfig - *out = make([]MasterConfigDiskConfigObservation, len(*in)) + *out = make([]ConfigMasterConfigDiskConfigObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2392,14 +2829,14 @@ func (in *ConfigMasterConfigParameters) DeepCopyInto(out *ConfigMasterConfigPara *out = *in if in.Accelerators != nil { in, out := &in.Accelerators, &out.Accelerators - *out = make([]MasterConfigAcceleratorsParameters, len(*in)) + *out = make([]ConfigMasterConfigAcceleratorsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.DiskConfig != nil { in, out := &in.DiskConfig, &out.DiskConfig - *out = make([]MasterConfigDiskConfigParameters, len(*in)) + *out = make([]ConfigMasterConfigDiskConfigParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -3348,6 +3785,66 @@ func (in *ConsumersParameters) DeepCopy() *ConsumersParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataCatalogConfigInitParameters) DeepCopyInto(out *DataCatalogConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataCatalogConfigInitParameters. +func (in *DataCatalogConfigInitParameters) DeepCopy() *DataCatalogConfigInitParameters { + if in == nil { + return nil + } + out := new(DataCatalogConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataCatalogConfigObservation) DeepCopyInto(out *DataCatalogConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataCatalogConfigObservation. +func (in *DataCatalogConfigObservation) DeepCopy() *DataCatalogConfigObservation { + if in == nil { + return nil + } + out := new(DataCatalogConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataCatalogConfigParameters) DeepCopyInto(out *DataCatalogConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataCatalogConfigParameters. +func (in *DataCatalogConfigParameters) DeepCopy() *DataCatalogConfigParameters { + if in == nil { + return nil + } + out := new(DataCatalogConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DataprocMetricConfigInitParameters) DeepCopyInto(out *DataprocMetricConfigInitParameters) { *out = *in @@ -5406,6 +5903,13 @@ func (in *HiveJobParameters) DeepCopy() *HiveJobParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HiveMetastoreConfigInitParameters) DeepCopyInto(out *HiveMetastoreConfigInitParameters) { *out = *in + if in.AuxiliaryVersions != nil { + in, out := &in.AuxiliaryVersions, &out.AuxiliaryVersions + *out = make([]AuxiliaryVersionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ConfigOverrides != nil { in, out := &in.ConfigOverrides, &out.ConfigOverrides *out = make(map[string]*string, len(*in)) @@ -5422,6 +5926,11 @@ func (in *HiveMetastoreConfigInitParameters) DeepCopyInto(out *HiveMetastoreConf (*out)[key] = outVal } } + if in.EndpointProtocol != nil { + in, out := &in.EndpointProtocol, &out.EndpointProtocol + *out = new(string) + **out = **in + } if in.KerberosConfig != nil { in, out := &in.KerberosConfig, &out.KerberosConfig *out = make([]HiveMetastoreConfigKerberosConfigInitParameters, len(*in)) @@ -5545,6 +6054,13 @@ func (in *HiveMetastoreConfigKerberosConfigParameters) DeepCopy() *HiveMetastore // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HiveMetastoreConfigObservation) DeepCopyInto(out *HiveMetastoreConfigObservation) { *out = *in + if in.AuxiliaryVersions != nil { + in, out := &in.AuxiliaryVersions, &out.AuxiliaryVersions + *out = make([]AuxiliaryVersionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ConfigOverrides != nil { in, out := &in.ConfigOverrides, &out.ConfigOverrides *out = make(map[string]*string, len(*in)) @@ -5561,6 +6077,11 @@ func (in *HiveMetastoreConfigObservation) DeepCopyInto(out *HiveMetastoreConfigO (*out)[key] = outVal } } + if in.EndpointProtocol != nil { + in, out := &in.EndpointProtocol, &out.EndpointProtocol + *out = new(string) + **out = **in + } if in.KerberosConfig != nil { in, out := &in.KerberosConfig, &out.KerberosConfig *out = make([]HiveMetastoreConfigKerberosConfigObservation, len(*in)) @@ -5588,6 +6109,13 @@ func (in *HiveMetastoreConfigObservation) DeepCopy() *HiveMetastoreConfigObserva // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HiveMetastoreConfigParameters) DeepCopyInto(out *HiveMetastoreConfigParameters) { *out = *in + if in.AuxiliaryVersions != nil { + in, out := &in.AuxiliaryVersions, &out.AuxiliaryVersions + *out = make([]AuxiliaryVersionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ConfigOverrides != nil { in, out := &in.ConfigOverrides, &out.ConfigOverrides *out = make(map[string]*string, len(*in)) @@ -5604,6 +6132,11 @@ func (in *HiveMetastoreConfigParameters) DeepCopyInto(out *HiveMetastoreConfigPa (*out)[key] = outVal } } + if in.EndpointProtocol != nil { + in, out := &in.EndpointProtocol, &out.EndpointProtocol + *out = new(string) + **out = **in + } if in.KerberosConfig != nil { in, out := &in.KerberosConfig, &out.KerberosConfig *out = make([]HiveMetastoreConfigKerberosConfigParameters, len(*in)) @@ -5779,50 +6312,271 @@ func (in *InitializationActionsParameters) DeepCopy() *InitializationActionsPara } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Job) DeepCopyInto(out *Job) { +func (in *InstanceFlexibilityPolicyInitParameters) DeepCopyInto(out *InstanceFlexibilityPolicyInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.InstanceSelectionList != nil { + in, out := &in.InstanceSelectionList, &out.InstanceSelectionList + *out = make([]InstanceSelectionListInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Job. -func (in *Job) DeepCopy() *Job { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyInitParameters. +func (in *InstanceFlexibilityPolicyInitParameters) DeepCopy() *InstanceFlexibilityPolicyInitParameters { if in == nil { return nil } - out := new(Job) + out := new(InstanceFlexibilityPolicyInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Job) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobInitParameters) DeepCopyInto(out *JobInitParameters) { +func (in *InstanceFlexibilityPolicyObservation) DeepCopyInto(out *InstanceFlexibilityPolicyObservation) { *out = *in - if in.ForceDelete != nil { - in, out := &in.ForceDelete, &out.ForceDelete - *out = new(bool) - **out = **in - } - if in.HadoopConfig != nil { - in, out := &in.HadoopConfig, &out.HadoopConfig - *out = make([]HadoopConfigInitParameters, len(*in)) + if in.InstanceSelectionList != nil { + in, out := &in.InstanceSelectionList, &out.InstanceSelectionList + *out = make([]InstanceSelectionListObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.HiveConfig != nil { - in, out := &in.HiveConfig, &out.HiveConfig - *out = make([]HiveConfigInitParameters, len(*in)) + if in.InstanceSelectionResults != nil { + in, out := &in.InstanceSelectionResults, &out.InstanceSelectionResults + *out = make([]InstanceSelectionResultsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyObservation. +func (in *InstanceFlexibilityPolicyObservation) DeepCopy() *InstanceFlexibilityPolicyObservation { + if in == nil { + return nil + } + out := new(InstanceFlexibilityPolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceFlexibilityPolicyParameters) DeepCopyInto(out *InstanceFlexibilityPolicyParameters) { + *out = *in + if in.InstanceSelectionList != nil { + in, out := &in.InstanceSelectionList, &out.InstanceSelectionList + *out = make([]InstanceSelectionListParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyParameters. +func (in *InstanceFlexibilityPolicyParameters) DeepCopy() *InstanceFlexibilityPolicyParameters { + if in == nil { + return nil + } + out := new(InstanceFlexibilityPolicyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionListInitParameters) DeepCopyInto(out *InstanceSelectionListInitParameters) { + *out = *in + if in.MachineTypes != nil { + in, out := &in.MachineTypes, &out.MachineTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Rank != nil { + in, out := &in.Rank, &out.Rank + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionListInitParameters. +func (in *InstanceSelectionListInitParameters) DeepCopy() *InstanceSelectionListInitParameters { + if in == nil { + return nil + } + out := new(InstanceSelectionListInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionListObservation) DeepCopyInto(out *InstanceSelectionListObservation) { + *out = *in + if in.MachineTypes != nil { + in, out := &in.MachineTypes, &out.MachineTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Rank != nil { + in, out := &in.Rank, &out.Rank + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionListObservation. +func (in *InstanceSelectionListObservation) DeepCopy() *InstanceSelectionListObservation { + if in == nil { + return nil + } + out := new(InstanceSelectionListObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionListParameters) DeepCopyInto(out *InstanceSelectionListParameters) { + *out = *in + if in.MachineTypes != nil { + in, out := &in.MachineTypes, &out.MachineTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Rank != nil { + in, out := &in.Rank, &out.Rank + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionListParameters. +func (in *InstanceSelectionListParameters) DeepCopy() *InstanceSelectionListParameters { + if in == nil { + return nil + } + out := new(InstanceSelectionListParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionResultsInitParameters) DeepCopyInto(out *InstanceSelectionResultsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionResultsInitParameters. +func (in *InstanceSelectionResultsInitParameters) DeepCopy() *InstanceSelectionResultsInitParameters { + if in == nil { + return nil + } + out := new(InstanceSelectionResultsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionResultsObservation) DeepCopyInto(out *InstanceSelectionResultsObservation) { + *out = *in + if in.MachineType != nil { + in, out := &in.MachineType, &out.MachineType + *out = new(string) + **out = **in + } + if in.VMCount != nil { + in, out := &in.VMCount, &out.VMCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionResultsObservation. +func (in *InstanceSelectionResultsObservation) DeepCopy() *InstanceSelectionResultsObservation { + if in == nil { + return nil + } + out := new(InstanceSelectionResultsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionResultsParameters) DeepCopyInto(out *InstanceSelectionResultsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionResultsParameters. +func (in *InstanceSelectionResultsParameters) DeepCopy() *InstanceSelectionResultsParameters { + if in == nil { + return nil + } + out := new(InstanceSelectionResultsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Job) DeepCopyInto(out *Job) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Job. +func (in *Job) DeepCopy() *Job { + if in == nil { + return nil + } + out := new(Job) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Job) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *JobInitParameters) DeepCopyInto(out *JobInitParameters) { + *out = *in + if in.ForceDelete != nil { + in, out := &in.ForceDelete, &out.ForceDelete + *out = new(bool) + **out = **in + } + if in.HadoopConfig != nil { + in, out := &in.HadoopConfig, &out.HadoopConfig + *out = make([]HadoopConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.HiveConfig != nil { + in, out := &in.HiveConfig, &out.HiveConfig + *out = make([]HiveConfigInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -5976,6 +6730,22 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ForceDelete != nil { in, out := &in.ForceDelete, &out.ForceDelete *out = new(bool) @@ -6089,6 +6859,22 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobObservation. @@ -8148,14 +8934,14 @@ func (in *MasterConfigInitParameters) DeepCopyInto(out *MasterConfigInitParamete *out = *in if in.Accelerators != nil { in, out := &in.Accelerators, &out.Accelerators - *out = make([]AcceleratorsInitParameters, len(*in)) + *out = make([]MasterConfigAcceleratorsInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.DiskConfig != nil { in, out := &in.DiskConfig, &out.DiskConfig - *out = make([]DiskConfigInitParameters, len(*in)) + *out = make([]MasterConfigDiskConfigInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -8197,14 +8983,14 @@ func (in *MasterConfigObservation) DeepCopyInto(out *MasterConfigObservation) { *out = *in if in.Accelerators != nil { in, out := &in.Accelerators, &out.Accelerators - *out = make([]AcceleratorsObservation, len(*in)) + *out = make([]MasterConfigAcceleratorsObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.DiskConfig != nil { in, out := &in.DiskConfig, &out.DiskConfig - *out = make([]DiskConfigObservation, len(*in)) + *out = make([]MasterConfigDiskConfigObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -8257,14 +9043,14 @@ func (in *MasterConfigParameters) DeepCopyInto(out *MasterConfigParameters) { *out = *in if in.Accelerators != nil { in, out := &in.Accelerators, &out.Accelerators - *out = make([]AcceleratorsParameters, len(*in)) + *out = make([]MasterConfigAcceleratorsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.DiskConfig != nil { in, out := &in.DiskConfig, &out.DiskConfig - *out = make([]DiskConfigParameters, len(*in)) + *out = make([]MasterConfigDiskConfigParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -8302,61 +9088,127 @@ func (in *MasterConfigParameters) DeepCopy() *MasterConfigParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetastoreConfigInitParameters) DeepCopyInto(out *MetastoreConfigInitParameters) { +func (in *MetadataIntegrationInitParameters) DeepCopyInto(out *MetadataIntegrationInitParameters) { *out = *in - if in.DataprocMetastoreService != nil { - in, out := &in.DataprocMetastoreService, &out.DataprocMetastoreService - *out = new(string) - **out = **in + if in.DataCatalogConfig != nil { + in, out := &in.DataCatalogConfig, &out.DataCatalogConfig + *out = make([]DataCatalogConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreConfigInitParameters. -func (in *MetastoreConfigInitParameters) DeepCopy() *MetastoreConfigInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataIntegrationInitParameters. +func (in *MetadataIntegrationInitParameters) DeepCopy() *MetadataIntegrationInitParameters { if in == nil { return nil } - out := new(MetastoreConfigInitParameters) + out := new(MetadataIntegrationInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetastoreConfigObservation) DeepCopyInto(out *MetastoreConfigObservation) { +func (in *MetadataIntegrationObservation) DeepCopyInto(out *MetadataIntegrationObservation) { *out = *in - if in.DataprocMetastoreService != nil { - in, out := &in.DataprocMetastoreService, &out.DataprocMetastoreService - *out = new(string) - **out = **in + if in.DataCatalogConfig != nil { + in, out := &in.DataCatalogConfig, &out.DataCatalogConfig + *out = make([]DataCatalogConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreConfigObservation. -func (in *MetastoreConfigObservation) DeepCopy() *MetastoreConfigObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataIntegrationObservation. +func (in *MetadataIntegrationObservation) DeepCopy() *MetadataIntegrationObservation { if in == nil { return nil } - out := new(MetastoreConfigObservation) + out := new(MetadataIntegrationObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetastoreConfigParameters) DeepCopyInto(out *MetastoreConfigParameters) { +func (in *MetadataIntegrationParameters) DeepCopyInto(out *MetadataIntegrationParameters) { *out = *in - if in.DataprocMetastoreService != nil { - in, out := &in.DataprocMetastoreService, &out.DataprocMetastoreService - *out = new(string) - **out = **in + if in.DataCatalogConfig != nil { + in, out := &in.DataCatalogConfig, &out.DataCatalogConfig + *out = make([]DataCatalogConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreConfigParameters. -func (in *MetastoreConfigParameters) DeepCopy() *MetastoreConfigParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataIntegrationParameters. +func (in *MetadataIntegrationParameters) DeepCopy() *MetadataIntegrationParameters { if in == nil { return nil } - out := new(MetastoreConfigParameters) + out := new(MetadataIntegrationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetastoreConfigInitParameters) DeepCopyInto(out *MetastoreConfigInitParameters) { + *out = *in + if in.DataprocMetastoreService != nil { + in, out := &in.DataprocMetastoreService, &out.DataprocMetastoreService + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreConfigInitParameters. +func (in *MetastoreConfigInitParameters) DeepCopy() *MetastoreConfigInitParameters { + if in == nil { + return nil + } + out := new(MetastoreConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetastoreConfigObservation) DeepCopyInto(out *MetastoreConfigObservation) { + *out = *in + if in.DataprocMetastoreService != nil { + in, out := &in.DataprocMetastoreService, &out.DataprocMetastoreService + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreConfigObservation. +func (in *MetastoreConfigObservation) DeepCopy() *MetastoreConfigObservation { + if in == nil { + return nil + } + out := new(MetastoreConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetastoreConfigParameters) DeepCopyInto(out *MetastoreConfigParameters) { + *out = *in + if in.DataprocMetastoreService != nil { + in, out := &in.DataprocMetastoreService, &out.DataprocMetastoreService + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetastoreConfigParameters. +func (in *MetastoreConfigParameters) DeepCopy() *MetastoreConfigParameters { + if in == nil { + return nil + } + out := new(MetastoreConfigParameters) in.DeepCopyInto(out) return out } @@ -8513,6 +9365,13 @@ func (in *MetastoreServiceInitParameters) DeepCopyInto(out *MetastoreServiceInit (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MetadataIntegration != nil { + in, out := &in.MetadataIntegration, &out.MetadataIntegration + *out = make([]MetadataIntegrationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -8540,6 +9399,13 @@ func (in *MetastoreServiceInitParameters) DeepCopyInto(out *MetastoreServiceInit *out = new(string) **out = **in } + if in.ScalingConfig != nil { + in, out := &in.ScalingConfig, &out.ScalingConfig + *out = make([]ScalingConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TelemetryConfig != nil { in, out := &in.TelemetryConfig, &out.TelemetryConfig *out = make([]TelemetryConfigInitParameters, len(*in)) @@ -8609,6 +9475,22 @@ func (in *MetastoreServiceObservation) DeepCopyInto(out *MetastoreServiceObserva *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = make([]MetastoreServiceEncryptionConfigObservation, len(*in)) @@ -8661,6 +9543,13 @@ func (in *MetastoreServiceObservation) DeepCopyInto(out *MetastoreServiceObserva (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MetadataIntegration != nil { + in, out := &in.MetadataIntegration, &out.MetadataIntegration + *out = make([]MetadataIntegrationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -8693,6 +9582,13 @@ func (in *MetastoreServiceObservation) DeepCopyInto(out *MetastoreServiceObserva *out = new(string) **out = **in } + if in.ScalingConfig != nil { + in, out := &in.ScalingConfig, &out.ScalingConfig + *out = make([]ScalingConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) @@ -8710,6 +9606,22 @@ func (in *MetastoreServiceObservation) DeepCopyInto(out *MetastoreServiceObserva (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Tier != nil { in, out := &in.Tier, &out.Tier *out = new(string) @@ -8782,6 +9694,13 @@ func (in *MetastoreServiceParameters) DeepCopyInto(out *MetastoreServiceParamete (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MetadataIntegration != nil { + in, out := &in.MetadataIntegration, &out.MetadataIntegration + *out = make([]MetadataIntegrationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -8809,6 +9728,13 @@ func (in *MetastoreServiceParameters) DeepCopyInto(out *MetastoreServiceParamete *out = new(string) **out = **in } + if in.ScalingConfig != nil { + in, out := &in.ScalingConfig, &out.ScalingConfig + *out = make([]ScalingConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TelemetryConfig != nil { in, out := &in.TelemetryConfig, &out.TelemetryConfig *out = make([]TelemetryConfigParameters, len(*in)) @@ -8920,21 +9846,236 @@ func (in *MetricsObservation) DeepCopyInto(out *MetricsObservation) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsObservation. -func (in *MetricsObservation) DeepCopy() *MetricsObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsObservation. +func (in *MetricsObservation) DeepCopy() *MetricsObservation { + if in == nil { + return nil + } + out := new(MetricsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetricsParameters) DeepCopyInto(out *MetricsParameters) { + *out = *in + if in.MetricOverrides != nil { + in, out := &in.MetricOverrides, &out.MetricOverrides + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MetricSource != nil { + in, out := &in.MetricSource, &out.MetricSource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsParameters. +func (in *MetricsParameters) DeepCopy() *MetricsParameters { + if in == nil { + return nil + } + out := new(MetricsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigInitParameters) DeepCopyInto(out *NetworkConfigInitParameters) { + *out = *in + if in.Consumers != nil { + in, out := &in.Consumers, &out.Consumers + *out = make([]ConsumersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigInitParameters. +func (in *NetworkConfigInitParameters) DeepCopy() *NetworkConfigInitParameters { + if in == nil { + return nil + } + out := new(NetworkConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigObservation) DeepCopyInto(out *NetworkConfigObservation) { + *out = *in + if in.Consumers != nil { + in, out := &in.Consumers, &out.Consumers + *out = make([]ConsumersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigObservation. +func (in *NetworkConfigObservation) DeepCopy() *NetworkConfigObservation { + if in == nil { + return nil + } + out := new(NetworkConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigParameters) DeepCopyInto(out *NetworkConfigParameters) { + *out = *in + if in.Consumers != nil { + in, out := &in.Consumers, &out.Consumers + *out = make([]ConsumersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigParameters. +func (in *NetworkConfigParameters) DeepCopy() *NetworkConfigParameters { + if in == nil { + return nil + } + out := new(NetworkConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeGroupAffinityInitParameters) DeepCopyInto(out *NodeGroupAffinityInitParameters) { + *out = *in + if in.NodeGroupURI != nil { + in, out := &in.NodeGroupURI, &out.NodeGroupURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupAffinityInitParameters. +func (in *NodeGroupAffinityInitParameters) DeepCopy() *NodeGroupAffinityInitParameters { + if in == nil { + return nil + } + out := new(NodeGroupAffinityInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeGroupAffinityObservation) DeepCopyInto(out *NodeGroupAffinityObservation) { + *out = *in + if in.NodeGroupURI != nil { + in, out := &in.NodeGroupURI, &out.NodeGroupURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupAffinityObservation. +func (in *NodeGroupAffinityObservation) DeepCopy() *NodeGroupAffinityObservation { + if in == nil { + return nil + } + out := new(NodeGroupAffinityObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeGroupAffinityParameters) DeepCopyInto(out *NodeGroupAffinityParameters) { + *out = *in + if in.NodeGroupURI != nil { + in, out := &in.NodeGroupURI, &out.NodeGroupURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupAffinityParameters. +func (in *NodeGroupAffinityParameters) DeepCopy() *NodeGroupAffinityParameters { + if in == nil { + return nil + } + out := new(NodeGroupAffinityParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeGroupConfigInitParameters) DeepCopyInto(out *NodeGroupConfigInitParameters) { + *out = *in + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]AcceleratorsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DiskConfig != nil { + in, out := &in.DiskConfig, &out.DiskConfig + *out = make([]DiskConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MachineType != nil { + in, out := &in.MachineType, &out.MachineType + *out = new(string) + **out = **in + } + if in.MinCPUPlatform != nil { + in, out := &in.MinCPUPlatform, &out.MinCPUPlatform + *out = new(string) + **out = **in + } + if in.NumInstances != nil { + in, out := &in.NumInstances, &out.NumInstances + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupConfigInitParameters. +func (in *NodeGroupConfigInitParameters) DeepCopy() *NodeGroupConfigInitParameters { if in == nil { return nil } - out := new(MetricsObservation) + out := new(NodeGroupConfigInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricsParameters) DeepCopyInto(out *MetricsParameters) { +func (in *NodeGroupConfigObservation) DeepCopyInto(out *NodeGroupConfigObservation) { *out = *in - if in.MetricOverrides != nil { - in, out := &in.MetricOverrides, &out.MetricOverrides + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]AcceleratorsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DiskConfig != nil { + in, out := &in.DiskConfig, &out.DiskConfig + *out = make([]DiskConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.InstanceNames != nil { + in, out := &in.InstanceNames, &out.InstanceNames *out = make([]*string, len(*in)) for i := range *in { if (*in)[i] != nil { @@ -8944,145 +10085,177 @@ func (in *MetricsParameters) DeepCopyInto(out *MetricsParameters) { } } } - if in.MetricSource != nil { - in, out := &in.MetricSource, &out.MetricSource + if in.MachineType != nil { + in, out := &in.MachineType, &out.MachineType + *out = new(string) + **out = **in + } + if in.MinCPUPlatform != nil { + in, out := &in.MinCPUPlatform, &out.MinCPUPlatform *out = new(string) **out = **in } + if in.NumInstances != nil { + in, out := &in.NumInstances, &out.NumInstances + *out = new(float64) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsParameters. -func (in *MetricsParameters) DeepCopy() *MetricsParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupConfigObservation. +func (in *NodeGroupConfigObservation) DeepCopy() *NodeGroupConfigObservation { if in == nil { return nil } - out := new(MetricsParameters) + out := new(NodeGroupConfigObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkConfigInitParameters) DeepCopyInto(out *NetworkConfigInitParameters) { +func (in *NodeGroupConfigParameters) DeepCopyInto(out *NodeGroupConfigParameters) { *out = *in - if in.Consumers != nil { - in, out := &in.Consumers, &out.Consumers - *out = make([]ConsumersInitParameters, len(*in)) + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]AcceleratorsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigInitParameters. -func (in *NetworkConfigInitParameters) DeepCopy() *NetworkConfigInitParameters { - if in == nil { - return nil - } - out := new(NetworkConfigInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkConfigObservation) DeepCopyInto(out *NetworkConfigObservation) { - *out = *in - if in.Consumers != nil { - in, out := &in.Consumers, &out.Consumers - *out = make([]ConsumersObservation, len(*in)) + if in.DiskConfig != nil { + in, out := &in.DiskConfig, &out.DiskConfig + *out = make([]DiskConfigParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.MachineType != nil { + in, out := &in.MachineType, &out.MachineType + *out = new(string) + **out = **in + } + if in.MinCPUPlatform != nil { + in, out := &in.MinCPUPlatform, &out.MinCPUPlatform + *out = new(string) + **out = **in + } + if in.NumInstances != nil { + in, out := &in.NumInstances, &out.NumInstances + *out = new(float64) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigObservation. -func (in *NetworkConfigObservation) DeepCopy() *NetworkConfigObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupConfigParameters. +func (in *NodeGroupConfigParameters) DeepCopy() *NodeGroupConfigParameters { if in == nil { return nil } - out := new(NetworkConfigObservation) + out := new(NodeGroupConfigParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkConfigParameters) DeepCopyInto(out *NetworkConfigParameters) { +func (in *NodeGroupInitParameters) DeepCopyInto(out *NodeGroupInitParameters) { *out = *in - if in.Consumers != nil { - in, out := &in.Consumers, &out.Consumers - *out = make([]ConsumersParameters, len(*in)) + if in.NodeGroupConfig != nil { + in, out := &in.NodeGroupConfig, &out.NodeGroupConfig + *out = make([]NodeGroupConfigInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigParameters. -func (in *NetworkConfigParameters) DeepCopy() *NetworkConfigParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupInitParameters. +func (in *NodeGroupInitParameters) DeepCopy() *NodeGroupInitParameters { if in == nil { return nil } - out := new(NetworkConfigParameters) + out := new(NodeGroupInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeGroupAffinityInitParameters) DeepCopyInto(out *NodeGroupAffinityInitParameters) { +func (in *NodeGroupObservation) DeepCopyInto(out *NodeGroupObservation) { *out = *in - if in.NodeGroupURI != nil { - in, out := &in.NodeGroupURI, &out.NodeGroupURI + if in.Name != nil { + in, out := &in.Name, &out.Name *out = new(string) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupAffinityInitParameters. -func (in *NodeGroupAffinityInitParameters) DeepCopy() *NodeGroupAffinityInitParameters { - if in == nil { - return nil + if in.NodeGroupConfig != nil { + in, out := &in.NodeGroupConfig, &out.NodeGroupConfig + *out = make([]NodeGroupConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - out := new(NodeGroupAffinityInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeGroupAffinityObservation) DeepCopyInto(out *NodeGroupAffinityObservation) { - *out = *in - if in.NodeGroupURI != nil { - in, out := &in.NodeGroupURI, &out.NodeGroupURI - *out = new(string) - **out = **in + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupAffinityObservation. -func (in *NodeGroupAffinityObservation) DeepCopy() *NodeGroupAffinityObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupObservation. +func (in *NodeGroupObservation) DeepCopy() *NodeGroupObservation { if in == nil { return nil } - out := new(NodeGroupAffinityObservation) + out := new(NodeGroupObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeGroupAffinityParameters) DeepCopyInto(out *NodeGroupAffinityParameters) { +func (in *NodeGroupParameters) DeepCopyInto(out *NodeGroupParameters) { *out = *in - if in.NodeGroupURI != nil { - in, out := &in.NodeGroupURI, &out.NodeGroupURI - *out = new(string) - **out = **in + if in.NodeGroupConfig != nil { + in, out := &in.NodeGroupConfig, &out.NodeGroupConfig + *out = make([]NodeGroupConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupAffinityParameters. -func (in *NodeGroupAffinityParameters) DeepCopy() *NodeGroupAffinityParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupParameters. +func (in *NodeGroupParameters) DeepCopy() *NodeGroupParameters { if in == nil { return nil } - out := new(NodeGroupAffinityParameters) + out := new(NodeGroupParameters) in.DeepCopyInto(out) return out } @@ -10403,6 +11576,13 @@ func (in *PreemptibleWorkerConfigInitParameters) DeepCopyInto(out *PreemptibleWo (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.InstanceFlexibilityPolicy != nil { + in, out := &in.InstanceFlexibilityPolicy, &out.InstanceFlexibilityPolicy + *out = make([]InstanceFlexibilityPolicyInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NumInstances != nil { in, out := &in.NumInstances, &out.NumInstances *out = new(float64) @@ -10435,6 +11615,13 @@ func (in *PreemptibleWorkerConfigObservation) DeepCopyInto(out *PreemptibleWorke (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.InstanceFlexibilityPolicy != nil { + in, out := &in.InstanceFlexibilityPolicy, &out.InstanceFlexibilityPolicy + *out = make([]InstanceFlexibilityPolicyObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.InstanceNames != nil { in, out := &in.InstanceNames, &out.InstanceNames *out = make([]*string, len(*in)) @@ -10478,6 +11665,13 @@ func (in *PreemptibleWorkerConfigParameters) DeepCopyInto(out *PreemptibleWorker (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.InstanceFlexibilityPolicy != nil { + in, out := &in.InstanceFlexibilityPolicy, &out.InstanceFlexibilityPolicy + *out = make([]InstanceFlexibilityPolicyParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NumInstances != nil { in, out := &in.NumInstances, &out.NumInstances *out = new(float64) @@ -12300,6 +13494,81 @@ func (in *ReservationAffinityParameters) DeepCopy() *ReservationAffinityParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScalingConfigInitParameters) DeepCopyInto(out *ScalingConfigInitParameters) { + *out = *in + if in.InstanceSize != nil { + in, out := &in.InstanceSize, &out.InstanceSize + *out = new(string) + **out = **in + } + if in.ScalingFactor != nil { + in, out := &in.ScalingFactor, &out.ScalingFactor + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalingConfigInitParameters. +func (in *ScalingConfigInitParameters) DeepCopy() *ScalingConfigInitParameters { + if in == nil { + return nil + } + out := new(ScalingConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScalingConfigObservation) DeepCopyInto(out *ScalingConfigObservation) { + *out = *in + if in.InstanceSize != nil { + in, out := &in.InstanceSize, &out.InstanceSize + *out = new(string) + **out = **in + } + if in.ScalingFactor != nil { + in, out := &in.ScalingFactor, &out.ScalingFactor + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalingConfigObservation. +func (in *ScalingConfigObservation) DeepCopy() *ScalingConfigObservation { + if in == nil { + return nil + } + out := new(ScalingConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScalingConfigParameters) DeepCopyInto(out *ScalingConfigParameters) { + *out = *in + if in.InstanceSize != nil { + in, out := &in.InstanceSize, &out.InstanceSize + *out = new(string) + **out = **in + } + if in.ScalingFactor != nil { + in, out := &in.ScalingFactor, &out.ScalingFactor + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalingConfigParameters. +func (in *ScalingConfigParameters) DeepCopy() *ScalingConfigParameters { + if in == nil { + return nil + } + out := new(ScalingConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SchedulingInitParameters) DeepCopyInto(out *SchedulingInitParameters) { *out = *in @@ -15957,6 +17226,22 @@ func (in *WorkflowTemplateObservation) DeepCopyInto(out *WorkflowTemplateObserva *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -16009,6 +17294,22 @@ func (in *WorkflowTemplateObservation) DeepCopyInto(out *WorkflowTemplateObserva *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) diff --git a/apis/dataproc/v1beta1/zz_job_types.go b/apis/dataproc/v1beta1/zz_job_types.go index 75750e8bb..b2ec87f53 100755 --- a/apis/dataproc/v1beta1/zz_job_types.go +++ b/apis/dataproc/v1beta1/zz_job_types.go @@ -211,6 +211,8 @@ type JobInitParameters struct { HiveConfig []HiveConfigInitParameters `json:"hiveConfig,omitempty" tf:"hive_config,omitempty"` // The list of labels (key/value pairs) to add to the job. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -257,6 +259,9 @@ type JobObservation struct { // A URI pointing to the location of the stdout of the job's driver program. DriverOutputResourceURI *string `json:"driverOutputResourceUri,omitempty" tf:"driver_output_resource_uri,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // By default, you can only delete inactive jobs within // Dataproc. Setting this to true, and calling destroy, will ensure that the // job is first cancelled before issuing the delete. @@ -269,6 +274,8 @@ type JobObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // The list of labels (key/value pairs) to add to the job. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -297,6 +304,10 @@ type JobObservation struct { SparksqlConfig []SparksqlConfigObservation `json:"sparksqlConfig,omitempty" tf:"sparksql_config,omitempty"` Status []StatusObservation `json:"status,omitempty" tf:"status,omitempty"` + + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type JobParameters struct { @@ -314,6 +325,8 @@ type JobParameters struct { HiveConfig []HiveConfigParameters `json:"hiveConfig,omitempty" tf:"hive_config,omitempty"` // The list of labels (key/value pairs) to add to the job. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field 'effective_labels' for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/dataproc/v1beta1/zz_metastoreservice_types.go b/apis/dataproc/v1beta1/zz_metastoreservice_types.go index 8632b63ed..b88689347 100755 --- a/apis/dataproc/v1beta1/zz_metastoreservice_types.go +++ b/apis/dataproc/v1beta1/zz_metastoreservice_types.go @@ -29,6 +29,51 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AuxiliaryVersionsInitParameters struct { + + // A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + // The mappings override system defaults (some keys cannot be overridden) + // +mapType=granular + ConfigOverrides map[string]*string `json:"configOverrides,omitempty" tf:"config_overrides,omitempty"` + + // The identifier for this object. Format specified above. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The Hive metastore schema version. + Version *string `json:"version,omitempty" tf:"version,omitempty"` +} + +type AuxiliaryVersionsObservation struct { + + // A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + // The mappings override system defaults (some keys cannot be overridden) + // +mapType=granular + ConfigOverrides map[string]*string `json:"configOverrides,omitempty" tf:"config_overrides,omitempty"` + + // The identifier for this object. Format specified above. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The Hive metastore schema version. + Version *string `json:"version,omitempty" tf:"version,omitempty"` +} + +type AuxiliaryVersionsParameters struct { + + // A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + // The mappings override system defaults (some keys cannot be overridden) + // +kubebuilder:validation:Optional + // +mapType=granular + ConfigOverrides map[string]*string `json:"configOverrides,omitempty" tf:"config_overrides,omitempty"` + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + Key *string `json:"key" tf:"key,omitempty"` + + // The Hive metastore schema version. + // +kubebuilder:validation:Optional + Version *string `json:"version" tf:"version,omitempty"` +} + type ConsumersInitParameters struct { // The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. @@ -50,7 +95,6 @@ type ConsumersInitParameters struct { type ConsumersObservation struct { - // (Output) // The URI of the endpoint used to access the metastore service. EndpointURI *string `json:"endpointUri,omitempty" tf:"endpoint_uri,omitempty"` @@ -81,13 +125,45 @@ type ConsumersParameters struct { SubnetworkSelector *v1.Selector `json:"subnetworkSelector,omitempty" tf:"-"` } +type DataCatalogConfigInitParameters struct { + + // Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type DataCatalogConfigObservation struct { + + // Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type DataCatalogConfigParameters struct { + + // Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type HiveMetastoreConfigInitParameters struct { + // A mapping of Hive metastore version to the auxiliary version configuration. + // When specified, a secondary Hive metastore service is created along with the primary service. + // All auxiliary versions must be less than the service's primary version. + // The key is the auxiliary service name and it must match the regular expression a-z?. + // This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + // Structure is documented below. + AuxiliaryVersions []AuxiliaryVersionsInitParameters `json:"auxiliaryVersions,omitempty" tf:"auxiliary_versions,omitempty"` + // A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). // The mappings override system defaults (some keys cannot be overridden) // +mapType=granular ConfigOverrides map[string]*string `json:"configOverrides,omitempty" tf:"config_overrides,omitempty"` + // The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. + // Default value is THRIFT. + // Possible values are: THRIFT, GRPC. + EndpointProtocol *string `json:"endpointProtocol,omitempty" tf:"endpoint_protocol,omitempty"` + // Information used to configure the Hive metastore service as a service principal in a Kerberos realm. // Structure is documented below. KerberosConfig []HiveMetastoreConfigKerberosConfigInitParameters `json:"kerberosConfig,omitempty" tf:"kerberos_config,omitempty"` @@ -140,11 +216,24 @@ type HiveMetastoreConfigKerberosConfigParameters struct { type HiveMetastoreConfigObservation struct { + // A mapping of Hive metastore version to the auxiliary version configuration. + // When specified, a secondary Hive metastore service is created along with the primary service. + // All auxiliary versions must be less than the service's primary version. + // The key is the auxiliary service name and it must match the regular expression a-z?. + // This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + // Structure is documented below. + AuxiliaryVersions []AuxiliaryVersionsObservation `json:"auxiliaryVersions,omitempty" tf:"auxiliary_versions,omitempty"` + // A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). // The mappings override system defaults (some keys cannot be overridden) // +mapType=granular ConfigOverrides map[string]*string `json:"configOverrides,omitempty" tf:"config_overrides,omitempty"` + // The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. + // Default value is THRIFT. + // Possible values are: THRIFT, GRPC. + EndpointProtocol *string `json:"endpointProtocol,omitempty" tf:"endpoint_protocol,omitempty"` + // Information used to configure the Hive metastore service as a service principal in a Kerberos realm. // Structure is documented below. KerberosConfig []HiveMetastoreConfigKerberosConfigObservation `json:"kerberosConfig,omitempty" tf:"kerberos_config,omitempty"` @@ -155,12 +244,27 @@ type HiveMetastoreConfigObservation struct { type HiveMetastoreConfigParameters struct { + // A mapping of Hive metastore version to the auxiliary version configuration. + // When specified, a secondary Hive metastore service is created along with the primary service. + // All auxiliary versions must be less than the service's primary version. + // The key is the auxiliary service name and it must match the regular expression a-z?. + // This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + // Structure is documented below. + // +kubebuilder:validation:Optional + AuxiliaryVersions []AuxiliaryVersionsParameters `json:"auxiliaryVersions,omitempty" tf:"auxiliary_versions,omitempty"` + // A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). // The mappings override system defaults (some keys cannot be overridden) // +kubebuilder:validation:Optional // +mapType=granular ConfigOverrides map[string]*string `json:"configOverrides,omitempty" tf:"config_overrides,omitempty"` + // The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. + // Default value is THRIFT. + // Possible values are: THRIFT, GRPC. + // +kubebuilder:validation:Optional + EndpointProtocol *string `json:"endpointProtocol,omitempty" tf:"endpoint_protocol,omitempty"` + // Information used to configure the Hive metastore service as a service principal in a Kerberos realm. // Structure is documented below. // +kubebuilder:validation:Optional @@ -225,6 +329,28 @@ type MaintenanceWindowParameters struct { HourOfDay *float64 `json:"hourOfDay" tf:"hour_of_day,omitempty"` } +type MetadataIntegrationInitParameters struct { + + // The integration config for the Data Catalog service. + // Structure is documented below. + DataCatalogConfig []DataCatalogConfigInitParameters `json:"dataCatalogConfig,omitempty" tf:"data_catalog_config,omitempty"` +} + +type MetadataIntegrationObservation struct { + + // The integration config for the Data Catalog service. + // Structure is documented below. + DataCatalogConfig []DataCatalogConfigObservation `json:"dataCatalogConfig,omitempty" tf:"data_catalog_config,omitempty"` +} + +type MetadataIntegrationParameters struct { + + // The integration config for the Data Catalog service. + // Structure is documented below. + // +kubebuilder:validation:Optional + DataCatalogConfig []DataCatalogConfigParameters `json:"dataCatalogConfig" tf:"data_catalog_config,omitempty"` +} + type MetastoreServiceEncryptionConfigInitParameters struct { // The fully qualified customer provided Cloud KMS key name to use for customer data encryption. @@ -284,6 +410,8 @@ type MetastoreServiceInitParameters struct { HiveMetastoreConfig []HiveMetastoreConfigInitParameters `json:"hiveMetastoreConfig,omitempty" tf:"hive_metastore_config,omitempty"` // User-defined labels for the metastore service. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -293,6 +421,10 @@ type MetastoreServiceInitParameters struct { // Structure is documented below. MaintenanceWindow []MaintenanceWindowInitParameters `json:"maintenanceWindow,omitempty" tf:"maintenance_window,omitempty"` + // The setting that defines how metastore metadata should be integrated with external services and systems. + // Structure is documented below. + MetadataIntegration []MetadataIntegrationInitParameters `json:"metadataIntegration,omitempty" tf:"metadata_integration,omitempty"` + // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: // "projects/{projectNumber}/global/networks/{network_id}". Network *string `json:"network,omitempty" tf:"network,omitempty"` @@ -313,6 +445,10 @@ type MetastoreServiceInitParameters struct { // Possible values are: CANARY, STABLE. ReleaseChannel *string `json:"releaseChannel,omitempty" tf:"release_channel,omitempty"` + // Represents the scaling configuration of a metastore service. + // Structure is documented below. + ScalingConfig []ScalingConfigInitParameters `json:"scalingConfig,omitempty" tf:"scaling_config,omitempty"` + // The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. // Structure is documented below. TelemetryConfig []TelemetryConfigInitParameters `json:"telemetryConfig,omitempty" tf:"telemetry_config,omitempty"` @@ -332,6 +468,9 @@ type MetastoreServiceObservation struct { // Possible values are: MYSQL, SPANNER. DatabaseType *string `json:"databaseType,omitempty" tf:"database_type,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Information used to configure the Dataproc Metastore service to encrypt // customer data at rest. // Structure is documented below. @@ -348,6 +487,8 @@ type MetastoreServiceObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // User-defined labels for the metastore service. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -361,6 +502,10 @@ type MetastoreServiceObservation struct { // Structure is documented below. MaintenanceWindow []MaintenanceWindowObservation `json:"maintenanceWindow,omitempty" tf:"maintenance_window,omitempty"` + // The setting that defines how metastore metadata should be integrated with external services and systems. + // Structure is documented below. + MetadataIntegration []MetadataIntegrationObservation `json:"metadataIntegration,omitempty" tf:"metadata_integration,omitempty"` + // The relative resource name of the metastore service. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -384,6 +529,10 @@ type MetastoreServiceObservation struct { // Possible values are: CANARY, STABLE. ReleaseChannel *string `json:"releaseChannel,omitempty" tf:"release_channel,omitempty"` + // Represents the scaling configuration of a metastore service. + // Structure is documented below. + ScalingConfig []ScalingConfigObservation `json:"scalingConfig,omitempty" tf:"scaling_config,omitempty"` + // The current state of the metastore service. State *string `json:"state,omitempty" tf:"state,omitempty"` @@ -394,6 +543,11 @@ type MetastoreServiceObservation struct { // Structure is documented below. TelemetryConfig []TelemetryConfigObservation `json:"telemetryConfig,omitempty" tf:"telemetry_config,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The tier of the service. // Possible values are: DEVELOPER, ENTERPRISE. Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` @@ -422,6 +576,8 @@ type MetastoreServiceParameters struct { HiveMetastoreConfig []HiveMetastoreConfigParameters `json:"hiveMetastoreConfig,omitempty" tf:"hive_metastore_config,omitempty"` // User-defined labels for the metastore service. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -438,6 +594,11 @@ type MetastoreServiceParameters struct { // +kubebuilder:validation:Optional MaintenanceWindow []MaintenanceWindowParameters `json:"maintenanceWindow,omitempty" tf:"maintenance_window,omitempty"` + // The setting that defines how metastore metadata should be integrated with external services and systems. + // Structure is documented below. + // +kubebuilder:validation:Optional + MetadataIntegration []MetadataIntegrationParameters `json:"metadataIntegration,omitempty" tf:"metadata_integration,omitempty"` + // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: // "projects/{projectNumber}/global/networks/{network_id}". // +kubebuilder:validation:Optional @@ -463,6 +624,11 @@ type MetastoreServiceParameters struct { // +kubebuilder:validation:Optional ReleaseChannel *string `json:"releaseChannel,omitempty" tf:"release_channel,omitempty"` + // Represents the scaling configuration of a metastore service. + // Structure is documented below. + // +kubebuilder:validation:Optional + ScalingConfig []ScalingConfigParameters `json:"scalingConfig,omitempty" tf:"scaling_config,omitempty"` + // The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. // Structure is documented below. // +kubebuilder:validation:Optional @@ -496,6 +662,38 @@ type NetworkConfigParameters struct { Consumers []ConsumersParameters `json:"consumers" tf:"consumers,omitempty"` } +type ScalingConfigInitParameters struct { + + // Metastore instance sizes. + // Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + InstanceSize *string `json:"instanceSize,omitempty" tf:"instance_size,omitempty"` + + // Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0. + ScalingFactor *float64 `json:"scalingFactor,omitempty" tf:"scaling_factor,omitempty"` +} + +type ScalingConfigObservation struct { + + // Metastore instance sizes. + // Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + InstanceSize *string `json:"instanceSize,omitempty" tf:"instance_size,omitempty"` + + // Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0. + ScalingFactor *float64 `json:"scalingFactor,omitempty" tf:"scaling_factor,omitempty"` +} + +type ScalingConfigParameters struct { + + // Metastore instance sizes. + // Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + // +kubebuilder:validation:Optional + InstanceSize *string `json:"instanceSize,omitempty" tf:"instance_size,omitempty"` + + // Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0. + // +kubebuilder:validation:Optional + ScalingFactor *float64 `json:"scalingFactor,omitempty" tf:"scaling_factor,omitempty"` +} + type TelemetryConfigInitParameters struct { // The output format of the Dataproc Metastore service's logs. diff --git a/apis/dataproc/v1beta1/zz_workflowtemplate_terraformed.go b/apis/dataproc/v1beta1/zz_workflowtemplate_terraformed.go index 6d7d4d31e..a8810744b 100755 --- a/apis/dataproc/v1beta1/zz_workflowtemplate_terraformed.go +++ b/apis/dataproc/v1beta1/zz_workflowtemplate_terraformed.go @@ -141,5 +141,5 @@ func (tr *WorkflowTemplate) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *WorkflowTemplate) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/dataproc/v1beta1/zz_workflowtemplate_types.go b/apis/dataproc/v1beta1/zz_workflowtemplate_types.go index 2f25f2b3c..73ff442bf 100755 --- a/apis/dataproc/v1beta1/zz_workflowtemplate_types.go +++ b/apis/dataproc/v1beta1/zz_workflowtemplate_types.go @@ -299,13 +299,81 @@ type ConfigLifecycleConfigParameters struct { IdleDeleteTTL *string `json:"idleDeleteTtl,omitempty" tf:"idle_delete_ttl,omitempty"` } +type ConfigMasterConfigAcceleratorsInitParameters struct { + + // The number of the accelerator cards of this type exposed to this instance. + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80. + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type ConfigMasterConfigAcceleratorsObservation struct { + + // The number of the accelerator cards of this type exposed to this instance. + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80. + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type ConfigMasterConfigAcceleratorsParameters struct { + + // The number of the accelerator cards of this type exposed to this instance. + // +kubebuilder:validation:Optional + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80. + // +kubebuilder:validation:Optional + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type ConfigMasterConfigDiskConfigInitParameters struct { + + // Size in GB of the boot disk (default is 500GB). + BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` + + // Type of the boot disk (default is "pd-standard"). Valid values: "pd-ssd" (Persistent Disk Solid State Drive) or "pd-standard" (Persistent Disk Hard Disk Drive). + BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` + + // Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and (https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. + NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` +} + +type ConfigMasterConfigDiskConfigObservation struct { + + // Size in GB of the boot disk (default is 500GB). + BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` + + // Type of the boot disk (default is "pd-standard"). Valid values: "pd-ssd" (Persistent Disk Solid State Drive) or "pd-standard" (Persistent Disk Hard Disk Drive). + BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` + + // Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and (https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. + NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` +} + +type ConfigMasterConfigDiskConfigParameters struct { + + // Size in GB of the boot disk (default is 500GB). + // +kubebuilder:validation:Optional + BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` + + // Type of the boot disk (default is "pd-standard"). Valid values: "pd-ssd" (Persistent Disk Solid State Drive) or "pd-standard" (Persistent Disk Hard Disk Drive). + // +kubebuilder:validation:Optional + BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` + + // Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and (https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. + // +kubebuilder:validation:Optional + NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` +} + type ConfigMasterConfigInitParameters struct { // The Compute Engine accelerator configuration for these instances. - Accelerators []MasterConfigAcceleratorsInitParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + Accelerators []ConfigMasterConfigAcceleratorsInitParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` // Disk option config settings. - DiskConfig []MasterConfigDiskConfigInitParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + DiskConfig []ConfigMasterConfigDiskConfigInitParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` // The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * https://www.googleapis.com/compute/beta/projects/ If the URI is unspecified, it will be inferred from SoftwareConfig.image_version or the system default. Image *string `json:"image,omitempty" tf:"image,omitempty"` @@ -326,10 +394,10 @@ type ConfigMasterConfigInitParameters struct { type ConfigMasterConfigObservation struct { // The Compute Engine accelerator configuration for these instances. - Accelerators []MasterConfigAcceleratorsObservation `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + Accelerators []ConfigMasterConfigAcceleratorsObservation `json:"accelerators,omitempty" tf:"accelerators,omitempty"` // Disk option config settings. - DiskConfig []MasterConfigDiskConfigObservation `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + DiskConfig []ConfigMasterConfigDiskConfigObservation `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` // The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * https://www.googleapis.com/compute/beta/projects/ If the URI is unspecified, it will be inferred from SoftwareConfig.image_version or the system default. Image *string `json:"image,omitempty" tf:"image,omitempty"` @@ -360,11 +428,11 @@ type ConfigMasterConfigParameters struct { // The Compute Engine accelerator configuration for these instances. // +kubebuilder:validation:Optional - Accelerators []MasterConfigAcceleratorsParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + Accelerators []ConfigMasterConfigAcceleratorsParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` // Disk option config settings. // +kubebuilder:validation:Optional - DiskConfig []MasterConfigDiskConfigParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` + DiskConfig []ConfigMasterConfigDiskConfigParameters `json:"diskConfig,omitempty" tf:"disk_config,omitempty"` // The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * https://www.googleapis.com/compute/beta/projects/ If the URI is unspecified, it will be inferred from SoftwareConfig.image_version or the system default. // +kubebuilder:validation:Optional @@ -1364,74 +1432,6 @@ type ManagedGroupConfigObservation struct { type ManagedGroupConfigParameters struct { } -type MasterConfigAcceleratorsInitParameters struct { - - // The number of the accelerator cards of this type exposed to this instance. - AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` - - // Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80. - AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` -} - -type MasterConfigAcceleratorsObservation struct { - - // The number of the accelerator cards of this type exposed to this instance. - AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` - - // Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80. - AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` -} - -type MasterConfigAcceleratorsParameters struct { - - // The number of the accelerator cards of this type exposed to this instance. - // +kubebuilder:validation:Optional - AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` - - // Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80. - // +kubebuilder:validation:Optional - AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` -} - -type MasterConfigDiskConfigInitParameters struct { - - // Size in GB of the boot disk (default is 500GB). - BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` - - // Type of the boot disk (default is "pd-standard"). Valid values: "pd-ssd" (Persistent Disk Solid State Drive) or "pd-standard" (Persistent Disk Hard Disk Drive). - BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` - - // Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and (https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. - NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` -} - -type MasterConfigDiskConfigObservation struct { - - // Size in GB of the boot disk (default is 500GB). - BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` - - // Type of the boot disk (default is "pd-standard"). Valid values: "pd-ssd" (Persistent Disk Solid State Drive) or "pd-standard" (Persistent Disk Hard Disk Drive). - BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` - - // Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and (https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. - NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` -} - -type MasterConfigDiskConfigParameters struct { - - // Size in GB of the boot disk (default is 500GB). - // +kubebuilder:validation:Optional - BootDiskSizeGb *float64 `json:"bootDiskSizeGb,omitempty" tf:"boot_disk_size_gb,omitempty"` - - // Type of the boot disk (default is "pd-standard"). Valid values: "pd-ssd" (Persistent Disk Solid State Drive) or "pd-standard" (Persistent Disk Hard Disk Drive). - // +kubebuilder:validation:Optional - BootDiskType *string `json:"bootDiskType,omitempty" tf:"boot_disk_type,omitempty"` - - // Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and (https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. - // +kubebuilder:validation:Optional - NumLocalSsds *float64 `json:"numLocalSsds,omitempty" tf:"num_local_ssds,omitempty"` -} - type ParametersInitParameters struct { // Brief description of the parameter. Must not exceed 1024 characters. @@ -2544,6 +2544,9 @@ type WorkflowTemplateObservation struct { // (Beta only) Optional. Timeout duration for the DAG of jobs. You can use "s", "m", "h", and "d" suffixes for second, minute, hour, and day duration values, respectively. The timeout duration must be from 10 minutes ("10m") to 24 hours ("24h" or "1d"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a (/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted. DagTimeout *string `json:"dagTimeout,omitempty" tf:"dag_timeout,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/workflowTemplates/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -2566,6 +2569,9 @@ type WorkflowTemplateObservation struct { // The project for the resource Project *string `json:"project,omitempty" tf:"project,omitempty"` + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. The time template was last updated. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` diff --git a/apis/datastream/v1beta1/zz_connectionprofile_types.go b/apis/datastream/v1beta1/zz_connectionprofile_types.go index 49da3536c..90641f953 100755 --- a/apis/datastream/v1beta1/zz_connectionprofile_types.go +++ b/apis/datastream/v1beta1/zz_connectionprofile_types.go @@ -55,6 +55,8 @@ type ConnectionProfileInitParameters struct { GcsProfile []GcsProfileInitParameters `json:"gcsProfile,omitempty" tf:"gcs_profile,omitempty"` // Labels. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -87,6 +89,9 @@ type ConnectionProfileObservation struct { // Display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Forward SSH tunnel connectivity. // Structure is documented below. ForwardSSHConnectivity []ForwardSSHConnectivityObservation `json:"forwardSshConnectivity,omitempty" tf:"forward_ssh_connectivity,omitempty"` @@ -99,6 +104,8 @@ type ConnectionProfileObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // Labels. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -127,6 +134,11 @@ type ConnectionProfileObservation struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ConnectionProfileParameters struct { @@ -150,6 +162,8 @@ type ConnectionProfileParameters struct { GcsProfile []GcsProfileParameters `json:"gcsProfile,omitempty" tf:"gcs_profile,omitempty"` // Labels. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/datastream/v1beta1/zz_generated.deepcopy.go b/apis/datastream/v1beta1/zz_generated.deepcopy.go index efd66618f..5748f5410 100644 --- a/apis/datastream/v1beta1/zz_generated.deepcopy.go +++ b/apis/datastream/v1beta1/zz_generated.deepcopy.go @@ -230,6 +230,22 @@ func (in *ConnectionProfileObservation) DeepCopyInto(out *ConnectionProfileObser *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ForwardSSHConnectivity != nil { in, out := &in.ForwardSSHConnectivity, &out.ForwardSSHConnectivity *out = make([]ForwardSSHConnectivityObservation, len(*in)) @@ -308,6 +324,22 @@ func (in *ConnectionProfileObservation) DeepCopyInto(out *ConnectionProfileObser *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionProfileObservation. @@ -1234,6 +1266,22 @@ func (in *PrivateConnectionObservation) DeepCopyInto(out *PrivateConnectionObser *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Error != nil { in, out := &in.Error, &out.Error *out = make([]ErrorObservation, len(*in)) @@ -1282,6 +1330,22 @@ func (in *PrivateConnectionObservation) DeepCopyInto(out *PrivateConnectionObser *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.VPCPeeringConfig != nil { in, out := &in.VPCPeeringConfig, &out.VPCPeeringConfig *out = make([]VPCPeeringConfigObservation, len(*in)) diff --git a/apis/datastream/v1beta1/zz_privateconnection_terraformed.go b/apis/datastream/v1beta1/zz_privateconnection_terraformed.go index 27e2c0a6b..8993cb27c 100755 --- a/apis/datastream/v1beta1/zz_privateconnection_terraformed.go +++ b/apis/datastream/v1beta1/zz_privateconnection_terraformed.go @@ -141,5 +141,5 @@ func (tr *PrivateConnection) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *PrivateConnection) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/datastream/v1beta1/zz_privateconnection_types.go b/apis/datastream/v1beta1/zz_privateconnection_types.go index 3c52ed544..22a88839e 100755 --- a/apis/datastream/v1beta1/zz_privateconnection_types.go +++ b/apis/datastream/v1beta1/zz_privateconnection_types.go @@ -51,6 +51,8 @@ type PrivateConnectionInitParameters struct { DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Labels. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -69,6 +71,9 @@ type PrivateConnectionObservation struct { // Display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The PrivateConnection error in case of failure. // Structure is documented below. Error []ErrorObservation `json:"error,omitempty" tf:"error,omitempty"` @@ -77,6 +82,8 @@ type PrivateConnectionObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // Labels. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -93,6 +100,11 @@ type PrivateConnectionObservation struct { // State of the PrivateConnection. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The VPC Peering configuration is used to create VPC peering // between Datastream and the consumer's VPC. // Structure is documented below. @@ -106,6 +118,8 @@ type PrivateConnectionParameters struct { DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Labels. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/dialogflowcx/v1beta1/zz_agent_terraformed.go b/apis/dialogflowcx/v1beta1/zz_agent_terraformed.go index 88be7bd45..b38c57172 100755 --- a/apis/dialogflowcx/v1beta1/zz_agent_terraformed.go +++ b/apis/dialogflowcx/v1beta1/zz_agent_terraformed.go @@ -37,7 +37,7 @@ func (mg *Agent) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Agent func (tr *Agent) GetConnectionDetailsMapping() map[string]string { - return nil + return map[string]string{"git_integration_settings[*].github_settings[*].access_token": "spec.forProvider.gitIntegrationSettings[*].githubSettings[*].accessTokenSecretRef"} } // GetObservation of this Agent diff --git a/apis/dialogflowcx/v1beta1/zz_agent_types.go b/apis/dialogflowcx/v1beta1/zz_agent_types.go index d5afa6cca..36771d876 100755 --- a/apis/dialogflowcx/v1beta1/zz_agent_types.go +++ b/apis/dialogflowcx/v1beta1/zz_agent_types.go @@ -29,8 +29,42 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AdvancedSettingsInitParameters struct { + + // If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + AudioExportGcsDestination []AudioExportGcsDestinationInitParameters `json:"audioExportGcsDestination,omitempty" tf:"audio_export_gcs_destination,omitempty"` + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []DtmfSettingsInitParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + +type AdvancedSettingsObservation struct { + + // If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + AudioExportGcsDestination []AudioExportGcsDestinationObservation `json:"audioExportGcsDestination,omitempty" tf:"audio_export_gcs_destination,omitempty"` + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []DtmfSettingsObservation `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + +type AdvancedSettingsParameters struct { + + // If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + // +kubebuilder:validation:Optional + AudioExportGcsDestination []AudioExportGcsDestinationParameters `json:"audioExportGcsDestination,omitempty" tf:"audio_export_gcs_destination,omitempty"` + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + // +kubebuilder:validation:Optional + DtmfSettings []DtmfSettingsParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + type AgentInitParameters struct { + // Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []AdvancedSettingsInitParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. AvatarURI *string `json:"avatarUri,omitempty" tf:"avatar_uri,omitempty"` @@ -50,6 +84,10 @@ type AgentInitParameters struct { // Determines whether this agent should log conversation queries. EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` + // Git integration settings for this agent. + // Structure is documented below. + GitIntegrationSettings []GitIntegrationSettingsInitParameters `json:"gitIntegrationSettings,omitempty" tf:"git_integration_settings,omitempty"` + // The name of the location this agent is located in. // ~> Note: The first time you are deploying an Agent in your project you must configure location settings. // This is a one time step but at the moment you can only configure location settings via the Dialogflow CX console. @@ -70,6 +108,10 @@ type AgentInitParameters struct { // The list of all languages supported by this agent (except for the default_language_code). SupportedLanguageCodes []*string `json:"supportedLanguageCodes,omitempty" tf:"supported_language_codes,omitempty"` + // Settings related to speech synthesizing. + // Structure is documented below. + TextToSpeechSettings []TextToSpeechSettingsInitParameters `json:"textToSpeechSettings,omitempty" tf:"text_to_speech_settings,omitempty"` + // The time zone of this agent from the time zone database, e.g., America/New_York, // Europe/Paris. TimeZone *string `json:"timeZone,omitempty" tf:"time_zone,omitempty"` @@ -77,6 +119,11 @@ type AgentInitParameters struct { type AgentObservation struct { + // Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []AdvancedSettingsObservation `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. AvatarURI *string `json:"avatarUri,omitempty" tf:"avatar_uri,omitempty"` @@ -96,6 +143,10 @@ type AgentObservation struct { // Determines whether this agent should log conversation queries. EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` + // Git integration settings for this agent. + // Structure is documented below. + GitIntegrationSettings []GitIntegrationSettingsObservation `json:"gitIntegrationSettings,omitempty" tf:"git_integration_settings,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/agents/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -125,6 +176,10 @@ type AgentObservation struct { // The list of all languages supported by this agent (except for the default_language_code). SupportedLanguageCodes []*string `json:"supportedLanguageCodes,omitempty" tf:"supported_language_codes,omitempty"` + // Settings related to speech synthesizing. + // Structure is documented below. + TextToSpeechSettings []TextToSpeechSettingsObservation `json:"textToSpeechSettings,omitempty" tf:"text_to_speech_settings,omitempty"` + // The time zone of this agent from the time zone database, e.g., America/New_York, // Europe/Paris. TimeZone *string `json:"timeZone,omitempty" tf:"time_zone,omitempty"` @@ -132,6 +187,12 @@ type AgentObservation struct { type AgentParameters struct { + // Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + // +kubebuilder:validation:Optional + AdvancedSettings []AdvancedSettingsParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. // +kubebuilder:validation:Optional AvatarURI *string `json:"avatarUri,omitempty" tf:"avatar_uri,omitempty"` @@ -157,6 +218,11 @@ type AgentParameters struct { // +kubebuilder:validation:Optional EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` + // Git integration settings for this agent. + // Structure is documented below. + // +kubebuilder:validation:Optional + GitIntegrationSettings []GitIntegrationSettingsParameters `json:"gitIntegrationSettings,omitempty" tf:"git_integration_settings,omitempty"` + // The name of the location this agent is located in. // ~> Note: The first time you are deploying an Agent in your project you must configure location settings. // This is a one time step but at the moment you can only configure location settings via the Dialogflow CX console. @@ -182,12 +248,154 @@ type AgentParameters struct { // +kubebuilder:validation:Optional SupportedLanguageCodes []*string `json:"supportedLanguageCodes,omitempty" tf:"supported_language_codes,omitempty"` + // Settings related to speech synthesizing. + // Structure is documented below. + // +kubebuilder:validation:Optional + TextToSpeechSettings []TextToSpeechSettingsParameters `json:"textToSpeechSettings,omitempty" tf:"text_to_speech_settings,omitempty"` + // The time zone of this agent from the time zone database, e.g., America/New_York, // Europe/Paris. // +kubebuilder:validation:Optional TimeZone *string `json:"timeZone,omitempty" tf:"time_zone,omitempty"` } +type AudioExportGcsDestinationInitParameters struct { + + // The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + // Format: gs://bucket/object-name-or-prefix + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type AudioExportGcsDestinationObservation struct { + + // The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + // Format: gs://bucket/object-name-or-prefix + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type AudioExportGcsDestinationParameters struct { + + // The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + // Format: gs://bucket/object-name-or-prefix + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type DtmfSettingsInitParameters struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type DtmfSettingsObservation struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type DtmfSettingsParameters struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + // +kubebuilder:validation:Optional + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + // +kubebuilder:validation:Optional + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type GitIntegrationSettingsInitParameters struct { + + // Settings of integration with GitHub. + // Structure is documented below. + GithubSettings []GithubSettingsInitParameters `json:"githubSettings,omitempty" tf:"github_settings,omitempty"` +} + +type GitIntegrationSettingsObservation struct { + + // Settings of integration with GitHub. + // Structure is documented below. + GithubSettings []GithubSettingsObservation `json:"githubSettings,omitempty" tf:"github_settings,omitempty"` +} + +type GitIntegrationSettingsParameters struct { + + // Settings of integration with GitHub. + // Structure is documented below. + // +kubebuilder:validation:Optional + GithubSettings []GithubSettingsParameters `json:"githubSettings,omitempty" tf:"github_settings,omitempty"` +} + +type GithubSettingsInitParameters struct { + + // A list of branches configured to be used from Dialogflow. + Branches []*string `json:"branches,omitempty" tf:"branches,omitempty"` + + // The unique repository display name for the GitHub repository. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The GitHub repository URI related to the agent. + RepositoryURI *string `json:"repositoryUri,omitempty" tf:"repository_uri,omitempty"` + + // The branch of the GitHub repository tracked for this agent. + TrackingBranch *string `json:"trackingBranch,omitempty" tf:"tracking_branch,omitempty"` +} + +type GithubSettingsObservation struct { + + // A list of branches configured to be used from Dialogflow. + Branches []*string `json:"branches,omitempty" tf:"branches,omitempty"` + + // The unique repository display name for the GitHub repository. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The GitHub repository URI related to the agent. + RepositoryURI *string `json:"repositoryUri,omitempty" tf:"repository_uri,omitempty"` + + // The branch of the GitHub repository tracked for this agent. + TrackingBranch *string `json:"trackingBranch,omitempty" tf:"tracking_branch,omitempty"` +} + +type GithubSettingsParameters struct { + + // The access token used to authenticate the access to the GitHub repository. + // Note: This property is sensitive and will not be displayed in the plan. + // +kubebuilder:validation:Optional + AccessTokenSecretRef *v1.SecretKeySelector `json:"accessTokenSecretRef,omitempty" tf:"-"` + + // A list of branches configured to be used from Dialogflow. + // +kubebuilder:validation:Optional + Branches []*string `json:"branches,omitempty" tf:"branches,omitempty"` + + // The unique repository display name for the GitHub repository. + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The GitHub repository URI related to the agent. + // +kubebuilder:validation:Optional + RepositoryURI *string `json:"repositoryUri,omitempty" tf:"repository_uri,omitempty"` + + // The branch of the GitHub repository tracked for this agent. + // +kubebuilder:validation:Optional + TrackingBranch *string `json:"trackingBranch,omitempty" tf:"tracking_branch,omitempty"` +} + type SpeechToTextSettingsInitParameters struct { // Whether to use speech adaptation for speech recognition. @@ -207,6 +415,28 @@ type SpeechToTextSettingsParameters struct { EnableSpeechAdaptation *bool `json:"enableSpeechAdaptation,omitempty" tf:"enable_speech_adaptation,omitempty"` } +type TextToSpeechSettingsInitParameters struct { + + // Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + // These settings affect: + SynthesizeSpeechConfigs *string `json:"synthesizeSpeechConfigs,omitempty" tf:"synthesize_speech_configs,omitempty"` +} + +type TextToSpeechSettingsObservation struct { + + // Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + // These settings affect: + SynthesizeSpeechConfigs *string `json:"synthesizeSpeechConfigs,omitempty" tf:"synthesize_speech_configs,omitempty"` +} + +type TextToSpeechSettingsParameters struct { + + // Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + // These settings affect: + // +kubebuilder:validation:Optional + SynthesizeSpeechConfigs *string `json:"synthesizeSpeechConfigs,omitempty" tf:"synthesize_speech_configs,omitempty"` +} + // AgentSpec defines the desired state of Agent type AgentSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/dialogflowcx/v1beta1/zz_flow_types.go b/apis/dialogflowcx/v1beta1/zz_flow_types.go index fccaa9971..3bbfebf34 100755 --- a/apis/dialogflowcx/v1beta1/zz_flow_types.go +++ b/apis/dialogflowcx/v1beta1/zz_flow_types.go @@ -29,6 +29,108 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AdvancedSettingsAudioExportGcsDestinationInitParameters struct { + + // The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + // Format: gs://bucket/object-name-or-prefix + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type AdvancedSettingsAudioExportGcsDestinationObservation struct { + + // The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + // Format: gs://bucket/object-name-or-prefix + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type AdvancedSettingsAudioExportGcsDestinationParameters struct { + + // The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + // Format: gs://bucket/object-name-or-prefix + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type AdvancedSettingsDtmfSettingsInitParameters struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type AdvancedSettingsDtmfSettingsObservation struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type AdvancedSettingsDtmfSettingsParameters struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + // +kubebuilder:validation:Optional + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + // +kubebuilder:validation:Optional + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type ConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type ConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type ConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type ConversationSuccessInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type ConversationSuccessObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type ConversationSuccessParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type EventHandlersInitParameters struct { // The name of the event to handle. @@ -91,8 +193,42 @@ type EventHandlersParameters struct { TriggerFulfillment []TriggerFulfillmentParameters `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` } +type FlowAdvancedSettingsInitParameters struct { + + // If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + AudioExportGcsDestination []AdvancedSettingsAudioExportGcsDestinationInitParameters `json:"audioExportGcsDestination,omitempty" tf:"audio_export_gcs_destination,omitempty"` + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []AdvancedSettingsDtmfSettingsInitParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + +type FlowAdvancedSettingsObservation struct { + + // If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + AudioExportGcsDestination []AdvancedSettingsAudioExportGcsDestinationObservation `json:"audioExportGcsDestination,omitempty" tf:"audio_export_gcs_destination,omitempty"` + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []AdvancedSettingsDtmfSettingsObservation `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + +type FlowAdvancedSettingsParameters struct { + + // If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + // +kubebuilder:validation:Optional + AudioExportGcsDestination []AdvancedSettingsAudioExportGcsDestinationParameters `json:"audioExportGcsDestination,omitempty" tf:"audio_export_gcs_destination,omitempty"` + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + // +kubebuilder:validation:Optional + DtmfSettings []AdvancedSettingsDtmfSettingsParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + type FlowInitParameters struct { + // Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []FlowAdvancedSettingsInitParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -106,6 +242,10 @@ type FlowInitParameters struct { // Structure is documented below. EventHandlers []EventHandlersInitParameters `json:"eventHandlers,omitempty" tf:"event_handlers,omitempty"` + // Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + // The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. + IsDefaultStartFlow *bool `json:"isDefaultStartFlow,omitempty" tf:"is_default_start_flow,omitempty"` + // The language of the following fields in flow: // Flow.event_handlers.trigger_fulfillment.messages // Flow.event_handlers.trigger_fulfillment.conditional_cases @@ -151,6 +291,11 @@ type FlowInitParameters struct { type FlowObservation struct { + // Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []FlowAdvancedSettingsObservation `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -167,6 +312,10 @@ type FlowObservation struct { // an identifier for the resource with format {{parent}}/flows/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + // The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. + IsDefaultStartFlow *bool `json:"isDefaultStartFlow,omitempty" tf:"is_default_start_flow,omitempty"` + // The language of the following fields in flow: // Flow.event_handlers.trigger_fulfillment.messages // Flow.event_handlers.trigger_fulfillment.conditional_cases @@ -206,6 +355,12 @@ type FlowObservation struct { type FlowParameters struct { + // Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + // +kubebuilder:validation:Optional + AdvancedSettings []FlowAdvancedSettingsParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -222,6 +377,11 @@ type FlowParameters struct { // +kubebuilder:validation:Optional EventHandlers []EventHandlersParameters `json:"eventHandlers,omitempty" tf:"event_handlers,omitempty"` + // Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + // The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. + // +kubebuilder:validation:Optional + IsDefaultStartFlow *bool `json:"isDefaultStartFlow,omitempty" tf:"is_default_start_flow,omitempty"` + // The language of the following fields in flow: // Flow.event_handlers.trigger_fulfillment.messages // Flow.event_handlers.trigger_fulfillment.conditional_cases @@ -270,25 +430,248 @@ type FlowParameters struct { TransitionRoutes []TransitionRoutesParameters `json:"transitionRoutes,omitempty" tf:"transition_routes,omitempty"` } +type LiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type LiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type LiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type MessagesConversationSuccessInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type MessagesConversationSuccessObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type MessagesConversationSuccessParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type MessagesInitParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []ConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []LiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []OutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []PlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []TelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []TextInitParameters `json:"text,omitempty" tf:"text,omitempty"` } +type MessagesLiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type MessagesLiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type MessagesLiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type MessagesObservation struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []ConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []LiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []OutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []PlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []TelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []TextObservation `json:"text,omitempty" tf:"text,omitempty"` } +type MessagesOutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type MessagesOutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type MessagesOutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + type MessagesParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []ConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []LiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []OutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []PlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []TelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. // +kubebuilder:validation:Optional Text []TextParameters `json:"text,omitempty" tf:"text,omitempty"` } +type MessagesPlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type MessagesPlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type MessagesPlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type MessagesTelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type MessagesTelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type MessagesTelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` +} + type MessagesTextInitParameters struct { // A collection of text responses. @@ -354,6 +737,110 @@ type NluSettingsParameters struct { ModelType *string `json:"modelType,omitempty" tf:"model_type,omitempty"` } +type OutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type OutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type OutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type PlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type PlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type PlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type SetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type SetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type SetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type TelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type TelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` +} + type TextInitParameters struct { // A collection of text responses. @@ -389,8 +876,18 @@ type TransitionRoutesInitParameters struct { // The target flow to transition to. // Format: projects//locations//agents//flows/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Agent + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("start_flow",true) TargetFlow *string `json:"targetFlow,omitempty" tf:"target_flow,omitempty"` + // Reference to a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowRef *v1.Reference `json:"targetFlowRef,omitempty" tf:"-"` + + // Selector for a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowSelector *v1.Selector `json:"targetFlowSelector,omitempty" tf:"-"` + // The target page to transition to. // Format: projects//locations//agents//flows//pages/. TargetPage *string `json:"targetPage,omitempty" tf:"target_page,omitempty"` @@ -441,9 +938,19 @@ type TransitionRoutesParameters struct { // The target flow to transition to. // Format: projects//locations//agents//flows/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Agent + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("start_flow",true) // +kubebuilder:validation:Optional TargetFlow *string `json:"targetFlow,omitempty" tf:"target_flow,omitempty"` + // Reference to a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowRef *v1.Reference `json:"targetFlowRef,omitempty" tf:"-"` + + // Selector for a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowSelector *v1.Selector `json:"targetFlowSelector,omitempty" tf:"-"` + // The target page to transition to. // Format: projects//locations//agents//flows//pages/. // +kubebuilder:validation:Optional @@ -457,6 +964,10 @@ type TransitionRoutesParameters struct { type TransitionRoutesTriggerFulfillmentInitParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []TriggerFulfillmentConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []TriggerFulfillmentMessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` @@ -464,6 +975,10 @@ type TransitionRoutesTriggerFulfillmentInitParameters struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []TriggerFulfillmentSetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -473,6 +988,10 @@ type TransitionRoutesTriggerFulfillmentInitParameters struct { type TransitionRoutesTriggerFulfillmentObservation struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []TriggerFulfillmentConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []TriggerFulfillmentMessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` @@ -480,6 +999,10 @@ type TransitionRoutesTriggerFulfillmentObservation struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []TriggerFulfillmentSetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -489,6 +1012,11 @@ type TransitionRoutesTriggerFulfillmentObservation struct { type TransitionRoutesTriggerFulfillmentParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []TriggerFulfillmentConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. // +kubebuilder:validation:Optional @@ -498,6 +1026,11 @@ type TransitionRoutesTriggerFulfillmentParameters struct { // +kubebuilder:validation:Optional ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []TriggerFulfillmentSetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. // +kubebuilder:validation:Optional Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -507,8 +1040,34 @@ type TransitionRoutesTriggerFulfillmentParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } +type TriggerFulfillmentConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type TriggerFulfillmentConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type TriggerFulfillmentConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + type TriggerFulfillmentInitParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []ConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []MessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` @@ -516,6 +1075,10 @@ type TriggerFulfillmentInitParameters struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []SetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -525,18 +1088,109 @@ type TriggerFulfillmentInitParameters struct { type TriggerFulfillmentMessagesInitParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []MessagesConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []MessagesLiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []MessagesOutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []MessagesPlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []MessagesTelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []MessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` } type TriggerFulfillmentMessagesObservation struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []MessagesConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []MessagesLiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []MessagesOutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []MessagesPlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []MessagesTelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []MessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` } type TriggerFulfillmentMessagesParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []MessagesConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []MessagesLiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []MessagesOutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []MessagesPlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []MessagesTelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. // +kubebuilder:validation:Optional Text []MessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` @@ -544,6 +1198,10 @@ type TriggerFulfillmentMessagesParameters struct { type TriggerFulfillmentObservation struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []ConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []MessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` @@ -551,6 +1209,10 @@ type TriggerFulfillmentObservation struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []SetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -560,6 +1222,11 @@ type TriggerFulfillmentObservation struct { type TriggerFulfillmentParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []ConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. // +kubebuilder:validation:Optional @@ -569,6 +1236,11 @@ type TriggerFulfillmentParameters struct { // +kubebuilder:validation:Optional ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []SetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. // +kubebuilder:validation:Optional Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -578,6 +1250,35 @@ type TriggerFulfillmentParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } +type TriggerFulfillmentSetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TriggerFulfillmentSetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TriggerFulfillmentSetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + // FlowSpec defines the desired state of Flow type FlowSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/dialogflowcx/v1beta1/zz_generated.deepcopy.go b/apis/dialogflowcx/v1beta1/zz_generated.deepcopy.go index ef4ab6d6c..120073811 100644 --- a/apis/dialogflowcx/v1beta1/zz_generated.deepcopy.go +++ b/apis/dialogflowcx/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,243 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsAudioExportGcsDestinationInitParameters) DeepCopyInto(out *AdvancedSettingsAudioExportGcsDestinationInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsAudioExportGcsDestinationInitParameters. +func (in *AdvancedSettingsAudioExportGcsDestinationInitParameters) DeepCopy() *AdvancedSettingsAudioExportGcsDestinationInitParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsAudioExportGcsDestinationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsAudioExportGcsDestinationObservation) DeepCopyInto(out *AdvancedSettingsAudioExportGcsDestinationObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsAudioExportGcsDestinationObservation. +func (in *AdvancedSettingsAudioExportGcsDestinationObservation) DeepCopy() *AdvancedSettingsAudioExportGcsDestinationObservation { + if in == nil { + return nil + } + out := new(AdvancedSettingsAudioExportGcsDestinationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsAudioExportGcsDestinationParameters) DeepCopyInto(out *AdvancedSettingsAudioExportGcsDestinationParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsAudioExportGcsDestinationParameters. +func (in *AdvancedSettingsAudioExportGcsDestinationParameters) DeepCopy() *AdvancedSettingsAudioExportGcsDestinationParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsAudioExportGcsDestinationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsDtmfSettingsInitParameters) DeepCopyInto(out *AdvancedSettingsDtmfSettingsInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsDtmfSettingsInitParameters. +func (in *AdvancedSettingsDtmfSettingsInitParameters) DeepCopy() *AdvancedSettingsDtmfSettingsInitParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsDtmfSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsDtmfSettingsObservation) DeepCopyInto(out *AdvancedSettingsDtmfSettingsObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsDtmfSettingsObservation. +func (in *AdvancedSettingsDtmfSettingsObservation) DeepCopy() *AdvancedSettingsDtmfSettingsObservation { + if in == nil { + return nil + } + out := new(AdvancedSettingsDtmfSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsDtmfSettingsParameters) DeepCopyInto(out *AdvancedSettingsDtmfSettingsParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsDtmfSettingsParameters. +func (in *AdvancedSettingsDtmfSettingsParameters) DeepCopy() *AdvancedSettingsDtmfSettingsParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsDtmfSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsInitParameters) DeepCopyInto(out *AdvancedSettingsInitParameters) { + *out = *in + if in.AudioExportGcsDestination != nil { + in, out := &in.AudioExportGcsDestination, &out.AudioExportGcsDestination + *out = make([]AudioExportGcsDestinationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]DtmfSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsInitParameters. +func (in *AdvancedSettingsInitParameters) DeepCopy() *AdvancedSettingsInitParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsObservation) DeepCopyInto(out *AdvancedSettingsObservation) { + *out = *in + if in.AudioExportGcsDestination != nil { + in, out := &in.AudioExportGcsDestination, &out.AudioExportGcsDestination + *out = make([]AudioExportGcsDestinationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]DtmfSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsObservation. +func (in *AdvancedSettingsObservation) DeepCopy() *AdvancedSettingsObservation { + if in == nil { + return nil + } + out := new(AdvancedSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsParameters) DeepCopyInto(out *AdvancedSettingsParameters) { + *out = *in + if in.AudioExportGcsDestination != nil { + in, out := &in.AudioExportGcsDestination, &out.AudioExportGcsDestination + *out = make([]AudioExportGcsDestinationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]DtmfSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsParameters. +func (in *AdvancedSettingsParameters) DeepCopy() *AdvancedSettingsParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Agent) DeepCopyInto(out *Agent) { *out = *in @@ -55,6 +292,13 @@ func (in *Agent) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AgentInitParameters) DeepCopyInto(out *AgentInitParameters) { *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]AdvancedSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AvatarURI != nil { in, out := &in.AvatarURI, &out.AvatarURI *out = new(string) @@ -85,6 +329,13 @@ func (in *AgentInitParameters) DeepCopyInto(out *AgentInitParameters) { *out = new(bool) **out = **in } + if in.GitIntegrationSettings != nil { + in, out := &in.GitIntegrationSettings, &out.GitIntegrationSettings + *out = make([]GitIntegrationSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -118,6 +369,13 @@ func (in *AgentInitParameters) DeepCopyInto(out *AgentInitParameters) { } } } + if in.TextToSpeechSettings != nil { + in, out := &in.TextToSpeechSettings, &out.TextToSpeechSettings + *out = make([]TextToSpeechSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TimeZone != nil { in, out := &in.TimeZone, &out.TimeZone *out = new(string) @@ -170,6 +428,13 @@ func (in *AgentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AgentObservation) DeepCopyInto(out *AgentObservation) { *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]AdvancedSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AvatarURI != nil { in, out := &in.AvatarURI, &out.AvatarURI *out = new(string) @@ -200,6 +465,13 @@ func (in *AgentObservation) DeepCopyInto(out *AgentObservation) { *out = new(bool) **out = **in } + if in.GitIntegrationSettings != nil { + in, out := &in.GitIntegrationSettings, &out.GitIntegrationSettings + *out = make([]GitIntegrationSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -248,6 +520,13 @@ func (in *AgentObservation) DeepCopyInto(out *AgentObservation) { } } } + if in.TextToSpeechSettings != nil { + in, out := &in.TextToSpeechSettings, &out.TextToSpeechSettings + *out = make([]TextToSpeechSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TimeZone != nil { in, out := &in.TimeZone, &out.TimeZone *out = new(string) @@ -268,6 +547,13 @@ func (in *AgentObservation) DeepCopy() *AgentObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AgentParameters) DeepCopyInto(out *AgentParameters) { *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]AdvancedSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AvatarURI != nil { in, out := &in.AvatarURI, &out.AvatarURI *out = new(string) @@ -298,6 +584,13 @@ func (in *AgentParameters) DeepCopyInto(out *AgentParameters) { *out = new(bool) **out = **in } + if in.GitIntegrationSettings != nil { + in, out := &in.GitIntegrationSettings, &out.GitIntegrationSettings + *out = make([]GitIntegrationSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -331,6 +624,13 @@ func (in *AgentParameters) DeepCopyInto(out *AgentParameters) { } } } + if in.TextToSpeechSettings != nil { + in, out := &in.TextToSpeechSettings, &out.TextToSpeechSettings + *out = make([]TextToSpeechSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TimeZone != nil { in, out := &in.TimeZone, &out.TimeZone *out = new(string) @@ -384,89 +684,359 @@ func (in *AgentStatus) DeepCopy() *AgentStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntitiesInitParameters) DeepCopyInto(out *EntitiesInitParameters) { +func (in *AudioExportGcsDestinationInitParameters) DeepCopyInto(out *AudioExportGcsDestinationInitParameters) { *out = *in - if in.Synonyms != nil { - in, out := &in.Synonyms, &out.Synonyms - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.Value != nil { - in, out := &in.Value, &out.Value + if in.URI != nil { + in, out := &in.URI, &out.URI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntitiesInitParameters. -func (in *EntitiesInitParameters) DeepCopy() *EntitiesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AudioExportGcsDestinationInitParameters. +func (in *AudioExportGcsDestinationInitParameters) DeepCopy() *AudioExportGcsDestinationInitParameters { if in == nil { return nil } - out := new(EntitiesInitParameters) + out := new(AudioExportGcsDestinationInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntitiesObservation) DeepCopyInto(out *EntitiesObservation) { +func (in *AudioExportGcsDestinationObservation) DeepCopyInto(out *AudioExportGcsDestinationObservation) { *out = *in - if in.Synonyms != nil { - in, out := &in.Synonyms, &out.Synonyms - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.Value != nil { - in, out := &in.Value, &out.Value + if in.URI != nil { + in, out := &in.URI, &out.URI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntitiesObservation. -func (in *EntitiesObservation) DeepCopy() *EntitiesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AudioExportGcsDestinationObservation. +func (in *AudioExportGcsDestinationObservation) DeepCopy() *AudioExportGcsDestinationObservation { if in == nil { return nil } - out := new(EntitiesObservation) + out := new(AudioExportGcsDestinationObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntitiesParameters) DeepCopyInto(out *EntitiesParameters) { +func (in *AudioExportGcsDestinationParameters) DeepCopyInto(out *AudioExportGcsDestinationParameters) { *out = *in - if in.Synonyms != nil { - in, out := &in.Synonyms, &out.Synonyms - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.Value != nil { - in, out := &in.Value, &out.Value + if in.URI != nil { + in, out := &in.URI, &out.URI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntitiesParameters. +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AudioExportGcsDestinationParameters. +func (in *AudioExportGcsDestinationParameters) DeepCopy() *AudioExportGcsDestinationParameters { + if in == nil { + return nil + } + out := new(AudioExportGcsDestinationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionalCasesInitParameters) DeepCopyInto(out *ConditionalCasesInitParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalCasesInitParameters. +func (in *ConditionalCasesInitParameters) DeepCopy() *ConditionalCasesInitParameters { + if in == nil { + return nil + } + out := new(ConditionalCasesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionalCasesObservation) DeepCopyInto(out *ConditionalCasesObservation) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalCasesObservation. +func (in *ConditionalCasesObservation) DeepCopy() *ConditionalCasesObservation { + if in == nil { + return nil + } + out := new(ConditionalCasesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionalCasesParameters) DeepCopyInto(out *ConditionalCasesParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalCasesParameters. +func (in *ConditionalCasesParameters) DeepCopy() *ConditionalCasesParameters { + if in == nil { + return nil + } + out := new(ConditionalCasesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConversationSuccessInitParameters) DeepCopyInto(out *ConversationSuccessInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConversationSuccessInitParameters. +func (in *ConversationSuccessInitParameters) DeepCopy() *ConversationSuccessInitParameters { + if in == nil { + return nil + } + out := new(ConversationSuccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConversationSuccessObservation) DeepCopyInto(out *ConversationSuccessObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConversationSuccessObservation. +func (in *ConversationSuccessObservation) DeepCopy() *ConversationSuccessObservation { + if in == nil { + return nil + } + out := new(ConversationSuccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConversationSuccessParameters) DeepCopyInto(out *ConversationSuccessParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConversationSuccessParameters. +func (in *ConversationSuccessParameters) DeepCopy() *ConversationSuccessParameters { + if in == nil { + return nil + } + out := new(ConversationSuccessParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DtmfSettingsInitParameters) DeepCopyInto(out *DtmfSettingsInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DtmfSettingsInitParameters. +func (in *DtmfSettingsInitParameters) DeepCopy() *DtmfSettingsInitParameters { + if in == nil { + return nil + } + out := new(DtmfSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DtmfSettingsObservation) DeepCopyInto(out *DtmfSettingsObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DtmfSettingsObservation. +func (in *DtmfSettingsObservation) DeepCopy() *DtmfSettingsObservation { + if in == nil { + return nil + } + out := new(DtmfSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DtmfSettingsParameters) DeepCopyInto(out *DtmfSettingsParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DtmfSettingsParameters. +func (in *DtmfSettingsParameters) DeepCopy() *DtmfSettingsParameters { + if in == nil { + return nil + } + out := new(DtmfSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EntitiesInitParameters) DeepCopyInto(out *EntitiesInitParameters) { + *out = *in + if in.Synonyms != nil { + in, out := &in.Synonyms, &out.Synonyms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntitiesInitParameters. +func (in *EntitiesInitParameters) DeepCopy() *EntitiesInitParameters { + if in == nil { + return nil + } + out := new(EntitiesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EntitiesObservation) DeepCopyInto(out *EntitiesObservation) { + *out = *in + if in.Synonyms != nil { + in, out := &in.Synonyms, &out.Synonyms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntitiesObservation. +func (in *EntitiesObservation) DeepCopy() *EntitiesObservation { + if in == nil { + return nil + } + out := new(EntitiesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EntitiesParameters) DeepCopyInto(out *EntitiesParameters) { + *out = *in + if in.Synonyms != nil { + in, out := &in.Synonyms, &out.Synonyms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntitiesParameters. func (in *EntitiesParameters) DeepCopy() *EntitiesParameters { if in == nil { return nil @@ -793,730 +1363,738 @@ func (in *EntityTypeStatus) DeepCopy() *EntityTypeStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentInitParameters) DeepCopyInto(out *EntryFulfillmentInitParameters) { +func (in *EntryFulfillmentConditionalCasesInitParameters) DeepCopyInto(out *EntryFulfillmentConditionalCasesInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]EntryFulfillmentMessagesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in - } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.Cases != nil { + in, out := &in.Cases, &out.Cases *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentInitParameters. -func (in *EntryFulfillmentInitParameters) DeepCopy() *EntryFulfillmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentConditionalCasesInitParameters. +func (in *EntryFulfillmentConditionalCasesInitParameters) DeepCopy() *EntryFulfillmentConditionalCasesInitParameters { if in == nil { return nil } - out := new(EntryFulfillmentInitParameters) + out := new(EntryFulfillmentConditionalCasesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentMessagesInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesInitParameters) { +func (in *EntryFulfillmentConditionalCasesObservation) DeepCopyInto(out *EntryFulfillmentConditionalCasesObservation) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]EntryFulfillmentMessagesTextInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesInitParameters. -func (in *EntryFulfillmentMessagesInitParameters) DeepCopy() *EntryFulfillmentMessagesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentConditionalCasesObservation. +func (in *EntryFulfillmentConditionalCasesObservation) DeepCopy() *EntryFulfillmentConditionalCasesObservation { if in == nil { return nil } - out := new(EntryFulfillmentMessagesInitParameters) + out := new(EntryFulfillmentConditionalCasesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentMessagesObservation) DeepCopyInto(out *EntryFulfillmentMessagesObservation) { +func (in *EntryFulfillmentConditionalCasesParameters) DeepCopyInto(out *EntryFulfillmentConditionalCasesParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]EntryFulfillmentMessagesTextObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesObservation. -func (in *EntryFulfillmentMessagesObservation) DeepCopy() *EntryFulfillmentMessagesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentConditionalCasesParameters. +func (in *EntryFulfillmentConditionalCasesParameters) DeepCopy() *EntryFulfillmentConditionalCasesParameters { if in == nil { return nil } - out := new(EntryFulfillmentMessagesObservation) + out := new(EntryFulfillmentConditionalCasesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentMessagesParameters) DeepCopyInto(out *EntryFulfillmentMessagesParameters) { +func (in *EntryFulfillmentInitParameters) DeepCopyInto(out *EntryFulfillmentInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]EntryFulfillmentMessagesTextParameters, len(*in)) + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]EntryFulfillmentConditionalCasesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]EntryFulfillmentMessagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]EntryFulfillmentSetParameterActionsInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesParameters. -func (in *EntryFulfillmentMessagesParameters) DeepCopy() *EntryFulfillmentMessagesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentInitParameters. +func (in *EntryFulfillmentInitParameters) DeepCopy() *EntryFulfillmentInitParameters { if in == nil { return nil } - out := new(EntryFulfillmentMessagesParameters) + out := new(EntryFulfillmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentMessagesTextInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesTextInitParameters) { +func (in *EntryFulfillmentMessagesConversationSuccessInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesConversationSuccessInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTextInitParameters. -func (in *EntryFulfillmentMessagesTextInitParameters) DeepCopy() *EntryFulfillmentMessagesTextInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesConversationSuccessInitParameters. +func (in *EntryFulfillmentMessagesConversationSuccessInitParameters) DeepCopy() *EntryFulfillmentMessagesConversationSuccessInitParameters { if in == nil { return nil } - out := new(EntryFulfillmentMessagesTextInitParameters) + out := new(EntryFulfillmentMessagesConversationSuccessInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentMessagesTextObservation) DeepCopyInto(out *EntryFulfillmentMessagesTextObservation) { +func (in *EntryFulfillmentMessagesConversationSuccessObservation) DeepCopyInto(out *EntryFulfillmentMessagesConversationSuccessObservation) { *out = *in - if in.AllowPlaybackInterruption != nil { - in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption - *out = new(bool) + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) **out = **in } - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTextObservation. -func (in *EntryFulfillmentMessagesTextObservation) DeepCopy() *EntryFulfillmentMessagesTextObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesConversationSuccessObservation. +func (in *EntryFulfillmentMessagesConversationSuccessObservation) DeepCopy() *EntryFulfillmentMessagesConversationSuccessObservation { if in == nil { return nil } - out := new(EntryFulfillmentMessagesTextObservation) + out := new(EntryFulfillmentMessagesConversationSuccessObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentMessagesTextParameters) DeepCopyInto(out *EntryFulfillmentMessagesTextParameters) { +func (in *EntryFulfillmentMessagesConversationSuccessParameters) DeepCopyInto(out *EntryFulfillmentMessagesConversationSuccessParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTextParameters. -func (in *EntryFulfillmentMessagesTextParameters) DeepCopy() *EntryFulfillmentMessagesTextParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesConversationSuccessParameters. +func (in *EntryFulfillmentMessagesConversationSuccessParameters) DeepCopy() *EntryFulfillmentMessagesConversationSuccessParameters { if in == nil { return nil } - out := new(EntryFulfillmentMessagesTextParameters) + out := new(EntryFulfillmentMessagesConversationSuccessParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentObservation) DeepCopyInto(out *EntryFulfillmentObservation) { +func (in *EntryFulfillmentMessagesInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]EntryFulfillmentMessagesObservation, len(*in)) + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]EntryFulfillmentMessagesConversationSuccessInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]EntryFulfillmentMessagesLiveAgentHandoffInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]EntryFulfillmentMessagesOutputAudioTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]EntryFulfillmentMessagesPlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]EntryFulfillmentMessagesTelephonyTransferCallInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]EntryFulfillmentMessagesTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentObservation. -func (in *EntryFulfillmentObservation) DeepCopy() *EntryFulfillmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesInitParameters. +func (in *EntryFulfillmentMessagesInitParameters) DeepCopy() *EntryFulfillmentMessagesInitParameters { if in == nil { return nil } - out := new(EntryFulfillmentObservation) + out := new(EntryFulfillmentMessagesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EntryFulfillmentParameters) DeepCopyInto(out *EntryFulfillmentParameters) { +func (in *EntryFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesLiveAgentHandoffInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]EntryFulfillmentMessagesParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in - } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentParameters. -func (in *EntryFulfillmentParameters) DeepCopy() *EntryFulfillmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesLiveAgentHandoffInitParameters. +func (in *EntryFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopy() *EntryFulfillmentMessagesLiveAgentHandoffInitParameters { if in == nil { return nil } - out := new(EntryFulfillmentParameters) + out := new(EntryFulfillmentMessagesLiveAgentHandoffInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Environment) DeepCopyInto(out *Environment) { +func (in *EntryFulfillmentMessagesLiveAgentHandoffObservation) DeepCopyInto(out *EntryFulfillmentMessagesLiveAgentHandoffObservation) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Environment. -func (in *Environment) DeepCopy() *Environment { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesLiveAgentHandoffObservation. +func (in *EntryFulfillmentMessagesLiveAgentHandoffObservation) DeepCopy() *EntryFulfillmentMessagesLiveAgentHandoffObservation { if in == nil { return nil } - out := new(Environment) + out := new(EntryFulfillmentMessagesLiveAgentHandoffObservation) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Environment) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EntryFulfillmentMessagesLiveAgentHandoffParameters) DeepCopyInto(out *EntryFulfillmentMessagesLiveAgentHandoffParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } - return nil +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesLiveAgentHandoffParameters. +func (in *EntryFulfillmentMessagesLiveAgentHandoffParameters) DeepCopy() *EntryFulfillmentMessagesLiveAgentHandoffParameters { + if in == nil { + return nil + } + out := new(EntryFulfillmentMessagesLiveAgentHandoffParameters) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvironmentInitParameters) DeepCopyInto(out *EnvironmentInitParameters) { +func (in *EntryFulfillmentMessagesObservation) DeepCopyInto(out *EntryFulfillmentMessagesObservation) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.Channel != nil { + in, out := &in.Channel, &out.Channel *out = new(string) **out = **in } - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]EntryFulfillmentMessagesConversationSuccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Parent != nil { - in, out := &in.Parent, &out.Parent + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]EntryFulfillmentMessagesLiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]EntryFulfillmentMessagesOutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } - if in.ParentRef != nil { - in, out := &in.ParentRef, &out.ParentRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]EntryFulfillmentMessagesPlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.ParentSelector != nil { - in, out := &in.ParentSelector, &out.ParentSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]EntryFulfillmentMessagesTelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.VersionConfigs != nil { - in, out := &in.VersionConfigs, &out.VersionConfigs - *out = make([]VersionConfigsInitParameters, len(*in)) + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]EntryFulfillmentMessagesTextObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentInitParameters. -func (in *EnvironmentInitParameters) DeepCopy() *EnvironmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesObservation. +func (in *EntryFulfillmentMessagesObservation) DeepCopy() *EntryFulfillmentMessagesObservation { if in == nil { return nil } - out := new(EnvironmentInitParameters) + out := new(EntryFulfillmentMessagesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvironmentList) DeepCopyInto(out *EnvironmentList) { +func (in *EntryFulfillmentMessagesOutputAudioTextInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesOutputAudioTextInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Environment, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentList. -func (in *EnvironmentList) DeepCopy() *EnvironmentList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesOutputAudioTextInitParameters. +func (in *EntryFulfillmentMessagesOutputAudioTextInitParameters) DeepCopy() *EntryFulfillmentMessagesOutputAudioTextInitParameters { if in == nil { return nil } - out := new(EnvironmentList) + out := new(EntryFulfillmentMessagesOutputAudioTextInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EnvironmentList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvironmentObservation) DeepCopyInto(out *EnvironmentObservation) { +func (in *EntryFulfillmentMessagesOutputAudioTextObservation) DeepCopyInto(out *EntryFulfillmentMessagesOutputAudioTextObservation) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description - *out = new(string) + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) **out = **in } - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.Text != nil { + in, out := &in.Text, &out.Text *out = new(string) **out = **in } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesOutputAudioTextObservation. +func (in *EntryFulfillmentMessagesOutputAudioTextObservation) DeepCopy() *EntryFulfillmentMessagesOutputAudioTextObservation { + if in == nil { + return nil } - if in.Parent != nil { - in, out := &in.Parent, &out.Parent + out := new(EntryFulfillmentMessagesOutputAudioTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EntryFulfillmentMessagesOutputAudioTextParameters) DeepCopyInto(out *EntryFulfillmentMessagesOutputAudioTextParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml *out = new(string) **out = **in } - if in.UpdateTime != nil { - in, out := &in.UpdateTime, &out.UpdateTime + if in.Text != nil { + in, out := &in.Text, &out.Text *out = new(string) **out = **in } - if in.VersionConfigs != nil { - in, out := &in.VersionConfigs, &out.VersionConfigs - *out = make([]VersionConfigsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentObservation. -func (in *EnvironmentObservation) DeepCopy() *EnvironmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesOutputAudioTextParameters. +func (in *EntryFulfillmentMessagesOutputAudioTextParameters) DeepCopy() *EntryFulfillmentMessagesOutputAudioTextParameters { if in == nil { return nil } - out := new(EnvironmentObservation) + out := new(EntryFulfillmentMessagesOutputAudioTextParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvironmentParameters) DeepCopyInto(out *EnvironmentParameters) { +func (in *EntryFulfillmentMessagesParameters) DeepCopyInto(out *EntryFulfillmentMessagesParameters) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.Channel != nil { + in, out := &in.Channel, &out.Channel *out = new(string) **out = **in } - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]EntryFulfillmentMessagesConversationSuccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Parent != nil { - in, out := &in.Parent, &out.Parent + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]EntryFulfillmentMessagesLiveAgentHandoffParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]EntryFulfillmentMessagesOutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } - if in.ParentRef != nil { - in, out := &in.ParentRef, &out.ParentRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]EntryFulfillmentMessagesPlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.ParentSelector != nil { - in, out := &in.ParentSelector, &out.ParentSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]EntryFulfillmentMessagesTelephonyTransferCallParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.VersionConfigs != nil { - in, out := &in.VersionConfigs, &out.VersionConfigs - *out = make([]VersionConfigsParameters, len(*in)) + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]EntryFulfillmentMessagesTextParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentParameters. -func (in *EnvironmentParameters) DeepCopy() *EnvironmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesParameters. +func (in *EntryFulfillmentMessagesParameters) DeepCopy() *EntryFulfillmentMessagesParameters { if in == nil { return nil } - out := new(EnvironmentParameters) + out := new(EntryFulfillmentMessagesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvironmentSpec) DeepCopyInto(out *EnvironmentSpec) { +func (in *EntryFulfillmentMessagesPlayAudioInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesPlayAudioInitParameters) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentSpec. -func (in *EnvironmentSpec) DeepCopy() *EnvironmentSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesPlayAudioInitParameters. +func (in *EntryFulfillmentMessagesPlayAudioInitParameters) DeepCopy() *EntryFulfillmentMessagesPlayAudioInitParameters { if in == nil { return nil } - out := new(EnvironmentSpec) + out := new(EntryFulfillmentMessagesPlayAudioInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvironmentStatus) DeepCopyInto(out *EnvironmentStatus) { +func (in *EntryFulfillmentMessagesPlayAudioObservation) DeepCopyInto(out *EntryFulfillmentMessagesPlayAudioObservation) { *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentStatus. -func (in *EnvironmentStatus) DeepCopy() *EnvironmentStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesPlayAudioObservation. +func (in *EntryFulfillmentMessagesPlayAudioObservation) DeepCopy() *EntryFulfillmentMessagesPlayAudioObservation { if in == nil { return nil } - out := new(EnvironmentStatus) + out := new(EntryFulfillmentMessagesPlayAudioObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersInitParameters) DeepCopyInto(out *EventHandlersInitParameters) { +func (in *EntryFulfillmentMessagesPlayAudioParameters) DeepCopyInto(out *EntryFulfillmentMessagesPlayAudioParameters) { *out = *in - if in.Event != nil { - in, out := &in.Event, &out.Event + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in - } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage - *out = new(string) - **out = **in - } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]TriggerFulfillmentInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersInitParameters. -func (in *EventHandlersInitParameters) DeepCopy() *EventHandlersInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesPlayAudioParameters. +func (in *EntryFulfillmentMessagesPlayAudioParameters) DeepCopy() *EntryFulfillmentMessagesPlayAudioParameters { if in == nil { return nil } - out := new(EventHandlersInitParameters) + out := new(EntryFulfillmentMessagesPlayAudioParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersObservation) DeepCopyInto(out *EventHandlersObservation) { +func (in *EntryFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesTelephonyTransferCallInitParameters) { *out = *in - if in.Event != nil { - in, out := &in.Event, &out.Event - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in - } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber *out = new(string) **out = **in } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]TriggerFulfillmentObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersObservation. -func (in *EventHandlersObservation) DeepCopy() *EventHandlersObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTelephonyTransferCallInitParameters. +func (in *EntryFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopy() *EntryFulfillmentMessagesTelephonyTransferCallInitParameters { if in == nil { return nil } - out := new(EventHandlersObservation) + out := new(EntryFulfillmentMessagesTelephonyTransferCallInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersParameters) DeepCopyInto(out *EventHandlersParameters) { +func (in *EntryFulfillmentMessagesTelephonyTransferCallObservation) DeepCopyInto(out *EntryFulfillmentMessagesTelephonyTransferCallObservation) { *out = *in - if in.Event != nil { - in, out := &in.Event, &out.Event - *out = new(string) - **out = **in - } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber *out = new(string) **out = **in } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage - *out = new(string) - **out = **in - } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]TriggerFulfillmentParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersParameters. -func (in *EventHandlersParameters) DeepCopy() *EventHandlersParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTelephonyTransferCallObservation. +func (in *EntryFulfillmentMessagesTelephonyTransferCallObservation) DeepCopy() *EntryFulfillmentMessagesTelephonyTransferCallObservation { if in == nil { return nil } - out := new(EventHandlersParameters) + out := new(EntryFulfillmentMessagesTelephonyTransferCallObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersTriggerFulfillmentInitParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentInitParameters) { +func (in *EntryFulfillmentMessagesTelephonyTransferCallParameters) DeepCopyInto(out *EntryFulfillmentMessagesTelephonyTransferCallParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]EventHandlersTriggerFulfillmentMessagesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in - } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentInitParameters. -func (in *EventHandlersTriggerFulfillmentInitParameters) DeepCopy() *EventHandlersTriggerFulfillmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTelephonyTransferCallParameters. +func (in *EntryFulfillmentMessagesTelephonyTransferCallParameters) DeepCopy() *EntryFulfillmentMessagesTelephonyTransferCallParameters { if in == nil { return nil } - out := new(EventHandlersTriggerFulfillmentInitParameters) + out := new(EntryFulfillmentMessagesTelephonyTransferCallParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersTriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentMessagesInitParameters) { +func (in *EntryFulfillmentMessagesTextInitParameters) DeepCopyInto(out *EntryFulfillmentMessagesTextInitParameters) { *out = *in if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]TriggerFulfillmentMessagesTextInitParameters, len(*in)) + *out = make([]*string, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentMessagesInitParameters. -func (in *EventHandlersTriggerFulfillmentMessagesInitParameters) DeepCopy() *EventHandlersTriggerFulfillmentMessagesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTextInitParameters. +func (in *EntryFulfillmentMessagesTextInitParameters) DeepCopy() *EntryFulfillmentMessagesTextInitParameters { if in == nil { return nil } - out := new(EventHandlersTriggerFulfillmentMessagesInitParameters) + out := new(EntryFulfillmentMessagesTextInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersTriggerFulfillmentMessagesObservation) DeepCopyInto(out *EventHandlersTriggerFulfillmentMessagesObservation) { +func (in *EntryFulfillmentMessagesTextObservation) DeepCopyInto(out *EntryFulfillmentMessagesTextObservation) { *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]TriggerFulfillmentMessagesTextObservation, len(*in)) + *out = make([]*string, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentMessagesObservation. -func (in *EventHandlersTriggerFulfillmentMessagesObservation) DeepCopy() *EventHandlersTriggerFulfillmentMessagesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTextObservation. +func (in *EntryFulfillmentMessagesTextObservation) DeepCopy() *EntryFulfillmentMessagesTextObservation { if in == nil { return nil } - out := new(EventHandlersTriggerFulfillmentMessagesObservation) + out := new(EntryFulfillmentMessagesTextObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersTriggerFulfillmentMessagesParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentMessagesParameters) { +func (in *EntryFulfillmentMessagesTextParameters) DeepCopyInto(out *EntryFulfillmentMessagesTextParameters) { *out = *in if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]TriggerFulfillmentMessagesTextParameters, len(*in)) + *out = make([]*string, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentMessagesParameters. -func (in *EventHandlersTriggerFulfillmentMessagesParameters) DeepCopy() *EventHandlersTriggerFulfillmentMessagesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentMessagesTextParameters. +func (in *EntryFulfillmentMessagesTextParameters) DeepCopy() *EntryFulfillmentMessagesTextParameters { if in == nil { return nil } - out := new(EventHandlersTriggerFulfillmentMessagesParameters) + out := new(EntryFulfillmentMessagesTextParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersTriggerFulfillmentObservation) DeepCopyInto(out *EventHandlersTriggerFulfillmentObservation) { +func (in *EntryFulfillmentObservation) DeepCopyInto(out *EntryFulfillmentObservation) { *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]EntryFulfillmentConditionalCasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Messages != nil { in, out := &in.Messages, &out.Messages - *out = make([]EventHandlersTriggerFulfillmentMessagesObservation, len(*in)) + *out = make([]EntryFulfillmentMessagesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1526,6 +2104,13 @@ func (in *EventHandlersTriggerFulfillmentObservation) DeepCopyInto(out *EventHan *out = new(bool) **out = **in } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]EntryFulfillmentSetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Tag != nil { in, out := &in.Tag, &out.Tag *out = new(string) @@ -1538,22 +2123,29 @@ func (in *EventHandlersTriggerFulfillmentObservation) DeepCopyInto(out *EventHan } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentObservation. -func (in *EventHandlersTriggerFulfillmentObservation) DeepCopy() *EventHandlersTriggerFulfillmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentObservation. +func (in *EntryFulfillmentObservation) DeepCopy() *EntryFulfillmentObservation { if in == nil { return nil } - out := new(EventHandlersTriggerFulfillmentObservation) + out := new(EntryFulfillmentObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventHandlersTriggerFulfillmentParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentParameters) { +func (in *EntryFulfillmentParameters) DeepCopyInto(out *EntryFulfillmentParameters) { *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]EntryFulfillmentConditionalCasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Messages != nil { in, out := &in.Messages, &out.Messages - *out = make([]EventHandlersTriggerFulfillmentMessagesParameters, len(*in)) + *out = make([]EntryFulfillmentMessagesParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1563,6 +2155,13 @@ func (in *EventHandlersTriggerFulfillmentParameters) DeepCopyInto(out *EventHand *out = new(bool) **out = **in } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]EntryFulfillmentSetParameterActionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Tag != nil { in, out := &in.Tag, &out.Tag *out = new(string) @@ -1575,39 +2174,24 @@ func (in *EventHandlersTriggerFulfillmentParameters) DeepCopyInto(out *EventHand } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentParameters. -func (in *EventHandlersTriggerFulfillmentParameters) DeepCopy() *EventHandlersTriggerFulfillmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentParameters. +func (in *EntryFulfillmentParameters) DeepCopy() *EntryFulfillmentParameters { if in == nil { return nil } - out := new(EventHandlersTriggerFulfillmentParameters) + out := new(EntryFulfillmentParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExcludedPhrasesInitParameters) DeepCopyInto(out *ExcludedPhrasesInitParameters) { +func (in *EntryFulfillmentSetParameterActionsInitParameters) DeepCopyInto(out *EntryFulfillmentSetParameterActionsInitParameters) { *out = *in - if in.Value != nil { - in, out := &in.Value, &out.Value + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter *out = new(string) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedPhrasesInitParameters. -func (in *ExcludedPhrasesInitParameters) DeepCopy() *ExcludedPhrasesInitParameters { - if in == nil { - return nil - } - out := new(ExcludedPhrasesInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExcludedPhrasesObservation) DeepCopyInto(out *ExcludedPhrasesObservation) { - *out = *in if in.Value != nil { in, out := &in.Value, &out.Value *out = new(string) @@ -1615,19 +2199,24 @@ func (in *ExcludedPhrasesObservation) DeepCopyInto(out *ExcludedPhrasesObservati } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedPhrasesObservation. -func (in *ExcludedPhrasesObservation) DeepCopy() *ExcludedPhrasesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentSetParameterActionsInitParameters. +func (in *EntryFulfillmentSetParameterActionsInitParameters) DeepCopy() *EntryFulfillmentSetParameterActionsInitParameters { if in == nil { return nil } - out := new(ExcludedPhrasesObservation) + out := new(EntryFulfillmentSetParameterActionsInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExcludedPhrasesParameters) DeepCopyInto(out *ExcludedPhrasesParameters) { +func (in *EntryFulfillmentSetParameterActionsObservation) DeepCopyInto(out *EntryFulfillmentSetParameterActionsObservation) { *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } if in.Value != nil { in, out := &in.Value, &out.Value *out = new(string) @@ -1635,84 +2224,43 @@ func (in *ExcludedPhrasesParameters) DeepCopyInto(out *ExcludedPhrasesParameters } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedPhrasesParameters. -func (in *ExcludedPhrasesParameters) DeepCopy() *ExcludedPhrasesParameters { - if in == nil { - return nil - } - out := new(ExcludedPhrasesParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FillBehaviorInitParameters) DeepCopyInto(out *FillBehaviorInitParameters) { - *out = *in - if in.InitialPromptFulfillment != nil { - in, out := &in.InitialPromptFulfillment, &out.InitialPromptFulfillment - *out = make([]InitialPromptFulfillmentInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FillBehaviorInitParameters. -func (in *FillBehaviorInitParameters) DeepCopy() *FillBehaviorInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentSetParameterActionsObservation. +func (in *EntryFulfillmentSetParameterActionsObservation) DeepCopy() *EntryFulfillmentSetParameterActionsObservation { if in == nil { return nil } - out := new(FillBehaviorInitParameters) + out := new(EntryFulfillmentSetParameterActionsObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FillBehaviorObservation) DeepCopyInto(out *FillBehaviorObservation) { +func (in *EntryFulfillmentSetParameterActionsParameters) DeepCopyInto(out *EntryFulfillmentSetParameterActionsParameters) { *out = *in - if in.InitialPromptFulfillment != nil { - in, out := &in.InitialPromptFulfillment, &out.InitialPromptFulfillment - *out = make([]InitialPromptFulfillmentObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FillBehaviorObservation. -func (in *FillBehaviorObservation) DeepCopy() *FillBehaviorObservation { - if in == nil { - return nil + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in } - out := new(FillBehaviorObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FillBehaviorParameters) DeepCopyInto(out *FillBehaviorParameters) { - *out = *in - if in.InitialPromptFulfillment != nil { - in, out := &in.InitialPromptFulfillment, &out.InitialPromptFulfillment - *out = make([]InitialPromptFulfillmentParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FillBehaviorParameters. -func (in *FillBehaviorParameters) DeepCopy() *FillBehaviorParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntryFulfillmentSetParameterActionsParameters. +func (in *EntryFulfillmentSetParameterActionsParameters) DeepCopy() *EntryFulfillmentSetParameterActionsParameters { if in == nil { return nil } - out := new(FillBehaviorParameters) + out := new(EntryFulfillmentSetParameterActionsParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Flow) DeepCopyInto(out *Flow) { +func (in *Environment) DeepCopyInto(out *Environment) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -1720,18 +2268,18 @@ func (in *Flow) DeepCopyInto(out *Flow) { in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Flow. -func (in *Flow) DeepCopy() *Flow { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Environment. +func (in *Environment) DeepCopy() *Environment { if in == nil { return nil } - out := new(Flow) + out := new(Environment) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Flow) DeepCopyObject() runtime.Object { +func (in *Environment) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -1739,7 +2287,7 @@ func (in *Flow) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowInitParameters) DeepCopyInto(out *FlowInitParameters) { +func (in *EnvironmentInitParameters) DeepCopyInto(out *EnvironmentInitParameters) { *out = *in if in.Description != nil { in, out := &in.Description, &out.Description @@ -1751,25 +2299,6 @@ func (in *FlowInitParameters) DeepCopyInto(out *FlowInitParameters) { *out = new(string) **out = **in } - if in.EventHandlers != nil { - in, out := &in.EventHandlers, &out.EventHandlers - *out = make([]EventHandlersInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.LanguageCode != nil { - in, out := &in.LanguageCode, &out.LanguageCode - *out = new(string) - **out = **in - } - if in.NluSettings != nil { - in, out := &in.NluSettings, &out.NluSettings - *out = make([]NluSettingsInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Parent != nil { in, out := &in.Parent, &out.Parent *out = new(string) @@ -1785,62 +2314,51 @@ func (in *FlowInitParameters) DeepCopyInto(out *FlowInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } - if in.TransitionRouteGroups != nil { - in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.TransitionRoutes != nil { - in, out := &in.TransitionRoutes, &out.TransitionRoutes - *out = make([]TransitionRoutesInitParameters, len(*in)) + if in.VersionConfigs != nil { + in, out := &in.VersionConfigs, &out.VersionConfigs + *out = make([]VersionConfigsInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowInitParameters. -func (in *FlowInitParameters) DeepCopy() *FlowInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentInitParameters. +func (in *EnvironmentInitParameters) DeepCopy() *EnvironmentInitParameters { if in == nil { return nil } - out := new(FlowInitParameters) + out := new(EnvironmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowList) DeepCopyInto(out *FlowList) { +func (in *EnvironmentList) DeepCopyInto(out *EnvironmentList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Flow, len(*in)) + *out = make([]Environment, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowList. -func (in *FlowList) DeepCopy() *FlowList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentList. +func (in *EnvironmentList) DeepCopy() *EnvironmentList { if in == nil { return nil } - out := new(FlowList) + out := new(EnvironmentList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *FlowList) DeepCopyObject() runtime.Object { +func (in *EnvironmentList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -1848,7 +2366,7 @@ func (in *FlowList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowObservation) DeepCopyInto(out *FlowObservation) { +func (in *EnvironmentObservation) DeepCopyInto(out *EnvironmentObservation) { *out = *in if in.Description != nil { in, out := &in.Description, &out.Description @@ -1860,72 +2378,47 @@ func (in *FlowObservation) DeepCopyInto(out *FlowObservation) { *out = new(string) **out = **in } - if in.EventHandlers != nil { - in, out := &in.EventHandlers, &out.EventHandlers - *out = make([]EventHandlersObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } - if in.LanguageCode != nil { - in, out := &in.LanguageCode, &out.LanguageCode - *out = new(string) - **out = **in - } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) **out = **in } - if in.NluSettings != nil { - in, out := &in.NluSettings, &out.NluSettings - *out = make([]NluSettingsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Parent != nil { in, out := &in.Parent, &out.Parent *out = new(string) **out = **in } - if in.TransitionRouteGroups != nil { - in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.TransitionRoutes != nil { - in, out := &in.TransitionRoutes, &out.TransitionRoutes - *out = make([]TransitionRoutesObservation, len(*in)) + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } + if in.VersionConfigs != nil { + in, out := &in.VersionConfigs, &out.VersionConfigs + *out = make([]VersionConfigsObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowObservation. -func (in *FlowObservation) DeepCopy() *FlowObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentObservation. +func (in *EnvironmentObservation) DeepCopy() *EnvironmentObservation { if in == nil { return nil } - out := new(FlowObservation) + out := new(EnvironmentObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowParameters) DeepCopyInto(out *FlowParameters) { +func (in *EnvironmentParameters) DeepCopyInto(out *EnvironmentParameters) { *out = *in if in.Description != nil { in, out := &in.Description, &out.Description @@ -1937,25 +2430,6 @@ func (in *FlowParameters) DeepCopyInto(out *FlowParameters) { *out = new(string) **out = **in } - if in.EventHandlers != nil { - in, out := &in.EventHandlers, &out.EventHandlers - *out = make([]EventHandlersParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.LanguageCode != nil { - in, out := &in.LanguageCode, &out.LanguageCode - *out = new(string) - **out = **in - } - if in.NluSettings != nil { - in, out := &in.NluSettings, &out.NluSettings - *out = make([]NluSettingsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Parent != nil { in, out := &in.Parent, &out.Parent *out = new(string) @@ -1971,425 +2445,501 @@ func (in *FlowParameters) DeepCopyInto(out *FlowParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } - if in.TransitionRouteGroups != nil { - in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.TransitionRoutes != nil { - in, out := &in.TransitionRoutes, &out.TransitionRoutes - *out = make([]TransitionRoutesParameters, len(*in)) + if in.VersionConfigs != nil { + in, out := &in.VersionConfigs, &out.VersionConfigs + *out = make([]VersionConfigsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowParameters. -func (in *FlowParameters) DeepCopy() *FlowParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentParameters. +func (in *EnvironmentParameters) DeepCopy() *EnvironmentParameters { if in == nil { return nil } - out := new(FlowParameters) + out := new(EnvironmentParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowSpec) DeepCopyInto(out *FlowSpec) { +func (in *EnvironmentSpec) DeepCopyInto(out *EnvironmentSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) in.InitProvider.DeepCopyInto(&out.InitProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSpec. -func (in *FlowSpec) DeepCopy() *FlowSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentSpec. +func (in *EnvironmentSpec) DeepCopy() *EnvironmentSpec { if in == nil { return nil } - out := new(FlowSpec) + out := new(EnvironmentSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowStatus) DeepCopyInto(out *FlowStatus) { +func (in *EnvironmentStatus) DeepCopyInto(out *EnvironmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) in.AtProvider.DeepCopyInto(&out.AtProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowStatus. -func (in *FlowStatus) DeepCopy() *FlowStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentStatus. +func (in *EnvironmentStatus) DeepCopy() *EnvironmentStatus { if in == nil { return nil } - out := new(FlowStatus) + out := new(EnvironmentStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FormInitParameters) DeepCopyInto(out *FormInitParameters) { +func (in *EventHandlersInitParameters) DeepCopyInto(out *EventHandlersInitParameters) { *out = *in - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make([]FormParametersInitParameters, len(*in)) + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]TriggerFulfillmentInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormInitParameters. -func (in *FormInitParameters) DeepCopy() *FormInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersInitParameters. +func (in *EventHandlersInitParameters) DeepCopy() *EventHandlersInitParameters { if in == nil { return nil } - out := new(FormInitParameters) + out := new(EventHandlersInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FormObservation) DeepCopyInto(out *FormObservation) { +func (in *EventHandlersObservation) DeepCopyInto(out *EventHandlersObservation) { *out = *in - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make([]FormParametersObservation, len(*in)) + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]TriggerFulfillmentObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormObservation. -func (in *FormObservation) DeepCopy() *FormObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersObservation. +func (in *EventHandlersObservation) DeepCopy() *EventHandlersObservation { if in == nil { return nil } - out := new(FormObservation) + out := new(EventHandlersObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FormParameters) DeepCopyInto(out *FormParameters) { +func (in *EventHandlersParameters) DeepCopyInto(out *EventHandlersParameters) { *out = *in - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make([]FormParametersParameters, len(*in)) + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]TriggerFulfillmentParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParameters. -func (in *FormParameters) DeepCopy() *FormParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersParameters. +func (in *EventHandlersParameters) DeepCopy() *EventHandlersParameters { if in == nil { return nil } - out := new(FormParameters) + out := new(EventHandlersParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FormParametersInitParameters) DeepCopyInto(out *FormParametersInitParameters) { +func (in *EventHandlersTriggerFulfillmentConditionalCasesInitParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentConditionalCasesInitParameters) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in - } - if in.EntityType != nil { - in, out := &in.EntityType, &out.EntityType + if in.Cases != nil { + in, out := &in.Cases, &out.Cases *out = new(string) **out = **in } - if in.FillBehavior != nil { - in, out := &in.FillBehavior, &out.FillBehavior - *out = make([]FillBehaviorInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.IsList != nil { - in, out := &in.IsList, &out.IsList - *out = new(bool) - **out = **in - } - if in.Redact != nil { - in, out := &in.Redact, &out.Redact - *out = new(bool) - **out = **in - } - if in.Required != nil { - in, out := &in.Required, &out.Required - *out = new(bool) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParametersInitParameters. -func (in *FormParametersInitParameters) DeepCopy() *FormParametersInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentConditionalCasesInitParameters. +func (in *EventHandlersTriggerFulfillmentConditionalCasesInitParameters) DeepCopy() *EventHandlersTriggerFulfillmentConditionalCasesInitParameters { if in == nil { return nil } - out := new(FormParametersInitParameters) + out := new(EventHandlersTriggerFulfillmentConditionalCasesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FormParametersObservation) DeepCopyInto(out *FormParametersObservation) { +func (in *EventHandlersTriggerFulfillmentConditionalCasesObservation) DeepCopyInto(out *EventHandlersTriggerFulfillmentConditionalCasesObservation) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in - } - if in.EntityType != nil { - in, out := &in.EntityType, &out.EntityType + if in.Cases != nil { + in, out := &in.Cases, &out.Cases *out = new(string) **out = **in } - if in.FillBehavior != nil { - in, out := &in.FillBehavior, &out.FillBehavior - *out = make([]FillBehaviorObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.IsList != nil { - in, out := &in.IsList, &out.IsList - *out = new(bool) - **out = **in - } - if in.Redact != nil { - in, out := &in.Redact, &out.Redact - *out = new(bool) - **out = **in - } - if in.Required != nil { - in, out := &in.Required, &out.Required - *out = new(bool) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParametersObservation. -func (in *FormParametersObservation) DeepCopy() *FormParametersObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentConditionalCasesObservation. +func (in *EventHandlersTriggerFulfillmentConditionalCasesObservation) DeepCopy() *EventHandlersTriggerFulfillmentConditionalCasesObservation { if in == nil { return nil } - out := new(FormParametersObservation) + out := new(EventHandlersTriggerFulfillmentConditionalCasesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FormParametersParameters) DeepCopyInto(out *FormParametersParameters) { +func (in *EventHandlersTriggerFulfillmentConditionalCasesParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentConditionalCasesParameters) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName + if in.Cases != nil { + in, out := &in.Cases, &out.Cases *out = new(string) **out = **in } - if in.EntityType != nil { - in, out := &in.EntityType, &out.EntityType - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentConditionalCasesParameters. +func (in *EventHandlersTriggerFulfillmentConditionalCasesParameters) DeepCopy() *EventHandlersTriggerFulfillmentConditionalCasesParameters { + if in == nil { + return nil } - if in.FillBehavior != nil { - in, out := &in.FillBehavior, &out.FillBehavior - *out = make([]FillBehaviorParameters, len(*in)) + out := new(EventHandlersTriggerFulfillmentConditionalCasesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EventHandlersTriggerFulfillmentInitParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentInitParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]EventHandlersTriggerFulfillmentConditionalCasesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.IsList != nil { - in, out := &in.IsList, &out.IsList + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]EventHandlersTriggerFulfillmentMessagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses *out = new(bool) **out = **in } - if in.Redact != nil { - in, out := &in.Redact, &out.Redact - *out = new(bool) + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]EventHandlersTriggerFulfillmentSetParameterActionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) **out = **in } - if in.Required != nil { - in, out := &in.Required, &out.Required - *out = new(bool) + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParametersParameters. -func (in *FormParametersParameters) DeepCopy() *FormParametersParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentInitParameters. +func (in *EventHandlersTriggerFulfillmentInitParameters) DeepCopy() *EventHandlersTriggerFulfillmentInitParameters { if in == nil { return nil } - out := new(FormParametersParameters) + out := new(EventHandlersTriggerFulfillmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GenericWebServiceInitParameters) DeepCopyInto(out *GenericWebServiceInitParameters) { +func (in *EventHandlersTriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentMessagesInitParameters) { *out = *in - if in.AllowedCACerts != nil { - in, out := &in.AllowedCACerts, &out.AllowedCACerts - *out = make([]*string, len(*in)) + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]TriggerFulfillmentMessagesConversationSuccessInitParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequestHeaders != nil { - in, out := &in.RequestHeaders, &out.RequestHeaders - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]TriggerFulfillmentMessagesLiveAgentHandoffInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.URI != nil { - in, out := &in.URI, &out.URI + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]TriggerFulfillmentMessagesOutputAudioTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]TriggerFulfillmentMessagesPlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TriggerFulfillmentMessagesTelephonyTransferCallInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TriggerFulfillmentMessagesTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericWebServiceInitParameters. -func (in *GenericWebServiceInitParameters) DeepCopy() *GenericWebServiceInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentMessagesInitParameters. +func (in *EventHandlersTriggerFulfillmentMessagesInitParameters) DeepCopy() *EventHandlersTriggerFulfillmentMessagesInitParameters { if in == nil { return nil } - out := new(GenericWebServiceInitParameters) + out := new(EventHandlersTriggerFulfillmentMessagesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GenericWebServiceObservation) DeepCopyInto(out *GenericWebServiceObservation) { +func (in *EventHandlersTriggerFulfillmentMessagesObservation) DeepCopyInto(out *EventHandlersTriggerFulfillmentMessagesObservation) { *out = *in - if in.AllowedCACerts != nil { - in, out := &in.AllowedCACerts, &out.AllowedCACerts - *out = make([]*string, len(*in)) + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]TriggerFulfillmentMessagesConversationSuccessObservation, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequestHeaders != nil { - in, out := &in.RequestHeaders, &out.RequestHeaders - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]TriggerFulfillmentMessagesLiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.URI != nil { - in, out := &in.URI, &out.URI + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]TriggerFulfillmentMessagesOutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]TriggerFulfillmentMessagesPlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TriggerFulfillmentMessagesTelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TriggerFulfillmentMessagesTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericWebServiceObservation. -func (in *GenericWebServiceObservation) DeepCopy() *GenericWebServiceObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentMessagesObservation. +func (in *EventHandlersTriggerFulfillmentMessagesObservation) DeepCopy() *EventHandlersTriggerFulfillmentMessagesObservation { if in == nil { return nil } - out := new(GenericWebServiceObservation) + out := new(EventHandlersTriggerFulfillmentMessagesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GenericWebServiceParameters) DeepCopyInto(out *GenericWebServiceParameters) { +func (in *EventHandlersTriggerFulfillmentMessagesParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentMessagesParameters) { *out = *in - if in.AllowedCACerts != nil { - in, out := &in.AllowedCACerts, &out.AllowedCACerts - *out = make([]*string, len(*in)) + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]TriggerFulfillmentMessagesConversationSuccessParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequestHeaders != nil { - in, out := &in.RequestHeaders, &out.RequestHeaders - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]TriggerFulfillmentMessagesLiveAgentHandoffParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.URI != nil { - in, out := &in.URI, &out.URI + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]TriggerFulfillmentMessagesOutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]TriggerFulfillmentMessagesPlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TriggerFulfillmentMessagesTelephonyTransferCallParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TriggerFulfillmentMessagesTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericWebServiceParameters. -func (in *GenericWebServiceParameters) DeepCopy() *GenericWebServiceParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentMessagesParameters. +func (in *EventHandlersTriggerFulfillmentMessagesParameters) DeepCopy() *EventHandlersTriggerFulfillmentMessagesParameters { if in == nil { return nil } - out := new(GenericWebServiceParameters) + out := new(EventHandlersTriggerFulfillmentMessagesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentInitParameters) DeepCopyInto(out *InitialPromptFulfillmentInitParameters) { +func (in *EventHandlersTriggerFulfillmentObservation) DeepCopyInto(out *EventHandlersTriggerFulfillmentObservation) { *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]EventHandlersTriggerFulfillmentConditionalCasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Messages != nil { in, out := &in.Messages, &out.Messages - *out = make([]InitialPromptFulfillmentMessagesInitParameters, len(*in)) + *out = make([]EventHandlersTriggerFulfillmentMessagesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2399,6 +2949,13 @@ func (in *InitialPromptFulfillmentInitParameters) DeepCopyInto(out *InitialPromp *out = new(bool) **out = **in } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]EventHandlersTriggerFulfillmentSetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Tag != nil { in, out := &in.Tag, &out.Tag *out = new(string) @@ -2411,241 +2968,291 @@ func (in *InitialPromptFulfillmentInitParameters) DeepCopyInto(out *InitialPromp } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentInitParameters. -func (in *InitialPromptFulfillmentInitParameters) DeepCopy() *InitialPromptFulfillmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentObservation. +func (in *EventHandlersTriggerFulfillmentObservation) DeepCopy() *EventHandlersTriggerFulfillmentObservation { if in == nil { return nil } - out := new(InitialPromptFulfillmentInitParameters) + out := new(EventHandlersTriggerFulfillmentObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentMessagesInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesInitParameters) { +func (in *EventHandlersTriggerFulfillmentParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]InitialPromptFulfillmentMessagesTextInitParameters, len(*in)) + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]EventHandlersTriggerFulfillmentConditionalCasesParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesInitParameters. -func (in *InitialPromptFulfillmentMessagesInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesInitParameters { - if in == nil { - return nil + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]EventHandlersTriggerFulfillmentMessagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - out := new(InitialPromptFulfillmentMessagesInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentMessagesObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesObservation) { - *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]InitialPromptFulfillmentMessagesTextObservation, len(*in)) + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]EventHandlersTriggerFulfillmentSetParameterActionsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } -} + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesObservation. -func (in *InitialPromptFulfillmentMessagesObservation) DeepCopy() *InitialPromptFulfillmentMessagesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentParameters. +func (in *EventHandlersTriggerFulfillmentParameters) DeepCopy() *EventHandlersTriggerFulfillmentParameters { if in == nil { return nil } - out := new(InitialPromptFulfillmentMessagesObservation) + out := new(EventHandlersTriggerFulfillmentParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentMessagesParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesParameters) { +func (in *EventHandlersTriggerFulfillmentSetParameterActionsInitParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentSetParameterActionsInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]InitialPromptFulfillmentMessagesTextParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesParameters. -func (in *InitialPromptFulfillmentMessagesParameters) DeepCopy() *InitialPromptFulfillmentMessagesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentSetParameterActionsInitParameters. +func (in *EventHandlersTriggerFulfillmentSetParameterActionsInitParameters) DeepCopy() *EventHandlersTriggerFulfillmentSetParameterActionsInitParameters { if in == nil { return nil } - out := new(InitialPromptFulfillmentMessagesParameters) + out := new(EventHandlersTriggerFulfillmentSetParameterActionsInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentMessagesTextInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesTextInitParameters) { +func (in *EventHandlersTriggerFulfillmentSetParameterActionsObservation) DeepCopyInto(out *EventHandlersTriggerFulfillmentSetParameterActionsObservation) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTextInitParameters. -func (in *InitialPromptFulfillmentMessagesTextInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesTextInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentSetParameterActionsObservation. +func (in *EventHandlersTriggerFulfillmentSetParameterActionsObservation) DeepCopy() *EventHandlersTriggerFulfillmentSetParameterActionsObservation { if in == nil { return nil } - out := new(InitialPromptFulfillmentMessagesTextInitParameters) + out := new(EventHandlersTriggerFulfillmentSetParameterActionsObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentMessagesTextObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesTextObservation) { +func (in *EventHandlersTriggerFulfillmentSetParameterActionsParameters) DeepCopyInto(out *EventHandlersTriggerFulfillmentSetParameterActionsParameters) { *out = *in - if in.AllowPlaybackInterruption != nil { - in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption - *out = new(bool) + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) **out = **in } - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTextObservation. -func (in *InitialPromptFulfillmentMessagesTextObservation) DeepCopy() *InitialPromptFulfillmentMessagesTextObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventHandlersTriggerFulfillmentSetParameterActionsParameters. +func (in *EventHandlersTriggerFulfillmentSetParameterActionsParameters) DeepCopy() *EventHandlersTriggerFulfillmentSetParameterActionsParameters { if in == nil { return nil } - out := new(InitialPromptFulfillmentMessagesTextObservation) + out := new(EventHandlersTriggerFulfillmentSetParameterActionsParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentMessagesTextParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesTextParameters) { +func (in *ExcludedPhrasesInitParameters) DeepCopyInto(out *ExcludedPhrasesInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTextParameters. -func (in *InitialPromptFulfillmentMessagesTextParameters) DeepCopy() *InitialPromptFulfillmentMessagesTextParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedPhrasesInitParameters. +func (in *ExcludedPhrasesInitParameters) DeepCopy() *ExcludedPhrasesInitParameters { if in == nil { return nil } - out := new(InitialPromptFulfillmentMessagesTextParameters) + out := new(ExcludedPhrasesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentObservation) DeepCopyInto(out *InitialPromptFulfillmentObservation) { +func (in *ExcludedPhrasesObservation) DeepCopyInto(out *ExcludedPhrasesObservation) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]InitialPromptFulfillmentMessagesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag + if in.Value != nil { + in, out := &in.Value, &out.Value *out = new(string) **out = **in } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedPhrasesObservation. +func (in *ExcludedPhrasesObservation) DeepCopy() *ExcludedPhrasesObservation { + if in == nil { + return nil + } + out := new(ExcludedPhrasesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExcludedPhrasesParameters) DeepCopyInto(out *ExcludedPhrasesParameters) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentObservation. -func (in *InitialPromptFulfillmentObservation) DeepCopy() *InitialPromptFulfillmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedPhrasesParameters. +func (in *ExcludedPhrasesParameters) DeepCopy() *ExcludedPhrasesParameters { if in == nil { return nil } - out := new(InitialPromptFulfillmentObservation) + out := new(ExcludedPhrasesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InitialPromptFulfillmentParameters) DeepCopyInto(out *InitialPromptFulfillmentParameters) { +func (in *FillBehaviorInitParameters) DeepCopyInto(out *FillBehaviorInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]InitialPromptFulfillmentMessagesParameters, len(*in)) + if in.InitialPromptFulfillment != nil { + in, out := &in.InitialPromptFulfillment, &out.InitialPromptFulfillment + *out = make([]InitialPromptFulfillmentInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in + if in.RepromptEventHandlers != nil { + in, out := &in.RepromptEventHandlers, &out.RepromptEventHandlers + *out = make([]RepromptEventHandlersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FillBehaviorInitParameters. +func (in *FillBehaviorInitParameters) DeepCopy() *FillBehaviorInitParameters { + if in == nil { + return nil } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook - *out = new(string) - **out = **in + out := new(FillBehaviorInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FillBehaviorObservation) DeepCopyInto(out *FillBehaviorObservation) { + *out = *in + if in.InitialPromptFulfillment != nil { + in, out := &in.InitialPromptFulfillment, &out.InitialPromptFulfillment + *out = make([]InitialPromptFulfillmentObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RepromptEventHandlers != nil { + in, out := &in.RepromptEventHandlers, &out.RepromptEventHandlers + *out = make([]RepromptEventHandlersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentParameters. -func (in *InitialPromptFulfillmentParameters) DeepCopy() *InitialPromptFulfillmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FillBehaviorObservation. +func (in *FillBehaviorObservation) DeepCopy() *FillBehaviorObservation { if in == nil { return nil } - out := new(InitialPromptFulfillmentParameters) + out := new(FillBehaviorObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Intent) DeepCopyInto(out *Intent) { +func (in *FillBehaviorParameters) DeepCopyInto(out *FillBehaviorParameters) { + *out = *in + if in.InitialPromptFulfillment != nil { + in, out := &in.InitialPromptFulfillment, &out.InitialPromptFulfillment + *out = make([]InitialPromptFulfillmentParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RepromptEventHandlers != nil { + in, out := &in.RepromptEventHandlers, &out.RepromptEventHandlers + *out = make([]RepromptEventHandlersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FillBehaviorParameters. +func (in *FillBehaviorParameters) DeepCopy() *FillBehaviorParameters { + if in == nil { + return nil + } + out := new(FillBehaviorParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Flow) DeepCopyInto(out *Flow) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -2653,18 +3260,18 @@ func (in *Intent) DeepCopyInto(out *Intent) { in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Intent. -func (in *Intent) DeepCopy() *Intent { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Flow. +func (in *Flow) DeepCopy() *Flow { if in == nil { return nil } - out := new(Intent) + out := new(Flow) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Intent) DeepCopyObject() runtime.Object { +func (in *Flow) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -2672,47 +3279,132 @@ func (in *Intent) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntentInitParameters) DeepCopyInto(out *IntentInitParameters) { +func (in *FlowAdvancedSettingsInitParameters) DeepCopyInto(out *FlowAdvancedSettingsInitParameters) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description - *out = new(string) - **out = **in + if in.AudioExportGcsDestination != nil { + in, out := &in.AudioExportGcsDestination, &out.AudioExportGcsDestination + *out = make([]AdvancedSettingsAudioExportGcsDestinationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]AdvancedSettingsDtmfSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.IsFallback != nil { - in, out := &in.IsFallback, &out.IsFallback - *out = new(bool) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowAdvancedSettingsInitParameters. +func (in *FlowAdvancedSettingsInitParameters) DeepCopy() *FlowAdvancedSettingsInitParameters { + if in == nil { + return nil } - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal + out := new(FlowAdvancedSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FlowAdvancedSettingsObservation) DeepCopyInto(out *FlowAdvancedSettingsObservation) { + *out = *in + if in.AudioExportGcsDestination != nil { + in, out := &in.AudioExportGcsDestination, &out.AudioExportGcsDestination + *out = make([]AdvancedSettingsAudioExportGcsDestinationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]AdvancedSettingsDtmfSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowAdvancedSettingsObservation. +func (in *FlowAdvancedSettingsObservation) DeepCopy() *FlowAdvancedSettingsObservation { + if in == nil { + return nil + } + out := new(FlowAdvancedSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FlowAdvancedSettingsParameters) DeepCopyInto(out *FlowAdvancedSettingsParameters) { + *out = *in + if in.AudioExportGcsDestination != nil { + in, out := &in.AudioExportGcsDestination, &out.AudioExportGcsDestination + *out = make([]AdvancedSettingsAudioExportGcsDestinationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]AdvancedSettingsDtmfSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowAdvancedSettingsParameters. +func (in *FlowAdvancedSettingsParameters) DeepCopy() *FlowAdvancedSettingsParameters { + if in == nil { + return nil + } + out := new(FlowAdvancedSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FlowInitParameters) DeepCopyInto(out *FlowInitParameters) { + *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]FlowAdvancedSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EventHandlers != nil { + in, out := &in.EventHandlers, &out.EventHandlers + *out = make([]EventHandlersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IsDefaultStartFlow != nil { + in, out := &in.IsDefaultStartFlow, &out.IsDefaultStartFlow + *out = new(bool) + **out = **in + } if in.LanguageCode != nil { in, out := &in.LanguageCode, &out.LanguageCode *out = new(string) **out = **in } - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make([]ParametersInitParameters, len(*in)) + if in.NluSettings != nil { + in, out := &in.NluSettings, &out.NluSettings + *out = make([]NluSettingsInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2732,56 +3424,62 @@ func (in *IntentInitParameters) DeepCopyInto(out *IntentInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } - if in.Priority != nil { - in, out := &in.Priority, &out.Priority - *out = new(float64) - **out = **in + if in.TransitionRouteGroups != nil { + in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } - if in.TrainingPhrases != nil { - in, out := &in.TrainingPhrases, &out.TrainingPhrases - *out = make([]TrainingPhrasesInitParameters, len(*in)) + if in.TransitionRoutes != nil { + in, out := &in.TransitionRoutes, &out.TransitionRoutes + *out = make([]TransitionRoutesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentInitParameters. -func (in *IntentInitParameters) DeepCopy() *IntentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowInitParameters. +func (in *FlowInitParameters) DeepCopy() *FlowInitParameters { if in == nil { return nil } - out := new(IntentInitParameters) + out := new(FlowInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntentList) DeepCopyInto(out *IntentList) { +func (in *FlowList) DeepCopyInto(out *FlowList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Intent, len(*in)) + *out = make([]Flow, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentList. -func (in *IntentList) DeepCopy() *IntentList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowList. +func (in *FlowList) DeepCopy() *FlowList { if in == nil { return nil } - out := new(IntentList) + out := new(FlowList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IntentList) DeepCopyObject() runtime.Object { +func (in *FlowList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -2789,8 +3487,15 @@ func (in *IntentList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntentObservation) DeepCopyInto(out *IntentObservation) { +func (in *FlowObservation) DeepCopyInto(out *FlowObservation) { *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]FlowAdvancedSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2801,32 +3506,23 @@ func (in *IntentObservation) DeepCopyInto(out *IntentObservation) { *out = new(string) **out = **in } + if in.EventHandlers != nil { + in, out := &in.EventHandlers, &out.EventHandlers + *out = make([]EventHandlersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } - if in.IsFallback != nil { - in, out := &in.IsFallback, &out.IsFallback + if in.IsDefaultStartFlow != nil { + in, out := &in.IsDefaultStartFlow, &out.IsDefaultStartFlow *out = new(bool) **out = **in } - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } if in.LanguageCode != nil { in, out := &in.LanguageCode, &out.LanguageCode *out = new(string) @@ -2837,9 +3533,9 @@ func (in *IntentObservation) DeepCopyInto(out *IntentObservation) { *out = new(string) **out = **in } - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make([]ParametersObservation, len(*in)) + if in.NluSettings != nil { + in, out := &in.NluSettings, &out.NluSettings + *out = make([]NluSettingsObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2849,33 +3545,46 @@ func (in *IntentObservation) DeepCopyInto(out *IntentObservation) { *out = new(string) **out = **in } - if in.Priority != nil { - in, out := &in.Priority, &out.Priority - *out = new(float64) - **out = **in + if in.TransitionRouteGroups != nil { + in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } - if in.TrainingPhrases != nil { - in, out := &in.TrainingPhrases, &out.TrainingPhrases - *out = make([]TrainingPhrasesObservation, len(*in)) + if in.TransitionRoutes != nil { + in, out := &in.TransitionRoutes, &out.TransitionRoutes + *out = make([]TransitionRoutesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentObservation. -func (in *IntentObservation) DeepCopy() *IntentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowObservation. +func (in *FlowObservation) DeepCopy() *FlowObservation { if in == nil { return nil } - out := new(IntentObservation) + out := new(FlowObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntentParameters) DeepCopyInto(out *IntentParameters) { +func (in *FlowParameters) DeepCopyInto(out *FlowParameters) { *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]FlowAdvancedSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2886,35 +3595,26 @@ func (in *IntentParameters) DeepCopyInto(out *IntentParameters) { *out = new(string) **out = **in } - if in.IsFallback != nil { - in, out := &in.IsFallback, &out.IsFallback + if in.EventHandlers != nil { + in, out := &in.EventHandlers, &out.EventHandlers + *out = make([]EventHandlersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IsDefaultStartFlow != nil { + in, out := &in.IsDefaultStartFlow, &out.IsDefaultStartFlow *out = new(bool) **out = **in } - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } if in.LanguageCode != nil { in, out := &in.LanguageCode, &out.LanguageCode *out = new(string) **out = **in } - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make([]ParametersParameters, len(*in)) + if in.NluSettings != nil { + in, out := &in.NluSettings, &out.NluSettings + *out = make([]NluSettingsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2934,498 +3634,526 @@ func (in *IntentParameters) DeepCopyInto(out *IntentParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } - if in.Priority != nil { - in, out := &in.Priority, &out.Priority - *out = new(float64) - **out = **in + if in.TransitionRouteGroups != nil { + in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } - if in.TrainingPhrases != nil { - in, out := &in.TrainingPhrases, &out.TrainingPhrases - *out = make([]TrainingPhrasesParameters, len(*in)) + if in.TransitionRoutes != nil { + in, out := &in.TransitionRoutes, &out.TransitionRoutes + *out = make([]TransitionRoutesParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentParameters. -func (in *IntentParameters) DeepCopy() *IntentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowParameters. +func (in *FlowParameters) DeepCopy() *FlowParameters { if in == nil { return nil } - out := new(IntentParameters) + out := new(FlowParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntentSpec) DeepCopyInto(out *IntentSpec) { +func (in *FlowSpec) DeepCopyInto(out *FlowSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) in.InitProvider.DeepCopyInto(&out.InitProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentSpec. -func (in *IntentSpec) DeepCopy() *IntentSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSpec. +func (in *FlowSpec) DeepCopy() *FlowSpec { if in == nil { return nil } - out := new(IntentSpec) + out := new(FlowSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntentStatus) DeepCopyInto(out *IntentStatus) { +func (in *FlowStatus) DeepCopyInto(out *FlowStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) in.AtProvider.DeepCopyInto(&out.AtProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentStatus. -func (in *IntentStatus) DeepCopy() *IntentStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowStatus. +func (in *FlowStatus) DeepCopy() *FlowStatus { if in == nil { return nil } - out := new(IntentStatus) + out := new(FlowStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MessagesInitParameters) DeepCopyInto(out *MessagesInitParameters) { +func (in *FormInitParameters) DeepCopyInto(out *FormInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]TextInitParameters, len(*in)) + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]FormParametersInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesInitParameters. -func (in *MessagesInitParameters) DeepCopy() *MessagesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormInitParameters. +func (in *FormInitParameters) DeepCopy() *FormInitParameters { if in == nil { return nil } - out := new(MessagesInitParameters) + out := new(FormInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MessagesObservation) DeepCopyInto(out *MessagesObservation) { +func (in *FormObservation) DeepCopyInto(out *FormObservation) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]TextObservation, len(*in)) + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]FormParametersObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesObservation. -func (in *MessagesObservation) DeepCopy() *MessagesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormObservation. +func (in *FormObservation) DeepCopy() *FormObservation { if in == nil { return nil } - out := new(MessagesObservation) + out := new(FormObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MessagesParameters) DeepCopyInto(out *MessagesParameters) { +func (in *FormParameters) DeepCopyInto(out *FormParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]TextParameters, len(*in)) + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]FormParametersParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesParameters. -func (in *MessagesParameters) DeepCopy() *MessagesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParameters. +func (in *FormParameters) DeepCopy() *FormParameters { if in == nil { return nil } - out := new(MessagesParameters) + out := new(FormParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MessagesTextInitParameters) DeepCopyInto(out *MessagesTextInitParameters) { +func (in *FormParametersInitParameters) DeepCopyInto(out *FormParametersInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]ParametersAdvancedSettingsInitParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTextInitParameters. -func (in *MessagesTextInitParameters) DeepCopy() *MessagesTextInitParameters { - if in == nil { - return nil + if in.DefaultValue != nil { + in, out := &in.DefaultValue, &out.DefaultValue + *out = new(string) + **out = **in } - out := new(MessagesTextInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MessagesTextObservation) DeepCopyInto(out *MessagesTextObservation) { - *out = *in - if in.AllowPlaybackInterruption != nil { - in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption - *out = new(bool) + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) **out = **in } - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) + if in.EntityType != nil { + in, out := &in.EntityType, &out.EntityType + *out = new(string) + **out = **in + } + if in.FillBehavior != nil { + in, out := &in.FillBehavior, &out.FillBehavior + *out = make([]FillBehaviorInitParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.IsList != nil { + in, out := &in.IsList, &out.IsList + *out = new(bool) + **out = **in + } + if in.Redact != nil { + in, out := &in.Redact, &out.Redact + *out = new(bool) + **out = **in + } + if in.Required != nil { + in, out := &in.Required, &out.Required + *out = new(bool) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTextObservation. -func (in *MessagesTextObservation) DeepCopy() *MessagesTextObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParametersInitParameters. +func (in *FormParametersInitParameters) DeepCopy() *FormParametersInitParameters { if in == nil { return nil } - out := new(MessagesTextObservation) + out := new(FormParametersInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MessagesTextParameters) DeepCopyInto(out *MessagesTextParameters) { +func (in *FormParametersObservation) DeepCopyInto(out *FormParametersObservation) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]ParametersAdvancedSettingsObservation, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTextParameters. -func (in *MessagesTextParameters) DeepCopy() *MessagesTextParameters { - if in == nil { - return nil - } - out := new(MessagesTextParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NluSettingsInitParameters) DeepCopyInto(out *NluSettingsInitParameters) { - *out = *in - if in.ClassificationThreshold != nil { - in, out := &in.ClassificationThreshold, &out.ClassificationThreshold - *out = new(float64) + if in.DefaultValue != nil { + in, out := &in.DefaultValue, &out.DefaultValue + *out = new(string) **out = **in } - if in.ModelTrainingMode != nil { - in, out := &in.ModelTrainingMode, &out.ModelTrainingMode + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName *out = new(string) **out = **in } - if in.ModelType != nil { - in, out := &in.ModelType, &out.ModelType + if in.EntityType != nil { + in, out := &in.EntityType, &out.EntityType *out = new(string) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NluSettingsInitParameters. -func (in *NluSettingsInitParameters) DeepCopy() *NluSettingsInitParameters { - if in == nil { - return nil + if in.FillBehavior != nil { + in, out := &in.FillBehavior, &out.FillBehavior + *out = make([]FillBehaviorObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - out := new(NluSettingsInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NluSettingsObservation) DeepCopyInto(out *NluSettingsObservation) { - *out = *in - if in.ClassificationThreshold != nil { - in, out := &in.ClassificationThreshold, &out.ClassificationThreshold - *out = new(float64) + if in.IsList != nil { + in, out := &in.IsList, &out.IsList + *out = new(bool) **out = **in } - if in.ModelTrainingMode != nil { - in, out := &in.ModelTrainingMode, &out.ModelTrainingMode - *out = new(string) + if in.Redact != nil { + in, out := &in.Redact, &out.Redact + *out = new(bool) **out = **in } - if in.ModelType != nil { - in, out := &in.ModelType, &out.ModelType - *out = new(string) + if in.Required != nil { + in, out := &in.Required, &out.Required + *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NluSettingsObservation. -func (in *NluSettingsObservation) DeepCopy() *NluSettingsObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParametersObservation. +func (in *FormParametersObservation) DeepCopy() *FormParametersObservation { if in == nil { return nil } - out := new(NluSettingsObservation) + out := new(FormParametersObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NluSettingsParameters) DeepCopyInto(out *NluSettingsParameters) { +func (in *FormParametersParameters) DeepCopyInto(out *FormParametersParameters) { *out = *in - if in.ClassificationThreshold != nil { - in, out := &in.ClassificationThreshold, &out.ClassificationThreshold - *out = new(float64) + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]ParametersAdvancedSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DefaultValue != nil { + in, out := &in.DefaultValue, &out.DefaultValue + *out = new(string) **out = **in } - if in.ModelTrainingMode != nil { - in, out := &in.ModelTrainingMode, &out.ModelTrainingMode + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName *out = new(string) **out = **in } - if in.ModelType != nil { - in, out := &in.ModelType, &out.ModelType + if in.EntityType != nil { + in, out := &in.EntityType, &out.EntityType *out = new(string) **out = **in } + if in.FillBehavior != nil { + in, out := &in.FillBehavior, &out.FillBehavior + *out = make([]FillBehaviorParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IsList != nil { + in, out := &in.IsList, &out.IsList + *out = new(bool) + **out = **in + } + if in.Redact != nil { + in, out := &in.Redact, &out.Redact + *out = new(bool) + **out = **in + } + if in.Required != nil { + in, out := &in.Required, &out.Required + *out = new(bool) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NluSettingsParameters. -func (in *NluSettingsParameters) DeepCopy() *NluSettingsParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FormParametersParameters. +func (in *FormParametersParameters) DeepCopy() *FormParametersParameters { if in == nil { return nil } - out := new(NluSettingsParameters) + out := new(FormParametersParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Page) DeepCopyInto(out *Page) { +func (in *GenericWebServiceInitParameters) DeepCopyInto(out *GenericWebServiceInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.AllowedCACerts != nil { + in, out := &in.AllowedCACerts, &out.AllowedCACerts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Page. -func (in *Page) DeepCopy() *Page { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericWebServiceInitParameters. +func (in *GenericWebServiceInitParameters) DeepCopy() *GenericWebServiceInitParameters { if in == nil { return nil } - out := new(Page) + out := new(GenericWebServiceInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Page) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageEventHandlersInitParameters) DeepCopyInto(out *PageEventHandlersInitParameters) { +func (in *GenericWebServiceObservation) DeepCopyInto(out *GenericWebServiceObservation) { *out = *in - if in.Event != nil { - in, out := &in.Event, &out.Event - *out = new(string) - **out = **in + if in.AllowedCACerts != nil { + in, out := &in.AllowedCACerts, &out.AllowedCACerts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage + if in.URI != nil { + in, out := &in.URI, &out.URI *out = new(string) **out = **in } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]EventHandlersTriggerFulfillmentInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageEventHandlersInitParameters. -func (in *PageEventHandlersInitParameters) DeepCopy() *PageEventHandlersInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericWebServiceObservation. +func (in *GenericWebServiceObservation) DeepCopy() *GenericWebServiceObservation { if in == nil { return nil } - out := new(PageEventHandlersInitParameters) + out := new(GenericWebServiceObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageEventHandlersObservation) DeepCopyInto(out *PageEventHandlersObservation) { +func (in *GenericWebServiceParameters) DeepCopyInto(out *GenericWebServiceParameters) { *out = *in - if in.Event != nil { - in, out := &in.Event, &out.Event - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in + if in.AllowedCACerts != nil { + in, out := &in.AllowedCACerts, &out.AllowedCACerts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage + if in.URI != nil { + in, out := &in.URI, &out.URI *out = new(string) **out = **in } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]EventHandlersTriggerFulfillmentObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageEventHandlersObservation. -func (in *PageEventHandlersObservation) DeepCopy() *PageEventHandlersObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericWebServiceParameters. +func (in *GenericWebServiceParameters) DeepCopy() *GenericWebServiceParameters { if in == nil { return nil } - out := new(PageEventHandlersObservation) + out := new(GenericWebServiceParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageEventHandlersParameters) DeepCopyInto(out *PageEventHandlersParameters) { +func (in *GitIntegrationSettingsInitParameters) DeepCopyInto(out *GitIntegrationSettingsInitParameters) { *out = *in - if in.Event != nil { - in, out := &in.Event, &out.Event - *out = new(string) - **out = **in - } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in - } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage - *out = new(string) - **out = **in - } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]EventHandlersTriggerFulfillmentParameters, len(*in)) + if in.GithubSettings != nil { + in, out := &in.GithubSettings, &out.GithubSettings + *out = make([]GithubSettingsInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageEventHandlersParameters. -func (in *PageEventHandlersParameters) DeepCopy() *PageEventHandlersParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitIntegrationSettingsInitParameters. +func (in *GitIntegrationSettingsInitParameters) DeepCopy() *GitIntegrationSettingsInitParameters { if in == nil { return nil } - out := new(PageEventHandlersParameters) + out := new(GitIntegrationSettingsInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageInitParameters) DeepCopyInto(out *PageInitParameters) { +func (in *GitIntegrationSettingsObservation) DeepCopyInto(out *GitIntegrationSettingsObservation) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in - } - if in.EntryFulfillment != nil { - in, out := &in.EntryFulfillment, &out.EntryFulfillment - *out = make([]EntryFulfillmentInitParameters, len(*in)) + if in.GithubSettings != nil { + in, out := &in.GithubSettings, &out.GithubSettings + *out = make([]GithubSettingsObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.EventHandlers != nil { - in, out := &in.EventHandlers, &out.EventHandlers - *out = make([]PageEventHandlersInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitIntegrationSettingsObservation. +func (in *GitIntegrationSettingsObservation) DeepCopy() *GitIntegrationSettingsObservation { + if in == nil { + return nil } - if in.Form != nil { - in, out := &in.Form, &out.Form - *out = make([]FormInitParameters, len(*in)) + out := new(GitIntegrationSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitIntegrationSettingsParameters) DeepCopyInto(out *GitIntegrationSettingsParameters) { + *out = *in + if in.GithubSettings != nil { + in, out := &in.GithubSettings, &out.GithubSettings + *out = make([]GithubSettingsParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.LanguageCode != nil { - in, out := &in.LanguageCode, &out.LanguageCode - *out = new(string) - **out = **in - } - if in.Parent != nil { - in, out := &in.Parent, &out.Parent - *out = new(string) - **out = **in - } - if in.ParentRef != nil { - in, out := &in.ParentRef, &out.ParentRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.ParentSelector != nil { - in, out := &in.ParentSelector, &out.ParentSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitIntegrationSettingsParameters. +func (in *GitIntegrationSettingsParameters) DeepCopy() *GitIntegrationSettingsParameters { + if in == nil { + return nil } - if in.TransitionRouteGroups != nil { - in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + out := new(GitIntegrationSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GithubSettingsInitParameters) DeepCopyInto(out *GithubSettingsInitParameters) { + *out = *in + if in.Branches != nil { + in, out := &in.Branches, &out.Branches *out = make([]*string, len(*in)) for i := range *in { if (*in)[i] != nil { @@ -3435,252 +4163,5317 @@ func (in *PageInitParameters) DeepCopyInto(out *PageInitParameters) { } } } - if in.TransitionRoutes != nil { - in, out := &in.TransitionRoutes, &out.TransitionRoutes - *out = make([]PageTransitionRoutesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.RepositoryURI != nil { + in, out := &in.RepositoryURI, &out.RepositoryURI + *out = new(string) + **out = **in + } + if in.TrackingBranch != nil { + in, out := &in.TrackingBranch, &out.TrackingBranch + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageInitParameters. -func (in *PageInitParameters) DeepCopy() *PageInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GithubSettingsInitParameters. +func (in *GithubSettingsInitParameters) DeepCopy() *GithubSettingsInitParameters { if in == nil { return nil } - out := new(PageInitParameters) + out := new(GithubSettingsInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageList) DeepCopyInto(out *PageList) { +func (in *GithubSettingsObservation) DeepCopyInto(out *GithubSettingsObservation) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Page, len(*in)) + if in.Branches != nil { + in, out := &in.Branches, &out.Branches + *out = make([]*string, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } } } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.RepositoryURI != nil { + in, out := &in.RepositoryURI, &out.RepositoryURI + *out = new(string) + **out = **in + } + if in.TrackingBranch != nil { + in, out := &in.TrackingBranch, &out.TrackingBranch + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageList. -func (in *PageList) DeepCopy() *PageList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GithubSettingsObservation. +func (in *GithubSettingsObservation) DeepCopy() *GithubSettingsObservation { if in == nil { return nil } - out := new(PageList) + out := new(GithubSettingsObservation) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PageList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GithubSettingsParameters) DeepCopyInto(out *GithubSettingsParameters) { + *out = *in + if in.AccessTokenSecretRef != nil { + in, out := &in.AccessTokenSecretRef, &out.AccessTokenSecretRef + *out = new(v1.SecretKeySelector) + **out = **in } - return nil + if in.Branches != nil { + in, out := &in.Branches, &out.Branches + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.RepositoryURI != nil { + in, out := &in.RepositoryURI, &out.RepositoryURI + *out = new(string) + **out = **in + } + if in.TrackingBranch != nil { + in, out := &in.TrackingBranch, &out.TrackingBranch + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GithubSettingsParameters. +func (in *GithubSettingsParameters) DeepCopy() *GithubSettingsParameters { + if in == nil { + return nil + } + out := new(GithubSettingsParameters) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageObservation) DeepCopyInto(out *PageObservation) { +func (in *InitialPromptFulfillmentConditionalCasesInitParameters) DeepCopyInto(out *InitialPromptFulfillmentConditionalCasesInitParameters) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName + if in.Cases != nil { + in, out := &in.Cases, &out.Cases *out = new(string) **out = **in } - if in.EntryFulfillment != nil { - in, out := &in.EntryFulfillment, &out.EntryFulfillment - *out = make([]EntryFulfillmentObservation, len(*in)) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentConditionalCasesInitParameters. +func (in *InitialPromptFulfillmentConditionalCasesInitParameters) DeepCopy() *InitialPromptFulfillmentConditionalCasesInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentConditionalCasesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentConditionalCasesObservation) DeepCopyInto(out *InitialPromptFulfillmentConditionalCasesObservation) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentConditionalCasesObservation. +func (in *InitialPromptFulfillmentConditionalCasesObservation) DeepCopy() *InitialPromptFulfillmentConditionalCasesObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentConditionalCasesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentConditionalCasesParameters) DeepCopyInto(out *InitialPromptFulfillmentConditionalCasesParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentConditionalCasesParameters. +func (in *InitialPromptFulfillmentConditionalCasesParameters) DeepCopy() *InitialPromptFulfillmentConditionalCasesParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentConditionalCasesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentInitParameters) DeepCopyInto(out *InitialPromptFulfillmentInitParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]InitialPromptFulfillmentConditionalCasesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.EventHandlers != nil { - in, out := &in.EventHandlers, &out.EventHandlers - *out = make([]PageEventHandlersObservation, len(*in)) + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]InitialPromptFulfillmentMessagesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Form != nil { - in, out := &in.Form, &out.Form - *out = make([]FormObservation, len(*in)) + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]InitialPromptFulfillmentSetParameterActionsInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.Tag != nil { + in, out := &in.Tag, &out.Tag *out = new(string) **out = **in } - if in.LanguageCode != nil { - in, out := &in.LanguageCode, &out.LanguageCode + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook *out = new(string) **out = **in } - if in.Name != nil { - in, out := &in.Name, &out.Name +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentInitParameters. +func (in *InitialPromptFulfillmentInitParameters) DeepCopy() *InitialPromptFulfillmentInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesConversationSuccessInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesConversationSuccessInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.Parent != nil { - in, out := &in.Parent, &out.Parent +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesConversationSuccessInitParameters. +func (in *InitialPromptFulfillmentMessagesConversationSuccessInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesConversationSuccessInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesConversationSuccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesConversationSuccessObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesConversationSuccessObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.TransitionRouteGroups != nil { - in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesConversationSuccessObservation. +func (in *InitialPromptFulfillmentMessagesConversationSuccessObservation) DeepCopy() *InitialPromptFulfillmentMessagesConversationSuccessObservation { + if in == nil { + return nil } - if in.TransitionRoutes != nil { - in, out := &in.TransitionRoutes, &out.TransitionRoutes - *out = make([]PageTransitionRoutesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + out := new(InitialPromptFulfillmentMessagesConversationSuccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesConversationSuccessParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesConversationSuccessParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageObservation. -func (in *PageObservation) DeepCopy() *PageObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesConversationSuccessParameters. +func (in *InitialPromptFulfillmentMessagesConversationSuccessParameters) DeepCopy() *InitialPromptFulfillmentMessagesConversationSuccessParameters { if in == nil { return nil } - out := new(PageObservation) + out := new(InitialPromptFulfillmentMessagesConversationSuccessParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageParameters) DeepCopyInto(out *PageParameters) { +func (in *InitialPromptFulfillmentMessagesInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesInitParameters) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName + if in.Channel != nil { + in, out := &in.Channel, &out.Channel *out = new(string) **out = **in } - if in.EntryFulfillment != nil { - in, out := &in.EntryFulfillment, &out.EntryFulfillment - *out = make([]EntryFulfillmentParameters, len(*in)) + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]InitialPromptFulfillmentMessagesConversationSuccessInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.EventHandlers != nil { - in, out := &in.EventHandlers, &out.EventHandlers - *out = make([]PageEventHandlersParameters, len(*in)) + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Form != nil { - in, out := &in.Form, &out.Form - *out = make([]FormParameters, len(*in)) + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]InitialPromptFulfillmentMessagesOutputAudioTextInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.LanguageCode != nil { - in, out := &in.LanguageCode, &out.LanguageCode - *out = new(string) - **out = **in - } - if in.Parent != nil { - in, out := &in.Parent, &out.Parent + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } - if in.ParentRef != nil { - in, out := &in.ParentRef, &out.ParentRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.ParentSelector != nil { - in, out := &in.ParentSelector, &out.ParentSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]InitialPromptFulfillmentMessagesPlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.TransitionRouteGroups != nil { - in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups - *out = make([]*string, len(*in)) + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.TransitionRoutes != nil { - in, out := &in.TransitionRoutes, &out.TransitionRoutes - *out = make([]PageTransitionRoutesParameters, len(*in)) + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]InitialPromptFulfillmentMessagesTextInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageParameters. -func (in *PageParameters) DeepCopy() *PageParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesInitParameters. +func (in *InitialPromptFulfillmentMessagesInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters. +func (in *InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesLiveAgentHandoffObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesLiveAgentHandoffObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesLiveAgentHandoffObservation. +func (in *InitialPromptFulfillmentMessagesLiveAgentHandoffObservation) DeepCopy() *InitialPromptFulfillmentMessagesLiveAgentHandoffObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesLiveAgentHandoffObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesLiveAgentHandoffParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesLiveAgentHandoffParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesLiveAgentHandoffParameters. +func (in *InitialPromptFulfillmentMessagesLiveAgentHandoffParameters) DeepCopy() *InitialPromptFulfillmentMessagesLiveAgentHandoffParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesLiveAgentHandoffParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesObservation) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]InitialPromptFulfillmentMessagesConversationSuccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]InitialPromptFulfillmentMessagesLiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]InitialPromptFulfillmentMessagesOutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]InitialPromptFulfillmentMessagesPlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]InitialPromptFulfillmentMessagesTelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]InitialPromptFulfillmentMessagesTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesObservation. +func (in *InitialPromptFulfillmentMessagesObservation) DeepCopy() *InitialPromptFulfillmentMessagesObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesOutputAudioTextInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesOutputAudioTextInitParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesOutputAudioTextInitParameters. +func (in *InitialPromptFulfillmentMessagesOutputAudioTextInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesOutputAudioTextInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesOutputAudioTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesOutputAudioTextObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesOutputAudioTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesOutputAudioTextObservation. +func (in *InitialPromptFulfillmentMessagesOutputAudioTextObservation) DeepCopy() *InitialPromptFulfillmentMessagesOutputAudioTextObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesOutputAudioTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesOutputAudioTextParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesOutputAudioTextParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesOutputAudioTextParameters. +func (in *InitialPromptFulfillmentMessagesOutputAudioTextParameters) DeepCopy() *InitialPromptFulfillmentMessagesOutputAudioTextParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesOutputAudioTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesParameters) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]InitialPromptFulfillmentMessagesConversationSuccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]InitialPromptFulfillmentMessagesLiveAgentHandoffParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]InitialPromptFulfillmentMessagesOutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]InitialPromptFulfillmentMessagesPlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]InitialPromptFulfillmentMessagesTelephonyTransferCallParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]InitialPromptFulfillmentMessagesTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesParameters. +func (in *InitialPromptFulfillmentMessagesParameters) DeepCopy() *InitialPromptFulfillmentMessagesParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesPlayAudioInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesPlayAudioInitParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesPlayAudioInitParameters. +func (in *InitialPromptFulfillmentMessagesPlayAudioInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesPlayAudioInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesPlayAudioInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesPlayAudioObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesPlayAudioObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesPlayAudioObservation. +func (in *InitialPromptFulfillmentMessagesPlayAudioObservation) DeepCopy() *InitialPromptFulfillmentMessagesPlayAudioObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesPlayAudioObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesPlayAudioParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesPlayAudioParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesPlayAudioParameters. +func (in *InitialPromptFulfillmentMessagesPlayAudioParameters) DeepCopy() *InitialPromptFulfillmentMessagesPlayAudioParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesPlayAudioParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters. +func (in *InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesTelephonyTransferCallObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesTelephonyTransferCallObservation) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTelephonyTransferCallObservation. +func (in *InitialPromptFulfillmentMessagesTelephonyTransferCallObservation) DeepCopy() *InitialPromptFulfillmentMessagesTelephonyTransferCallObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesTelephonyTransferCallObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesTelephonyTransferCallParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesTelephonyTransferCallParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTelephonyTransferCallParameters. +func (in *InitialPromptFulfillmentMessagesTelephonyTransferCallParameters) DeepCopy() *InitialPromptFulfillmentMessagesTelephonyTransferCallParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesTelephonyTransferCallParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesTextInitParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesTextInitParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTextInitParameters. +func (in *InitialPromptFulfillmentMessagesTextInitParameters) DeepCopy() *InitialPromptFulfillmentMessagesTextInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesTextObservation) DeepCopyInto(out *InitialPromptFulfillmentMessagesTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTextObservation. +func (in *InitialPromptFulfillmentMessagesTextObservation) DeepCopy() *InitialPromptFulfillmentMessagesTextObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentMessagesTextParameters) DeepCopyInto(out *InitialPromptFulfillmentMessagesTextParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentMessagesTextParameters. +func (in *InitialPromptFulfillmentMessagesTextParameters) DeepCopy() *InitialPromptFulfillmentMessagesTextParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentMessagesTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentObservation) DeepCopyInto(out *InitialPromptFulfillmentObservation) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]InitialPromptFulfillmentConditionalCasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]InitialPromptFulfillmentMessagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]InitialPromptFulfillmentSetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentObservation. +func (in *InitialPromptFulfillmentObservation) DeepCopy() *InitialPromptFulfillmentObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentParameters) DeepCopyInto(out *InitialPromptFulfillmentParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]InitialPromptFulfillmentConditionalCasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]InitialPromptFulfillmentMessagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]InitialPromptFulfillmentSetParameterActionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentParameters. +func (in *InitialPromptFulfillmentParameters) DeepCopy() *InitialPromptFulfillmentParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentSetParameterActionsInitParameters) DeepCopyInto(out *InitialPromptFulfillmentSetParameterActionsInitParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentSetParameterActionsInitParameters. +func (in *InitialPromptFulfillmentSetParameterActionsInitParameters) DeepCopy() *InitialPromptFulfillmentSetParameterActionsInitParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentSetParameterActionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentSetParameterActionsObservation) DeepCopyInto(out *InitialPromptFulfillmentSetParameterActionsObservation) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentSetParameterActionsObservation. +func (in *InitialPromptFulfillmentSetParameterActionsObservation) DeepCopy() *InitialPromptFulfillmentSetParameterActionsObservation { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentSetParameterActionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InitialPromptFulfillmentSetParameterActionsParameters) DeepCopyInto(out *InitialPromptFulfillmentSetParameterActionsParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialPromptFulfillmentSetParameterActionsParameters. +func (in *InitialPromptFulfillmentSetParameterActionsParameters) DeepCopy() *InitialPromptFulfillmentSetParameterActionsParameters { + if in == nil { + return nil + } + out := new(InitialPromptFulfillmentSetParameterActionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Intent) DeepCopyInto(out *Intent) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Intent. +func (in *Intent) DeepCopy() *Intent { + if in == nil { + return nil + } + out := new(Intent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Intent) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntentInitParameters) DeepCopyInto(out *IntentInitParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.IsDefaultNegativeIntent != nil { + in, out := &in.IsDefaultNegativeIntent, &out.IsDefaultNegativeIntent + *out = new(bool) + **out = **in + } + if in.IsDefaultWelcomeIntent != nil { + in, out := &in.IsDefaultWelcomeIntent, &out.IsDefaultWelcomeIntent + *out = new(bool) + **out = **in + } + if in.IsFallback != nil { + in, out := &in.IsFallback, &out.IsFallback + *out = new(bool) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.LanguageCode != nil { + in, out := &in.LanguageCode, &out.LanguageCode + *out = new(string) + **out = **in + } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]ParametersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Parent != nil { + in, out := &in.Parent, &out.Parent + *out = new(string) + **out = **in + } + if in.ParentRef != nil { + in, out := &in.ParentRef, &out.ParentRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ParentSelector != nil { + in, out := &in.ParentSelector, &out.ParentSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(float64) + **out = **in + } + if in.TrainingPhrases != nil { + in, out := &in.TrainingPhrases, &out.TrainingPhrases + *out = make([]TrainingPhrasesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentInitParameters. +func (in *IntentInitParameters) DeepCopy() *IntentInitParameters { + if in == nil { + return nil + } + out := new(IntentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntentList) DeepCopyInto(out *IntentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Intent, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentList. +func (in *IntentList) DeepCopy() *IntentList { + if in == nil { + return nil + } + out := new(IntentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IntentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntentObservation) DeepCopyInto(out *IntentObservation) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IsDefaultNegativeIntent != nil { + in, out := &in.IsDefaultNegativeIntent, &out.IsDefaultNegativeIntent + *out = new(bool) + **out = **in + } + if in.IsDefaultWelcomeIntent != nil { + in, out := &in.IsDefaultWelcomeIntent, &out.IsDefaultWelcomeIntent + *out = new(bool) + **out = **in + } + if in.IsFallback != nil { + in, out := &in.IsFallback, &out.IsFallback + *out = new(bool) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.LanguageCode != nil { + in, out := &in.LanguageCode, &out.LanguageCode + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]ParametersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Parent != nil { + in, out := &in.Parent, &out.Parent + *out = new(string) + **out = **in + } + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(float64) + **out = **in + } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.TrainingPhrases != nil { + in, out := &in.TrainingPhrases, &out.TrainingPhrases + *out = make([]TrainingPhrasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentObservation. +func (in *IntentObservation) DeepCopy() *IntentObservation { + if in == nil { + return nil + } + out := new(IntentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntentParameters) DeepCopyInto(out *IntentParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.IsDefaultNegativeIntent != nil { + in, out := &in.IsDefaultNegativeIntent, &out.IsDefaultNegativeIntent + *out = new(bool) + **out = **in + } + if in.IsDefaultWelcomeIntent != nil { + in, out := &in.IsDefaultWelcomeIntent, &out.IsDefaultWelcomeIntent + *out = new(bool) + **out = **in + } + if in.IsFallback != nil { + in, out := &in.IsFallback, &out.IsFallback + *out = new(bool) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.LanguageCode != nil { + in, out := &in.LanguageCode, &out.LanguageCode + *out = new(string) + **out = **in + } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]ParametersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Parent != nil { + in, out := &in.Parent, &out.Parent + *out = new(string) + **out = **in + } + if in.ParentRef != nil { + in, out := &in.ParentRef, &out.ParentRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ParentSelector != nil { + in, out := &in.ParentSelector, &out.ParentSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(float64) + **out = **in + } + if in.TrainingPhrases != nil { + in, out := &in.TrainingPhrases, &out.TrainingPhrases + *out = make([]TrainingPhrasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentParameters. +func (in *IntentParameters) DeepCopy() *IntentParameters { + if in == nil { + return nil + } + out := new(IntentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntentSpec) DeepCopyInto(out *IntentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentSpec. +func (in *IntentSpec) DeepCopy() *IntentSpec { + if in == nil { + return nil + } + out := new(IntentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntentStatus) DeepCopyInto(out *IntentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntentStatus. +func (in *IntentStatus) DeepCopy() *IntentStatus { + if in == nil { + return nil + } + out := new(IntentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LiveAgentHandoffInitParameters) DeepCopyInto(out *LiveAgentHandoffInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LiveAgentHandoffInitParameters. +func (in *LiveAgentHandoffInitParameters) DeepCopy() *LiveAgentHandoffInitParameters { + if in == nil { + return nil + } + out := new(LiveAgentHandoffInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LiveAgentHandoffObservation) DeepCopyInto(out *LiveAgentHandoffObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LiveAgentHandoffObservation. +func (in *LiveAgentHandoffObservation) DeepCopy() *LiveAgentHandoffObservation { + if in == nil { + return nil + } + out := new(LiveAgentHandoffObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LiveAgentHandoffParameters) DeepCopyInto(out *LiveAgentHandoffParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LiveAgentHandoffParameters. +func (in *LiveAgentHandoffParameters) DeepCopy() *LiveAgentHandoffParameters { + if in == nil { + return nil + } + out := new(LiveAgentHandoffParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesConversationSuccessInitParameters) DeepCopyInto(out *MessagesConversationSuccessInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesConversationSuccessInitParameters. +func (in *MessagesConversationSuccessInitParameters) DeepCopy() *MessagesConversationSuccessInitParameters { + if in == nil { + return nil + } + out := new(MessagesConversationSuccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesConversationSuccessObservation) DeepCopyInto(out *MessagesConversationSuccessObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesConversationSuccessObservation. +func (in *MessagesConversationSuccessObservation) DeepCopy() *MessagesConversationSuccessObservation { + if in == nil { + return nil + } + out := new(MessagesConversationSuccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesConversationSuccessParameters) DeepCopyInto(out *MessagesConversationSuccessParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesConversationSuccessParameters. +func (in *MessagesConversationSuccessParameters) DeepCopy() *MessagesConversationSuccessParameters { + if in == nil { + return nil + } + out := new(MessagesConversationSuccessParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesInitParameters) DeepCopyInto(out *MessagesInitParameters) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]ConversationSuccessInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]LiveAgentHandoffInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]OutputAudioTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]PlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TelephonyTransferCallInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesInitParameters. +func (in *MessagesInitParameters) DeepCopy() *MessagesInitParameters { + if in == nil { + return nil + } + out := new(MessagesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesLiveAgentHandoffInitParameters) DeepCopyInto(out *MessagesLiveAgentHandoffInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesLiveAgentHandoffInitParameters. +func (in *MessagesLiveAgentHandoffInitParameters) DeepCopy() *MessagesLiveAgentHandoffInitParameters { + if in == nil { + return nil + } + out := new(MessagesLiveAgentHandoffInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesLiveAgentHandoffObservation) DeepCopyInto(out *MessagesLiveAgentHandoffObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesLiveAgentHandoffObservation. +func (in *MessagesLiveAgentHandoffObservation) DeepCopy() *MessagesLiveAgentHandoffObservation { + if in == nil { + return nil + } + out := new(MessagesLiveAgentHandoffObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesLiveAgentHandoffParameters) DeepCopyInto(out *MessagesLiveAgentHandoffParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesLiveAgentHandoffParameters. +func (in *MessagesLiveAgentHandoffParameters) DeepCopy() *MessagesLiveAgentHandoffParameters { + if in == nil { + return nil + } + out := new(MessagesLiveAgentHandoffParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesObservation) DeepCopyInto(out *MessagesObservation) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]ConversationSuccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]LiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]OutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]PlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesObservation. +func (in *MessagesObservation) DeepCopy() *MessagesObservation { + if in == nil { + return nil + } + out := new(MessagesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesOutputAudioTextInitParameters) DeepCopyInto(out *MessagesOutputAudioTextInitParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesOutputAudioTextInitParameters. +func (in *MessagesOutputAudioTextInitParameters) DeepCopy() *MessagesOutputAudioTextInitParameters { + if in == nil { + return nil + } + out := new(MessagesOutputAudioTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesOutputAudioTextObservation) DeepCopyInto(out *MessagesOutputAudioTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesOutputAudioTextObservation. +func (in *MessagesOutputAudioTextObservation) DeepCopy() *MessagesOutputAudioTextObservation { + if in == nil { + return nil + } + out := new(MessagesOutputAudioTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesOutputAudioTextParameters) DeepCopyInto(out *MessagesOutputAudioTextParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesOutputAudioTextParameters. +func (in *MessagesOutputAudioTextParameters) DeepCopy() *MessagesOutputAudioTextParameters { + if in == nil { + return nil + } + out := new(MessagesOutputAudioTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesParameters) DeepCopyInto(out *MessagesParameters) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]ConversationSuccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]LiveAgentHandoffParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]OutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]PlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TelephonyTransferCallParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesParameters. +func (in *MessagesParameters) DeepCopy() *MessagesParameters { + if in == nil { + return nil + } + out := new(MessagesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesPlayAudioInitParameters) DeepCopyInto(out *MessagesPlayAudioInitParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesPlayAudioInitParameters. +func (in *MessagesPlayAudioInitParameters) DeepCopy() *MessagesPlayAudioInitParameters { + if in == nil { + return nil + } + out := new(MessagesPlayAudioInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesPlayAudioObservation) DeepCopyInto(out *MessagesPlayAudioObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesPlayAudioObservation. +func (in *MessagesPlayAudioObservation) DeepCopy() *MessagesPlayAudioObservation { + if in == nil { + return nil + } + out := new(MessagesPlayAudioObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesPlayAudioParameters) DeepCopyInto(out *MessagesPlayAudioParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesPlayAudioParameters. +func (in *MessagesPlayAudioParameters) DeepCopy() *MessagesPlayAudioParameters { + if in == nil { + return nil + } + out := new(MessagesPlayAudioParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesTelephonyTransferCallInitParameters) DeepCopyInto(out *MessagesTelephonyTransferCallInitParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTelephonyTransferCallInitParameters. +func (in *MessagesTelephonyTransferCallInitParameters) DeepCopy() *MessagesTelephonyTransferCallInitParameters { + if in == nil { + return nil + } + out := new(MessagesTelephonyTransferCallInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesTelephonyTransferCallObservation) DeepCopyInto(out *MessagesTelephonyTransferCallObservation) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTelephonyTransferCallObservation. +func (in *MessagesTelephonyTransferCallObservation) DeepCopy() *MessagesTelephonyTransferCallObservation { + if in == nil { + return nil + } + out := new(MessagesTelephonyTransferCallObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesTelephonyTransferCallParameters) DeepCopyInto(out *MessagesTelephonyTransferCallParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTelephonyTransferCallParameters. +func (in *MessagesTelephonyTransferCallParameters) DeepCopy() *MessagesTelephonyTransferCallParameters { + if in == nil { + return nil + } + out := new(MessagesTelephonyTransferCallParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesTextInitParameters) DeepCopyInto(out *MessagesTextInitParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTextInitParameters. +func (in *MessagesTextInitParameters) DeepCopy() *MessagesTextInitParameters { + if in == nil { + return nil + } + out := new(MessagesTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesTextObservation) DeepCopyInto(out *MessagesTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTextObservation. +func (in *MessagesTextObservation) DeepCopy() *MessagesTextObservation { + if in == nil { + return nil + } + out := new(MessagesTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessagesTextParameters) DeepCopyInto(out *MessagesTextParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessagesTextParameters. +func (in *MessagesTextParameters) DeepCopy() *MessagesTextParameters { + if in == nil { + return nil + } + out := new(MessagesTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NluSettingsInitParameters) DeepCopyInto(out *NluSettingsInitParameters) { + *out = *in + if in.ClassificationThreshold != nil { + in, out := &in.ClassificationThreshold, &out.ClassificationThreshold + *out = new(float64) + **out = **in + } + if in.ModelTrainingMode != nil { + in, out := &in.ModelTrainingMode, &out.ModelTrainingMode + *out = new(string) + **out = **in + } + if in.ModelType != nil { + in, out := &in.ModelType, &out.ModelType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NluSettingsInitParameters. +func (in *NluSettingsInitParameters) DeepCopy() *NluSettingsInitParameters { + if in == nil { + return nil + } + out := new(NluSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NluSettingsObservation) DeepCopyInto(out *NluSettingsObservation) { + *out = *in + if in.ClassificationThreshold != nil { + in, out := &in.ClassificationThreshold, &out.ClassificationThreshold + *out = new(float64) + **out = **in + } + if in.ModelTrainingMode != nil { + in, out := &in.ModelTrainingMode, &out.ModelTrainingMode + *out = new(string) + **out = **in + } + if in.ModelType != nil { + in, out := &in.ModelType, &out.ModelType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NluSettingsObservation. +func (in *NluSettingsObservation) DeepCopy() *NluSettingsObservation { + if in == nil { + return nil + } + out := new(NluSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NluSettingsParameters) DeepCopyInto(out *NluSettingsParameters) { + *out = *in + if in.ClassificationThreshold != nil { + in, out := &in.ClassificationThreshold, &out.ClassificationThreshold + *out = new(float64) + **out = **in + } + if in.ModelTrainingMode != nil { + in, out := &in.ModelTrainingMode, &out.ModelTrainingMode + *out = new(string) + **out = **in + } + if in.ModelType != nil { + in, out := &in.ModelType, &out.ModelType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NluSettingsParameters. +func (in *NluSettingsParameters) DeepCopy() *NluSettingsParameters { + if in == nil { + return nil + } + out := new(NluSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OutputAudioTextInitParameters) DeepCopyInto(out *OutputAudioTextInitParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputAudioTextInitParameters. +func (in *OutputAudioTextInitParameters) DeepCopy() *OutputAudioTextInitParameters { + if in == nil { + return nil + } + out := new(OutputAudioTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OutputAudioTextObservation) DeepCopyInto(out *OutputAudioTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputAudioTextObservation. +func (in *OutputAudioTextObservation) DeepCopy() *OutputAudioTextObservation { + if in == nil { + return nil + } + out := new(OutputAudioTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OutputAudioTextParameters) DeepCopyInto(out *OutputAudioTextParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputAudioTextParameters. +func (in *OutputAudioTextParameters) DeepCopy() *OutputAudioTextParameters { + if in == nil { + return nil + } + out := new(OutputAudioTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Page) DeepCopyInto(out *Page) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Page. +func (in *Page) DeepCopy() *Page { + if in == nil { + return nil + } + out := new(Page) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Page) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageAdvancedSettingsDtmfSettingsInitParameters) DeepCopyInto(out *PageAdvancedSettingsDtmfSettingsInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageAdvancedSettingsDtmfSettingsInitParameters. +func (in *PageAdvancedSettingsDtmfSettingsInitParameters) DeepCopy() *PageAdvancedSettingsDtmfSettingsInitParameters { + if in == nil { + return nil + } + out := new(PageAdvancedSettingsDtmfSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageAdvancedSettingsDtmfSettingsObservation) DeepCopyInto(out *PageAdvancedSettingsDtmfSettingsObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageAdvancedSettingsDtmfSettingsObservation. +func (in *PageAdvancedSettingsDtmfSettingsObservation) DeepCopy() *PageAdvancedSettingsDtmfSettingsObservation { + if in == nil { + return nil + } + out := new(PageAdvancedSettingsDtmfSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageAdvancedSettingsDtmfSettingsParameters) DeepCopyInto(out *PageAdvancedSettingsDtmfSettingsParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageAdvancedSettingsDtmfSettingsParameters. +func (in *PageAdvancedSettingsDtmfSettingsParameters) DeepCopy() *PageAdvancedSettingsDtmfSettingsParameters { + if in == nil { + return nil + } + out := new(PageAdvancedSettingsDtmfSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageAdvancedSettingsInitParameters) DeepCopyInto(out *PageAdvancedSettingsInitParameters) { + *out = *in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]PageAdvancedSettingsDtmfSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageAdvancedSettingsInitParameters. +func (in *PageAdvancedSettingsInitParameters) DeepCopy() *PageAdvancedSettingsInitParameters { + if in == nil { + return nil + } + out := new(PageAdvancedSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageAdvancedSettingsObservation) DeepCopyInto(out *PageAdvancedSettingsObservation) { + *out = *in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]PageAdvancedSettingsDtmfSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageAdvancedSettingsObservation. +func (in *PageAdvancedSettingsObservation) DeepCopy() *PageAdvancedSettingsObservation { + if in == nil { + return nil + } + out := new(PageAdvancedSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageAdvancedSettingsParameters) DeepCopyInto(out *PageAdvancedSettingsParameters) { + *out = *in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]PageAdvancedSettingsDtmfSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageAdvancedSettingsParameters. +func (in *PageAdvancedSettingsParameters) DeepCopy() *PageAdvancedSettingsParameters { + if in == nil { + return nil + } + out := new(PageAdvancedSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageEventHandlersInitParameters) DeepCopyInto(out *PageEventHandlersInitParameters) { + *out = *in + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]EventHandlersTriggerFulfillmentInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageEventHandlersInitParameters. +func (in *PageEventHandlersInitParameters) DeepCopy() *PageEventHandlersInitParameters { + if in == nil { + return nil + } + out := new(PageEventHandlersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageEventHandlersObservation) DeepCopyInto(out *PageEventHandlersObservation) { + *out = *in + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]EventHandlersTriggerFulfillmentObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageEventHandlersObservation. +func (in *PageEventHandlersObservation) DeepCopy() *PageEventHandlersObservation { + if in == nil { + return nil + } + out := new(PageEventHandlersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageEventHandlersParameters) DeepCopyInto(out *PageEventHandlersParameters) { + *out = *in + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]EventHandlersTriggerFulfillmentParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageEventHandlersParameters. +func (in *PageEventHandlersParameters) DeepCopy() *PageEventHandlersParameters { + if in == nil { + return nil + } + out := new(PageEventHandlersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageInitParameters) DeepCopyInto(out *PageInitParameters) { + *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]PageAdvancedSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EntryFulfillment != nil { + in, out := &in.EntryFulfillment, &out.EntryFulfillment + *out = make([]EntryFulfillmentInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EventHandlers != nil { + in, out := &in.EventHandlers, &out.EventHandlers + *out = make([]PageEventHandlersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Form != nil { + in, out := &in.Form, &out.Form + *out = make([]FormInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LanguageCode != nil { + in, out := &in.LanguageCode, &out.LanguageCode + *out = new(string) + **out = **in + } + if in.Parent != nil { + in, out := &in.Parent, &out.Parent + *out = new(string) + **out = **in + } + if in.ParentRef != nil { + in, out := &in.ParentRef, &out.ParentRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ParentSelector != nil { + in, out := &in.ParentSelector, &out.ParentSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TransitionRouteGroups != nil { + in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TransitionRoutes != nil { + in, out := &in.TransitionRoutes, &out.TransitionRoutes + *out = make([]PageTransitionRoutesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageInitParameters. +func (in *PageInitParameters) DeepCopy() *PageInitParameters { + if in == nil { + return nil + } + out := new(PageInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageList) DeepCopyInto(out *PageList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Page, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageList. +func (in *PageList) DeepCopy() *PageList { + if in == nil { + return nil + } + out := new(PageList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PageList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageObservation) DeepCopyInto(out *PageObservation) { + *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]PageAdvancedSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EntryFulfillment != nil { + in, out := &in.EntryFulfillment, &out.EntryFulfillment + *out = make([]EntryFulfillmentObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EventHandlers != nil { + in, out := &in.EventHandlers, &out.EventHandlers + *out = make([]PageEventHandlersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Form != nil { + in, out := &in.Form, &out.Form + *out = make([]FormObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.LanguageCode != nil { + in, out := &in.LanguageCode, &out.LanguageCode + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Parent != nil { + in, out := &in.Parent, &out.Parent + *out = new(string) + **out = **in + } + if in.TransitionRouteGroups != nil { + in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TransitionRoutes != nil { + in, out := &in.TransitionRoutes, &out.TransitionRoutes + *out = make([]PageTransitionRoutesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageObservation. +func (in *PageObservation) DeepCopy() *PageObservation { + if in == nil { + return nil + } + out := new(PageObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageParameters) DeepCopyInto(out *PageParameters) { + *out = *in + if in.AdvancedSettings != nil { + in, out := &in.AdvancedSettings, &out.AdvancedSettings + *out = make([]PageAdvancedSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EntryFulfillment != nil { + in, out := &in.EntryFulfillment, &out.EntryFulfillment + *out = make([]EntryFulfillmentParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EventHandlers != nil { + in, out := &in.EventHandlers, &out.EventHandlers + *out = make([]PageEventHandlersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Form != nil { + in, out := &in.Form, &out.Form + *out = make([]FormParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LanguageCode != nil { + in, out := &in.LanguageCode, &out.LanguageCode + *out = new(string) + **out = **in + } + if in.Parent != nil { + in, out := &in.Parent, &out.Parent + *out = new(string) + **out = **in + } + if in.ParentRef != nil { + in, out := &in.ParentRef, &out.ParentRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ParentSelector != nil { + in, out := &in.ParentSelector, &out.ParentSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TransitionRouteGroups != nil { + in, out := &in.TransitionRouteGroups, &out.TransitionRouteGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TransitionRoutes != nil { + in, out := &in.TransitionRoutes, &out.TransitionRoutes + *out = make([]PageTransitionRoutesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageParameters. +func (in *PageParameters) DeepCopy() *PageParameters { + if in == nil { + return nil + } + out := new(PageParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageSpec) DeepCopyInto(out *PageSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageSpec. +func (in *PageSpec) DeepCopy() *PageSpec { + if in == nil { + return nil + } + out := new(PageSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageStatus) DeepCopyInto(out *PageStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageStatus. +func (in *PageStatus) DeepCopy() *PageStatus { + if in == nil { + return nil + } + out := new(PageStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageTransitionRoutesInitParameters) DeepCopyInto(out *PageTransitionRoutesInitParameters) { + *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(string) + **out = **in + } + if in.Intent != nil { + in, out := &in.Intent, &out.Intent + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TargetPageRef != nil { + in, out := &in.TargetPageRef, &out.TargetPageRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TargetPageSelector != nil { + in, out := &in.TargetPageSelector, &out.TargetPageSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]PageTransitionRoutesTriggerFulfillmentInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesInitParameters. +func (in *PageTransitionRoutesInitParameters) DeepCopy() *PageTransitionRoutesInitParameters { + if in == nil { + return nil + } + out := new(PageTransitionRoutesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageTransitionRoutesObservation) DeepCopyInto(out *PageTransitionRoutesObservation) { + *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(string) + **out = **in + } + if in.Intent != nil { + in, out := &in.Intent, &out.Intent + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]PageTransitionRoutesTriggerFulfillmentObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesObservation. +func (in *PageTransitionRoutesObservation) DeepCopy() *PageTransitionRoutesObservation { + if in == nil { + return nil + } + out := new(PageTransitionRoutesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageTransitionRoutesParameters) DeepCopyInto(out *PageTransitionRoutesParameters) { + *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(string) + **out = **in + } + if in.Intent != nil { + in, out := &in.Intent, &out.Intent + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TargetPageRef != nil { + in, out := &in.TargetPageRef, &out.TargetPageRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TargetPageSelector != nil { + in, out := &in.TargetPageSelector, &out.TargetPageSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]PageTransitionRoutesTriggerFulfillmentParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesParameters. +func (in *PageTransitionRoutesParameters) DeepCopy() *PageTransitionRoutesParameters { + if in == nil { + return nil + } + out := new(PageTransitionRoutesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageTransitionRoutesTriggerFulfillmentInitParameters) DeepCopyInto(out *PageTransitionRoutesTriggerFulfillmentInitParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]TransitionRoutesTriggerFulfillmentMessagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesTriggerFulfillmentInitParameters. +func (in *PageTransitionRoutesTriggerFulfillmentInitParameters) DeepCopy() *PageTransitionRoutesTriggerFulfillmentInitParameters { + if in == nil { + return nil + } + out := new(PageTransitionRoutesTriggerFulfillmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageTransitionRoutesTriggerFulfillmentObservation) DeepCopyInto(out *PageTransitionRoutesTriggerFulfillmentObservation) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]TransitionRoutesTriggerFulfillmentConditionalCasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]TransitionRoutesTriggerFulfillmentMessagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]TransitionRoutesTriggerFulfillmentSetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesTriggerFulfillmentObservation. +func (in *PageTransitionRoutesTriggerFulfillmentObservation) DeepCopy() *PageTransitionRoutesTriggerFulfillmentObservation { + if in == nil { + return nil + } + out := new(PageTransitionRoutesTriggerFulfillmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PageTransitionRoutesTriggerFulfillmentParameters) DeepCopyInto(out *PageTransitionRoutesTriggerFulfillmentParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]TransitionRoutesTriggerFulfillmentConditionalCasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]TransitionRoutesTriggerFulfillmentMessagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]TransitionRoutesTriggerFulfillmentSetParameterActionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesTriggerFulfillmentParameters. +func (in *PageTransitionRoutesTriggerFulfillmentParameters) DeepCopy() *PageTransitionRoutesTriggerFulfillmentParameters { + if in == nil { + return nil + } + out := new(PageTransitionRoutesTriggerFulfillmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersAdvancedSettingsDtmfSettingsInitParameters) DeepCopyInto(out *ParametersAdvancedSettingsDtmfSettingsInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersAdvancedSettingsDtmfSettingsInitParameters. +func (in *ParametersAdvancedSettingsDtmfSettingsInitParameters) DeepCopy() *ParametersAdvancedSettingsDtmfSettingsInitParameters { + if in == nil { + return nil + } + out := new(ParametersAdvancedSettingsDtmfSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersAdvancedSettingsDtmfSettingsObservation) DeepCopyInto(out *ParametersAdvancedSettingsDtmfSettingsObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersAdvancedSettingsDtmfSettingsObservation. +func (in *ParametersAdvancedSettingsDtmfSettingsObservation) DeepCopy() *ParametersAdvancedSettingsDtmfSettingsObservation { + if in == nil { + return nil + } + out := new(ParametersAdvancedSettingsDtmfSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersAdvancedSettingsDtmfSettingsParameters) DeepCopyInto(out *ParametersAdvancedSettingsDtmfSettingsParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.FinishDigit != nil { + in, out := &in.FinishDigit, &out.FinishDigit + *out = new(string) + **out = **in + } + if in.MaxDigits != nil { + in, out := &in.MaxDigits, &out.MaxDigits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersAdvancedSettingsDtmfSettingsParameters. +func (in *ParametersAdvancedSettingsDtmfSettingsParameters) DeepCopy() *ParametersAdvancedSettingsDtmfSettingsParameters { + if in == nil { + return nil + } + out := new(ParametersAdvancedSettingsDtmfSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersAdvancedSettingsInitParameters) DeepCopyInto(out *ParametersAdvancedSettingsInitParameters) { + *out = *in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]ParametersAdvancedSettingsDtmfSettingsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersAdvancedSettingsInitParameters. +func (in *ParametersAdvancedSettingsInitParameters) DeepCopy() *ParametersAdvancedSettingsInitParameters { + if in == nil { + return nil + } + out := new(ParametersAdvancedSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersAdvancedSettingsObservation) DeepCopyInto(out *ParametersAdvancedSettingsObservation) { + *out = *in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]ParametersAdvancedSettingsDtmfSettingsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersAdvancedSettingsObservation. +func (in *ParametersAdvancedSettingsObservation) DeepCopy() *ParametersAdvancedSettingsObservation { + if in == nil { + return nil + } + out := new(ParametersAdvancedSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersAdvancedSettingsParameters) DeepCopyInto(out *ParametersAdvancedSettingsParameters) { + *out = *in + if in.DtmfSettings != nil { + in, out := &in.DtmfSettings, &out.DtmfSettings + *out = make([]ParametersAdvancedSettingsDtmfSettingsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersAdvancedSettingsParameters. +func (in *ParametersAdvancedSettingsParameters) DeepCopy() *ParametersAdvancedSettingsParameters { + if in == nil { + return nil + } + out := new(ParametersAdvancedSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersInitParameters) DeepCopyInto(out *ParametersInitParameters) { + *out = *in + if in.EntityType != nil { + in, out := &in.EntityType, &out.EntityType + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IsList != nil { + in, out := &in.IsList, &out.IsList + *out = new(bool) + **out = **in + } + if in.Redact != nil { + in, out := &in.Redact, &out.Redact + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersInitParameters. +func (in *ParametersInitParameters) DeepCopy() *ParametersInitParameters { + if in == nil { + return nil + } + out := new(ParametersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersObservation) DeepCopyInto(out *ParametersObservation) { + *out = *in + if in.EntityType != nil { + in, out := &in.EntityType, &out.EntityType + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IsList != nil { + in, out := &in.IsList, &out.IsList + *out = new(bool) + **out = **in + } + if in.Redact != nil { + in, out := &in.Redact, &out.Redact + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersObservation. +func (in *ParametersObservation) DeepCopy() *ParametersObservation { + if in == nil { + return nil + } + out := new(ParametersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParametersParameters) DeepCopyInto(out *ParametersParameters) { + *out = *in + if in.EntityType != nil { + in, out := &in.EntityType, &out.EntityType + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IsList != nil { + in, out := &in.IsList, &out.IsList + *out = new(bool) + **out = **in + } + if in.Redact != nil { + in, out := &in.Redact, &out.Redact + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersParameters. +func (in *ParametersParameters) DeepCopy() *ParametersParameters { + if in == nil { + return nil + } + out := new(ParametersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PartsInitParameters) DeepCopyInto(out *PartsInitParameters) { + *out = *in + if in.ParameterID != nil { + in, out := &in.ParameterID, &out.ParameterID + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartsInitParameters. +func (in *PartsInitParameters) DeepCopy() *PartsInitParameters { + if in == nil { + return nil + } + out := new(PartsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PartsObservation) DeepCopyInto(out *PartsObservation) { + *out = *in + if in.ParameterID != nil { + in, out := &in.ParameterID, &out.ParameterID + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartsObservation. +func (in *PartsObservation) DeepCopy() *PartsObservation { + if in == nil { + return nil + } + out := new(PartsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PartsParameters) DeepCopyInto(out *PartsParameters) { + *out = *in + if in.ParameterID != nil { + in, out := &in.ParameterID, &out.ParameterID + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartsParameters. +func (in *PartsParameters) DeepCopy() *PartsParameters { + if in == nil { + return nil + } + out := new(PartsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlayAudioInitParameters) DeepCopyInto(out *PlayAudioInitParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlayAudioInitParameters. +func (in *PlayAudioInitParameters) DeepCopy() *PlayAudioInitParameters { + if in == nil { + return nil + } + out := new(PlayAudioInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlayAudioObservation) DeepCopyInto(out *PlayAudioObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlayAudioObservation. +func (in *PlayAudioObservation) DeepCopy() *PlayAudioObservation { + if in == nil { + return nil + } + out := new(PlayAudioObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlayAudioParameters) DeepCopyInto(out *PlayAudioParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlayAudioParameters. +func (in *PlayAudioParameters) DeepCopy() *PlayAudioParameters { + if in == nil { + return nil + } + out := new(PlayAudioParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersInitParameters) DeepCopyInto(out *RepromptEventHandlersInitParameters) { + *out = *in + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetFlowRef != nil { + in, out := &in.TargetFlowRef, &out.TargetFlowRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TargetFlowSelector != nil { + in, out := &in.TargetFlowSelector, &out.TargetFlowSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TargetPageRef != nil { + in, out := &in.TargetPageRef, &out.TargetPageRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TargetPageSelector != nil { + in, out := &in.TargetPageSelector, &out.TargetPageSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]RepromptEventHandlersTriggerFulfillmentInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersInitParameters. +func (in *RepromptEventHandlersInitParameters) DeepCopy() *RepromptEventHandlersInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersObservation) DeepCopyInto(out *RepromptEventHandlersObservation) { + *out = *in + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]RepromptEventHandlersTriggerFulfillmentObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersObservation. +func (in *RepromptEventHandlersObservation) DeepCopy() *RepromptEventHandlersObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersParameters) DeepCopyInto(out *RepromptEventHandlersParameters) { + *out = *in + if in.Event != nil { + in, out := &in.Event, &out.Event + *out = new(string) + **out = **in + } + if in.TargetFlow != nil { + in, out := &in.TargetFlow, &out.TargetFlow + *out = new(string) + **out = **in + } + if in.TargetFlowRef != nil { + in, out := &in.TargetFlowRef, &out.TargetFlowRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TargetFlowSelector != nil { + in, out := &in.TargetFlowSelector, &out.TargetFlowSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } + if in.TargetPageRef != nil { + in, out := &in.TargetPageRef, &out.TargetPageRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TargetPageSelector != nil { + in, out := &in.TargetPageSelector, &out.TargetPageSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.TriggerFulfillment != nil { + in, out := &in.TriggerFulfillment, &out.TriggerFulfillment + *out = make([]RepromptEventHandlersTriggerFulfillmentParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersParameters. +func (in *RepromptEventHandlersParameters) DeepCopy() *RepromptEventHandlersParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation. +func (in *RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters. +func (in *RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentInitParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } + if in.WebhookRef != nil { + in, out := &in.WebhookRef, &out.WebhookRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.WebhookSelector != nil { + in, out := &in.WebhookSelector, &out.WebhookSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesInitParameters) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesObservation) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters) { + *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesParameters) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTextObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesTextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesTextObservation. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTextObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesTextObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesTextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTextParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentMessagesTextParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentMessagesTextParameters. +func (in *RepromptEventHandlersTriggerFulfillmentMessagesTextParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentMessagesTextParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentMessagesTextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentObservation) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentObservation. +func (in *RepromptEventHandlersTriggerFulfillmentObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]RepromptEventHandlersTriggerFulfillmentMessagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } + if in.WebhookRef != nil { + in, out := &in.WebhookRef, &out.WebhookRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.WebhookSelector != nil { + in, out := &in.WebhookSelector, &out.WebhookSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentParameters. +func (in *RepromptEventHandlersTriggerFulfillmentParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters. +func (in *RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation. +func (in *RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation) DeepCopy() *RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters) DeepCopyInto(out *RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters. +func (in *RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters) DeepCopy() *RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters { + if in == nil { + return nil + } + out := new(RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceDirectoryGenericWebServiceInitParameters) DeepCopyInto(out *ServiceDirectoryGenericWebServiceInitParameters) { + *out = *in + if in.AllowedCACerts != nil { + in, out := &in.AllowedCACerts, &out.AllowedCACerts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryGenericWebServiceInitParameters. +func (in *ServiceDirectoryGenericWebServiceInitParameters) DeepCopy() *ServiceDirectoryGenericWebServiceInitParameters { + if in == nil { + return nil + } + out := new(ServiceDirectoryGenericWebServiceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceDirectoryGenericWebServiceObservation) DeepCopyInto(out *ServiceDirectoryGenericWebServiceObservation) { + *out = *in + if in.AllowedCACerts != nil { + in, out := &in.AllowedCACerts, &out.AllowedCACerts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryGenericWebServiceObservation. +func (in *ServiceDirectoryGenericWebServiceObservation) DeepCopy() *ServiceDirectoryGenericWebServiceObservation { + if in == nil { + return nil + } + out := new(ServiceDirectoryGenericWebServiceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceDirectoryGenericWebServiceParameters) DeepCopyInto(out *ServiceDirectoryGenericWebServiceParameters) { + *out = *in + if in.AllowedCACerts != nil { + in, out := &in.AllowedCACerts, &out.AllowedCACerts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryGenericWebServiceParameters. +func (in *ServiceDirectoryGenericWebServiceParameters) DeepCopy() *ServiceDirectoryGenericWebServiceParameters { + if in == nil { + return nil + } + out := new(ServiceDirectoryGenericWebServiceParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceDirectoryInitParameters) DeepCopyInto(out *ServiceDirectoryInitParameters) { + *out = *in + if in.GenericWebService != nil { + in, out := &in.GenericWebService, &out.GenericWebService + *out = make([]ServiceDirectoryGenericWebServiceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryInitParameters. +func (in *ServiceDirectoryInitParameters) DeepCopy() *ServiceDirectoryInitParameters { + if in == nil { + return nil + } + out := new(ServiceDirectoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceDirectoryObservation) DeepCopyInto(out *ServiceDirectoryObservation) { + *out = *in + if in.GenericWebService != nil { + in, out := &in.GenericWebService, &out.GenericWebService + *out = make([]ServiceDirectoryGenericWebServiceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryObservation. +func (in *ServiceDirectoryObservation) DeepCopy() *ServiceDirectoryObservation { + if in == nil { + return nil + } + out := new(ServiceDirectoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceDirectoryParameters) DeepCopyInto(out *ServiceDirectoryParameters) { + *out = *in + if in.GenericWebService != nil { + in, out := &in.GenericWebService, &out.GenericWebService + *out = make([]ServiceDirectoryGenericWebServiceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryParameters. +func (in *ServiceDirectoryParameters) DeepCopy() *ServiceDirectoryParameters { + if in == nil { + return nil + } + out := new(ServiceDirectoryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SetParameterActionsInitParameters) DeepCopyInto(out *SetParameterActionsInitParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SetParameterActionsInitParameters. +func (in *SetParameterActionsInitParameters) DeepCopy() *SetParameterActionsInitParameters { + if in == nil { + return nil + } + out := new(SetParameterActionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SetParameterActionsObservation) DeepCopyInto(out *SetParameterActionsObservation) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SetParameterActionsObservation. +func (in *SetParameterActionsObservation) DeepCopy() *SetParameterActionsObservation { + if in == nil { + return nil + } + out := new(SetParameterActionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SetParameterActionsParameters) DeepCopyInto(out *SetParameterActionsParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SetParameterActionsParameters. +func (in *SetParameterActionsParameters) DeepCopy() *SetParameterActionsParameters { + if in == nil { + return nil + } + out := new(SetParameterActionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SpeechToTextSettingsInitParameters) DeepCopyInto(out *SpeechToTextSettingsInitParameters) { + *out = *in + if in.EnableSpeechAdaptation != nil { + in, out := &in.EnableSpeechAdaptation, &out.EnableSpeechAdaptation + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechToTextSettingsInitParameters. +func (in *SpeechToTextSettingsInitParameters) DeepCopy() *SpeechToTextSettingsInitParameters { + if in == nil { + return nil + } + out := new(SpeechToTextSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SpeechToTextSettingsObservation) DeepCopyInto(out *SpeechToTextSettingsObservation) { + *out = *in + if in.EnableSpeechAdaptation != nil { + in, out := &in.EnableSpeechAdaptation, &out.EnableSpeechAdaptation + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechToTextSettingsObservation. +func (in *SpeechToTextSettingsObservation) DeepCopy() *SpeechToTextSettingsObservation { + if in == nil { + return nil + } + out := new(SpeechToTextSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SpeechToTextSettingsParameters) DeepCopyInto(out *SpeechToTextSettingsParameters) { + *out = *in + if in.EnableSpeechAdaptation != nil { + in, out := &in.EnableSpeechAdaptation, &out.EnableSpeechAdaptation + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechToTextSettingsParameters. +func (in *SpeechToTextSettingsParameters) DeepCopy() *SpeechToTextSettingsParameters { + if in == nil { + return nil + } + out := new(SpeechToTextSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TelephonyTransferCallInitParameters) DeepCopyInto(out *TelephonyTransferCallInitParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelephonyTransferCallInitParameters. +func (in *TelephonyTransferCallInitParameters) DeepCopy() *TelephonyTransferCallInitParameters { + if in == nil { + return nil + } + out := new(TelephonyTransferCallInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TelephonyTransferCallObservation) DeepCopyInto(out *TelephonyTransferCallObservation) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelephonyTransferCallObservation. +func (in *TelephonyTransferCallObservation) DeepCopy() *TelephonyTransferCallObservation { + if in == nil { + return nil + } + out := new(TelephonyTransferCallObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TelephonyTransferCallParameters) DeepCopyInto(out *TelephonyTransferCallParameters) { + *out = *in + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelephonyTransferCallParameters. +func (in *TelephonyTransferCallParameters) DeepCopy() *TelephonyTransferCallParameters { + if in == nil { + return nil + } + out := new(TelephonyTransferCallParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextInitParameters) DeepCopyInto(out *TextInitParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextInitParameters. +func (in *TextInitParameters) DeepCopy() *TextInitParameters { + if in == nil { + return nil + } + out := new(TextInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextObservation) DeepCopyInto(out *TextObservation) { + *out = *in + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextObservation. +func (in *TextObservation) DeepCopy() *TextObservation { + if in == nil { + return nil + } + out := new(TextObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextParameters) DeepCopyInto(out *TextParameters) { + *out = *in + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextParameters. +func (in *TextParameters) DeepCopy() *TextParameters { + if in == nil { + return nil + } + out := new(TextParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextToSpeechSettingsInitParameters) DeepCopyInto(out *TextToSpeechSettingsInitParameters) { + *out = *in + if in.SynthesizeSpeechConfigs != nil { + in, out := &in.SynthesizeSpeechConfigs, &out.SynthesizeSpeechConfigs + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextToSpeechSettingsInitParameters. +func (in *TextToSpeechSettingsInitParameters) DeepCopy() *TextToSpeechSettingsInitParameters { + if in == nil { + return nil + } + out := new(TextToSpeechSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextToSpeechSettingsObservation) DeepCopyInto(out *TextToSpeechSettingsObservation) { + *out = *in + if in.SynthesizeSpeechConfigs != nil { + in, out := &in.SynthesizeSpeechConfigs, &out.SynthesizeSpeechConfigs + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextToSpeechSettingsObservation. +func (in *TextToSpeechSettingsObservation) DeepCopy() *TextToSpeechSettingsObservation { + if in == nil { + return nil + } + out := new(TextToSpeechSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextToSpeechSettingsParameters) DeepCopyInto(out *TextToSpeechSettingsParameters) { + *out = *in + if in.SynthesizeSpeechConfigs != nil { + in, out := &in.SynthesizeSpeechConfigs, &out.SynthesizeSpeechConfigs + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextToSpeechSettingsParameters. +func (in *TextToSpeechSettingsParameters) DeepCopy() *TextToSpeechSettingsParameters { + if in == nil { + return nil + } + out := new(TextToSpeechSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrainingPhrasesInitParameters) DeepCopyInto(out *TrainingPhrasesInitParameters) { + *out = *in + if in.Parts != nil { + in, out := &in.Parts, &out.Parts + *out = make([]PartsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RepeatCount != nil { + in, out := &in.RepeatCount, &out.RepeatCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrainingPhrasesInitParameters. +func (in *TrainingPhrasesInitParameters) DeepCopy() *TrainingPhrasesInitParameters { if in == nil { return nil } - out := new(PageParameters) + out := new(TrainingPhrasesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageSpec) DeepCopyInto(out *PageSpec) { +func (in *TrainingPhrasesObservation) DeepCopyInto(out *TrainingPhrasesObservation) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Parts != nil { + in, out := &in.Parts, &out.Parts + *out = make([]PartsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RepeatCount != nil { + in, out := &in.RepeatCount, &out.RepeatCount + *out = new(float64) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageSpec. -func (in *PageSpec) DeepCopy() *PageSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrainingPhrasesObservation. +func (in *TrainingPhrasesObservation) DeepCopy() *TrainingPhrasesObservation { if in == nil { return nil } - out := new(PageSpec) + out := new(TrainingPhrasesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageStatus) DeepCopyInto(out *PageStatus) { +func (in *TrainingPhrasesParameters) DeepCopyInto(out *TrainingPhrasesParameters) { *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) + if in.Parts != nil { + in, out := &in.Parts, &out.Parts + *out = make([]PartsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RepeatCount != nil { + in, out := &in.RepeatCount, &out.RepeatCount + *out = new(float64) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageStatus. -func (in *PageStatus) DeepCopy() *PageStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrainingPhrasesParameters. +func (in *TrainingPhrasesParameters) DeepCopy() *TrainingPhrasesParameters { if in == nil { return nil } - out := new(PageStatus) + out := new(TrainingPhrasesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageTransitionRoutesInitParameters) DeepCopyInto(out *PageTransitionRoutesInitParameters) { +func (in *TransitionRoutesInitParameters) DeepCopyInto(out *TransitionRoutesInitParameters) { *out = *in if in.Condition != nil { in, out := &in.Condition, &out.Condition @@ -3697,42 +9490,42 @@ func (in *PageTransitionRoutesInitParameters) DeepCopyInto(out *PageTransitionRo *out = new(string) **out = **in } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage - *out = new(string) - **out = **in - } - if in.TargetPageRef != nil { - in, out := &in.TargetPageRef, &out.TargetPageRef + if in.TargetFlowRef != nil { + in, out := &in.TargetFlowRef, &out.TargetFlowRef *out = new(v1.Reference) (*in).DeepCopyInto(*out) } - if in.TargetPageSelector != nil { - in, out := &in.TargetPageSelector, &out.TargetPageSelector + if in.TargetFlowSelector != nil { + in, out := &in.TargetFlowSelector, &out.TargetFlowSelector *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } if in.TriggerFulfillment != nil { in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]PageTransitionRoutesTriggerFulfillmentInitParameters, len(*in)) + *out = make([]TransitionRoutesTriggerFulfillmentInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesInitParameters. -func (in *PageTransitionRoutesInitParameters) DeepCopy() *PageTransitionRoutesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesInitParameters. +func (in *TransitionRoutesInitParameters) DeepCopy() *TransitionRoutesInitParameters { if in == nil { return nil } - out := new(PageTransitionRoutesInitParameters) + out := new(TransitionRoutesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageTransitionRoutesObservation) DeepCopyInto(out *PageTransitionRoutesObservation) { +func (in *TransitionRoutesObservation) DeepCopyInto(out *TransitionRoutesObservation) { *out = *in if in.Condition != nil { in, out := &in.Condition, &out.Condition @@ -3761,25 +9554,25 @@ func (in *PageTransitionRoutesObservation) DeepCopyInto(out *PageTransitionRoute } if in.TriggerFulfillment != nil { in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]PageTransitionRoutesTriggerFulfillmentObservation, len(*in)) + *out = make([]TransitionRoutesTriggerFulfillmentObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesObservation. -func (in *PageTransitionRoutesObservation) DeepCopy() *PageTransitionRoutesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesObservation. +func (in *TransitionRoutesObservation) DeepCopy() *TransitionRoutesObservation { if in == nil { return nil } - out := new(PageTransitionRoutesObservation) + out := new(TransitionRoutesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageTransitionRoutesParameters) DeepCopyInto(out *PageTransitionRoutesParameters) { +func (in *TransitionRoutesParameters) DeepCopyInto(out *TransitionRoutesParameters) { *out = *in if in.Condition != nil { in, out := &in.Condition, &out.Condition @@ -3796,46 +9589,113 @@ func (in *PageTransitionRoutesParameters) DeepCopyInto(out *PageTransitionRoutes *out = new(string) **out = **in } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage - *out = new(string) - **out = **in - } - if in.TargetPageRef != nil { - in, out := &in.TargetPageRef, &out.TargetPageRef + if in.TargetFlowRef != nil { + in, out := &in.TargetFlowRef, &out.TargetFlowRef *out = new(v1.Reference) (*in).DeepCopyInto(*out) } - if in.TargetPageSelector != nil { - in, out := &in.TargetPageSelector, &out.TargetPageSelector + if in.TargetFlowSelector != nil { + in, out := &in.TargetFlowSelector, &out.TargetFlowSelector *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.TargetPage != nil { + in, out := &in.TargetPage, &out.TargetPage + *out = new(string) + **out = **in + } if in.TriggerFulfillment != nil { in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]PageTransitionRoutesTriggerFulfillmentParameters, len(*in)) + *out = make([]TransitionRoutesTriggerFulfillmentParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesParameters. -func (in *PageTransitionRoutesParameters) DeepCopy() *PageTransitionRoutesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesParameters. +func (in *TransitionRoutesParameters) DeepCopy() *TransitionRoutesParameters { if in == nil { return nil } - out := new(PageTransitionRoutesParameters) + out := new(TransitionRoutesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageTransitionRoutesTriggerFulfillmentInitParameters) DeepCopyInto(out *PageTransitionRoutesTriggerFulfillmentInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters. +func (in *TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentConditionalCasesObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentConditionalCasesObservation) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentConditionalCasesObservation. +func (in *TransitionRoutesTriggerFulfillmentConditionalCasesObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentConditionalCasesObservation { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentConditionalCasesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentConditionalCasesParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentConditionalCasesParameters) { *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentConditionalCasesParameters. +func (in *TransitionRoutesTriggerFulfillmentConditionalCasesParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentConditionalCasesParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentConditionalCasesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentInitParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]TriggerFulfillmentConditionalCasesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Messages != nil { in, out := &in.Messages, &out.Messages - *out = make([]TransitionRoutesTriggerFulfillmentMessagesInitParameters, len(*in)) + *out = make([]TriggerFulfillmentMessagesInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -3845,6 +9705,13 @@ func (in *PageTransitionRoutesTriggerFulfillmentInitParameters) DeepCopyInto(out *out = new(bool) **out = **in } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]TriggerFulfillmentSetParameterActionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Tag != nil { in, out := &in.Tag, &out.Tag *out = new(string) @@ -3857,200 +9724,275 @@ func (in *PageTransitionRoutesTriggerFulfillmentInitParameters) DeepCopyInto(out } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesTriggerFulfillmentInitParameters. -func (in *PageTransitionRoutesTriggerFulfillmentInitParameters) DeepCopy() *PageTransitionRoutesTriggerFulfillmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentInitParameters. +func (in *TransitionRoutesTriggerFulfillmentInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentInitParameters { if in == nil { return nil } - out := new(PageTransitionRoutesTriggerFulfillmentInitParameters) + out := new(TransitionRoutesTriggerFulfillmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageTransitionRoutesTriggerFulfillmentObservation) DeepCopyInto(out *PageTransitionRoutesTriggerFulfillmentObservation) { +func (in *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]TransitionRoutesTriggerFulfillmentMessagesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) **out = **in } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesInitParameters) { + *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TransitionRoutesTriggerFulfillmentMessagesTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesTriggerFulfillmentObservation. -func (in *PageTransitionRoutesTriggerFulfillmentObservation) DeepCopy() *PageTransitionRoutesTriggerFulfillmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesInitParameters { if in == nil { return nil } - out := new(PageTransitionRoutesTriggerFulfillmentObservation) + out := new(TransitionRoutesTriggerFulfillmentMessagesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PageTransitionRoutesTriggerFulfillmentParameters) DeepCopyInto(out *PageTransitionRoutesTriggerFulfillmentParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]TransitionRoutesTriggerFulfillmentMessagesParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in - } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PageTransitionRoutesTriggerFulfillmentParameters. -func (in *PageTransitionRoutesTriggerFulfillmentParameters) DeepCopy() *PageTransitionRoutesTriggerFulfillmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters { if in == nil { return nil } - out := new(PageTransitionRoutesTriggerFulfillmentParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ParametersInitParameters) DeepCopyInto(out *ParametersInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation) { *out = *in - if in.EntityType != nil { - in, out := &in.EntityType, &out.EntityType + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.IsList != nil { - in, out := &in.IsList, &out.IsList - *out = new(bool) - **out = **in - } - if in.Redact != nil { - in, out := &in.Redact, &out.Redact - *out = new(bool) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersInitParameters. -func (in *ParametersInitParameters) DeepCopy() *ParametersInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation { if in == nil { return nil } - out := new(ParametersInitParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ParametersObservation) DeepCopyInto(out *ParametersObservation) { +func (in *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters) { *out = *in - if in.EntityType != nil { - in, out := &in.EntityType, &out.EntityType - *out = new(string) - **out = **in - } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.IsList != nil { - in, out := &in.IsList, &out.IsList - *out = new(bool) - **out = **in - } - if in.Redact != nil { - in, out := &in.Redact, &out.Redact - *out = new(bool) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersObservation. -func (in *ParametersObservation) DeepCopy() *ParametersObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters { if in == nil { return nil } - out := new(ParametersObservation) + out := new(TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ParametersParameters) DeepCopyInto(out *ParametersParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesObservation) { *out = *in - if in.EntityType != nil { - in, out := &in.EntityType, &out.EntityType + if in.Channel != nil { + in, out := &in.Channel, &out.Channel *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } - if in.IsList != nil { - in, out := &in.IsList, &out.IsList - *out = new(bool) - **out = **in + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Redact != nil { - in, out := &in.Redact, &out.Redact - *out = new(bool) - **out = **in + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TransitionRoutesTriggerFulfillmentMessagesTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersParameters. -func (in *ParametersParameters) DeepCopy() *ParametersParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesObservation { if in == nil { return nil } - out := new(ParametersParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PartsInitParameters) DeepCopyInto(out *PartsInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters) { *out = *in - if in.ParameterID != nil { - in, out := &in.ParameterID, &out.ParameterID + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml *out = new(string) **out = **in } @@ -4061,21 +10003,26 @@ func (in *PartsInitParameters) DeepCopyInto(out *PartsInitParameters) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartsInitParameters. -func (in *PartsInitParameters) DeepCopy() *PartsInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters { if in == nil { return nil } - out := new(PartsInitParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PartsObservation) DeepCopyInto(out *PartsObservation) { +func (in *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation) { *out = *in - if in.ParameterID != nil { - in, out := &in.ParameterID, &out.ParameterID + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in + } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml *out = new(string) **out = **in } @@ -4086,21 +10033,21 @@ func (in *PartsObservation) DeepCopyInto(out *PartsObservation) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartsObservation. -func (in *PartsObservation) DeepCopy() *PartsObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation { if in == nil { return nil } - out := new(PartsObservation) + out := new(TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PartsParameters) DeepCopyInto(out *PartsParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters) { *out = *in - if in.ParameterID != nil { - in, out := &in.ParameterID, &out.ParameterID + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml *out = new(string) **out = **in } @@ -4111,300 +10058,210 @@ func (in *PartsParameters) DeepCopyInto(out *PartsParameters) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartsParameters. -func (in *PartsParameters) DeepCopy() *PartsParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters { if in == nil { return nil } - out := new(PartsParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceDirectoryGenericWebServiceInitParameters) DeepCopyInto(out *ServiceDirectoryGenericWebServiceInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesParameters) { *out = *in - if in.AllowedCACerts != nil { - in, out := &in.AllowedCACerts, &out.AllowedCACerts - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.RequestHeaders != nil { - in, out := &in.RequestHeaders, &out.RequestHeaders - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } - if in.URI != nil { - in, out := &in.URI, &out.URI + if in.Channel != nil { + in, out := &in.Channel, &out.Channel *out = new(string) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryGenericWebServiceInitParameters. -func (in *ServiceDirectoryGenericWebServiceInitParameters) DeepCopy() *ServiceDirectoryGenericWebServiceInitParameters { - if in == nil { - return nil + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - out := new(ServiceDirectoryGenericWebServiceInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceDirectoryGenericWebServiceObservation) DeepCopyInto(out *ServiceDirectoryGenericWebServiceObservation) { - *out = *in - if in.AllowedCACerts != nil { - in, out := &in.AllowedCACerts, &out.AllowedCACerts - *out = make([]*string, len(*in)) + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequestHeaders != nil { - in, out := &in.RequestHeaders, &out.RequestHeaders - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.URI != nil { - in, out := &in.URI, &out.URI + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryGenericWebServiceObservation. -func (in *ServiceDirectoryGenericWebServiceObservation) DeepCopy() *ServiceDirectoryGenericWebServiceObservation { - if in == nil { - return nil + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - out := new(ServiceDirectoryGenericWebServiceObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceDirectoryGenericWebServiceParameters) DeepCopyInto(out *ServiceDirectoryGenericWebServiceParameters) { - *out = *in - if in.AllowedCACerts != nil { - in, out := &in.AllowedCACerts, &out.AllowedCACerts - *out = make([]*string, len(*in)) + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequestHeaders != nil { - in, out := &in.RequestHeaders, &out.RequestHeaders - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]TransitionRoutesTriggerFulfillmentMessagesTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.URI != nil { - in, out := &in.URI, &out.URI - *out = new(string) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryGenericWebServiceParameters. -func (in *ServiceDirectoryGenericWebServiceParameters) DeepCopy() *ServiceDirectoryGenericWebServiceParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesParameters { if in == nil { return nil } - out := new(ServiceDirectoryGenericWebServiceParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceDirectoryInitParameters) DeepCopyInto(out *ServiceDirectoryInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters) { *out = *in - if in.GenericWebService != nil { - in, out := &in.GenericWebService, &out.GenericWebService - *out = make([]ServiceDirectoryGenericWebServiceInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Service != nil { - in, out := &in.Service, &out.Service + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryInitParameters. -func (in *ServiceDirectoryInitParameters) DeepCopy() *ServiceDirectoryInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters { if in == nil { return nil } - out := new(ServiceDirectoryInitParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceDirectoryObservation) DeepCopyInto(out *ServiceDirectoryObservation) { +func (in *TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation) { *out = *in - if in.GenericWebService != nil { - in, out := &in.GenericWebService, &out.GenericWebService - *out = make([]ServiceDirectoryGenericWebServiceObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption + *out = new(bool) + **out = **in } - if in.Service != nil { - in, out := &in.Service, &out.Service + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryObservation. -func (in *ServiceDirectoryObservation) DeepCopy() *ServiceDirectoryObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation { if in == nil { return nil } - out := new(ServiceDirectoryObservation) + out := new(TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceDirectoryParameters) DeepCopyInto(out *ServiceDirectoryParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters) { *out = *in - if in.GenericWebService != nil { - in, out := &in.GenericWebService, &out.GenericWebService - *out = make([]ServiceDirectoryGenericWebServiceParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Service != nil { - in, out := &in.Service, &out.Service + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDirectoryParameters. -func (in *ServiceDirectoryParameters) DeepCopy() *ServiceDirectoryParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters { if in == nil { return nil } - out := new(ServiceDirectoryParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SpeechToTextSettingsInitParameters) DeepCopyInto(out *SpeechToTextSettingsInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) { *out = *in - if in.EnableSpeechAdaptation != nil { - in, out := &in.EnableSpeechAdaptation, &out.EnableSpeechAdaptation - *out = new(bool) + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechToTextSettingsInitParameters. -func (in *SpeechToTextSettingsInitParameters) DeepCopy() *SpeechToTextSettingsInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters { if in == nil { return nil } - out := new(SpeechToTextSettingsInitParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SpeechToTextSettingsObservation) DeepCopyInto(out *SpeechToTextSettingsObservation) { +func (in *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation) { *out = *in - if in.EnableSpeechAdaptation != nil { - in, out := &in.EnableSpeechAdaptation, &out.EnableSpeechAdaptation - *out = new(bool) + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechToTextSettingsObservation. -func (in *SpeechToTextSettingsObservation) DeepCopy() *SpeechToTextSettingsObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation { if in == nil { return nil } - out := new(SpeechToTextSettingsObservation) + out := new(TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SpeechToTextSettingsParameters) DeepCopyInto(out *SpeechToTextSettingsParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters) { *out = *in - if in.EnableSpeechAdaptation != nil { - in, out := &in.EnableSpeechAdaptation, &out.EnableSpeechAdaptation - *out = new(bool) + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechToTextSettingsParameters. -func (in *SpeechToTextSettingsParameters) DeepCopy() *SpeechToTextSettingsParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters { if in == nil { return nil } - out := new(SpeechToTextSettingsParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TextInitParameters) DeepCopyInto(out *TextInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) { *out = *in if in.Text != nil { in, out := &in.Text, &out.Text @@ -4419,18 +10276,18 @@ func (in *TextInitParameters) DeepCopyInto(out *TextInitParameters) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextInitParameters. -func (in *TextInitParameters) DeepCopy() *TextInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTextInitParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters { if in == nil { return nil } - out := new(TextInitParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TextObservation) DeepCopyInto(out *TextObservation) { +func (in *TransitionRoutesTriggerFulfillmentMessagesTextObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTextObservation) { *out = *in if in.AllowPlaybackInterruption != nil { in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption @@ -4450,18 +10307,18 @@ func (in *TextObservation) DeepCopyInto(out *TextObservation) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextObservation. -func (in *TextObservation) DeepCopy() *TextObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTextObservation. +func (in *TransitionRoutesTriggerFulfillmentMessagesTextObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTextObservation { if in == nil { return nil } - out := new(TextObservation) + out := new(TransitionRoutesTriggerFulfillmentMessagesTextObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TextParameters) DeepCopyInto(out *TextParameters) { +func (in *TransitionRoutesTriggerFulfillmentMessagesTextParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTextParameters) { *out = *in if in.Text != nil { in, out := &in.Text, &out.Text @@ -4476,592 +10333,826 @@ func (in *TextParameters) DeepCopyInto(out *TextParameters) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextParameters. -func (in *TextParameters) DeepCopy() *TextParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTextParameters. +func (in *TransitionRoutesTriggerFulfillmentMessagesTextParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTextParameters { if in == nil { return nil } - out := new(TextParameters) + out := new(TransitionRoutesTriggerFulfillmentMessagesTextParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TrainingPhrasesInitParameters) DeepCopyInto(out *TrainingPhrasesInitParameters) { +func (in *TransitionRoutesTriggerFulfillmentObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentObservation) { *out = *in - if in.Parts != nil { - in, out := &in.Parts, &out.Parts - *out = make([]PartsInitParameters, len(*in)) + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]TriggerFulfillmentConditionalCasesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RepeatCount != nil { - in, out := &in.RepeatCount, &out.RepeatCount - *out = new(float64) + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]TriggerFulfillmentMessagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]TriggerFulfillmentSetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrainingPhrasesInitParameters. -func (in *TrainingPhrasesInitParameters) DeepCopy() *TrainingPhrasesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentObservation. +func (in *TransitionRoutesTriggerFulfillmentObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentObservation { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentParameters) { + *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]TriggerFulfillmentConditionalCasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]TriggerFulfillmentMessagesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) + **out = **in + } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]TriggerFulfillmentSetParameterActionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag + *out = new(string) + **out = **in + } + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentParameters. +func (in *TransitionRoutesTriggerFulfillmentParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters. +func (in *TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentSetParameterActionsObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentSetParameterActionsObservation) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentSetParameterActionsObservation. +func (in *TransitionRoutesTriggerFulfillmentSetParameterActionsObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentSetParameterActionsObservation { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentSetParameterActionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransitionRoutesTriggerFulfillmentSetParameterActionsParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentSetParameterActionsParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentSetParameterActionsParameters. +func (in *TransitionRoutesTriggerFulfillmentSetParameterActionsParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentSetParameterActionsParameters { + if in == nil { + return nil + } + out := new(TransitionRoutesTriggerFulfillmentSetParameterActionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentConditionalCasesInitParameters) DeepCopyInto(out *TriggerFulfillmentConditionalCasesInitParameters) { + *out = *in + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentConditionalCasesInitParameters. +func (in *TriggerFulfillmentConditionalCasesInitParameters) DeepCopy() *TriggerFulfillmentConditionalCasesInitParameters { if in == nil { return nil } - out := new(TrainingPhrasesInitParameters) + out := new(TriggerFulfillmentConditionalCasesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TrainingPhrasesObservation) DeepCopyInto(out *TrainingPhrasesObservation) { +func (in *TriggerFulfillmentConditionalCasesObservation) DeepCopyInto(out *TriggerFulfillmentConditionalCasesObservation) { *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.Cases != nil { + in, out := &in.Cases, &out.Cases *out = new(string) **out = **in } - if in.Parts != nil { - in, out := &in.Parts, &out.Parts - *out = make([]PartsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.RepeatCount != nil { - in, out := &in.RepeatCount, &out.RepeatCount - *out = new(float64) - **out = **in - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrainingPhrasesObservation. -func (in *TrainingPhrasesObservation) DeepCopy() *TrainingPhrasesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentConditionalCasesObservation. +func (in *TriggerFulfillmentConditionalCasesObservation) DeepCopy() *TriggerFulfillmentConditionalCasesObservation { if in == nil { return nil } - out := new(TrainingPhrasesObservation) + out := new(TriggerFulfillmentConditionalCasesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TrainingPhrasesParameters) DeepCopyInto(out *TrainingPhrasesParameters) { +func (in *TriggerFulfillmentConditionalCasesParameters) DeepCopyInto(out *TriggerFulfillmentConditionalCasesParameters) { *out = *in - if in.Parts != nil { - in, out := &in.Parts, &out.Parts - *out = make([]PartsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.RepeatCount != nil { - in, out := &in.RepeatCount, &out.RepeatCount - *out = new(float64) + if in.Cases != nil { + in, out := &in.Cases, &out.Cases + *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrainingPhrasesParameters. -func (in *TrainingPhrasesParameters) DeepCopy() *TrainingPhrasesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentConditionalCasesParameters. +func (in *TriggerFulfillmentConditionalCasesParameters) DeepCopy() *TriggerFulfillmentConditionalCasesParameters { if in == nil { return nil } - out := new(TrainingPhrasesParameters) + out := new(TriggerFulfillmentConditionalCasesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesInitParameters) DeepCopyInto(out *TransitionRoutesInitParameters) { +func (in *TriggerFulfillmentInitParameters) DeepCopyInto(out *TriggerFulfillmentInitParameters) { *out = *in - if in.Condition != nil { - in, out := &in.Condition, &out.Condition - *out = new(string) - **out = **in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]ConditionalCasesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Intent != nil { - in, out := &in.Intent, &out.Intent - *out = new(string) + if in.Messages != nil { + in, out := &in.Messages, &out.Messages + *out = make([]MessagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ReturnPartialResponses != nil { + in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + *out = new(bool) **out = **in } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]SetParameterActionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tag != nil { + in, out := &in.Tag, &out.Tag *out = new(string) **out = **in } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage + if in.Webhook != nil { + in, out := &in.Webhook, &out.Webhook *out = new(string) **out = **in } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]TransitionRoutesTriggerFulfillmentInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesInitParameters. -func (in *TransitionRoutesInitParameters) DeepCopy() *TransitionRoutesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentInitParameters. +func (in *TriggerFulfillmentInitParameters) DeepCopy() *TriggerFulfillmentInitParameters { if in == nil { return nil } - out := new(TransitionRoutesInitParameters) + out := new(TriggerFulfillmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesObservation) DeepCopyInto(out *TransitionRoutesObservation) { +func (in *TriggerFulfillmentMessagesConversationSuccessInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesConversationSuccessInitParameters) { *out = *in - if in.Condition != nil { - in, out := &in.Condition, &out.Condition + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.Intent != nil { - in, out := &in.Intent, &out.Intent - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesConversationSuccessInitParameters. +func (in *TriggerFulfillmentMessagesConversationSuccessInitParameters) DeepCopy() *TriggerFulfillmentMessagesConversationSuccessInitParameters { + if in == nil { + return nil } - if in.Name != nil { - in, out := &in.Name, &out.Name + out := new(TriggerFulfillmentMessagesConversationSuccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentMessagesConversationSuccessObservation) DeepCopyInto(out *TriggerFulfillmentMessagesConversationSuccessObservation) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesConversationSuccessObservation. +func (in *TriggerFulfillmentMessagesConversationSuccessObservation) DeepCopy() *TriggerFulfillmentMessagesConversationSuccessObservation { + if in == nil { + return nil } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage + out := new(TriggerFulfillmentMessagesConversationSuccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentMessagesConversationSuccessParameters) DeepCopyInto(out *TriggerFulfillmentMessagesConversationSuccessParameters) { + *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]TransitionRoutesTriggerFulfillmentObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesObservation. -func (in *TransitionRoutesObservation) DeepCopy() *TransitionRoutesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesConversationSuccessParameters. +func (in *TriggerFulfillmentMessagesConversationSuccessParameters) DeepCopy() *TriggerFulfillmentMessagesConversationSuccessParameters { if in == nil { return nil } - out := new(TransitionRoutesObservation) + out := new(TriggerFulfillmentMessagesConversationSuccessParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesParameters) DeepCopyInto(out *TransitionRoutesParameters) { +func (in *TriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesInitParameters) { *out = *in - if in.Condition != nil { - in, out := &in.Condition, &out.Condition + if in.Channel != nil { + in, out := &in.Channel, &out.Channel *out = new(string) **out = **in } - if in.Intent != nil { - in, out := &in.Intent, &out.Intent - *out = new(string) - **out = **in + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]MessagesConversationSuccessInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.TargetFlow != nil { - in, out := &in.TargetFlow, &out.TargetFlow - *out = new(string) - **out = **in + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]MessagesLiveAgentHandoffInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.TargetPage != nil { - in, out := &in.TargetPage, &out.TargetPage + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]MessagesOutputAudioTextInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } - if in.TriggerFulfillment != nil { - in, out := &in.TriggerFulfillment, &out.TriggerFulfillment - *out = make([]TransitionRoutesTriggerFulfillmentParameters, len(*in)) + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]MessagesPlayAudioInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]MessagesTelephonyTransferCallInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]MessagesTextInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesParameters. -func (in *TransitionRoutesParameters) DeepCopy() *TransitionRoutesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesInitParameters. +func (in *TriggerFulfillmentMessagesInitParameters) DeepCopy() *TriggerFulfillmentMessagesInitParameters { if in == nil { return nil } - out := new(TransitionRoutesParameters) + out := new(TriggerFulfillmentMessagesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentInitParameters) { +func (in *TriggerFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesLiveAgentHandoffInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]TriggerFulfillmentMessagesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in - } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentInitParameters. -func (in *TransitionRoutesTriggerFulfillmentInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesLiveAgentHandoffInitParameters. +func (in *TriggerFulfillmentMessagesLiveAgentHandoffInitParameters) DeepCopy() *TriggerFulfillmentMessagesLiveAgentHandoffInitParameters { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentInitParameters) + out := new(TriggerFulfillmentMessagesLiveAgentHandoffInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesInitParameters) { +func (in *TriggerFulfillmentMessagesLiveAgentHandoffObservation) DeepCopyInto(out *TriggerFulfillmentMessagesLiveAgentHandoffObservation) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]TransitionRoutesTriggerFulfillmentMessagesTextInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesInitParameters. -func (in *TransitionRoutesTriggerFulfillmentMessagesInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesLiveAgentHandoffObservation. +func (in *TriggerFulfillmentMessagesLiveAgentHandoffObservation) DeepCopy() *TriggerFulfillmentMessagesLiveAgentHandoffObservation { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentMessagesInitParameters) + out := new(TriggerFulfillmentMessagesLiveAgentHandoffObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentMessagesObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesObservation) { +func (in *TriggerFulfillmentMessagesLiveAgentHandoffParameters) DeepCopyInto(out *TriggerFulfillmentMessagesLiveAgentHandoffParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]TransitionRoutesTriggerFulfillmentMessagesTextObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesObservation. -func (in *TransitionRoutesTriggerFulfillmentMessagesObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesLiveAgentHandoffParameters. +func (in *TriggerFulfillmentMessagesLiveAgentHandoffParameters) DeepCopy() *TriggerFulfillmentMessagesLiveAgentHandoffParameters { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentMessagesObservation) + out := new(TriggerFulfillmentMessagesLiveAgentHandoffParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentMessagesParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesParameters) { +func (in *TriggerFulfillmentMessagesObservation) DeepCopyInto(out *TriggerFulfillmentMessagesObservation) { *out = *in + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]MessagesConversationSuccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]MessagesLiveAgentHandoffObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]MessagesOutputAudioTextObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Payload != nil { + in, out := &in.Payload, &out.Payload + *out = new(string) + **out = **in + } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]MessagesPlayAudioObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]MessagesTelephonyTransferCallObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]TransitionRoutesTriggerFulfillmentMessagesTextParameters, len(*in)) + *out = make([]MessagesTextObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesParameters. -func (in *TransitionRoutesTriggerFulfillmentMessagesParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesObservation. +func (in *TriggerFulfillmentMessagesObservation) DeepCopy() *TriggerFulfillmentMessagesObservation { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentMessagesParameters) + out := new(TriggerFulfillmentMessagesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) { +func (in *TriggerFulfillmentMessagesOutputAudioTextInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesOutputAudioTextInitParameters) { *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTextInitParameters. -func (in *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTextInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesOutputAudioTextInitParameters. +func (in *TriggerFulfillmentMessagesOutputAudioTextInitParameters) DeepCopy() *TriggerFulfillmentMessagesOutputAudioTextInitParameters { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentMessagesTextInitParameters) + out := new(TriggerFulfillmentMessagesOutputAudioTextInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentMessagesTextObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTextObservation) { +func (in *TriggerFulfillmentMessagesOutputAudioTextObservation) DeepCopyInto(out *TriggerFulfillmentMessagesOutputAudioTextObservation) { *out = *in if in.AllowPlaybackInterruption != nil { in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption *out = new(bool) **out = **in } + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTextObservation. -func (in *TransitionRoutesTriggerFulfillmentMessagesTextObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTextObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesOutputAudioTextObservation. +func (in *TriggerFulfillmentMessagesOutputAudioTextObservation) DeepCopy() *TriggerFulfillmentMessagesOutputAudioTextObservation { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentMessagesTextObservation) + out := new(TriggerFulfillmentMessagesOutputAudioTextObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentMessagesTextParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentMessagesTextParameters) { +func (in *TriggerFulfillmentMessagesOutputAudioTextParameters) DeepCopyInto(out *TriggerFulfillmentMessagesOutputAudioTextParameters) { *out = *in + if in.Ssml != nil { + in, out := &in.Ssml, &out.Ssml + *out = new(string) + **out = **in + } if in.Text != nil { in, out := &in.Text, &out.Text - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentMessagesTextParameters. -func (in *TransitionRoutesTriggerFulfillmentMessagesTextParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentMessagesTextParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesOutputAudioTextParameters. +func (in *TriggerFulfillmentMessagesOutputAudioTextParameters) DeepCopy() *TriggerFulfillmentMessagesOutputAudioTextParameters { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentMessagesTextParameters) + out := new(TriggerFulfillmentMessagesOutputAudioTextParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentObservation) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentObservation) { +func (in *TriggerFulfillmentMessagesParameters) DeepCopyInto(out *TriggerFulfillmentMessagesParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]TriggerFulfillmentMessagesObservation, len(*in)) + if in.Channel != nil { + in, out := &in.Channel, &out.Channel + *out = new(string) + **out = **in + } + if in.ConversationSuccess != nil { + in, out := &in.ConversationSuccess, &out.ConversationSuccess + *out = make([]MessagesConversationSuccessParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in + if in.LiveAgentHandoff != nil { + in, out := &in.LiveAgentHandoff, &out.LiveAgentHandoff + *out = make([]MessagesLiveAgentHandoffParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in + if in.OutputAudioText != nil { + in, out := &in.OutputAudioText, &out.OutputAudioText + *out = make([]MessagesOutputAudioTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.Payload != nil { + in, out := &in.Payload, &out.Payload *out = new(string) **out = **in } + if in.PlayAudio != nil { + in, out := &in.PlayAudio, &out.PlayAudio + *out = make([]MessagesPlayAudioParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TelephonyTransferCall != nil { + in, out := &in.TelephonyTransferCall, &out.TelephonyTransferCall + *out = make([]MessagesTelephonyTransferCallParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Text != nil { + in, out := &in.Text, &out.Text + *out = make([]MessagesTextParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentObservation. -func (in *TransitionRoutesTriggerFulfillmentObservation) DeepCopy() *TransitionRoutesTriggerFulfillmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesParameters. +func (in *TriggerFulfillmentMessagesParameters) DeepCopy() *TriggerFulfillmentMessagesParameters { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentObservation) + out := new(TriggerFulfillmentMessagesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TransitionRoutesTriggerFulfillmentParameters) DeepCopyInto(out *TransitionRoutesTriggerFulfillmentParameters) { +func (in *TriggerFulfillmentMessagesPlayAudioInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesPlayAudioInitParameters) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]TriggerFulfillmentMessagesParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses - *out = new(bool) - **out = **in - } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag - *out = new(string) - **out = **in - } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitionRoutesTriggerFulfillmentParameters. -func (in *TransitionRoutesTriggerFulfillmentParameters) DeepCopy() *TransitionRoutesTriggerFulfillmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesPlayAudioInitParameters. +func (in *TriggerFulfillmentMessagesPlayAudioInitParameters) DeepCopy() *TriggerFulfillmentMessagesPlayAudioInitParameters { if in == nil { return nil } - out := new(TransitionRoutesTriggerFulfillmentParameters) + out := new(TriggerFulfillmentMessagesPlayAudioInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TriggerFulfillmentInitParameters) DeepCopyInto(out *TriggerFulfillmentInitParameters) { +func (in *TriggerFulfillmentMessagesPlayAudioObservation) DeepCopyInto(out *TriggerFulfillmentMessagesPlayAudioObservation) { *out = *in - if in.Messages != nil { - in, out := &in.Messages, &out.Messages - *out = make([]MessagesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ReturnPartialResponses != nil { - in, out := &in.ReturnPartialResponses, &out.ReturnPartialResponses + if in.AllowPlaybackInterruption != nil { + in, out := &in.AllowPlaybackInterruption, &out.AllowPlaybackInterruption *out = new(bool) **out = **in } - if in.Tag != nil { - in, out := &in.Tag, &out.Tag + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } - if in.Webhook != nil { - in, out := &in.Webhook, &out.Webhook +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesPlayAudioObservation. +func (in *TriggerFulfillmentMessagesPlayAudioObservation) DeepCopy() *TriggerFulfillmentMessagesPlayAudioObservation { + if in == nil { + return nil + } + out := new(TriggerFulfillmentMessagesPlayAudioObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentMessagesPlayAudioParameters) DeepCopyInto(out *TriggerFulfillmentMessagesPlayAudioParameters) { + *out = *in + if in.AudioURI != nil { + in, out := &in.AudioURI, &out.AudioURI *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentInitParameters. -func (in *TriggerFulfillmentInitParameters) DeepCopy() *TriggerFulfillmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesPlayAudioParameters. +func (in *TriggerFulfillmentMessagesPlayAudioParameters) DeepCopy() *TriggerFulfillmentMessagesPlayAudioParameters { if in == nil { return nil } - out := new(TriggerFulfillmentInitParameters) + out := new(TriggerFulfillmentMessagesPlayAudioParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TriggerFulfillmentMessagesInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesInitParameters) { +func (in *TriggerFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopyInto(out *TriggerFulfillmentMessagesTelephonyTransferCallInitParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]MessagesTextInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesInitParameters. -func (in *TriggerFulfillmentMessagesInitParameters) DeepCopy() *TriggerFulfillmentMessagesInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesTelephonyTransferCallInitParameters. +func (in *TriggerFulfillmentMessagesTelephonyTransferCallInitParameters) DeepCopy() *TriggerFulfillmentMessagesTelephonyTransferCallInitParameters { if in == nil { return nil } - out := new(TriggerFulfillmentMessagesInitParameters) + out := new(TriggerFulfillmentMessagesTelephonyTransferCallInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TriggerFulfillmentMessagesObservation) DeepCopyInto(out *TriggerFulfillmentMessagesObservation) { +func (in *TriggerFulfillmentMessagesTelephonyTransferCallObservation) DeepCopyInto(out *TriggerFulfillmentMessagesTelephonyTransferCallObservation) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]MessagesTextObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesObservation. -func (in *TriggerFulfillmentMessagesObservation) DeepCopy() *TriggerFulfillmentMessagesObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesTelephonyTransferCallObservation. +func (in *TriggerFulfillmentMessagesTelephonyTransferCallObservation) DeepCopy() *TriggerFulfillmentMessagesTelephonyTransferCallObservation { if in == nil { return nil } - out := new(TriggerFulfillmentMessagesObservation) + out := new(TriggerFulfillmentMessagesTelephonyTransferCallObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TriggerFulfillmentMessagesParameters) DeepCopyInto(out *TriggerFulfillmentMessagesParameters) { +func (in *TriggerFulfillmentMessagesTelephonyTransferCallParameters) DeepCopyInto(out *TriggerFulfillmentMessagesTelephonyTransferCallParameters) { *out = *in - if in.Text != nil { - in, out := &in.Text, &out.Text - *out = make([]MessagesTextParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.PhoneNumber != nil { + in, out := &in.PhoneNumber, &out.PhoneNumber + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesParameters. -func (in *TriggerFulfillmentMessagesParameters) DeepCopy() *TriggerFulfillmentMessagesParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentMessagesTelephonyTransferCallParameters. +func (in *TriggerFulfillmentMessagesTelephonyTransferCallParameters) DeepCopy() *TriggerFulfillmentMessagesTelephonyTransferCallParameters { if in == nil { return nil } - out := new(TriggerFulfillmentMessagesParameters) + out := new(TriggerFulfillmentMessagesTelephonyTransferCallParameters) in.DeepCopyInto(out) return out } @@ -5152,6 +11243,13 @@ func (in *TriggerFulfillmentMessagesTextParameters) DeepCopy() *TriggerFulfillme // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TriggerFulfillmentObservation) DeepCopyInto(out *TriggerFulfillmentObservation) { *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]ConditionalCasesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Messages != nil { in, out := &in.Messages, &out.Messages *out = make([]MessagesObservation, len(*in)) @@ -5164,6 +11262,13 @@ func (in *TriggerFulfillmentObservation) DeepCopyInto(out *TriggerFulfillmentObs *out = new(bool) **out = **in } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]SetParameterActionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Tag != nil { in, out := &in.Tag, &out.Tag *out = new(string) @@ -5189,6 +11294,13 @@ func (in *TriggerFulfillmentObservation) DeepCopy() *TriggerFulfillmentObservati // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TriggerFulfillmentParameters) DeepCopyInto(out *TriggerFulfillmentParameters) { *out = *in + if in.ConditionalCases != nil { + in, out := &in.ConditionalCases, &out.ConditionalCases + *out = make([]ConditionalCasesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Messages != nil { in, out := &in.Messages, &out.Messages *out = make([]MessagesParameters, len(*in)) @@ -5201,6 +11313,13 @@ func (in *TriggerFulfillmentParameters) DeepCopyInto(out *TriggerFulfillmentPara *out = new(bool) **out = **in } + if in.SetParameterActions != nil { + in, out := &in.SetParameterActions, &out.SetParameterActions + *out = make([]SetParameterActionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Tag != nil { in, out := &in.Tag, &out.Tag *out = new(string) @@ -5223,6 +11342,81 @@ func (in *TriggerFulfillmentParameters) DeepCopy() *TriggerFulfillmentParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentSetParameterActionsInitParameters) DeepCopyInto(out *TriggerFulfillmentSetParameterActionsInitParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentSetParameterActionsInitParameters. +func (in *TriggerFulfillmentSetParameterActionsInitParameters) DeepCopy() *TriggerFulfillmentSetParameterActionsInitParameters { + if in == nil { + return nil + } + out := new(TriggerFulfillmentSetParameterActionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentSetParameterActionsObservation) DeepCopyInto(out *TriggerFulfillmentSetParameterActionsObservation) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentSetParameterActionsObservation. +func (in *TriggerFulfillmentSetParameterActionsObservation) DeepCopy() *TriggerFulfillmentSetParameterActionsObservation { + if in == nil { + return nil + } + out := new(TriggerFulfillmentSetParameterActionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggerFulfillmentSetParameterActionsParameters) DeepCopyInto(out *TriggerFulfillmentSetParameterActionsParameters) { + *out = *in + if in.Parameter != nil { + in, out := &in.Parameter, &out.Parameter + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerFulfillmentSetParameterActionsParameters. +func (in *TriggerFulfillmentSetParameterActionsParameters) DeepCopy() *TriggerFulfillmentSetParameterActionsParameters { + if in == nil { + return nil + } + out := new(TriggerFulfillmentSetParameterActionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Version) DeepCopyInto(out *Version) { *out = *in diff --git a/apis/dialogflowcx/v1beta1/zz_generated.resolvers.go b/apis/dialogflowcx/v1beta1/zz_generated.resolvers.go index 0f8263096..5f7a606f3 100644 --- a/apis/dialogflowcx/v1beta1/zz_generated.resolvers.go +++ b/apis/dialogflowcx/v1beta1/zz_generated.resolvers.go @@ -198,12 +198,33 @@ func (mg *Flow) ResolveReferences(ctx context.Context, c client.Reader) error { } mg.Spec.ForProvider.Parent = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ParentRef = rsp.ResolvedReference + + for i3 := 0; i3 < len(mg.Spec.ForProvider.TransitionRoutes); i3++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.TransitionRoutes[i3].TargetFlow), + Extract: resource.ExtractParamPath("start_flow", true), + Reference: mg.Spec.ForProvider.TransitionRoutes[i3].TargetFlowRef, + Selector: mg.Spec.ForProvider.TransitionRoutes[i3].TargetFlowSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.TransitionRoutes[i3].TargetFlow") + } + mg.Spec.ForProvider.TransitionRoutes[i3].TargetFlow = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.TransitionRoutes[i3].TargetFlowRef = rsp.ResolvedReference + + } { m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Parent), Extract: resource.ExtractResourceID(), @@ -218,6 +239,28 @@ func (mg *Flow) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.InitProvider.Parent = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ParentRef = rsp.ResolvedReference + for i3 := 0; i3 < len(mg.Spec.InitProvider.TransitionRoutes); i3++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.TransitionRoutes[i3].TargetFlow), + Extract: resource.ExtractParamPath("start_flow", true), + Reference: mg.Spec.InitProvider.TransitionRoutes[i3].TargetFlowRef, + Selector: mg.Spec.InitProvider.TransitionRoutes[i3].TargetFlowSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.TransitionRoutes[i3].TargetFlow") + } + mg.Spec.InitProvider.TransitionRoutes[i3].TargetFlow = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.TransitionRoutes[i3].TargetFlowRef = rsp.ResolvedReference + + } + return nil } @@ -279,12 +322,95 @@ func (mg *Page) ResolveReferences(ctx context.Context, c client.Reader) error { var rsp reference.ResolutionResponse var err error + + for i3 := 0; i3 < len(mg.Spec.ForProvider.Form); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.Form[i3].Parameters); i4++ { + for i5 := 0; i5 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior); i5++ { + for i6 := 0; i6 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers); i6++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlow), + Extract: resource.ExtractParamPath("start_flow", true), + Reference: mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlowRef, + Selector: mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlowSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlow") + } + mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlow = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlowRef = rsp.ResolvedReference + + } + } + } + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.Form); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.Form[i3].Parameters); i4++ { + for i5 := 0; i5 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior); i5++ { + for i6 := 0; i6 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers); i6++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Page", "PageList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPage), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPageRef, + Selector: mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPageSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPage") + } + mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPage = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPageRef = rsp.ResolvedReference + + } + } + } + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.Form); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.Form[i3].Parameters); i4++ { + for i5 := 0; i5 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior); i5++ { + for i6 := 0; i6 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers); i6++ { + for i7 := 0; i7 < len(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment); i7++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Webhook", "WebhookList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].Webhook), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].WebhookRef, + Selector: mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].WebhookSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].Webhook") + } + mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].Webhook = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].WebhookRef = rsp.ResolvedReference + + } + } + } + } + } { m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Parent), Extract: resource.ExtractParamPath("start_flow", true), @@ -320,6 +446,89 @@ func (mg *Page) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.ForProvider.TransitionRoutes[i3].TargetPageRef = rsp.ResolvedReference } + for i3 := 0; i3 < len(mg.Spec.InitProvider.Form); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.Form[i3].Parameters); i4++ { + for i5 := 0; i5 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior); i5++ { + for i6 := 0; i6 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers); i6++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlow), + Extract: resource.ExtractParamPath("start_flow", true), + Reference: mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlowRef, + Selector: mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlowSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlow") + } + mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlow = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetFlowRef = rsp.ResolvedReference + + } + } + } + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.Form); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.Form[i3].Parameters); i4++ { + for i5 := 0; i5 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior); i5++ { + for i6 := 0; i6 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers); i6++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Page", "PageList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPage), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPageRef, + Selector: mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPageSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPage") + } + mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPage = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TargetPageRef = rsp.ResolvedReference + + } + } + } + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.Form); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.Form[i3].Parameters); i4++ { + for i5 := 0; i5 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior); i5++ { + for i6 := 0; i6 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers); i6++ { + for i7 := 0; i7 < len(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment); i7++ { + { + m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Webhook", "WebhookList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].Webhook), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].WebhookRef, + Selector: mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].WebhookSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].Webhook") + } + mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].Webhook = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.Form[i3].Parameters[i4].FillBehavior[i5].RepromptEventHandlers[i6].TriggerFulfillment[i7].WebhookRef = rsp.ResolvedReference + + } + } + } + } + } { m, l, err = apisresolver.GetManagedResource("dialogflowcx.gcp.upbound.io", "v1beta1", "Agent", "AgentList") if err != nil { diff --git a/apis/dialogflowcx/v1beta1/zz_intent_types.go b/apis/dialogflowcx/v1beta1/zz_intent_types.go index 51b587110..2140260df 100755 --- a/apis/dialogflowcx/v1beta1/zz_intent_types.go +++ b/apis/dialogflowcx/v1beta1/zz_intent_types.go @@ -37,8 +37,17 @@ type IntentInitParameters struct { // The human-readable name of the intent, unique within the agent. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + // The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + IsDefaultNegativeIntent *bool `json:"isDefaultNegativeIntent,omitempty" tf:"is_default_negative_intent,omitempty"` + + // Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + // The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + IsDefaultWelcomeIntent *bool `json:"isDefaultWelcomeIntent,omitempty" tf:"is_default_welcome_intent,omitempty"` + // Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. // Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + // To manage the fallback intent, set is_default_negative_intent = true IsFallback *bool `json:"isFallback,omitempty" tf:"is_fallback,omitempty"` // The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes. @@ -88,11 +97,24 @@ type IntentObservation struct { // The human-readable name of the intent, unique within the agent. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format {{parent}}/intents/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + // The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + IsDefaultNegativeIntent *bool `json:"isDefaultNegativeIntent,omitempty" tf:"is_default_negative_intent,omitempty"` + + // Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + // The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + IsDefaultWelcomeIntent *bool `json:"isDefaultWelcomeIntent,omitempty" tf:"is_default_welcome_intent,omitempty"` + // Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. // Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + // To manage the fallback intent, set is_default_negative_intent = true IsFallback *bool `json:"isFallback,omitempty" tf:"is_fallback,omitempty"` // The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes. @@ -123,6 +145,11 @@ type IntentObservation struct { // If the supplied value is negative, the intent is ignored in runtime detect intent requests. Priority *float64 `json:"priority,omitempty" tf:"priority,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The collection of training phrases the agent is trained on to identify the intent. // Structure is documented below. TrainingPhrases []TrainingPhrasesObservation `json:"trainingPhrases,omitempty" tf:"training_phrases,omitempty"` @@ -138,8 +165,19 @@ type IntentParameters struct { // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + // The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + // +kubebuilder:validation:Optional + IsDefaultNegativeIntent *bool `json:"isDefaultNegativeIntent,omitempty" tf:"is_default_negative_intent,omitempty"` + + // Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + // The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + // +kubebuilder:validation:Optional + IsDefaultWelcomeIntent *bool `json:"isDefaultWelcomeIntent,omitempty" tf:"is_default_welcome_intent,omitempty"` + // Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. // Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + // To manage the fallback intent, set is_default_negative_intent = true // +kubebuilder:validation:Optional IsFallback *bool `json:"isFallback,omitempty" tf:"is_fallback,omitempty"` diff --git a/apis/dialogflowcx/v1beta1/zz_page_types.go b/apis/dialogflowcx/v1beta1/zz_page_types.go index dc28cef9f..a13857a80 100755 --- a/apis/dialogflowcx/v1beta1/zz_page_types.go +++ b/apis/dialogflowcx/v1beta1/zz_page_types.go @@ -29,8 +29,34 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type EntryFulfillmentConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type EntryFulfillmentConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type EntryFulfillmentConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + type EntryFulfillmentInitParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []EntryFulfillmentConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []EntryFulfillmentMessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` @@ -38,6 +64,10 @@ type EntryFulfillmentInitParameters struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []EntryFulfillmentSetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -45,25 +75,229 @@ type EntryFulfillmentInitParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } +type EntryFulfillmentMessagesConversationSuccessInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type EntryFulfillmentMessagesConversationSuccessObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type EntryFulfillmentMessagesConversationSuccessParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type EntryFulfillmentMessagesInitParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []EntryFulfillmentMessagesConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []EntryFulfillmentMessagesLiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []EntryFulfillmentMessagesOutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []EntryFulfillmentMessagesPlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []EntryFulfillmentMessagesTelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []EntryFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` } +type EntryFulfillmentMessagesLiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type EntryFulfillmentMessagesLiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type EntryFulfillmentMessagesLiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + type EntryFulfillmentMessagesObservation struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []EntryFulfillmentMessagesConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []EntryFulfillmentMessagesLiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []EntryFulfillmentMessagesOutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []EntryFulfillmentMessagesPlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []EntryFulfillmentMessagesTelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []EntryFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` } +type EntryFulfillmentMessagesOutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type EntryFulfillmentMessagesOutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type EntryFulfillmentMessagesOutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + type EntryFulfillmentMessagesParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []EntryFulfillmentMessagesConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []EntryFulfillmentMessagesLiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []EntryFulfillmentMessagesOutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []EntryFulfillmentMessagesPlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []EntryFulfillmentMessagesTelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. // +kubebuilder:validation:Optional Text []EntryFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` } +type EntryFulfillmentMessagesPlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type EntryFulfillmentMessagesPlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type EntryFulfillmentMessagesPlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type EntryFulfillmentMessagesTelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type EntryFulfillmentMessagesTelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type EntryFulfillmentMessagesTelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` +} + type EntryFulfillmentMessagesTextInitParameters struct { // A collection of text responses. @@ -89,6 +323,10 @@ type EntryFulfillmentMessagesTextParameters struct { type EntryFulfillmentObservation struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []EntryFulfillmentConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []EntryFulfillmentMessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` @@ -96,6 +334,10 @@ type EntryFulfillmentObservation struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []EntryFulfillmentSetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -105,6 +347,11 @@ type EntryFulfillmentObservation struct { type EntryFulfillmentParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []EntryFulfillmentConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. // +kubebuilder:validation:Optional @@ -114,6 +361,11 @@ type EntryFulfillmentParameters struct { // +kubebuilder:validation:Optional ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []EntryFulfillmentSetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. // +kubebuilder:validation:Optional Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -123,8 +375,63 @@ type EntryFulfillmentParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } +type EntryFulfillmentSetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EntryFulfillmentSetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EntryFulfillmentSetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EventHandlersTriggerFulfillmentConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type EventHandlersTriggerFulfillmentConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type EventHandlersTriggerFulfillmentConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + type EventHandlersTriggerFulfillmentInitParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []EventHandlersTriggerFulfillmentConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []EventHandlersTriggerFulfillmentMessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` @@ -132,6 +439,10 @@ type EventHandlersTriggerFulfillmentInitParameters struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []EventHandlersTriggerFulfillmentSetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -141,18 +452,109 @@ type EventHandlersTriggerFulfillmentInitParameters struct { type EventHandlersTriggerFulfillmentMessagesInitParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []TriggerFulfillmentMessagesConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []TriggerFulfillmentMessagesLiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []TriggerFulfillmentMessagesOutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []TriggerFulfillmentMessagesPlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []TriggerFulfillmentMessagesTelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []TriggerFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` } type EventHandlersTriggerFulfillmentMessagesObservation struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []TriggerFulfillmentMessagesConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []TriggerFulfillmentMessagesLiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []TriggerFulfillmentMessagesOutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []TriggerFulfillmentMessagesPlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []TriggerFulfillmentMessagesTelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. Text []TriggerFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` } type EventHandlersTriggerFulfillmentMessagesParameters struct { + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []TriggerFulfillmentMessagesConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []TriggerFulfillmentMessagesLiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []TriggerFulfillmentMessagesOutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []TriggerFulfillmentMessagesPlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []TriggerFulfillmentMessagesTelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + // A collection of text responses. // +kubebuilder:validation:Optional Text []TriggerFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` @@ -160,6 +562,10 @@ type EventHandlersTriggerFulfillmentMessagesParameters struct { type EventHandlersTriggerFulfillmentObservation struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []EventHandlersTriggerFulfillmentConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []EventHandlersTriggerFulfillmentMessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` @@ -167,6 +573,10 @@ type EventHandlersTriggerFulfillmentObservation struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []EventHandlersTriggerFulfillmentSetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -176,6 +586,11 @@ type EventHandlersTriggerFulfillmentObservation struct { type EventHandlersTriggerFulfillmentParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []EventHandlersTriggerFulfillmentConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. // +kubebuilder:validation:Optional @@ -185,6 +600,11 @@ type EventHandlersTriggerFulfillmentParameters struct { // +kubebuilder:validation:Optional ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []EventHandlersTriggerFulfillmentSetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. // +kubebuilder:validation:Optional Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -194,11 +614,43 @@ type EventHandlersTriggerFulfillmentParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } +type EventHandlersTriggerFulfillmentSetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EventHandlersTriggerFulfillmentSetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EventHandlersTriggerFulfillmentSetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + type FillBehaviorInitParameters struct { // The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. // Structure is documented below. InitialPromptFulfillment []InitialPromptFulfillmentInitParameters `json:"initialPromptFulfillment,omitempty" tf:"initial_prompt_fulfillment,omitempty"` + + // The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: + RepromptEventHandlers []RepromptEventHandlersInitParameters `json:"repromptEventHandlers,omitempty" tf:"reprompt_event_handlers,omitempty"` } type FillBehaviorObservation struct { @@ -206,6 +658,9 @@ type FillBehaviorObservation struct { // The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. // Structure is documented below. InitialPromptFulfillment []InitialPromptFulfillmentObservation `json:"initialPromptFulfillment,omitempty" tf:"initial_prompt_fulfillment,omitempty"` + + // The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: + RepromptEventHandlers []RepromptEventHandlersObservation `json:"repromptEventHandlers,omitempty" tf:"reprompt_event_handlers,omitempty"` } type FillBehaviorParameters struct { @@ -214,6 +669,10 @@ type FillBehaviorParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional InitialPromptFulfillment []InitialPromptFulfillmentParameters `json:"initialPromptFulfillment,omitempty" tf:"initial_prompt_fulfillment,omitempty"` + + // The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: + // +kubebuilder:validation:Optional + RepromptEventHandlers []RepromptEventHandlersParameters `json:"repromptEventHandlers,omitempty" tf:"reprompt_event_handlers,omitempty"` } type FormInitParameters struct { @@ -240,6 +699,14 @@ type FormParameters struct { type FormParametersInitParameters struct { + // Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []ParametersAdvancedSettingsInitParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + + // The default value of an optional parameter. If the parameter is required, the default value will be ignored. + DefaultValue *string `json:"defaultValue,omitempty" tf:"default_value,omitempty"` + // The human-readable name of the parameter, unique within the form. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -265,6 +732,14 @@ type FormParametersInitParameters struct { type FormParametersObservation struct { + // Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []ParametersAdvancedSettingsObservation `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + + // The default value of an optional parameter. If the parameter is required, the default value will be ignored. + DefaultValue *string `json:"defaultValue,omitempty" tf:"default_value,omitempty"` + // The human-readable name of the parameter, unique within the form. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -290,6 +765,16 @@ type FormParametersObservation struct { type FormParametersParameters struct { + // Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + // +kubebuilder:validation:Optional + AdvancedSettings []ParametersAdvancedSettingsParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + + // The default value of an optional parameter. If the parameter is required, the default value will be ignored. + // +kubebuilder:validation:Optional + DefaultValue *string `json:"defaultValue,omitempty" tf:"default_value,omitempty"` + // The human-readable name of the parameter, unique within the form. // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -319,8 +804,34 @@ type FormParametersParameters struct { Required *bool `json:"required,omitempty" tf:"required,omitempty"` } +type InitialPromptFulfillmentConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type InitialPromptFulfillmentConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type InitialPromptFulfillmentConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + type InitialPromptFulfillmentInitParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []InitialPromptFulfillmentConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []InitialPromptFulfillmentMessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` @@ -328,6 +839,10 @@ type InitialPromptFulfillmentInitParameters struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []InitialPromptFulfillmentSetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -335,28 +850,232 @@ type InitialPromptFulfillmentInitParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } -type InitialPromptFulfillmentMessagesInitParameters struct { +type InitialPromptFulfillmentMessagesConversationSuccessInitParameters struct { - // A collection of text responses. - Text []InitialPromptFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` } -type InitialPromptFulfillmentMessagesObservation struct { +type InitialPromptFulfillmentMessagesConversationSuccessObservation struct { - // A collection of text responses. - Text []InitialPromptFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` } -type InitialPromptFulfillmentMessagesParameters struct { +type InitialPromptFulfillmentMessagesConversationSuccessParameters struct { - // A collection of text responses. + // Custom metadata. Dialogflow doesn't impose any structure on this. // +kubebuilder:validation:Optional - Text []InitialPromptFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` } -type InitialPromptFulfillmentMessagesTextInitParameters struct { +type InitialPromptFulfillmentMessagesInitParameters struct { - // A collection of text responses. + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []InitialPromptFulfillmentMessagesConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []InitialPromptFulfillmentMessagesOutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []InitialPromptFulfillmentMessagesPlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + Text []InitialPromptFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` +} + +type InitialPromptFulfillmentMessagesLiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type InitialPromptFulfillmentMessagesLiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type InitialPromptFulfillmentMessagesLiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type InitialPromptFulfillmentMessagesObservation struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []InitialPromptFulfillmentMessagesConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []InitialPromptFulfillmentMessagesLiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []InitialPromptFulfillmentMessagesOutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []InitialPromptFulfillmentMessagesPlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []InitialPromptFulfillmentMessagesTelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + Text []InitialPromptFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` +} + +type InitialPromptFulfillmentMessagesOutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type InitialPromptFulfillmentMessagesOutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type InitialPromptFulfillmentMessagesOutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type InitialPromptFulfillmentMessagesParameters struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []InitialPromptFulfillmentMessagesConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []InitialPromptFulfillmentMessagesLiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []InitialPromptFulfillmentMessagesOutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []InitialPromptFulfillmentMessagesPlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []InitialPromptFulfillmentMessagesTelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text []InitialPromptFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` +} + +type InitialPromptFulfillmentMessagesPlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type InitialPromptFulfillmentMessagesPlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type InitialPromptFulfillmentMessagesPlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type InitialPromptFulfillmentMessagesTelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type InitialPromptFulfillmentMessagesTelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type InitialPromptFulfillmentMessagesTelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` +} + +type InitialPromptFulfillmentMessagesTextInitParameters struct { + + // A collection of text responses. Text []*string `json:"text,omitempty" tf:"text,omitempty"` } @@ -379,6 +1098,10 @@ type InitialPromptFulfillmentMessagesTextParameters struct { type InitialPromptFulfillmentObservation struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []InitialPromptFulfillmentConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []InitialPromptFulfillmentMessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` @@ -386,6 +1109,10 @@ type InitialPromptFulfillmentObservation struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []InitialPromptFulfillmentSetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -395,6 +1122,11 @@ type InitialPromptFulfillmentObservation struct { type InitialPromptFulfillmentParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []InitialPromptFulfillmentConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. // +kubebuilder:validation:Optional @@ -404,6 +1136,11 @@ type InitialPromptFulfillmentParameters struct { // +kubebuilder:validation:Optional ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []InitialPromptFulfillmentSetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. // +kubebuilder:validation:Optional Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -413,6 +1150,93 @@ type InitialPromptFulfillmentParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } +type InitialPromptFulfillmentSetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type InitialPromptFulfillmentSetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type InitialPromptFulfillmentSetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type PageAdvancedSettingsDtmfSettingsInitParameters struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type PageAdvancedSettingsDtmfSettingsObservation struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type PageAdvancedSettingsDtmfSettingsParameters struct { + + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + // +kubebuilder:validation:Optional + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + // +kubebuilder:validation:Optional + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` +} + +type PageAdvancedSettingsInitParameters struct { + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []PageAdvancedSettingsDtmfSettingsInitParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + +type PageAdvancedSettingsObservation struct { + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []PageAdvancedSettingsDtmfSettingsObservation `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + +type PageAdvancedSettingsParameters struct { + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + // +kubebuilder:validation:Optional + DtmfSettings []PageAdvancedSettingsDtmfSettingsParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} + type PageEventHandlersInitParameters struct { // The name of the event to handle. @@ -477,6 +1301,11 @@ type PageEventHandlersParameters struct { type PageInitParameters struct { + // Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []PageAdvancedSettingsInitParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The human-readable name of the page, unique within the agent. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -540,6 +1369,11 @@ type PageInitParameters struct { type PageObservation struct { + // Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + AdvancedSettings []PageAdvancedSettingsObservation `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The human-readable name of the page, unique within the agent. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -600,6 +1434,12 @@ type PageObservation struct { type PageParameters struct { + // Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + // Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + // Structure is documented below. + // +kubebuilder:validation:Optional + AdvancedSettings []PageAdvancedSettingsParameters `json:"advancedSettings,omitempty" tf:"advanced_settings,omitempty"` + // The human-readable name of the page, unique within the agent. // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -697,7 +1537,7 @@ type PageTransitionRoutesInitParameters struct { // +kubebuilder:validation:Optional TargetPageSelector *v1.Selector `json:"targetPageSelector,omitempty" tf:"-"` - // The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + // The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. // Structure is documented below. TriggerFulfillment []PageTransitionRoutesTriggerFulfillmentInitParameters `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` } @@ -724,7 +1564,7 @@ type PageTransitionRoutesObservation struct { // Format: projects//locations//agents//flows//pages/. TargetPage *string `json:"targetPage,omitempty" tf:"target_page,omitempty"` - // The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + // The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. // Structure is documented below. TriggerFulfillment []PageTransitionRoutesTriggerFulfillmentObservation `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` } @@ -761,7 +1601,7 @@ type PageTransitionRoutesParameters struct { // +kubebuilder:validation:Optional TargetPageSelector *v1.Selector `json:"targetPageSelector,omitempty" tf:"-"` - // The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + // The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. // Structure is documented below. // +kubebuilder:validation:Optional TriggerFulfillment []PageTransitionRoutesTriggerFulfillmentParameters `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` @@ -769,6 +1609,10 @@ type PageTransitionRoutesParameters struct { type PageTransitionRoutesTriggerFulfillmentInitParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []TransitionRoutesTriggerFulfillmentMessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` @@ -776,6 +1620,10 @@ type PageTransitionRoutesTriggerFulfillmentInitParameters struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -785,6 +1633,10 @@ type PageTransitionRoutesTriggerFulfillmentInitParameters struct { type PageTransitionRoutesTriggerFulfillmentObservation struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []TransitionRoutesTriggerFulfillmentConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. Messages []TransitionRoutesTriggerFulfillmentMessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` @@ -792,6 +1644,10 @@ type PageTransitionRoutesTriggerFulfillmentObservation struct { // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []TransitionRoutesTriggerFulfillmentSetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -801,6 +1657,11 @@ type PageTransitionRoutesTriggerFulfillmentObservation struct { type PageTransitionRoutesTriggerFulfillmentParameters struct { + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []TransitionRoutesTriggerFulfillmentConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + // The list of rich message responses to present to the user. // Structure is documented below. // +kubebuilder:validation:Optional @@ -810,6 +1671,11 @@ type PageTransitionRoutesTriggerFulfillmentParameters struct { // +kubebuilder:validation:Optional ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []TransitionRoutesTriggerFulfillmentSetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. // +kubebuilder:validation:Optional Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` @@ -819,46 +1685,969 @@ type PageTransitionRoutesTriggerFulfillmentParameters struct { Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` } -type TransitionRoutesTriggerFulfillmentMessagesInitParameters struct { +type ParametersAdvancedSettingsDtmfSettingsInitParameters struct { - // A collection of text responses. - Text []TransitionRoutesTriggerFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` } -type TransitionRoutesTriggerFulfillmentMessagesObservation struct { +type ParametersAdvancedSettingsDtmfSettingsObservation struct { - // A collection of text responses. - Text []TransitionRoutesTriggerFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` } -type TransitionRoutesTriggerFulfillmentMessagesParameters struct { +type ParametersAdvancedSettingsDtmfSettingsParameters struct { - // A collection of text responses. + // If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). // +kubebuilder:validation:Optional - Text []TransitionRoutesTriggerFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The digit that terminates a DTMF digit sequence. + // +kubebuilder:validation:Optional + FinishDigit *string `json:"finishDigit,omitempty" tf:"finish_digit,omitempty"` + + // Max length of DTMF digits. + // +kubebuilder:validation:Optional + MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` } -type TransitionRoutesTriggerFulfillmentMessagesTextInitParameters struct { +type ParametersAdvancedSettingsInitParameters struct { - // A collection of text responses. - Text []*string `json:"text,omitempty" tf:"text,omitempty"` + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []ParametersAdvancedSettingsDtmfSettingsInitParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` } -type TransitionRoutesTriggerFulfillmentMessagesTextObservation struct { +type ParametersAdvancedSettingsObservation struct { - // (Output) - // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + DtmfSettings []ParametersAdvancedSettingsDtmfSettingsObservation `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` +} - // A collection of text responses. - Text []*string `json:"text,omitempty" tf:"text,omitempty"` +type ParametersAdvancedSettingsParameters struct { + + // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + // +kubebuilder:validation:Optional + DtmfSettings []ParametersAdvancedSettingsDtmfSettingsParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` } -type TransitionRoutesTriggerFulfillmentMessagesTextParameters struct { +type RepromptEventHandlersInitParameters struct { - // A collection of text responses. + // The name of the event to handle. + Event *string `json:"event,omitempty" tf:"event,omitempty"` + + // The target flow to transition to. + // Format: projects//locations//agents//flows/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Agent + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("start_flow",true) + TargetFlow *string `json:"targetFlow,omitempty" tf:"target_flow,omitempty"` + + // Reference to a Agent in dialogflowcx to populate targetFlow. // +kubebuilder:validation:Optional - Text []*string `json:"text,omitempty" tf:"text,omitempty"` + TargetFlowRef *v1.Reference `json:"targetFlowRef,omitempty" tf:"-"` + + // Selector for a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowSelector *v1.Selector `json:"targetFlowSelector,omitempty" tf:"-"` + + // The target page to transition to. + // Format: projects//locations//agents//flows//pages/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Page + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + TargetPage *string `json:"targetPage,omitempty" tf:"target_page,omitempty"` + + // Reference to a Page in dialogflowcx to populate targetPage. + // +kubebuilder:validation:Optional + TargetPageRef *v1.Reference `json:"targetPageRef,omitempty" tf:"-"` + + // Selector for a Page in dialogflowcx to populate targetPage. + // +kubebuilder:validation:Optional + TargetPageSelector *v1.Selector `json:"targetPageSelector,omitempty" tf:"-"` + + // The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + // Structure is documented below. + TriggerFulfillment []RepromptEventHandlersTriggerFulfillmentInitParameters `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` +} + +type RepromptEventHandlersObservation struct { + + // The name of the event to handle. + Event *string `json:"event,omitempty" tf:"event,omitempty"` + + // (Output) + // The unique identifier of this transition route. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The target flow to transition to. + // Format: projects//locations//agents//flows/. + TargetFlow *string `json:"targetFlow,omitempty" tf:"target_flow,omitempty"` + + // The target page to transition to. + // Format: projects//locations//agents//flows//pages/. + TargetPage *string `json:"targetPage,omitempty" tf:"target_page,omitempty"` + + // The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + // Structure is documented below. + TriggerFulfillment []RepromptEventHandlersTriggerFulfillmentObservation `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` +} + +type RepromptEventHandlersParameters struct { + + // The name of the event to handle. + // +kubebuilder:validation:Optional + Event *string `json:"event,omitempty" tf:"event,omitempty"` + + // The target flow to transition to. + // Format: projects//locations//agents//flows/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Agent + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("start_flow",true) + // +kubebuilder:validation:Optional + TargetFlow *string `json:"targetFlow,omitempty" tf:"target_flow,omitempty"` + + // Reference to a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowRef *v1.Reference `json:"targetFlowRef,omitempty" tf:"-"` + + // Selector for a Agent in dialogflowcx to populate targetFlow. + // +kubebuilder:validation:Optional + TargetFlowSelector *v1.Selector `json:"targetFlowSelector,omitempty" tf:"-"` + + // The target page to transition to. + // Format: projects//locations//agents//flows//pages/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Page + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + TargetPage *string `json:"targetPage,omitempty" tf:"target_page,omitempty"` + + // Reference to a Page in dialogflowcx to populate targetPage. + // +kubebuilder:validation:Optional + TargetPageRef *v1.Reference `json:"targetPageRef,omitempty" tf:"-"` + + // Selector for a Page in dialogflowcx to populate targetPage. + // +kubebuilder:validation:Optional + TargetPageSelector *v1.Selector `json:"targetPageSelector,omitempty" tf:"-"` + + // The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + // Structure is documented below. + // +kubebuilder:validation:Optional + TriggerFulfillment []RepromptEventHandlersTriggerFulfillmentParameters `json:"triggerFulfillment,omitempty" tf:"trigger_fulfillment,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentInitParameters struct { + + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []RepromptEventHandlersTriggerFulfillmentConditionalCasesInitParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + + // The list of rich message responses to present to the user. + // Structure is documented below. + Messages []RepromptEventHandlersTriggerFulfillmentMessagesInitParameters `json:"messages,omitempty" tf:"messages,omitempty"` + + // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` + + // The webhook to call. Format: projects//locations//agents//webhooks/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Webhook + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` + + // Reference to a Webhook in dialogflowcx to populate webhook. + // +kubebuilder:validation:Optional + WebhookRef *v1.Reference `json:"webhookRef,omitempty" tf:"-"` + + // Selector for a Webhook in dialogflowcx to populate webhook. + // +kubebuilder:validation:Optional + WebhookSelector *v1.Selector `json:"webhookSelector,omitempty" tf:"-"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesInitParameters struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + Text []RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesObservation struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + Text []RepromptEventHandlersTriggerFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesParameters struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []RepromptEventHandlersTriggerFulfillmentMessagesConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []RepromptEventHandlersTriggerFulfillmentMessagesLiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []RepromptEventHandlersTriggerFulfillmentMessagesOutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text []RepromptEventHandlersTriggerFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesPlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesTelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesTextInitParameters struct { + + // A collection of text responses. + Text []*string `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // A collection of text responses. + Text []*string `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentMessagesTextParameters struct { + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text []*string `json:"text,omitempty" tf:"text,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentObservation struct { + + // Conditional cases for this fulfillment. + // Structure is documented below. + ConditionalCases []RepromptEventHandlersTriggerFulfillmentConditionalCasesObservation `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + + // The list of rich message responses to present to the user. + // Structure is documented below. + Messages []RepromptEventHandlersTriggerFulfillmentMessagesObservation `json:"messages,omitempty" tf:"messages,omitempty"` + + // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + + // Set parameter values before executing the webhook. + // Structure is documented below. + SetParameterActions []RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` + + // The webhook to call. Format: projects//locations//agents//webhooks/. + Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentParameters struct { + + // Conditional cases for this fulfillment. + // Structure is documented below. + // +kubebuilder:validation:Optional + ConditionalCases []RepromptEventHandlersTriggerFulfillmentConditionalCasesParameters `json:"conditionalCases,omitempty" tf:"conditional_cases,omitempty"` + + // The list of rich message responses to present to the user. + // Structure is documented below. + // +kubebuilder:validation:Optional + Messages []RepromptEventHandlersTriggerFulfillmentMessagesParameters `json:"messages,omitempty" tf:"messages,omitempty"` + + // Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + // +kubebuilder:validation:Optional + ReturnPartialResponses *bool `json:"returnPartialResponses,omitempty" tf:"return_partial_responses,omitempty"` + + // Set parameter values before executing the webhook. + // Structure is documented below. + // +kubebuilder:validation:Optional + SetParameterActions []RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters `json:"setParameterActions,omitempty" tf:"set_parameter_actions,omitempty"` + + // The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + // +kubebuilder:validation:Optional + Tag *string `json:"tag,omitempty" tf:"tag,omitempty"` + + // The webhook to call. Format: projects//locations//agents//webhooks/. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1.Webhook + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Webhook *string `json:"webhook,omitempty" tf:"webhook,omitempty"` + + // Reference to a Webhook in dialogflowcx to populate webhook. + // +kubebuilder:validation:Optional + WebhookRef *v1.Reference `json:"webhookRef,omitempty" tf:"-"` + + // Selector for a Webhook in dialogflowcx to populate webhook. + // +kubebuilder:validation:Optional + WebhookSelector *v1.Selector `json:"webhookSelector,omitempty" tf:"-"` +} + +type RepromptEventHandlersTriggerFulfillmentSetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentSetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RepromptEventHandlersTriggerFulfillmentSetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentConditionalCasesInitParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentConditionalCasesObservation struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentConditionalCasesParameters struct { + + // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + // See Case for the schema. + // +kubebuilder:validation:Optional + Cases *string `json:"cases,omitempty" tf:"cases,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesInitParameters struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []TransitionRoutesTriggerFulfillmentMessagesConversationSuccessInitParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + Text []TransitionRoutesTriggerFulfillmentMessagesTextInitParameters `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesObservation struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + ConversationSuccess []TransitionRoutesTriggerFulfillmentMessagesConversationSuccessObservation `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + LiveAgentHandoff []TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffObservation `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + OutputAudioText []TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + PlayAudio []TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + TelephonyTransferCall []TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + Text []TransitionRoutesTriggerFulfillmentMessagesTextObservation `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesParameters struct { + + // The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + // +kubebuilder:validation:Optional + Channel *string `json:"channel,omitempty" tf:"channel,omitempty"` + + // Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + // Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + // You may set this, for example: + // +kubebuilder:validation:Optional + ConversationSuccess []TransitionRoutesTriggerFulfillmentMessagesConversationSuccessParameters `json:"conversationSuccess,omitempty" tf:"conversation_success,omitempty"` + + // Indicates that the conversation should be handed off to a live agent. + // Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + // You may set this, for example: + // +kubebuilder:validation:Optional + LiveAgentHandoff []TransitionRoutesTriggerFulfillmentMessagesLiveAgentHandoffParameters `json:"liveAgentHandoff,omitempty" tf:"live_agent_handoff,omitempty"` + + // A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + // Structure is documented below. + // +kubebuilder:validation:Optional + OutputAudioText []TransitionRoutesTriggerFulfillmentMessagesOutputAudioTextParameters `json:"outputAudioText,omitempty" tf:"output_audio_text,omitempty"` + + // A custom, platform-specific payload. + // +kubebuilder:validation:Optional + Payload *string `json:"payload,omitempty" tf:"payload,omitempty"` + + // Specifies an audio clip to be played by the client as part of the response. + // Structure is documented below. + // +kubebuilder:validation:Optional + PlayAudio []TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters `json:"playAudio,omitempty" tf:"play_audio,omitempty"` + + // Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + // Structure is documented below. + // +kubebuilder:validation:Optional + TelephonyTransferCall []TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters `json:"telephonyTransferCall,omitempty" tf:"telephony_transfer_call,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text []TransitionRoutesTriggerFulfillmentMessagesTextParameters `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesPlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesPlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesPlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesTelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesTextInitParameters struct { + + // A collection of text responses. + Text []*string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // A collection of text responses. + Text []*string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentMessagesTextParameters struct { + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text []*string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentSetParameterActionsInitParameters struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentSetParameterActionsObservation struct { + + // Display name of the parameter. + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TransitionRoutesTriggerFulfillmentSetParameterActionsParameters struct { + + // Display name of the parameter. + // +kubebuilder:validation:Optional + Parameter *string `json:"parameter,omitempty" tf:"parameter,omitempty"` + + // The new JSON-encoded value of the parameter. A null value clears the parameter. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TriggerFulfillmentMessagesConversationSuccessInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TriggerFulfillmentMessagesConversationSuccessObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TriggerFulfillmentMessagesConversationSuccessParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TriggerFulfillmentMessagesLiveAgentHandoffInitParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TriggerFulfillmentMessagesLiveAgentHandoffObservation struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TriggerFulfillmentMessagesLiveAgentHandoffParameters struct { + + // Custom metadata. Dialogflow doesn't impose any structure on this. + // +kubebuilder:validation:Optional + Metadata *string `json:"metadata,omitempty" tf:"metadata,omitempty"` +} + +type TriggerFulfillmentMessagesOutputAudioTextInitParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TriggerFulfillmentMessagesOutputAudioTextObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // The SSML text to be synthesized. For more information, see SSML. + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TriggerFulfillmentMessagesOutputAudioTextParameters struct { + + // The SSML text to be synthesized. For more information, see SSML. + // +kubebuilder:validation:Optional + Ssml *string `json:"ssml,omitempty" tf:"ssml,omitempty"` + + // A collection of text responses. + // +kubebuilder:validation:Optional + Text *string `json:"text,omitempty" tf:"text,omitempty"` +} + +type TriggerFulfillmentMessagesPlayAudioInitParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type TriggerFulfillmentMessagesPlayAudioObservation struct { + + // (Output) + // Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + AllowPlaybackInterruption *bool `json:"allowPlaybackInterruption,omitempty" tf:"allow_playback_interruption,omitempty"` + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + AudioURI *string `json:"audioUri,omitempty" tf:"audio_uri,omitempty"` +} + +type TriggerFulfillmentMessagesPlayAudioParameters struct { + + // URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + // +kubebuilder:validation:Optional + AudioURI *string `json:"audioUri" tf:"audio_uri,omitempty"` +} + +type TriggerFulfillmentMessagesTelephonyTransferCallInitParameters struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type TriggerFulfillmentMessagesTelephonyTransferCallObservation struct { + + // Transfer the call to a phone number in E.164 format. + PhoneNumber *string `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type TriggerFulfillmentMessagesTelephonyTransferCallParameters struct { + + // Transfer the call to a phone number in E.164 format. + // +kubebuilder:validation:Optional + PhoneNumber *string `json:"phoneNumber" tf:"phone_number,omitempty"` } type TriggerFulfillmentMessagesTextInitParameters struct { diff --git a/apis/dns/v1beta1/zz_generated.deepcopy.go b/apis/dns/v1beta1/zz_generated.deepcopy.go index c70c15740..5df3df809 100644 --- a/apis/dns/v1beta1/zz_generated.deepcopy.go +++ b/apis/dns/v1beta1/zz_generated.deepcopy.go @@ -1750,6 +1750,22 @@ func (in *ManagedZoneObservation) DeepCopyInto(out *ManagedZoneObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ForceDestroy != nil { in, out := &in.ForceDestroy, &out.ForceDestroy *out = new(bool) @@ -1818,6 +1834,22 @@ func (in *ManagedZoneObservation) DeepCopyInto(out *ManagedZoneObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Visibility != nil { in, out := &in.Visibility, &out.Visibility *out = new(string) diff --git a/apis/dns/v1beta1/zz_managedzone_types.go b/apis/dns/v1beta1/zz_managedzone_types.go index 5427ca665..167443ed9 100755 --- a/apis/dns/v1beta1/zz_managedzone_types.go +++ b/apis/dns/v1beta1/zz_managedzone_types.go @@ -296,7 +296,7 @@ type ManagedZoneInitParameters struct { PeeringConfig []PeeringConfigInitParameters `json:"peeringConfig,omitempty" tf:"peering_config,omitempty"` // For privately visible zones, the set of Virtual Private Cloud - // resources that the zone is visible from. + // resources that the zone is visible from. At least one of gke_clusters or networks must be specified. // Structure is documented below. PrivateVisibilityConfig []PrivateVisibilityConfigInitParameters `json:"privateVisibilityConfig,omitempty" tf:"private_visibility_config,omitempty"` @@ -331,6 +331,10 @@ type ManagedZoneObservation struct { // A textual description field. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Set this true to delete all records in the zone. ForceDestroy *bool `json:"forceDestroy,omitempty" tf:"force_destroy,omitempty"` @@ -360,7 +364,7 @@ type ManagedZoneObservation struct { PeeringConfig []PeeringConfigObservation `json:"peeringConfig,omitempty" tf:"peering_config,omitempty"` // For privately visible zones, the set of Virtual Private Cloud - // resources that the zone is visible from. + // resources that the zone is visible from. At least one of gke_clusters or networks must be specified. // Structure is documented below. PrivateVisibilityConfig []PrivateVisibilityConfigObservation `json:"privateVisibilityConfig,omitempty" tf:"private_visibility_config,omitempty"` @@ -368,6 +372,11 @@ type ManagedZoneObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The zone's visibility: public zones are exposed to the Internet, // while private zones are visible only to Virtual Private Cloud resources. // Default value is public. @@ -418,7 +427,7 @@ type ManagedZoneParameters struct { PeeringConfig []PeeringConfigParameters `json:"peeringConfig,omitempty" tf:"peering_config,omitempty"` // For privately visible zones, the set of Virtual Private Cloud - // resources that the zone is visible from. + // resources that the zone is visible from. At least one of gke_clusters or networks must be specified. // Structure is documented below. // +kubebuilder:validation:Optional PrivateVisibilityConfig []PrivateVisibilityConfigParameters `json:"privateVisibilityConfig,omitempty" tf:"private_visibility_config,omitempty"` @@ -541,7 +550,7 @@ type PrivateVisibilityConfigParameters struct { // blocks in an update and then apply another update adding all of them back simultaneously. // Structure is documented below. // +kubebuilder:validation:Optional - Networks []NetworksParameters `json:"networks" tf:"networks,omitempty"` + Networks []NetworksParameters `json:"networks,omitempty" tf:"networks,omitempty"` } type TargetNameServersInitParameters struct { diff --git a/apis/dns/v1beta1/zz_recordset_types.go b/apis/dns/v1beta1/zz_recordset_types.go index 49bb348e4..169a4b915 100755 --- a/apis/dns/v1beta1/zz_recordset_types.go +++ b/apis/dns/v1beta1/zz_recordset_types.go @@ -150,7 +150,7 @@ type HealthCheckedTargetsInternalLoadBalancersInitParameters struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -175,7 +175,7 @@ type HealthCheckedTargetsInternalLoadBalancersObservation struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -202,7 +202,7 @@ type HealthCheckedTargetsInternalLoadBalancersParameters struct { // +kubebuilder:validation:Optional IPProtocol *string `json:"ipProtocol" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] // +kubebuilder:validation:Optional LoadBalancerType *string `json:"loadBalancerType" tf:"load_balancer_type,omitempty"` @@ -247,7 +247,7 @@ type InternalLoadBalancersInitParameters struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -272,7 +272,7 @@ type InternalLoadBalancersObservation struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -299,7 +299,7 @@ type InternalLoadBalancersParameters struct { // +kubebuilder:validation:Optional IPProtocol *string `json:"ipProtocol" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] // +kubebuilder:validation:Optional LoadBalancerType *string `json:"loadBalancerType" tf:"load_balancer_type,omitempty"` @@ -401,7 +401,7 @@ type PrimaryInternalLoadBalancersInitParameters struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -456,7 +456,7 @@ type PrimaryInternalLoadBalancersObservation struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -493,7 +493,7 @@ type PrimaryInternalLoadBalancersParameters struct { // +kubebuilder:validation:Optional IPProtocol *string `json:"ipProtocol" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] // +kubebuilder:validation:Optional LoadBalancerType *string `json:"loadBalancerType" tf:"load_balancer_type,omitempty"` @@ -748,7 +748,7 @@ type WrrHealthCheckedTargetsInternalLoadBalancersInitParameters struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -773,7 +773,7 @@ type WrrHealthCheckedTargetsInternalLoadBalancersObservation struct { // The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"] IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] LoadBalancerType *string `json:"loadBalancerType,omitempty" tf:"load_balancer_type,omitempty"` // The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}. @@ -800,7 +800,7 @@ type WrrHealthCheckedTargetsInternalLoadBalancersParameters struct { // +kubebuilder:validation:Optional IPProtocol *string `json:"ipProtocol" tf:"ip_protocol,omitempty"` - // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"] + // The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"] // +kubebuilder:validation:Optional LoadBalancerType *string `json:"loadBalancerType" tf:"load_balancer_type,omitempty"` diff --git a/apis/eventarc/v1beta1/zz_generated.deepcopy.go b/apis/eventarc/v1beta1/zz_generated.deepcopy.go index da89066ab..38a9b3d37 100644 --- a/apis/eventarc/v1beta1/zz_generated.deepcopy.go +++ b/apis/eventarc/v1beta1/zz_generated.deepcopy.go @@ -367,11 +367,6 @@ func (in *CloudRunServiceParameters) DeepCopy() *CloudRunServiceParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DestinationInitParameters) DeepCopyInto(out *DestinationInitParameters) { *out = *in - if in.CloudFunction != nil { - in, out := &in.CloudFunction, &out.CloudFunction - *out = new(string) - **out = **in - } if in.CloudRunService != nil { in, out := &in.CloudRunService, &out.CloudRunService *out = make([]CloudRunServiceInitParameters, len(*in)) @@ -386,6 +381,20 @@ func (in *DestinationInitParameters) DeepCopyInto(out *DestinationInitParameters (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.HTTPEndpoint != nil { + in, out := &in.HTTPEndpoint, &out.HTTPEndpoint + *out = make([]HTTPEndpointInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = make([]NetworkConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Workflow != nil { in, out := &in.Workflow, &out.Workflow *out = new(string) @@ -425,6 +434,20 @@ func (in *DestinationObservation) DeepCopyInto(out *DestinationObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.HTTPEndpoint != nil { + in, out := &in.HTTPEndpoint, &out.HTTPEndpoint + *out = make([]HTTPEndpointObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = make([]NetworkConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Workflow != nil { in, out := &in.Workflow, &out.Workflow *out = new(string) @@ -445,11 +468,6 @@ func (in *DestinationObservation) DeepCopy() *DestinationObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DestinationParameters) DeepCopyInto(out *DestinationParameters) { *out = *in - if in.CloudFunction != nil { - in, out := &in.CloudFunction, &out.CloudFunction - *out = new(string) - **out = **in - } if in.CloudRunService != nil { in, out := &in.CloudRunService, &out.CloudRunService *out = make([]CloudRunServiceParameters, len(*in)) @@ -464,6 +482,20 @@ func (in *DestinationParameters) DeepCopyInto(out *DestinationParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.HTTPEndpoint != nil { + in, out := &in.HTTPEndpoint, &out.HTTPEndpoint + *out = make([]HTTPEndpointParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = make([]NetworkConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Workflow != nil { in, out := &in.Workflow, &out.Workflow *out = new(string) @@ -785,6 +817,66 @@ func (in *GoogleChannelConfigStatus) DeepCopy() *GoogleChannelConfigStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPEndpointInitParameters) DeepCopyInto(out *HTTPEndpointInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPEndpointInitParameters. +func (in *HTTPEndpointInitParameters) DeepCopy() *HTTPEndpointInitParameters { + if in == nil { + return nil + } + out := new(HTTPEndpointInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPEndpointObservation) DeepCopyInto(out *HTTPEndpointObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPEndpointObservation. +func (in *HTTPEndpointObservation) DeepCopy() *HTTPEndpointObservation { + if in == nil { + return nil + } + out := new(HTTPEndpointObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPEndpointParameters) DeepCopyInto(out *HTTPEndpointParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPEndpointParameters. +func (in *HTTPEndpointParameters) DeepCopy() *HTTPEndpointParameters { + if in == nil { + return nil + } + out := new(HTTPEndpointParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MatchingCriteriaInitParameters) DeepCopyInto(out *MatchingCriteriaInitParameters) { *out = *in @@ -875,6 +967,66 @@ func (in *MatchingCriteriaParameters) DeepCopy() *MatchingCriteriaParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigInitParameters) DeepCopyInto(out *NetworkConfigInitParameters) { + *out = *in + if in.NetworkAttachment != nil { + in, out := &in.NetworkAttachment, &out.NetworkAttachment + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigInitParameters. +func (in *NetworkConfigInitParameters) DeepCopy() *NetworkConfigInitParameters { + if in == nil { + return nil + } + out := new(NetworkConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigObservation) DeepCopyInto(out *NetworkConfigObservation) { + *out = *in + if in.NetworkAttachment != nil { + in, out := &in.NetworkAttachment, &out.NetworkAttachment + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigObservation. +func (in *NetworkConfigObservation) DeepCopy() *NetworkConfigObservation { + if in == nil { + return nil + } + out := new(NetworkConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfigParameters) DeepCopyInto(out *NetworkConfigParameters) { + *out = *in + if in.NetworkAttachment != nil { + in, out := &in.NetworkAttachment, &out.NetworkAttachment + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfigParameters. +func (in *NetworkConfigParameters) DeepCopy() *NetworkConfigParameters { + if in == nil { + return nil + } + out := new(NetworkConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PubsubInitParameters) DeepCopyInto(out *PubsubInitParameters) { *out = *in @@ -1173,6 +1325,22 @@ func (in *TriggerObservation) DeepCopyInto(out *TriggerObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -1226,6 +1394,22 @@ func (in *TriggerObservation) DeepCopyInto(out *TriggerObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Transport != nil { in, out := &in.Transport, &out.Transport *out = make([]TransportObservation, len(*in)) diff --git a/apis/eventarc/v1beta1/zz_trigger_types.go b/apis/eventarc/v1beta1/zz_trigger_types.go index 3be62e311..035a8bd8d 100755 --- a/apis/eventarc/v1beta1/zz_trigger_types.go +++ b/apis/eventarc/v1beta1/zz_trigger_types.go @@ -88,22 +88,25 @@ type CloudRunServiceParameters struct { type DestinationInitParameters struct { - // [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - CloudFunction *string `json:"cloudFunction,omitempty" tf:"cloud_function,omitempty"` - // Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger. CloudRunService []CloudRunServiceInitParameters `json:"cloudRunService,omitempty" tf:"cloud_run_service,omitempty"` // A GKE service capable of receiving events. The service should be running in the same project as the trigger. Gke []GkeInitParameters `json:"gke,omitempty" tf:"gke,omitempty"` + // An HTTP endpoint destination described by an URI. + HTTPEndpoint []HTTPEndpointInitParameters `json:"httpEndpoint,omitempty" tf:"http_endpoint,omitempty"` + + // Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type. + NetworkConfig []NetworkConfigInitParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: projects/{project}/locations/{location}/workflows/{workflow} Workflow *string `json:"workflow,omitempty" tf:"workflow,omitempty"` } type DestinationObservation struct { - // [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + // The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value. CloudFunction *string `json:"cloudFunction,omitempty" tf:"cloud_function,omitempty"` // Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger. @@ -112,16 +115,18 @@ type DestinationObservation struct { // A GKE service capable of receiving events. The service should be running in the same project as the trigger. Gke []GkeObservation `json:"gke,omitempty" tf:"gke,omitempty"` + // An HTTP endpoint destination described by an URI. + HTTPEndpoint []HTTPEndpointObservation `json:"httpEndpoint,omitempty" tf:"http_endpoint,omitempty"` + + // Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type. + NetworkConfig []NetworkConfigObservation `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: projects/{project}/locations/{location}/workflows/{workflow} Workflow *string `json:"workflow,omitempty" tf:"workflow,omitempty"` } type DestinationParameters struct { - // [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - // +kubebuilder:validation:Optional - CloudFunction *string `json:"cloudFunction,omitempty" tf:"cloud_function,omitempty"` - // Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger. // +kubebuilder:validation:Optional CloudRunService []CloudRunServiceParameters `json:"cloudRunService,omitempty" tf:"cloud_run_service,omitempty"` @@ -130,6 +135,14 @@ type DestinationParameters struct { // +kubebuilder:validation:Optional Gke []GkeParameters `json:"gke,omitempty" tf:"gke,omitempty"` + // An HTTP endpoint destination described by an URI. + // +kubebuilder:validation:Optional + HTTPEndpoint []HTTPEndpointParameters `json:"httpEndpoint,omitempty" tf:"http_endpoint,omitempty"` + + // Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type. + // +kubebuilder:validation:Optional + NetworkConfig []NetworkConfigParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: projects/{project}/locations/{location}/workflows/{workflow} // +kubebuilder:validation:Optional Workflow *string `json:"workflow,omitempty" tf:"workflow,omitempty"` @@ -191,6 +204,25 @@ type GkeParameters struct { Service *string `json:"service" tf:"service,omitempty"` } +type HTTPEndpointInitParameters struct { + + // Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS. + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type HTTPEndpointObservation struct { + + // Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS. + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type HTTPEndpointParameters struct { + + // Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS. + // +kubebuilder:validation:Optional + URI *string `json:"uri" tf:"uri,omitempty"` +} + type MatchingCriteriaInitParameters struct { // Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute. @@ -230,6 +262,25 @@ type MatchingCriteriaParameters struct { Value *string `json:"value" tf:"value,omitempty"` } +type NetworkConfigInitParameters struct { + + // Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME} + NetworkAttachment *string `json:"networkAttachment,omitempty" tf:"network_attachment,omitempty"` +} + +type NetworkConfigObservation struct { + + // Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME} + NetworkAttachment *string `json:"networkAttachment,omitempty" tf:"network_attachment,omitempty"` +} + +type NetworkConfigParameters struct { + + // Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME} + // +kubebuilder:validation:Optional + NetworkAttachment *string `json:"networkAttachment" tf:"network_attachment,omitempty"` +} + type PubsubInitParameters struct { // Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished only. The topic you provide here will not be deleted by Eventarc at trigger deletion. @@ -279,6 +330,7 @@ type TriggerInitParameters struct { // Required. Destination specifies where the events should be sent to. Destination []DestinationInitParameters `json:"destination,omitempty" tf:"destination,omitempty"` + // Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to application/json if the value is not defined. EventDataContentType *string `json:"eventDataContentType,omitempty" tf:"event_data_content_type,omitempty"` // Optional. User labels attached to the triggers that can be used to group resources. @@ -313,9 +365,13 @@ type TriggerObservation struct { // Required. Destination specifies where the events should be sent to. Destination []DestinationObservation `json:"destination,omitempty" tf:"destination,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to application/json if the value is not defined. EventDataContentType *string `json:"eventDataContentType,omitempty" tf:"event_data_content_type,omitempty"` // an identifier for the resource with format projects/{{project}}/locations/{{location}}/triggers/{{name}} @@ -337,6 +393,10 @@ type TriggerObservation struct { // Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have iam.serviceAccounts.actAs permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have roles/eventarc.eventReceiver IAM role. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes. Transport []TransportObservation `json:"transport,omitempty" tf:"transport,omitempty"` @@ -357,6 +417,7 @@ type TriggerParameters struct { // +kubebuilder:validation:Optional Destination []DestinationParameters `json:"destination,omitempty" tf:"destination,omitempty"` + // Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to application/json if the value is not defined. // +kubebuilder:validation:Optional EventDataContentType *string `json:"eventDataContentType,omitempty" tf:"event_data_content_type,omitempty"` diff --git a/apis/filestore/v1beta1/zz_backup_types.go b/apis/filestore/v1beta1/zz_backup_types.go index 3c2407ed2..29e6d9466 100755 --- a/apis/filestore/v1beta1/zz_backup_types.go +++ b/apis/filestore/v1beta1/zz_backup_types.go @@ -73,6 +73,10 @@ type BackupObservation struct { // Amount of bytes that will be downloaded if the backup is restored. DownloadBytes *string `json:"downloadBytes,omitempty" tf:"download_bytes,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -104,6 +108,11 @@ type BackupObservation struct { // The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. StorageBytes *string `json:"storageBytes,omitempty" tf:"storage_bytes,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type BackupParameters struct { diff --git a/apis/filestore/v1beta1/zz_generated.deepcopy.go b/apis/filestore/v1beta1/zz_generated.deepcopy.go index 7a7fccf84..d5971642c 100644 --- a/apis/filestore/v1beta1/zz_generated.deepcopy.go +++ b/apis/filestore/v1beta1/zz_generated.deepcopy.go @@ -168,6 +168,22 @@ func (in *BackupObservation) DeepCopyInto(out *BackupObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -229,6 +245,22 @@ func (in *BackupObservation) DeepCopyInto(out *BackupObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupObservation. @@ -362,6 +394,11 @@ func (in *FileSharesInitParameters) DeepCopyInto(out *FileSharesInitParameters) *out = new(string) **out = **in } + if in.SourceBackup != nil { + in, out := &in.SourceBackup, &out.SourceBackup + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileSharesInitParameters. @@ -431,6 +468,11 @@ func (in *FileSharesParameters) DeepCopyInto(out *FileSharesParameters) { *out = new(string) **out = **in } + if in.SourceBackup != nil { + in, out := &in.SourceBackup, &out.SourceBackup + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileSharesParameters. @@ -595,6 +637,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -650,6 +708,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Tier != nil { in, out := &in.Tier, &out.Tier *out = new(string) @@ -1177,6 +1251,22 @@ func (in *SnapshotObservation) DeepCopyInto(out *SnapshotObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.FilesystemUsedBytes != nil { in, out := &in.FilesystemUsedBytes, &out.FilesystemUsedBytes *out = new(string) @@ -1223,6 +1313,22 @@ func (in *SnapshotObservation) DeepCopyInto(out *SnapshotObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SnapshotObservation. diff --git a/apis/filestore/v1beta1/zz_instance_types.go b/apis/filestore/v1beta1/zz_instance_types.go index df3927902..634bacadc 100755 --- a/apis/filestore/v1beta1/zz_instance_types.go +++ b/apis/filestore/v1beta1/zz_instance_types.go @@ -41,6 +41,11 @@ type FileSharesInitParameters struct { // The name of the fileshare (16 characters or less) Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The resource name of the backup, in the format + // projects/{projectId}/locations/{locationId}/backups/{backupId}, + // that this file share has been restored from. + SourceBackup *string `json:"sourceBackup,omitempty" tf:"source_backup,omitempty"` } type FileSharesObservation struct { @@ -56,7 +61,6 @@ type FileSharesObservation struct { // The name of the fileshare (16 characters or less) Name *string `json:"name,omitempty" tf:"name,omitempty"` - // (Output) // The resource name of the backup, in the format // projects/{projectId}/locations/{locationId}/backups/{backupId}, // that this file share has been restored from. @@ -78,6 +82,12 @@ type FileSharesParameters struct { // The name of the fileshare (16 characters or less) // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` + + // The resource name of the backup, in the format + // projects/{projectId}/locations/{locationId}/backups/{backupId}, + // that this file share has been restored from. + // +kubebuilder:validation:Optional + SourceBackup *string `json:"sourceBackup,omitempty" tf:"source_backup,omitempty"` } type InstanceInitParameters struct { @@ -117,7 +127,7 @@ type InstanceInitParameters struct { Project *string `json:"project,omitempty" tf:"project,omitempty"` // The service tier of the instance. - // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` // The name of the Filestore zone of the instance. @@ -132,6 +142,9 @@ type InstanceObservation struct { // A description of the instance. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Server-specified ETag for the instance resource to prevent // simultaneous updates from overwriting each other. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -163,8 +176,13 @@ type InstanceObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The service tier of the instance. - // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` // The name of the Filestore zone of the instance. @@ -218,7 +236,7 @@ type InstanceParameters struct { Project *string `json:"project,omitempty" tf:"project,omitempty"` // The service tier of the instance. - // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE // +kubebuilder:validation:Optional Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` diff --git a/apis/filestore/v1beta1/zz_snapshot_types.go b/apis/filestore/v1beta1/zz_snapshot_types.go index ce900bca4..503e6bee7 100755 --- a/apis/filestore/v1beta1/zz_snapshot_types.go +++ b/apis/filestore/v1beta1/zz_snapshot_types.go @@ -51,6 +51,10 @@ type SnapshotObservation struct { // A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The amount of bytes needed to allocate a full copy of the snapshot content. FilesystemUsedBytes *string `json:"filesystemUsedBytes,omitempty" tf:"filesystem_used_bytes,omitempty"` @@ -73,6 +77,11 @@ type SnapshotObservation struct { // The snapshot state. State *string `json:"state,omitempty" tf:"state,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type SnapshotParameters struct { diff --git a/apis/gke/v1beta1/zz_backupbackupplan_types.go b/apis/gke/v1beta1/zz_backupbackupplan_types.go index 39c1341cc..444172001 100755 --- a/apis/gke/v1beta1/zz_backupbackupplan_types.go +++ b/apis/gke/v1beta1/zz_backupbackupplan_types.go @@ -98,6 +98,10 @@ type BackupBackupPlanObservation struct { // User specified descriptive string for this BackupPlan. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // etag is used for optimistic concurrency control as a way to help prevent simultaneous // updates of a backup plan from overwriting each other. It is strongly suggested that // systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates @@ -135,6 +139,11 @@ type BackupBackupPlanObservation struct { // Detailed description of why BackupPlan is in its current state. StateReason *string `json:"stateReason,omitempty" tf:"state_reason,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Server generated, unique identifier of UUID format. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` } diff --git a/apis/gke/v1beta1/zz_generated.deepcopy.go b/apis/gke/v1beta1/zz_generated.deepcopy.go index 38f8e32a7..7e625c398 100644 --- a/apis/gke/v1beta1/zz_generated.deepcopy.go +++ b/apis/gke/v1beta1/zz_generated.deepcopy.go @@ -198,6 +198,22 @@ func (in *BackupBackupPlanObservation) DeepCopyInto(out *BackupBackupPlanObserva *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -256,6 +272,22 @@ func (in *BackupBackupPlanObservation) DeepCopyInto(out *BackupBackupPlanObserva *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) diff --git a/apis/gkehub/v1beta1/zz_generated.deepcopy.go b/apis/gkehub/v1beta1/zz_generated.deepcopy.go index a68b211ec..031aa17b0 100644 --- a/apis/gkehub/v1beta1/zz_generated.deepcopy.go +++ b/apis/gkehub/v1beta1/zz_generated.deepcopy.go @@ -385,6 +385,11 @@ func (in *MembershipIAMMemberInitParameters) DeepCopyInto(out *MembershipIAMMemb (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Member != nil { in, out := &in.Member, &out.Member *out = new(string) @@ -479,6 +484,11 @@ func (in *MembershipIAMMemberObservation) DeepCopyInto(out *MembershipIAMMemberO *out = new(string) **out = **in } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Member != nil { in, out := &in.Member, &out.Member *out = new(string) @@ -521,6 +531,11 @@ func (in *MembershipIAMMemberParameters) DeepCopyInto(out *MembershipIAMMemberPa (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Member != nil { in, out := &in.Member, &out.Member *out = new(string) @@ -690,6 +705,22 @@ func (in *MembershipObservation) DeepCopyInto(out *MembershipObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Endpoint != nil { in, out := &in.Endpoint, &out.Endpoint *out = make([]EndpointObservation, len(*in)) @@ -718,6 +749,11 @@ func (in *MembershipObservation) DeepCopyInto(out *MembershipObservation) { (*out)[key] = outVal } } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -728,6 +764,22 @@ func (in *MembershipObservation) DeepCopyInto(out *MembershipObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MembershipObservation. @@ -773,6 +825,11 @@ func (in *MembershipParameters) DeepCopyInto(out *MembershipParameters) { (*out)[key] = outVal } } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/gkehub/v1beta1/zz_membership_terraformed.go b/apis/gkehub/v1beta1/zz_membership_terraformed.go index efc42ba8c..797d4f0ff 100755 --- a/apis/gkehub/v1beta1/zz_membership_terraformed.go +++ b/apis/gkehub/v1beta1/zz_membership_terraformed.go @@ -141,5 +141,5 @@ func (tr *Membership) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Membership) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/gkehub/v1beta1/zz_membership_types.go b/apis/gkehub/v1beta1/zz_membership_types.go index 2c95c0372..e2b41c6d6 100755 --- a/apis/gkehub/v1beta1/zz_membership_types.go +++ b/apis/gkehub/v1beta1/zz_membership_types.go @@ -150,23 +150,36 @@ type MembershipObservation struct { // Structure is documented below. Authority []AuthorityObservation `json:"authority,omitempty" tf:"authority,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. // Structure is documented below. Endpoint []EndpointObservation `json:"endpoint,omitempty" tf:"endpoint,omitempty"` - // an identifier for the resource with format projects/{{project}}/locations/global/memberships/{{membership_id}} + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // Labels to apply to this membership. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Location of the membership. + // The default value is global. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + // The unique identifier of the membership. Name *string `json:"name,omitempty" tf:"name,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type MembershipParameters struct { @@ -188,6 +201,11 @@ type MembershipParameters struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // Location of the membership. + // The default value is global. + // +kubebuilder:validation:Optional + Location *string `json:"location,omitempty" tf:"location,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/apis/gkehub/v1beta1/zz_membershipiammember_types.go b/apis/gkehub/v1beta1/zz_membershipiammember_types.go index 2810725fb..70aca1fc9 100755 --- a/apis/gkehub/v1beta1/zz_membershipiammember_types.go +++ b/apis/gkehub/v1beta1/zz_membershipiammember_types.go @@ -60,6 +60,8 @@ type ConditionParameters struct { type MembershipIAMMemberInitParameters struct { Condition []ConditionInitParameters `json:"condition,omitempty" tf:"condition,omitempty"` + Location *string `json:"location,omitempty" tf:"location,omitempty"` + Member *string `json:"member,omitempty" tf:"member,omitempty"` // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/gkehub/v1beta1.Membership @@ -85,6 +87,8 @@ type MembershipIAMMemberObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` + Location *string `json:"location,omitempty" tf:"location,omitempty"` + Member *string `json:"member,omitempty" tf:"member,omitempty"` MembershipID *string `json:"membershipId,omitempty" tf:"membership_id,omitempty"` @@ -99,6 +103,9 @@ type MembershipIAMMemberParameters struct { // +kubebuilder:validation:Optional Condition []ConditionParameters `json:"condition,omitempty" tf:"condition,omitempty"` + // +kubebuilder:validation:Optional + Location *string `json:"location,omitempty" tf:"location,omitempty"` + // +kubebuilder:validation:Optional Member *string `json:"member,omitempty" tf:"member,omitempty"` diff --git a/apis/healthcare/v1beta1/zz_consentstore_types.go b/apis/healthcare/v1beta1/zz_consentstore_types.go index 10a602bb9..d899bb733 100755 --- a/apis/healthcare/v1beta1/zz_consentstore_types.go +++ b/apis/healthcare/v1beta1/zz_consentstore_types.go @@ -78,6 +78,10 @@ type ConsentStoreObservation struct { // A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". DefaultConsentTTL *string `json:"defaultConsentTtl,omitempty" tf:"default_consent_ttl,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist. EnableConsentCreateOnUpdate *bool `json:"enableConsentCreateOnUpdate,omitempty" tf:"enable_consent_create_on_update,omitempty"` @@ -98,6 +102,11 @@ type ConsentStoreObservation struct { // The name of this ConsentStore, for example: // "consent1" Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ConsentStoreParameters struct { diff --git a/apis/healthcare/v1beta1/zz_generated.deepcopy.go b/apis/healthcare/v1beta1/zz_generated.deepcopy.go index cc97a927d..9f6b2e34c 100644 --- a/apis/healthcare/v1beta1/zz_generated.deepcopy.go +++ b/apis/healthcare/v1beta1/zz_generated.deepcopy.go @@ -248,6 +248,22 @@ func (in *ConsentStoreObservation) DeepCopyInto(out *ConsentStoreObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableConsentCreateOnUpdate != nil { in, out := &in.EnableConsentCreateOnUpdate, &out.EnableConsentCreateOnUpdate *out = new(bool) @@ -279,6 +295,22 @@ func (in *ConsentStoreObservation) DeepCopyInto(out *ConsentStoreObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsentStoreObservation. diff --git a/apis/iam/v1beta1/zz_generated.deepcopy.go b/apis/iam/v1beta1/zz_generated.deepcopy.go index 209ae5f69..e2bc2f27f 100644 --- a/apis/iam/v1beta1/zz_generated.deepcopy.go +++ b/apis/iam/v1beta1/zz_generated.deepcopy.go @@ -193,6 +193,66 @@ func (in *OidcParameters) DeepCopy() *OidcParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SAMLInitParameters) DeepCopyInto(out *SAMLInitParameters) { + *out = *in + if in.IdPMetadataXML != nil { + in, out := &in.IdPMetadataXML, &out.IdPMetadataXML + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLInitParameters. +func (in *SAMLInitParameters) DeepCopy() *SAMLInitParameters { + if in == nil { + return nil + } + out := new(SAMLInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SAMLObservation) DeepCopyInto(out *SAMLObservation) { + *out = *in + if in.IdPMetadataXML != nil { + in, out := &in.IdPMetadataXML, &out.IdPMetadataXML + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLObservation. +func (in *SAMLObservation) DeepCopy() *SAMLObservation { + if in == nil { + return nil + } + out := new(SAMLObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SAMLParameters) DeepCopyInto(out *SAMLParameters) { + *out = *in + if in.IdPMetadataXML != nil { + in, out := &in.IdPMetadataXML, &out.IdPMetadataXML + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLParameters. +func (in *SAMLParameters) DeepCopy() *SAMLParameters { + if in == nil { + return nil + } + out := new(SAMLParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadIdentityPool) DeepCopyInto(out *WorkloadIdentityPool) { *out = *in @@ -457,6 +517,13 @@ func (in *WorkloadIdentityPoolProviderInitParameters) DeepCopyInto(out *Workload *out = new(string) **out = **in } + if in.SAML != nil { + in, out := &in.SAML, &out.SAML + *out = make([]SAMLInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderInitParameters. @@ -569,6 +636,13 @@ func (in *WorkloadIdentityPoolProviderObservation) DeepCopyInto(out *WorkloadIde *out = new(string) **out = **in } + if in.SAML != nil { + in, out := &in.SAML, &out.SAML + *out = make([]SAMLObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) @@ -649,6 +723,13 @@ func (in *WorkloadIdentityPoolProviderParameters) DeepCopyInto(out *WorkloadIden *out = new(string) **out = **in } + if in.SAML != nil { + in, out := &in.SAML, &out.SAML + *out = make([]SAMLParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.WorkloadIdentityPoolID != nil { in, out := &in.WorkloadIdentityPoolID, &out.WorkloadIdentityPoolID *out = new(string) diff --git a/apis/iam/v1beta1/zz_workloadidentitypoolprovider_types.go b/apis/iam/v1beta1/zz_workloadidentitypoolprovider_types.go index 9bee11534..4edba6dcc 100755 --- a/apis/iam/v1beta1/zz_workloadidentitypoolprovider_types.go +++ b/apis/iam/v1beta1/zz_workloadidentitypoolprovider_types.go @@ -120,6 +120,25 @@ type OidcParameters struct { JwksJSON *string `json:"jwksJson,omitempty" tf:"jwks_json,omitempty"` } +type SAMLInitParameters struct { + + // SAML Identity provider configuration metadata xml doc. + IdPMetadataXML *string `json:"idpMetadataXml,omitempty" tf:"idp_metadata_xml,omitempty"` +} + +type SAMLObservation struct { + + // SAML Identity provider configuration metadata xml doc. + IdPMetadataXML *string `json:"idpMetadataXml,omitempty" tf:"idp_metadata_xml,omitempty"` +} + +type SAMLParameters struct { + + // SAML Identity provider configuration metadata xml doc. + // +kubebuilder:validation:Optional + IdPMetadataXML *string `json:"idpMetadataXml" tf:"idp_metadata_xml,omitempty"` +} + type WorkloadIdentityPoolProviderInitParameters struct { // A Common Expression Language expression, in @@ -136,7 +155,7 @@ type WorkloadIdentityPoolProviderInitParameters struct { // +mapType=granular AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"` - // An Amazon Web Services identity provider. Not compatible with the property oidc. + // An Amazon Web Services identity provider. Not compatible with the property oidc or saml. // Structure is documented below. Aws []AwsInitParameters `json:"aws,omitempty" tf:"aws,omitempty"` @@ -150,13 +169,17 @@ type WorkloadIdentityPoolProviderInitParameters struct { // A display name for the provider. Cannot exceed 32 characters. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` - // An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + // An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. // Structure is documented below. Oidc []OidcInitParameters `json:"oidc,omitempty" tf:"oidc,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + // Structure is documented below. + SAML []SAMLInitParameters `json:"saml,omitempty" tf:"saml,omitempty"` } type WorkloadIdentityPoolProviderObservation struct { @@ -175,7 +198,7 @@ type WorkloadIdentityPoolProviderObservation struct { // +mapType=granular AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"` - // An Amazon Web Services identity provider. Not compatible with the property oidc. + // An Amazon Web Services identity provider. Not compatible with the property oidc or saml. // Structure is documented below. Aws []AwsObservation `json:"aws,omitempty" tf:"aws,omitempty"` @@ -196,7 +219,7 @@ type WorkloadIdentityPoolProviderObservation struct { // projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + // An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. // Structure is documented below. Oidc []OidcObservation `json:"oidc,omitempty" tf:"oidc,omitempty"` @@ -204,6 +227,10 @@ type WorkloadIdentityPoolProviderObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + // Structure is documented below. + SAML []SAMLObservation `json:"saml,omitempty" tf:"saml,omitempty"` + // The state of the provider. State *string `json:"state,omitempty" tf:"state,omitempty"` @@ -231,7 +258,7 @@ type WorkloadIdentityPoolProviderParameters struct { // +mapType=granular AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"` - // An Amazon Web Services identity provider. Not compatible with the property oidc. + // An Amazon Web Services identity provider. Not compatible with the property oidc or saml. // Structure is documented below. // +kubebuilder:validation:Optional Aws []AwsParameters `json:"aws,omitempty" tf:"aws,omitempty"` @@ -249,7 +276,7 @@ type WorkloadIdentityPoolProviderParameters struct { // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` - // An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + // An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. // Structure is documented below. // +kubebuilder:validation:Optional Oidc []OidcParameters `json:"oidc,omitempty" tf:"oidc,omitempty"` @@ -259,6 +286,11 @@ type WorkloadIdentityPoolProviderParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + // Structure is documented below. + // +kubebuilder:validation:Optional + SAML []SAMLParameters `json:"saml,omitempty" tf:"saml,omitempty"` + // The ID used for the pool, which is the final component of the pool resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // gcp- is reserved for use by Google, and may not be specified. diff --git a/apis/kms/v1beta1/zz_cryptokey_types.go b/apis/kms/v1beta1/zz_cryptokey_types.go index 57929ef12..7ceb0e405 100755 --- a/apis/kms/v1beta1/zz_cryptokey_types.go +++ b/apis/kms/v1beta1/zz_cryptokey_types.go @@ -69,6 +69,10 @@ type CryptoKeyObservation struct { // If not specified at creation time, the default duration is 24 hours. DestroyScheduledDuration *string `json:"destroyScheduledDuration,omitempty" tf:"destroy_scheduled_duration,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format {{key_ring}}/cryptoKeys/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -83,6 +87,11 @@ type CryptoKeyObservation struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. + // Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. + // Structure is documented below. + Primary []PrimaryObservation `json:"primary,omitempty" tf:"primary,omitempty"` + // The immutable purpose of this CryptoKey. See the // purpose reference // for possible inputs. @@ -99,6 +108,11 @@ type CryptoKeyObservation struct { // You must use the google_kms_key_ring_import_job resource to import the CryptoKeyVersion. SkipInitialVersionCreation *bool `json:"skipInitialVersionCreation,omitempty" tf:"skip_initial_version_creation,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // A template describing settings for new crypto key versions. // Structure is documented below. VersionTemplate []VersionTemplateObservation `json:"versionTemplate,omitempty" tf:"version_template,omitempty"` @@ -160,6 +174,23 @@ type CryptoKeyParameters struct { VersionTemplate []VersionTemplateParameters `json:"versionTemplate,omitempty" tf:"version_template,omitempty"` } +type PrimaryInitParameters struct { +} + +type PrimaryObservation struct { + + // (Output) + // The resource name for this CryptoKeyVersion. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // (Output) + // The current state of the CryptoKeyVersion. + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type PrimaryParameters struct { +} + type VersionTemplateInitParameters struct { // The algorithm to use when creating a version based on this template. diff --git a/apis/kms/v1beta1/zz_generated.deepcopy.go b/apis/kms/v1beta1/zz_generated.deepcopy.go index e538dc584..6b66b1b3b 100644 --- a/apis/kms/v1beta1/zz_generated.deepcopy.go +++ b/apis/kms/v1beta1/zz_generated.deepcopy.go @@ -609,6 +609,22 @@ func (in *CryptoKeyObservation) DeepCopyInto(out *CryptoKeyObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -640,6 +656,13 @@ func (in *CryptoKeyObservation) DeepCopyInto(out *CryptoKeyObservation) { (*out)[key] = outVal } } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = make([]PrimaryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Purpose != nil { in, out := &in.Purpose, &out.Purpose *out = new(string) @@ -655,6 +678,22 @@ func (in *CryptoKeyObservation) DeepCopyInto(out *CryptoKeyObservation) { *out = new(bool) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.VersionTemplate != nil { in, out := &in.VersionTemplate, &out.VersionTemplate *out = make([]VersionTemplateObservation, len(*in)) @@ -1835,6 +1874,61 @@ func (in *KeyRingStatus) DeepCopy() *KeyRingStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryInitParameters) DeepCopyInto(out *PrimaryInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryInitParameters. +func (in *PrimaryInitParameters) DeepCopy() *PrimaryInitParameters { + if in == nil { + return nil + } + out := new(PrimaryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryObservation) DeepCopyInto(out *PrimaryObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryObservation. +func (in *PrimaryObservation) DeepCopy() *PrimaryObservation { + if in == nil { + return nil + } + out := new(PrimaryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryParameters) DeepCopyInto(out *PrimaryParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryParameters. +func (in *PrimaryParameters) DeepCopy() *PrimaryParameters { + if in == nil { + return nil + } + out := new(PrimaryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PublicKeyInitParameters) DeepCopyInto(out *PublicKeyInitParameters) { *out = *in diff --git a/apis/logging/v1beta1/zz_folderbucketconfig_types.go b/apis/logging/v1beta1/zz_folderbucketconfig_types.go index a2bcab256..72ae5c422 100755 --- a/apis/logging/v1beta1/zz_folderbucketconfig_types.go +++ b/apis/logging/v1beta1/zz_folderbucketconfig_types.go @@ -63,6 +63,9 @@ type FolderBucketConfigInitParameters struct { // Describes this bucket. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // A list of indexed fields and related configuration data. Structure is documented below. + IndexConfigs []IndexConfigsInitParameters `json:"indexConfigs,omitempty" tf:"index_configs,omitempty"` + // Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. Bucket retention can not be increased on buckets outside of projects. RetentionDays *float64 `json:"retentionDays,omitempty" tf:"retention_days,omitempty"` } @@ -83,6 +86,9 @@ type FolderBucketConfigObservation struct { // an identifier for the resource with format folders/{{folder}}/locations/{{location}}/buckets/{{bucket_id}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // A list of indexed fields and related configuration data. Structure is documented below. + IndexConfigs []IndexConfigsObservation `json:"indexConfigs,omitempty" tf:"index_configs,omitempty"` + // The bucket's lifecycle such as active or deleted. See LifecycleState. LifecycleState *string `json:"lifecycleState,omitempty" tf:"lifecycle_state,omitempty"` @@ -123,6 +129,10 @@ type FolderBucketConfigParameters struct { // +kubebuilder:validation:Optional FolderSelector *v1.Selector `json:"folderSelector,omitempty" tf:"-"` + // A list of indexed fields and related configuration data. Structure is documented below. + // +kubebuilder:validation:Optional + IndexConfigs []IndexConfigsParameters `json:"indexConfigs,omitempty" tf:"index_configs,omitempty"` + // The location of the bucket. // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` @@ -132,6 +142,38 @@ type FolderBucketConfigParameters struct { RetentionDays *float64 `json:"retentionDays,omitempty" tf:"retention_days,omitempty"` } +type IndexConfigsInitParameters struct { + + // The LogEntry field path to index. + // Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + FieldPath *string `json:"fieldPath,omitempty" tf:"field_path,omitempty"` + + // The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type IndexConfigsObservation struct { + + // The LogEntry field path to index. + // Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + FieldPath *string `json:"fieldPath,omitempty" tf:"field_path,omitempty"` + + // The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type IndexConfigsParameters struct { + + // The LogEntry field path to index. + // Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + // +kubebuilder:validation:Optional + FieldPath *string `json:"fieldPath" tf:"field_path,omitempty"` + + // The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER. + // +kubebuilder:validation:Optional + Type *string `json:"type" tf:"type,omitempty"` +} + // FolderBucketConfigSpec defines the desired state of FolderBucketConfig type FolderBucketConfigSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/logging/v1beta1/zz_foldersink_types.go b/apis/logging/v1beta1/zz_foldersink_types.go index 11d1113f3..b4c9f9015 100755 --- a/apis/logging/v1beta1/zz_foldersink_types.go +++ b/apis/logging/v1beta1/zz_foldersink_types.go @@ -117,8 +117,7 @@ type FolderSinkInitParameters struct { // A description of this sink. The maximum length of the description is 8000 characters. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The destination of the sink (or, in other words, where logs are written to). Can be a - // Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + // The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples: Destination *string `json:"destination,omitempty" tf:"destination,omitempty"` // If set to True, then this sink is disabled and it does not export any log entries. @@ -145,8 +144,7 @@ type FolderSinkObservation struct { // A description of this sink. The maximum length of the description is 8000 characters. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The destination of the sink (or, in other words, where logs are written to). Can be a - // Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + // The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples: Destination *string `json:"destination,omitempty" tf:"destination,omitempty"` // If set to True, then this sink is disabled and it does not export any log entries. @@ -186,8 +184,7 @@ type FolderSinkParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The destination of the sink (or, in other words, where logs are written to). Can be a - // Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + // The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples: // +kubebuilder:validation:Optional Destination *string `json:"destination,omitempty" tf:"destination,omitempty"` diff --git a/apis/logging/v1beta1/zz_generated.deepcopy.go b/apis/logging/v1beta1/zz_generated.deepcopy.go index 359f8940f..b83bf1538 100644 --- a/apis/logging/v1beta1/zz_generated.deepcopy.go +++ b/apis/logging/v1beta1/zz_generated.deepcopy.go @@ -583,6 +583,13 @@ func (in *FolderBucketConfigInitParameters) DeepCopyInto(out *FolderBucketConfig *out = new(string) **out = **in } + if in.IndexConfigs != nil { + in, out := &in.IndexConfigs, &out.IndexConfigs + *out = make([]IndexConfigsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.RetentionDays != nil { in, out := &in.RetentionDays, &out.RetentionDays *out = new(float64) @@ -662,6 +669,13 @@ func (in *FolderBucketConfigObservation) DeepCopyInto(out *FolderBucketConfigObs *out = new(string) **out = **in } + if in.IndexConfigs != nil { + in, out := &in.IndexConfigs, &out.IndexConfigs + *out = make([]IndexConfigsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.LifecycleState != nil { in, out := &in.LifecycleState, &out.LifecycleState *out = new(string) @@ -729,6 +743,13 @@ func (in *FolderBucketConfigParameters) DeepCopyInto(out *FolderBucketConfigPara *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.IndexConfigs != nil { + in, out := &in.IndexConfigs, &out.IndexConfigs + *out = make([]IndexConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -1281,6 +1302,81 @@ func (in *FolderSinkStatus) DeepCopy() *FolderSinkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IndexConfigsInitParameters) DeepCopyInto(out *IndexConfigsInitParameters) { + *out = *in + if in.FieldPath != nil { + in, out := &in.FieldPath, &out.FieldPath + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexConfigsInitParameters. +func (in *IndexConfigsInitParameters) DeepCopy() *IndexConfigsInitParameters { + if in == nil { + return nil + } + out := new(IndexConfigsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IndexConfigsObservation) DeepCopyInto(out *IndexConfigsObservation) { + *out = *in + if in.FieldPath != nil { + in, out := &in.FieldPath, &out.FieldPath + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexConfigsObservation. +func (in *IndexConfigsObservation) DeepCopy() *IndexConfigsObservation { + if in == nil { + return nil + } + out := new(IndexConfigsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IndexConfigsParameters) DeepCopyInto(out *IndexConfigsParameters) { + *out = *in + if in.FieldPath != nil { + in, out := &in.FieldPath, &out.FieldPath + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexConfigsParameters. +func (in *IndexConfigsParameters) DeepCopy() *IndexConfigsParameters { + if in == nil { + return nil + } + out := new(IndexConfigsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LabelsInitParameters) DeepCopyInto(out *LabelsInitParameters) { *out = *in @@ -2277,6 +2373,81 @@ func (in *ProjectBucketConfigCmekSettingsParameters) DeepCopy() *ProjectBucketCo return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectBucketConfigIndexConfigsInitParameters) DeepCopyInto(out *ProjectBucketConfigIndexConfigsInitParameters) { + *out = *in + if in.FieldPath != nil { + in, out := &in.FieldPath, &out.FieldPath + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectBucketConfigIndexConfigsInitParameters. +func (in *ProjectBucketConfigIndexConfigsInitParameters) DeepCopy() *ProjectBucketConfigIndexConfigsInitParameters { + if in == nil { + return nil + } + out := new(ProjectBucketConfigIndexConfigsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectBucketConfigIndexConfigsObservation) DeepCopyInto(out *ProjectBucketConfigIndexConfigsObservation) { + *out = *in + if in.FieldPath != nil { + in, out := &in.FieldPath, &out.FieldPath + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectBucketConfigIndexConfigsObservation. +func (in *ProjectBucketConfigIndexConfigsObservation) DeepCopy() *ProjectBucketConfigIndexConfigsObservation { + if in == nil { + return nil + } + out := new(ProjectBucketConfigIndexConfigsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectBucketConfigIndexConfigsParameters) DeepCopyInto(out *ProjectBucketConfigIndexConfigsParameters) { + *out = *in + if in.FieldPath != nil { + in, out := &in.FieldPath, &out.FieldPath + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectBucketConfigIndexConfigsParameters. +func (in *ProjectBucketConfigIndexConfigsParameters) DeepCopy() *ProjectBucketConfigIndexConfigsParameters { + if in == nil { + return nil + } + out := new(ProjectBucketConfigIndexConfigsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProjectBucketConfigInitParameters) DeepCopyInto(out *ProjectBucketConfigInitParameters) { *out = *in @@ -2297,6 +2468,13 @@ func (in *ProjectBucketConfigInitParameters) DeepCopyInto(out *ProjectBucketConf *out = new(bool) **out = **in } + if in.IndexConfigs != nil { + in, out := &in.IndexConfigs, &out.IndexConfigs + *out = make([]ProjectBucketConfigIndexConfigsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Locked != nil { in, out := &in.Locked, &out.Locked *out = new(bool) @@ -2381,6 +2559,13 @@ func (in *ProjectBucketConfigObservation) DeepCopyInto(out *ProjectBucketConfigO *out = new(string) **out = **in } + if in.IndexConfigs != nil { + in, out := &in.IndexConfigs, &out.IndexConfigs + *out = make([]ProjectBucketConfigIndexConfigsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.LifecycleState != nil { in, out := &in.LifecycleState, &out.LifecycleState *out = new(string) @@ -2448,6 +2633,13 @@ func (in *ProjectBucketConfigParameters) DeepCopyInto(out *ProjectBucketConfigPa *out = new(bool) **out = **in } + if in.IndexConfigs != nil { + in, out := &in.IndexConfigs, &out.IndexConfigs + *out = make([]ProjectBucketConfigIndexConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -2931,6 +3123,21 @@ func (in *ProjectSinkInitParameters) DeepCopyInto(out *ProjectSinkInitParameters (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CustomWriterIdentity != nil { + in, out := &in.CustomWriterIdentity, &out.CustomWriterIdentity + *out = new(string) + **out = **in + } + if in.CustomWriterIdentityRef != nil { + in, out := &in.CustomWriterIdentityRef, &out.CustomWriterIdentityRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.CustomWriterIdentitySelector != nil { + in, out := &in.CustomWriterIdentitySelector, &out.CustomWriterIdentitySelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -3022,6 +3229,11 @@ func (in *ProjectSinkObservation) DeepCopyInto(out *ProjectSinkObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CustomWriterIdentity != nil { + in, out := &in.CustomWriterIdentity, &out.CustomWriterIdentity + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -3091,6 +3303,21 @@ func (in *ProjectSinkParameters) DeepCopyInto(out *ProjectSinkParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CustomWriterIdentity != nil { + in, out := &in.CustomWriterIdentity, &out.CustomWriterIdentity + *out = new(string) + **out = **in + } + if in.CustomWriterIdentityRef != nil { + in, out := &in.CustomWriterIdentityRef, &out.CustomWriterIdentityRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.CustomWriterIdentitySelector != nil { + in, out := &in.CustomWriterIdentitySelector, &out.CustomWriterIdentitySelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/logging/v1beta1/zz_generated.resolvers.go b/apis/logging/v1beta1/zz_generated.resolvers.go index a159a3d3b..1cc8014ba 100644 --- a/apis/logging/v1beta1/zz_generated.resolvers.go +++ b/apis/logging/v1beta1/zz_generated.resolvers.go @@ -277,3 +277,53 @@ func (mg *ProjectBucketConfig) ResolveReferences(ctx context.Context, c client.R return nil } + +// ResolveReferences of this ProjectSink. +func (mg *ProjectSink) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.CustomWriterIdentity), + Extract: resource.ExtractParamPath("email", true), + Reference: mg.Spec.ForProvider.CustomWriterIdentityRef, + Selector: mg.Spec.ForProvider.CustomWriterIdentitySelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.CustomWriterIdentity") + } + mg.Spec.ForProvider.CustomWriterIdentity = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.CustomWriterIdentityRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.CustomWriterIdentity), + Extract: resource.ExtractParamPath("email", true), + Reference: mg.Spec.InitProvider.CustomWriterIdentityRef, + Selector: mg.Spec.InitProvider.CustomWriterIdentitySelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.CustomWriterIdentity") + } + mg.Spec.InitProvider.CustomWriterIdentity = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.CustomWriterIdentityRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/logging/v1beta1/zz_metric_types.go b/apis/logging/v1beta1/zz_metric_types.go index 1a4d2305b..be1e26c52 100755 --- a/apis/logging/v1beta1/zz_metric_types.go +++ b/apis/logging/v1beta1/zz_metric_types.go @@ -130,15 +130,15 @@ type ExponentialBucketsParameters struct { // Must be greater than 1. // +kubebuilder:validation:Optional - GrowthFactor *float64 `json:"growthFactor,omitempty" tf:"growth_factor,omitempty"` + GrowthFactor *float64 `json:"growthFactor" tf:"growth_factor,omitempty"` // Must be greater than 0. // +kubebuilder:validation:Optional - NumFiniteBuckets *float64 `json:"numFiniteBuckets,omitempty" tf:"num_finite_buckets,omitempty"` + NumFiniteBuckets *float64 `json:"numFiniteBuckets" tf:"num_finite_buckets,omitempty"` // Must be greater than 0. // +kubebuilder:validation:Optional - Scale *float64 `json:"scale,omitempty" tf:"scale,omitempty"` + Scale *float64 `json:"scale" tf:"scale,omitempty"` } type LabelsInitParameters struct { @@ -217,15 +217,15 @@ type LinearBucketsParameters struct { // Must be greater than 0. // +kubebuilder:validation:Optional - NumFiniteBuckets *float64 `json:"numFiniteBuckets,omitempty" tf:"num_finite_buckets,omitempty"` + NumFiniteBuckets *float64 `json:"numFiniteBuckets" tf:"num_finite_buckets,omitempty"` // Lower bound of the first bucket. // +kubebuilder:validation:Optional - Offset *float64 `json:"offset,omitempty" tf:"offset,omitempty"` + Offset *float64 `json:"offset" tf:"offset,omitempty"` // Must be greater than 0. // +kubebuilder:validation:Optional - Width *float64 `json:"width,omitempty" tf:"width,omitempty"` + Width *float64 `json:"width" tf:"width,omitempty"` } type MetricDescriptorInitParameters struct { diff --git a/apis/logging/v1beta1/zz_projectbucketconfig_types.go b/apis/logging/v1beta1/zz_projectbucketconfig_types.go index 31e2cbea0..ca4e9b5ae 100755 --- a/apis/logging/v1beta1/zz_projectbucketconfig_types.go +++ b/apis/logging/v1beta1/zz_projectbucketconfig_types.go @@ -99,6 +99,38 @@ type ProjectBucketConfigCmekSettingsParameters struct { KMSKeyNameSelector *v1.Selector `json:"kmsKeyNameSelector,omitempty" tf:"-"` } +type ProjectBucketConfigIndexConfigsInitParameters struct { + + // The LogEntry field path to index. + // Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + FieldPath *string `json:"fieldPath,omitempty" tf:"field_path,omitempty"` + + // The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type ProjectBucketConfigIndexConfigsObservation struct { + + // The LogEntry field path to index. + // Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + FieldPath *string `json:"fieldPath,omitempty" tf:"field_path,omitempty"` + + // The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type ProjectBucketConfigIndexConfigsParameters struct { + + // The LogEntry field path to index. + // Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + // +kubebuilder:validation:Optional + FieldPath *string `json:"fieldPath" tf:"field_path,omitempty"` + + // The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER. + // +kubebuilder:validation:Optional + Type *string `json:"type" tf:"type,omitempty"` +} + type ProjectBucketConfigInitParameters struct { // The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed. Structure is documented below. @@ -110,6 +142,9 @@ type ProjectBucketConfigInitParameters struct { // Whether or not Log Analytics is enabled. Logs for buckets with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled. EnableAnalytics *bool `json:"enableAnalytics,omitempty" tf:"enable_analytics,omitempty"` + // A list of indexed fields and related configuration data. Structure is documented below. + IndexConfigs []ProjectBucketConfigIndexConfigsInitParameters `json:"indexConfigs,omitempty" tf:"index_configs,omitempty"` + // Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty. Locked *bool `json:"locked,omitempty" tf:"locked,omitempty"` @@ -134,6 +169,9 @@ type ProjectBucketConfigObservation struct { // an identifier for the resource with format projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // A list of indexed fields and related configuration data. Structure is documented below. + IndexConfigs []ProjectBucketConfigIndexConfigsObservation `json:"indexConfigs,omitempty" tf:"index_configs,omitempty"` + // The bucket's lifecycle such as active or deleted. See LifecycleState. LifecycleState *string `json:"lifecycleState,omitempty" tf:"lifecycle_state,omitempty"` @@ -171,6 +209,10 @@ type ProjectBucketConfigParameters struct { // +kubebuilder:validation:Optional EnableAnalytics *bool `json:"enableAnalytics,omitempty" tf:"enable_analytics,omitempty"` + // A list of indexed fields and related configuration data. Structure is documented below. + // +kubebuilder:validation:Optional + IndexConfigs []ProjectBucketConfigIndexConfigsParameters `json:"indexConfigs,omitempty" tf:"index_configs,omitempty"` + // The location of the bucket. // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` diff --git a/apis/logging/v1beta1/zz_projectsink_types.go b/apis/logging/v1beta1/zz_projectsink_types.go index 6aebfba5a..d2bb0b2e8 100755 --- a/apis/logging/v1beta1/zz_projectsink_types.go +++ b/apis/logging/v1beta1/zz_projectsink_types.go @@ -114,11 +114,26 @@ type ProjectSinkInitParameters struct { // Options that affect sinks exporting data to BigQuery. Structure documented below. BigqueryOptions []ProjectSinkBigqueryOptionsInitParameters `json:"bigqueryOptions,omitempty" tf:"bigquery_options,omitempty"` + // A user managed service account that will be used to write + // the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + // routing logs to a destination outside this sink's project. If not specified, a Logging service account + // will automatically be generated. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) + CustomWriterIdentity *string `json:"customWriterIdentity,omitempty" tf:"custom_writer_identity,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate customWriterIdentity. + // +kubebuilder:validation:Optional + CustomWriterIdentityRef *v1.Reference `json:"customWriterIdentityRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate customWriterIdentity. + // +kubebuilder:validation:Optional + CustomWriterIdentitySelector *v1.Selector `json:"customWriterIdentitySelector,omitempty" tf:"-"` + // A description of this sink. The maximum length of the description is 8000 characters. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The destination of the sink (or, in other words, where logs are written to). Can be a - // Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: + // The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples: Destination *string `json:"destination,omitempty" tf:"destination,omitempty"` // If set to True, then this sink is disabled and it does not export any log entries. @@ -136,8 +151,7 @@ type ProjectSinkInitParameters struct { // used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // Whether or not to create a unique identity associated with this sink. If false - // (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, + // Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), // then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize // bigquery_options, you must set unique_writer_identity to true. UniqueWriterIdentity *bool `json:"uniqueWriterIdentity,omitempty" tf:"unique_writer_identity,omitempty"` @@ -148,11 +162,16 @@ type ProjectSinkObservation struct { // Options that affect sinks exporting data to BigQuery. Structure documented below. BigqueryOptions []ProjectSinkBigqueryOptionsObservation `json:"bigqueryOptions,omitempty" tf:"bigquery_options,omitempty"` + // A user managed service account that will be used to write + // the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + // routing logs to a destination outside this sink's project. If not specified, a Logging service account + // will automatically be generated. + CustomWriterIdentity *string `json:"customWriterIdentity,omitempty" tf:"custom_writer_identity,omitempty"` + // A description of this sink. The maximum length of the description is 8000 characters. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The destination of the sink (or, in other words, where logs are written to). Can be a - // Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: + // The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples: Destination *string `json:"destination,omitempty" tf:"destination,omitempty"` // If set to True, then this sink is disabled and it does not export any log entries. @@ -173,8 +192,7 @@ type ProjectSinkObservation struct { // used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // Whether or not to create a unique identity associated with this sink. If false - // (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, + // Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), // then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize // bigquery_options, you must set unique_writer_identity to true. UniqueWriterIdentity *bool `json:"uniqueWriterIdentity,omitempty" tf:"unique_writer_identity,omitempty"` @@ -190,12 +208,28 @@ type ProjectSinkParameters struct { // +kubebuilder:validation:Optional BigqueryOptions []ProjectSinkBigqueryOptionsParameters `json:"bigqueryOptions,omitempty" tf:"bigquery_options,omitempty"` + // A user managed service account that will be used to write + // the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + // routing logs to a destination outside this sink's project. If not specified, a Logging service account + // will automatically be generated. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) + // +kubebuilder:validation:Optional + CustomWriterIdentity *string `json:"customWriterIdentity,omitempty" tf:"custom_writer_identity,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate customWriterIdentity. + // +kubebuilder:validation:Optional + CustomWriterIdentityRef *v1.Reference `json:"customWriterIdentityRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate customWriterIdentity. + // +kubebuilder:validation:Optional + CustomWriterIdentitySelector *v1.Selector `json:"customWriterIdentitySelector,omitempty" tf:"-"` + // A description of this sink. The maximum length of the description is 8000 characters. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The destination of the sink (or, in other words, where logs are written to). Can be a - // Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: + // The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples: // +kubebuilder:validation:Optional Destination *string `json:"destination,omitempty" tf:"destination,omitempty"` @@ -218,8 +252,7 @@ type ProjectSinkParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` - // Whether or not to create a unique identity associated with this sink. If false - // (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, + // Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), // then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize // bigquery_options, you must set unique_writer_identity to true. // +kubebuilder:validation:Optional diff --git a/apis/memcache/v1beta1/zz_generated.deepcopy.go b/apis/memcache/v1beta1/zz_generated.deepcopy.go index e3f396b11..fa700df65 100644 --- a/apis/memcache/v1beta1/zz_generated.deepcopy.go +++ b/apis/memcache/v1beta1/zz_generated.deepcopy.go @@ -137,6 +137,17 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.ReservedIPRangeID != nil { + in, out := &in.ReservedIPRangeID, &out.ReservedIPRangeID + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Zones != nil { in, out := &in.Zones, &out.Zones *out = make([]*string, len(*in)) @@ -215,6 +226,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -301,6 +328,33 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.ReservedIPRangeID != nil { + in, out := &in.ReservedIPRangeID, &out.ReservedIPRangeID + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Zones != nil { in, out := &in.Zones, &out.Zones *out = make([]*string, len(*in)) @@ -409,6 +463,17 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.ReservedIPRangeID != nil { + in, out := &in.ReservedIPRangeID, &out.ReservedIPRangeID + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Zones != nil { in, out := &in.Zones, &out.Zones *out = make([]*string, len(*in)) diff --git a/apis/memcache/v1beta1/zz_instance_types.go b/apis/memcache/v1beta1/zz_instance_types.go index 8cc22638c..cea25c647 100755 --- a/apis/memcache/v1beta1/zz_instance_types.go +++ b/apis/memcache/v1beta1/zz_instance_types.go @@ -64,7 +64,7 @@ type InstanceInitParameters struct { // Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically // determined by our system based on the latest supported minor version. // Default value is MEMCACHE_1_5. - // Possible values are: MEMCACHE_1_5. + // Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. MemcacheVersion *string `json:"memcacheVersion,omitempty" tf:"memcache_version,omitempty"` // The resource name of the instance. @@ -84,6 +84,11 @@ type InstanceInitParameters struct { // The region of the Memcache instance. If it is not provided, the provider region is used. Region *string `json:"region,omitempty" tf:"region,omitempty"` + // Contains the name of allocated IP address ranges associated with + // the private service access connection for example, "test-default" + // associated with IP range 10.0.0.0/29. + ReservedIPRangeID []*string `json:"reservedIpRangeId,omitempty" tf:"reserved_ip_range_id,omitempty"` + // Zones where memcache nodes should be provisioned. If not // provided, all zones will be used. // +listType=set @@ -105,6 +110,9 @@ type InstanceObservation struct { // A user-visible name for the instance. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -135,7 +143,7 @@ type InstanceObservation struct { // Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically // determined by our system based on the latest supported minor version. // Default value is MEMCACHE_1_5. - // Possible values are: MEMCACHE_1_5. + // Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. MemcacheVersion *string `json:"memcacheVersion,omitempty" tf:"memcache_version,omitempty"` // The resource name of the instance. @@ -155,6 +163,16 @@ type InstanceObservation struct { // The region of the Memcache instance. If it is not provided, the provider region is used. Region *string `json:"region,omitempty" tf:"region,omitempty"` + // Contains the name of allocated IP address ranges associated with + // the private service access connection for example, "test-default" + // associated with IP range 10.0.0.0/29. + ReservedIPRangeID []*string `json:"reservedIpRangeId,omitempty" tf:"reserved_ip_range_id,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Zones where memcache nodes should be provisioned. If not // provided, all zones will be used. // +listType=set @@ -201,7 +219,7 @@ type InstanceParameters struct { // Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically // determined by our system based on the latest supported minor version. // Default value is MEMCACHE_1_5. - // Possible values are: MEMCACHE_1_5. + // Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. // +kubebuilder:validation:Optional MemcacheVersion *string `json:"memcacheVersion,omitempty" tf:"memcache_version,omitempty"` @@ -227,6 +245,12 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional Region *string `json:"region,omitempty" tf:"region,omitempty"` + // Contains the name of allocated IP address ranges associated with + // the private service access connection for example, "test-default" + // associated with IP range 10.0.0.0/29. + // +kubebuilder:validation:Optional + ReservedIPRangeID []*string `json:"reservedIpRangeId,omitempty" tf:"reserved_ip_range_id,omitempty"` + // Zones where memcache nodes should be provisioned. If not // provided, all zones will be used. // +kubebuilder:validation:Optional diff --git a/apis/mlengine/v1beta1/zz_generated.deepcopy.go b/apis/mlengine/v1beta1/zz_generated.deepcopy.go index 4f8d839da..614ffc782 100644 --- a/apis/mlengine/v1beta1/zz_generated.deepcopy.go +++ b/apis/mlengine/v1beta1/zz_generated.deepcopy.go @@ -232,6 +232,22 @@ func (in *ModelObservation) DeepCopyInto(out *ModelObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -284,6 +300,22 @@ func (in *ModelObservation) DeepCopyInto(out *ModelObservation) { } } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModelObservation. diff --git a/apis/mlengine/v1beta1/zz_model_terraformed.go b/apis/mlengine/v1beta1/zz_model_terraformed.go index 7728c1954..98a12a8fa 100755 --- a/apis/mlengine/v1beta1/zz_model_terraformed.go +++ b/apis/mlengine/v1beta1/zz_model_terraformed.go @@ -141,5 +141,5 @@ func (tr *Model) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Model) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/mlengine/v1beta1/zz_model_types.go b/apis/mlengine/v1beta1/zz_model_types.go index 81d221657..cd52b925c 100755 --- a/apis/mlengine/v1beta1/zz_model_types.go +++ b/apis/mlengine/v1beta1/zz_model_types.go @@ -59,6 +59,8 @@ type ModelInitParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // One or more labels that you can add, to organize your models. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -90,10 +92,15 @@ type ModelObservation struct { // The description specified for the model when it was created. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/models/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // One or more labels that you can add, to organize your models. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -113,6 +120,11 @@ type ModelObservation struct { // The list of regions where the model is going to be deployed. // Currently only one region per model is supported Regions []*string `json:"regions,omitempty" tf:"regions,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ModelParameters struct { @@ -128,6 +140,8 @@ type ModelParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // One or more labels that you can add, to organize your models. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/monitoring/v1beta1/zz_alertpolicy_types.go b/apis/monitoring/v1beta1/zz_alertpolicy_types.go index 88a97326e..2f900c6d2 100755 --- a/apis/monitoring/v1beta1/zz_alertpolicy_types.go +++ b/apis/monitoring/v1beta1/zz_alertpolicy_types.go @@ -339,6 +339,12 @@ type AlertPolicyInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The severity of an alert policy indicates how important incidents generated + // by that policy are. The severity level will be displayed on the Incident + // detail page and in notifications. + // Possible values are: CRITICAL, ERROR, WARNING. + Severity *string `json:"severity,omitempty" tf:"severity,omitempty"` + // This field is intended to be used for organizing and identifying the AlertPolicy // objects.The field can contain up to 64 entries. Each key and value is limited // to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values @@ -409,6 +415,12 @@ type AlertPolicyObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The severity of an alert policy indicates how important incidents generated + // by that policy are. The severity level will be displayed on the Incident + // detail page and in notifications. + // Possible values are: CRITICAL, ERROR, WARNING. + Severity *string `json:"severity,omitempty" tf:"severity,omitempty"` + // This field is intended to be used for organizing and identifying the AlertPolicy // objects.The field can contain up to 64 entries. Each key and value is limited // to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values @@ -474,6 +486,13 @@ type AlertPolicyParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The severity of an alert policy indicates how important incidents generated + // by that policy are. The severity level will be displayed on the Incident + // detail page and in notifications. + // Possible values are: CRITICAL, ERROR, WARNING. + // +kubebuilder:validation:Optional + Severity *string `json:"severity,omitempty" tf:"severity,omitempty"` + // This field is intended to be used for organizing and identifying the AlertPolicy // objects.The field can contain up to 64 entries. Each key and value is limited // to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values @@ -1033,9 +1052,7 @@ type ConditionPrometheusQueryLanguageInitParameters struct { // in order to refer to the original Prometheus configuration file. // The rule group name and the alert name are necessary to update the // relevant AlertPolicies in case the definition of the rule group changes - // in the future. - // This field is optional. If this field is not empty, then it must be a - // valid Prometheus label name. + // in the future. This field is optional. RuleGroup *string `json:"ruleGroup,omitempty" tf:"rule_group,omitempty"` } @@ -1096,9 +1113,7 @@ type ConditionPrometheusQueryLanguageObservation struct { // in order to refer to the original Prometheus configuration file. // The rule group name and the alert name are necessary to update the // relevant AlertPolicies in case the definition of the rule group changes - // in the future. - // This field is optional. If this field is not empty, then it must be a - // valid Prometheus label name. + // in the future. This field is optional. RuleGroup *string `json:"ruleGroup,omitempty" tf:"rule_group,omitempty"` } @@ -1140,7 +1155,7 @@ type ConditionPrometheusQueryLanguageParameters struct { // alerting rule, then this value should be taken from the enclosing // rule group. // +kubebuilder:validation:Optional - EvaluationInterval *string `json:"evaluationInterval" tf:"evaluation_interval,omitempty"` + EvaluationInterval *string `json:"evaluationInterval,omitempty" tf:"evaluation_interval,omitempty"` // Labels to add to or overwrite in the PromQL query result. Label names // must be valid. @@ -1164,9 +1179,7 @@ type ConditionPrometheusQueryLanguageParameters struct { // in order to refer to the original Prometheus configuration file. // The rule group name and the alert name are necessary to update the // relevant AlertPolicies in case the definition of the rule group changes - // in the future. - // This field is optional. If this field is not empty, then it must be a - // valid Prometheus label name. + // in the future. This field is optional. // +kubebuilder:validation:Optional RuleGroup *string `json:"ruleGroup,omitempty" tf:"rule_group,omitempty"` } @@ -1881,7 +1894,6 @@ type ConditionsInitParameters struct { // Structure is documented below. ConditionMonitoringQueryLanguage []ConditionMonitoringQueryLanguageInitParameters `json:"conditionMonitoringQueryLanguage,omitempty" tf:"condition_monitoring_query_language,omitempty"` - // A Monitoring Query Language query that outputs a boolean stream // A condition type that allows alert policies to be defined using // Prometheus Query Language (PromQL). // The PrometheusQueryLanguageCondition message contains information @@ -1918,7 +1930,6 @@ type ConditionsObservation struct { // Structure is documented below. ConditionMonitoringQueryLanguage []ConditionMonitoringQueryLanguageObservation `json:"conditionMonitoringQueryLanguage,omitempty" tf:"condition_monitoring_query_language,omitempty"` - // A Monitoring Query Language query that outputs a boolean stream // A condition type that allows alert policies to be defined using // Prometheus Query Language (PromQL). // The PrometheusQueryLanguageCondition message contains information @@ -1967,7 +1978,6 @@ type ConditionsParameters struct { // +kubebuilder:validation:Optional ConditionMonitoringQueryLanguage []ConditionMonitoringQueryLanguageParameters `json:"conditionMonitoringQueryLanguage,omitempty" tf:"condition_monitoring_query_language,omitempty"` - // A Monitoring Query Language query that outputs a boolean stream // A condition type that allows alert policies to be defined using // Prometheus Query Language (PromQL). // The PrometheusQueryLanguageCondition message contains information @@ -2281,6 +2291,12 @@ type DocumentationInitParameters struct { // The format of the content field. Presently, only the value // "text/markdown" is supported. MimeType *string `json:"mimeType,omitempty" tf:"mime_type,omitempty"` + + // The subject line of the notification. The subject line may not + // exceed 10,240 bytes. In notifications generated by this policy the contents + // of the subject line after variable expansion will be truncated to 255 bytes + // or shorter at the latest UTF-8 character boundary. + Subject *string `json:"subject,omitempty" tf:"subject,omitempty"` } type DocumentationObservation struct { @@ -2294,6 +2310,12 @@ type DocumentationObservation struct { // The format of the content field. Presently, only the value // "text/markdown" is supported. MimeType *string `json:"mimeType,omitempty" tf:"mime_type,omitempty"` + + // The subject line of the notification. The subject line may not + // exceed 10,240 bytes. In notifications generated by this policy the contents + // of the subject line after variable expansion will be truncated to 255 bytes + // or shorter at the latest UTF-8 character boundary. + Subject *string `json:"subject,omitempty" tf:"subject,omitempty"` } type DocumentationParameters struct { @@ -2309,6 +2331,13 @@ type DocumentationParameters struct { // "text/markdown" is supported. // +kubebuilder:validation:Optional MimeType *string `json:"mimeType,omitempty" tf:"mime_type,omitempty"` + + // The subject line of the notification. The subject line may not + // exceed 10,240 bytes. In notifications generated by this policy the contents + // of the subject line after variable expansion will be truncated to 255 bytes + // or shorter at the latest UTF-8 character boundary. + // +kubebuilder:validation:Optional + Subject *string `json:"subject,omitempty" tf:"subject,omitempty"` } type ForecastOptionsInitParameters struct { diff --git a/apis/monitoring/v1beta1/zz_customservice_types.go b/apis/monitoring/v1beta1/zz_customservice_types.go index 259a8f534..c549f731a 100755 --- a/apis/monitoring/v1beta1/zz_customservice_types.go +++ b/apis/monitoring/v1beta1/zz_customservice_types.go @@ -174,7 +174,7 @@ type CustomServiceStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// CustomService is the Schema for the CustomServices API. A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern (Wikipedia). +// CustomService is the Schema for the CustomServices API. A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern. // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/monitoring/v1beta1/zz_generated.deepcopy.go b/apis/monitoring/v1beta1/zz_generated.deepcopy.go index e4c7046ab..dde8717cf 100644 --- a/apis/monitoring/v1beta1/zz_generated.deepcopy.go +++ b/apis/monitoring/v1beta1/zz_generated.deepcopy.go @@ -305,6 +305,11 @@ func (in *AlertPolicyInitParameters) DeepCopyInto(out *AlertPolicyInitParameters *out = new(string) **out = **in } + if in.Severity != nil { + in, out := &in.Severity, &out.Severity + *out = new(string) + **out = **in + } if in.UserLabels != nil { in, out := &in.UserLabels, &out.UserLabels *out = make(map[string]*string, len(*in)) @@ -437,6 +442,11 @@ func (in *AlertPolicyObservation) DeepCopyInto(out *AlertPolicyObservation) { *out = new(string) **out = **in } + if in.Severity != nil { + in, out := &in.Severity, &out.Severity + *out = new(string) + **out = **in + } if in.UserLabels != nil { in, out := &in.UserLabels, &out.UserLabels *out = make(map[string]*string, len(*in)) @@ -520,6 +530,11 @@ func (in *AlertPolicyParameters) DeepCopyInto(out *AlertPolicyParameters) { *out = new(string) **out = **in } + if in.Severity != nil { + in, out := &in.Severity, &out.Severity + *out = new(string) + **out = **in + } if in.UserLabels != nil { in, out := &in.UserLabels, &out.UserLabels *out = make(map[string]*string, len(*in)) @@ -1406,6 +1421,86 @@ func (in *BasicSliPerformanceParameters) DeepCopy() *BasicSliPerformanceParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudFunctionV2InitParameters) DeepCopyInto(out *CloudFunctionV2InitParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.NameRef != nil { + in, out := &in.NameRef, &out.NameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NameSelector != nil { + in, out := &in.NameSelector, &out.NameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudFunctionV2InitParameters. +func (in *CloudFunctionV2InitParameters) DeepCopy() *CloudFunctionV2InitParameters { + if in == nil { + return nil + } + out := new(CloudFunctionV2InitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudFunctionV2Observation) DeepCopyInto(out *CloudFunctionV2Observation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudFunctionV2Observation. +func (in *CloudFunctionV2Observation) DeepCopy() *CloudFunctionV2Observation { + if in == nil { + return nil + } + out := new(CloudFunctionV2Observation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudFunctionV2Parameters) DeepCopyInto(out *CloudFunctionV2Parameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.NameRef != nil { + in, out := &in.NameRef, &out.NameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NameSelector != nil { + in, out := &in.NameSelector, &out.NameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudFunctionV2Parameters. +func (in *CloudFunctionV2Parameters) DeepCopy() *CloudFunctionV2Parameters { + if in == nil { + return nil + } + out := new(CloudFunctionV2Parameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionAbsentInitParameters) DeepCopyInto(out *ConditionAbsentInitParameters) { *out = *in @@ -3452,6 +3547,11 @@ func (in *DocumentationInitParameters) DeepCopyInto(out *DocumentationInitParame *out = new(string) **out = **in } + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DocumentationInitParameters. @@ -3477,6 +3577,11 @@ func (in *DocumentationObservation) DeepCopyInto(out *DocumentationObservation) *out = new(string) **out = **in } + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DocumentationObservation. @@ -3502,6 +3607,11 @@ func (in *DocumentationParameters) DeepCopyInto(out *DocumentationParameters) { *out = new(string) **out = **in } + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DocumentationParameters. @@ -4037,6 +4147,11 @@ func (in *HTTPCheckInitParameters) DeepCopyInto(out *HTTPCheckInitParameters) { *out = new(string) **out = **in } + if in.CustomContentType != nil { + in, out := &in.CustomContentType, &out.CustomContentType + *out = new(string) + **out = **in + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]*string, len(*in)) @@ -4063,6 +4178,13 @@ func (in *HTTPCheckInitParameters) DeepCopyInto(out *HTTPCheckInitParameters) { *out = new(string) **out = **in } + if in.PingConfig != nil { + in, out := &in.PingConfig, &out.PingConfig + *out = make([]PingConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -4122,6 +4244,11 @@ func (in *HTTPCheckObservation) DeepCopyInto(out *HTTPCheckObservation) { *out = new(string) **out = **in } + if in.CustomContentType != nil { + in, out := &in.CustomContentType, &out.CustomContentType + *out = new(string) + **out = **in + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]*string, len(*in)) @@ -4148,6 +4275,13 @@ func (in *HTTPCheckObservation) DeepCopyInto(out *HTTPCheckObservation) { *out = new(string) **out = **in } + if in.PingConfig != nil { + in, out := &in.PingConfig, &out.PingConfig + *out = make([]PingConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -4207,6 +4341,11 @@ func (in *HTTPCheckParameters) DeepCopyInto(out *HTTPCheckParameters) { *out = new(string) **out = **in } + if in.CustomContentType != nil { + in, out := &in.CustomContentType, &out.CustomContentType + *out = new(string) + **out = **in + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]*string, len(*in)) @@ -4233,6 +4372,13 @@ func (in *HTTPCheckParameters) DeepCopyInto(out *HTTPCheckParameters) { *out = new(string) **out = **in } + if in.PingConfig != nil { + in, out := &in.PingConfig, &out.PingConfig + *out = make([]PingConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -6077,6 +6223,66 @@ func (in *PerformanceParameters) DeepCopy() *PerformanceParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PingConfigInitParameters) DeepCopyInto(out *PingConfigInitParameters) { + *out = *in + if in.PingsCount != nil { + in, out := &in.PingsCount, &out.PingsCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PingConfigInitParameters. +func (in *PingConfigInitParameters) DeepCopy() *PingConfigInitParameters { + if in == nil { + return nil + } + out := new(PingConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PingConfigObservation) DeepCopyInto(out *PingConfigObservation) { + *out = *in + if in.PingsCount != nil { + in, out := &in.PingsCount, &out.PingsCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PingConfigObservation. +func (in *PingConfigObservation) DeepCopy() *PingConfigObservation { + if in == nil { + return nil + } + out := new(PingConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PingConfigParameters) DeepCopyInto(out *PingConfigParameters) { + *out = *in + if in.PingsCount != nil { + in, out := &in.PingsCount, &out.PingsCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PingConfigParameters. +func (in *PingConfigParameters) DeepCopy() *PingConfigParameters { + if in == nil { + return nil + } + out := new(PingConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RangeInitParameters) DeepCopyInto(out *RangeInitParameters) { *out = *in @@ -7084,9 +7290,82 @@ func (in *ServiceTelemetryParameters) DeepCopy() *ServiceTelemetryParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyntheticMonitorInitParameters) DeepCopyInto(out *SyntheticMonitorInitParameters) { + *out = *in + if in.CloudFunctionV2 != nil { + in, out := &in.CloudFunctionV2, &out.CloudFunctionV2 + *out = make([]CloudFunctionV2InitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyntheticMonitorInitParameters. +func (in *SyntheticMonitorInitParameters) DeepCopy() *SyntheticMonitorInitParameters { + if in == nil { + return nil + } + out := new(SyntheticMonitorInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyntheticMonitorObservation) DeepCopyInto(out *SyntheticMonitorObservation) { + *out = *in + if in.CloudFunctionV2 != nil { + in, out := &in.CloudFunctionV2, &out.CloudFunctionV2 + *out = make([]CloudFunctionV2Observation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyntheticMonitorObservation. +func (in *SyntheticMonitorObservation) DeepCopy() *SyntheticMonitorObservation { + if in == nil { + return nil + } + out := new(SyntheticMonitorObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyntheticMonitorParameters) DeepCopyInto(out *SyntheticMonitorParameters) { + *out = *in + if in.CloudFunctionV2 != nil { + in, out := &in.CloudFunctionV2, &out.CloudFunctionV2 + *out = make([]CloudFunctionV2Parameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyntheticMonitorParameters. +func (in *SyntheticMonitorParameters) DeepCopy() *SyntheticMonitorParameters { + if in == nil { + return nil + } + out := new(SyntheticMonitorParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TCPCheckInitParameters) DeepCopyInto(out *TCPCheckInitParameters) { *out = *in + if in.PingConfig != nil { + in, out := &in.PingConfig, &out.PingConfig + *out = make([]TCPCheckPingConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -7107,6 +7386,13 @@ func (in *TCPCheckInitParameters) DeepCopy() *TCPCheckInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TCPCheckObservation) DeepCopyInto(out *TCPCheckObservation) { *out = *in + if in.PingConfig != nil { + in, out := &in.PingConfig, &out.PingConfig + *out = make([]TCPCheckPingConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -7127,6 +7413,13 @@ func (in *TCPCheckObservation) DeepCopy() *TCPCheckObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TCPCheckParameters) DeepCopyInto(out *TCPCheckParameters) { *out = *in + if in.PingConfig != nil { + in, out := &in.PingConfig, &out.PingConfig + *out = make([]TCPCheckPingConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -7144,6 +7437,66 @@ func (in *TCPCheckParameters) DeepCopy() *TCPCheckParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TCPCheckPingConfigInitParameters) DeepCopyInto(out *TCPCheckPingConfigInitParameters) { + *out = *in + if in.PingsCount != nil { + in, out := &in.PingsCount, &out.PingsCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPCheckPingConfigInitParameters. +func (in *TCPCheckPingConfigInitParameters) DeepCopy() *TCPCheckPingConfigInitParameters { + if in == nil { + return nil + } + out := new(TCPCheckPingConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TCPCheckPingConfigObservation) DeepCopyInto(out *TCPCheckPingConfigObservation) { + *out = *in + if in.PingsCount != nil { + in, out := &in.PingsCount, &out.PingsCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPCheckPingConfigObservation. +func (in *TCPCheckPingConfigObservation) DeepCopy() *TCPCheckPingConfigObservation { + if in == nil { + return nil + } + out := new(TCPCheckPingConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TCPCheckPingConfigParameters) DeepCopyInto(out *TCPCheckPingConfigParameters) { + *out = *in + if in.PingsCount != nil { + in, out := &in.PingsCount, &out.PingsCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPCheckPingConfigParameters. +func (in *TCPCheckPingConfigParameters) DeepCopy() *TCPCheckPingConfigParameters { + if in == nil { + return nil + } + out := new(TCPCheckPingConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TelemetryInitParameters) DeepCopyInto(out *TelemetryInitParameters) { *out = *in @@ -7368,6 +7721,13 @@ func (in *UptimeCheckConfigInitParameters) DeepCopyInto(out *UptimeCheckConfigIn } } } + if in.SyntheticMonitor != nil { + in, out := &in.SyntheticMonitor, &out.SyntheticMonitor + *out = make([]SyntheticMonitorInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TCPCheck != nil { in, out := &in.TCPCheck, &out.TCPCheck *out = make([]TCPCheckInitParameters, len(*in)) @@ -7380,6 +7740,22 @@ func (in *UptimeCheckConfigInitParameters) DeepCopyInto(out *UptimeCheckConfigIn *out = new(string) **out = **in } + if in.UserLabels != nil { + in, out := &in.UserLabels, &out.UserLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UptimeCheckConfigInitParameters. @@ -7496,6 +7872,13 @@ func (in *UptimeCheckConfigObservation) DeepCopyInto(out *UptimeCheckConfigObser } } } + if in.SyntheticMonitor != nil { + in, out := &in.SyntheticMonitor, &out.SyntheticMonitor + *out = make([]SyntheticMonitorObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TCPCheck != nil { in, out := &in.TCPCheck, &out.TCPCheck *out = make([]TCPCheckObservation, len(*in)) @@ -7513,6 +7896,22 @@ func (in *UptimeCheckConfigObservation) DeepCopyInto(out *UptimeCheckConfigObser *out = new(string) **out = **in } + if in.UserLabels != nil { + in, out := &in.UserLabels, &out.UserLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UptimeCheckConfigObservation. @@ -7587,6 +7986,13 @@ func (in *UptimeCheckConfigParameters) DeepCopyInto(out *UptimeCheckConfigParame } } } + if in.SyntheticMonitor != nil { + in, out := &in.SyntheticMonitor, &out.SyntheticMonitor + *out = make([]SyntheticMonitorParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TCPCheck != nil { in, out := &in.TCPCheck, &out.TCPCheck *out = make([]TCPCheckParameters, len(*in)) @@ -7599,6 +8005,22 @@ func (in *UptimeCheckConfigParameters) DeepCopyInto(out *UptimeCheckConfigParame *out = new(string) **out = **in } + if in.UserLabels != nil { + in, out := &in.UserLabels, &out.UserLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UptimeCheckConfigParameters. diff --git a/apis/monitoring/v1beta1/zz_generated.resolvers.go b/apis/monitoring/v1beta1/zz_generated.resolvers.go index 87c0257a9..4b2e57e57 100644 --- a/apis/monitoring/v1beta1/zz_generated.resolvers.go +++ b/apis/monitoring/v1beta1/zz_generated.resolvers.go @@ -21,9 +21,10 @@ package v1beta1 import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" client "sigs.k8s.io/controller-runtime/pkg/client" // ResolveReferences of this Group. @@ -159,6 +160,29 @@ func (mg *UptimeCheckConfig) ResolveReferences(ctx context.Context, c client.Rea mg.Spec.ForProvider.ResourceGroup[i3].GroupIDRef = rsp.ResolvedReference } + for i3 := 0; i3 < len(mg.Spec.ForProvider.SyntheticMonitor); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2); i4++ { + { + m, l, err = apisresolver.GetManagedResource("cloudfunctions2.gcp.upbound.io", "v1beta1", "Function", "FunctionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].Name), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].NameRef, + Selector: mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].NameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].Name") + } + mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].NameRef = rsp.ResolvedReference + + } + } for i3 := 0; i3 < len(mg.Spec.InitProvider.ResourceGroup); i3++ { { m, l, err = apisresolver.GetManagedResource("monitoring.gcp.upbound.io", "v1beta1", "Group", "GroupList") @@ -180,6 +204,29 @@ func (mg *UptimeCheckConfig) ResolveReferences(ctx context.Context, c client.Rea mg.Spec.InitProvider.ResourceGroup[i3].GroupIDRef = rsp.ResolvedReference } + for i3 := 0; i3 < len(mg.Spec.InitProvider.SyntheticMonitor); i3++ { + for i4 := 0; i4 < len(mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2); i4++ { + { + m, l, err = apisresolver.GetManagedResource("cloudfunctions2.gcp.upbound.io", "v1beta1", "Function", "FunctionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].Name), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].NameRef, + Selector: mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].NameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].Name") + } + mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SyntheticMonitor[i3].CloudFunctionV2[i4].NameRef = rsp.ResolvedReference + + } + } return nil } diff --git a/apis/monitoring/v1beta1/zz_service_types.go b/apis/monitoring/v1beta1/zz_service_types.go index f02af1cef..6185a8d53 100755 --- a/apis/monitoring/v1beta1/zz_service_types.go +++ b/apis/monitoring/v1beta1/zz_service_types.go @@ -198,7 +198,7 @@ type ServiceStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// Service is the Schema for the Services API. A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern (Wikipedia). +// Service is the Schema for the Services API. A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern. // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/monitoring/v1beta1/zz_uptimecheckconfig_types.go b/apis/monitoring/v1beta1/zz_uptimecheckconfig_types.go index f063db9ae..e56dfb1a3 100755 --- a/apis/monitoring/v1beta1/zz_uptimecheckconfig_types.go +++ b/apis/monitoring/v1beta1/zz_uptimecheckconfig_types.go @@ -85,6 +85,45 @@ type AuthInfoParameters struct { Username *string `json:"username" tf:"username,omitempty"` } +type CloudFunctionV2InitParameters struct { + + // The fully qualified name of the cloud function resource. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudfunctions2/v1beta1.Function + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Reference to a Function in cloudfunctions2 to populate name. + // +kubebuilder:validation:Optional + NameRef *v1.Reference `json:"nameRef,omitempty" tf:"-"` + + // Selector for a Function in cloudfunctions2 to populate name. + // +kubebuilder:validation:Optional + NameSelector *v1.Selector `json:"nameSelector,omitempty" tf:"-"` +} + +type CloudFunctionV2Observation struct { + + // The fully qualified name of the cloud function resource. + Name *string `json:"name,omitempty" tf:"name,omitempty"` +} + +type CloudFunctionV2Parameters struct { + + // The fully qualified name of the cloud function resource. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudfunctions2/v1beta1.Function + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Reference to a Function in cloudfunctions2 to populate name. + // +kubebuilder:validation:Optional + NameRef *v1.Reference `json:"nameRef,omitempty" tf:"-"` + + // Selector for a Function in cloudfunctions2 to populate name. + // +kubebuilder:validation:Optional + NameSelector *v1.Selector `json:"nameSelector,omitempty" tf:"-"` +} + type ContentMatchersInitParameters struct { // String or regex content to match (max 1024 bytes) @@ -143,27 +182,34 @@ type HTTPCheckInitParameters struct { // Structure is documented below. AuthInfo []AuthInfoInitParameters `json:"authInfo,omitempty" tf:"auth_info,omitempty"` - // The request body associated with the HTTP POST request. If contentType is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the requestMethod is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. "foo=bar" in URL-encoded form is "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + // The request body associated with the HTTP POST request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar and in base64 encoding is Zm9vJTI1M0RiYXI=. Body *string `json:"body,omitempty" tf:"body,omitempty"` // The content type to use for the check. - // Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. + // Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. ContentType *string `json:"contentType,omitempty" tf:"content_type,omitempty"` - // The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. + // A user provided content type header to use for the check. The invalid configurations outlined in the content_type field apply to custom_content_type, as well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` is not set. + CustomContentType *string `json:"customContentType,omitempty" tf:"custom_content_type,omitempty"` + + // The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in RFC 2616 (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. // +mapType=granular Headers map[string]*string `json:"headers,omitempty" tf:"headers,omitempty"` - // Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to True then the headers will be obscured with ******. + // Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to true then the headers will be obscured with ******. MaskHeaders *bool `json:"maskHeaders,omitempty" tf:"mask_headers,omitempty"` - // The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with "/", a "/" will be prepended automatically. Optional (defaults to "/"). + // The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with /, a / will be prepended automatically. Optional (defaults to /). Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). + // Contains information needed to add pings to an HTTP check. + // Structure is documented below. + PingConfig []PingConfigInitParameters `json:"pingConfig,omitempty" tf:"ping_config,omitempty"` + + // The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). Port *float64 `json:"port,omitempty" tf:"port,omitempty"` - // The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. + // The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. // Default value is GET. // Possible values are: METHOD_UNSPECIFIED, GET, POST. RequestMethod *string `json:"requestMethod,omitempty" tf:"request_method,omitempty"` @@ -171,7 +217,7 @@ type HTTPCheckInitParameters struct { // If true, use HTTPS instead of HTTP to run the check. UseSSL *bool `json:"useSsl,omitempty" tf:"use_ssl,omitempty"` - // Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitoredResource is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. + // Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitored_resource is set to uptime_url. If use_ssl is false, setting validate_ssl to true has no effect. ValidateSSL *bool `json:"validateSsl,omitempty" tf:"validate_ssl,omitempty"` } @@ -185,27 +231,34 @@ type HTTPCheckObservation struct { // Structure is documented below. AuthInfo []AuthInfoObservation `json:"authInfo,omitempty" tf:"auth_info,omitempty"` - // The request body associated with the HTTP POST request. If contentType is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the requestMethod is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. "foo=bar" in URL-encoded form is "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + // The request body associated with the HTTP POST request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar and in base64 encoding is Zm9vJTI1M0RiYXI=. Body *string `json:"body,omitempty" tf:"body,omitempty"` // The content type to use for the check. - // Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. + // Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. ContentType *string `json:"contentType,omitempty" tf:"content_type,omitempty"` - // The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. + // A user provided content type header to use for the check. The invalid configurations outlined in the content_type field apply to custom_content_type, as well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` is not set. + CustomContentType *string `json:"customContentType,omitempty" tf:"custom_content_type,omitempty"` + + // The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in RFC 2616 (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. // +mapType=granular Headers map[string]*string `json:"headers,omitempty" tf:"headers,omitempty"` - // Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to True then the headers will be obscured with ******. + // Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to true then the headers will be obscured with ******. MaskHeaders *bool `json:"maskHeaders,omitempty" tf:"mask_headers,omitempty"` - // The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with "/", a "/" will be prepended automatically. Optional (defaults to "/"). + // The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with /, a / will be prepended automatically. Optional (defaults to /). Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). + // Contains information needed to add pings to an HTTP check. + // Structure is documented below. + PingConfig []PingConfigObservation `json:"pingConfig,omitempty" tf:"ping_config,omitempty"` + + // The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). Port *float64 `json:"port,omitempty" tf:"port,omitempty"` - // The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. + // The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. // Default value is GET. // Possible values are: METHOD_UNSPECIFIED, GET, POST. RequestMethod *string `json:"requestMethod,omitempty" tf:"request_method,omitempty"` @@ -213,7 +266,7 @@ type HTTPCheckObservation struct { // If true, use HTTPS instead of HTTP to run the check. UseSSL *bool `json:"useSsl,omitempty" tf:"use_ssl,omitempty"` - // Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitoredResource is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. + // Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitored_resource is set to uptime_url. If use_ssl is false, setting validate_ssl to true has no effect. ValidateSSL *bool `json:"validateSsl,omitempty" tf:"validate_ssl,omitempty"` } @@ -229,33 +282,42 @@ type HTTPCheckParameters struct { // +kubebuilder:validation:Optional AuthInfo []AuthInfoParameters `json:"authInfo,omitempty" tf:"auth_info,omitempty"` - // The request body associated with the HTTP POST request. If contentType is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the requestMethod is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. "foo=bar" in URL-encoded form is "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + // The request body associated with the HTTP POST request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar and in base64 encoding is Zm9vJTI1M0RiYXI=. // +kubebuilder:validation:Optional Body *string `json:"body,omitempty" tf:"body,omitempty"` // The content type to use for the check. - // Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. + // Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. // +kubebuilder:validation:Optional ContentType *string `json:"contentType,omitempty" tf:"content_type,omitempty"` - // The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. + // A user provided content type header to use for the check. The invalid configurations outlined in the content_type field apply to custom_content_type, as well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` is not set. + // +kubebuilder:validation:Optional + CustomContentType *string `json:"customContentType,omitempty" tf:"custom_content_type,omitempty"` + + // The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in RFC 2616 (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. // +kubebuilder:validation:Optional // +mapType=granular Headers map[string]*string `json:"headers,omitempty" tf:"headers,omitempty"` - // Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to True then the headers will be obscured with ******. + // Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to true then the headers will be obscured with ******. // +kubebuilder:validation:Optional MaskHeaders *bool `json:"maskHeaders,omitempty" tf:"mask_headers,omitempty"` - // The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with "/", a "/" will be prepended automatically. Optional (defaults to "/"). + // The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with /, a / will be prepended automatically. Optional (defaults to /). // +kubebuilder:validation:Optional Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). + // Contains information needed to add pings to an HTTP check. + // Structure is documented below. + // +kubebuilder:validation:Optional + PingConfig []PingConfigParameters `json:"pingConfig,omitempty" tf:"ping_config,omitempty"` + + // The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). // +kubebuilder:validation:Optional Port *float64 `json:"port,omitempty" tf:"port,omitempty"` - // The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. + // The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. // Default value is GET. // Possible values are: METHOD_UNSPECIFIED, GET, POST. // +kubebuilder:validation:Optional @@ -265,7 +327,7 @@ type HTTPCheckParameters struct { // +kubebuilder:validation:Optional UseSSL *bool `json:"useSsl,omitempty" tf:"use_ssl,omitempty"` - // Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitoredResource is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. + // Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitored_resource is set to uptime_url. If use_ssl is false, setting validate_ssl to true has no effect. // +kubebuilder:validation:Optional ValidateSSL *bool `json:"validateSsl,omitempty" tf:"validate_ssl,omitempty"` } @@ -307,36 +369,55 @@ type JSONPathMatcherParameters struct { type MonitoredResourceInitParameters struct { - // Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels "project_id", "instance_id", and "zone". + // Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels project_id, instance_id, and zone. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types (https://cloud.google.com/monitoring/api/resources) and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + // The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types and Logging resource types. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type MonitoredResourceObservation struct { - // Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels "project_id", "instance_id", and "zone". + // Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels project_id, instance_id, and zone. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types (https://cloud.google.com/monitoring/api/resources) and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + // The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types and Logging resource types. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type MonitoredResourceParameters struct { - // Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels "project_id", "instance_id", and "zone". + // Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels project_id, instance_id, and zone. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels" tf:"labels,omitempty"` - // The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types (https://cloud.google.com/monitoring/api/resources) and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + // The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types and Logging resource types. // +kubebuilder:validation:Optional Type *string `json:"type" tf:"type,omitempty"` } +type PingConfigInitParameters struct { + + // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. + PingsCount *float64 `json:"pingsCount,omitempty" tf:"pings_count,omitempty"` +} + +type PingConfigObservation struct { + + // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. + PingsCount *float64 `json:"pingsCount,omitempty" tf:"pings_count,omitempty"` +} + +type PingConfigParameters struct { + + // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. + // +kubebuilder:validation:Optional + PingsCount *float64 `json:"pingsCount" tf:"pings_count,omitempty"` +} + type ResourceGroupInitParameters struct { // The group of resources being monitored. Should be the name of a group @@ -389,28 +470,82 @@ type ResourceGroupParameters struct { ResourceType *string `json:"resourceType,omitempty" tf:"resource_type,omitempty"` } +type SyntheticMonitorInitParameters struct { + + // Target a Synthetic Monitor GCFv2 Instance + // Structure is documented below. + CloudFunctionV2 []CloudFunctionV2InitParameters `json:"cloudFunctionV2,omitempty" tf:"cloud_function_v2,omitempty"` +} + +type SyntheticMonitorObservation struct { + + // Target a Synthetic Monitor GCFv2 Instance + // Structure is documented below. + CloudFunctionV2 []CloudFunctionV2Observation `json:"cloudFunctionV2,omitempty" tf:"cloud_function_v2,omitempty"` +} + +type SyntheticMonitorParameters struct { + + // Target a Synthetic Monitor GCFv2 Instance + // Structure is documented below. + // +kubebuilder:validation:Optional + CloudFunctionV2 []CloudFunctionV2Parameters `json:"cloudFunctionV2" tf:"cloud_function_v2,omitempty"` +} + type TCPCheckInitParameters struct { - // The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) to construct the full URL. + // Contains information needed to add pings to a TCP check. + // Structure is documented below. + PingConfig []TCPCheckPingConfigInitParameters `json:"pingConfig,omitempty" tf:"ping_config,omitempty"` + + // The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) to construct the full URL. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` } type TCPCheckObservation struct { - // The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) to construct the full URL. + // Contains information needed to add pings to a TCP check. + // Structure is documented below. + PingConfig []TCPCheckPingConfigObservation `json:"pingConfig,omitempty" tf:"ping_config,omitempty"` + + // The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) to construct the full URL. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` } type TCPCheckParameters struct { - // The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) to construct the full URL. + // Contains information needed to add pings to a TCP check. + // Structure is documented below. + // +kubebuilder:validation:Optional + PingConfig []TCPCheckPingConfigParameters `json:"pingConfig,omitempty" tf:"ping_config,omitempty"` + + // The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) to construct the full URL. // +kubebuilder:validation:Optional Port *float64 `json:"port" tf:"port,omitempty"` } +type TCPCheckPingConfigInitParameters struct { + + // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. + PingsCount *float64 `json:"pingsCount,omitempty" tf:"pings_count,omitempty"` +} + +type TCPCheckPingConfigObservation struct { + + // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. + PingsCount *float64 `json:"pingsCount,omitempty" tf:"pings_count,omitempty"` +} + +type TCPCheckPingConfigParameters struct { + + // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. + // +kubebuilder:validation:Optional + PingsCount *float64 `json:"pingsCount" tf:"pings_count,omitempty"` +} + type UptimeCheckConfigInitParameters struct { - // The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + // The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. // Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. CheckerType *string `json:"checkerType,omitempty" tf:"checker_type,omitempty"` @@ -425,8 +560,10 @@ type UptimeCheckConfigInitParameters struct { // Structure is documented below. HTTPCheck []HTTPCheckInitParameters `json:"httpCheck,omitempty" tf:"http_check,omitempty"` - // The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - // Structure is documented below. + // The [monitored resource] + // (https://cloud.google.com/monitoring/api/resources) associated with the + // configuration. The following monitored resource types are supported for + // uptime checks: MonitoredResource []MonitoredResourceInitParameters `json:"monitoredResource,omitempty" tf:"monitored_resource,omitempty"` // How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s. @@ -443,17 +580,25 @@ type UptimeCheckConfigInitParameters struct { // The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions. SelectedRegions []*string `json:"selectedRegions,omitempty" tf:"selected_regions,omitempty"` + // A Synthetic Monitor deployed to a Cloud Functions V2 instance. + // Structure is documented below. + SyntheticMonitor []SyntheticMonitorInitParameters `json:"syntheticMonitor,omitempty" tf:"synthetic_monitor,omitempty"` + // Contains information needed to make a TCP check. // Structure is documented below. TCPCheck []TCPCheckInitParameters `json:"tcpCheck,omitempty" tf:"tcp_check,omitempty"` - // The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + // The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). See the accepted formats Timeout *string `json:"timeout,omitempty" tf:"timeout,omitempty"` + + // User-supplied key/value data to be used for organizing and identifying the UptimeCheckConfig objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. + // +mapType=granular + UserLabels map[string]*string `json:"userLabels,omitempty" tf:"user_labels,omitempty"` } type UptimeCheckConfigObservation struct { - // The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + // The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. // Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. CheckerType *string `json:"checkerType,omitempty" tf:"checker_type,omitempty"` @@ -471,8 +616,10 @@ type UptimeCheckConfigObservation struct { // an identifier for the resource with format {{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - // Structure is documented below. + // The [monitored resource] + // (https://cloud.google.com/monitoring/api/resources) associated with the + // configuration. The following monitored resource types are supported for + // uptime checks: MonitoredResource []MonitoredResourceObservation `json:"monitoredResource,omitempty" tf:"monitored_resource,omitempty"` // A unique resource name for this UptimeCheckConfig. The format is projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]. @@ -492,20 +639,28 @@ type UptimeCheckConfigObservation struct { // The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions. SelectedRegions []*string `json:"selectedRegions,omitempty" tf:"selected_regions,omitempty"` + // A Synthetic Monitor deployed to a Cloud Functions V2 instance. + // Structure is documented below. + SyntheticMonitor []SyntheticMonitorObservation `json:"syntheticMonitor,omitempty" tf:"synthetic_monitor,omitempty"` + // Contains information needed to make a TCP check. // Structure is documented below. TCPCheck []TCPCheckObservation `json:"tcpCheck,omitempty" tf:"tcp_check,omitempty"` - // The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + // The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). See the accepted formats Timeout *string `json:"timeout,omitempty" tf:"timeout,omitempty"` // The id of the uptime check UptimeCheckID *string `json:"uptimeCheckId,omitempty" tf:"uptime_check_id,omitempty"` + + // User-supplied key/value data to be used for organizing and identifying the UptimeCheckConfig objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. + // +mapType=granular + UserLabels map[string]*string `json:"userLabels,omitempty" tf:"user_labels,omitempty"` } type UptimeCheckConfigParameters struct { - // The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + // The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. // Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. // +kubebuilder:validation:Optional CheckerType *string `json:"checkerType,omitempty" tf:"checker_type,omitempty"` @@ -524,8 +679,10 @@ type UptimeCheckConfigParameters struct { // +kubebuilder:validation:Optional HTTPCheck []HTTPCheckParameters `json:"httpCheck,omitempty" tf:"http_check,omitempty"` - // The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - // Structure is documented below. + // The [monitored resource] + // (https://cloud.google.com/monitoring/api/resources) associated with the + // configuration. The following monitored resource types are supported for + // uptime checks: // +kubebuilder:validation:Optional MonitoredResource []MonitoredResourceParameters `json:"monitoredResource,omitempty" tf:"monitored_resource,omitempty"` @@ -547,14 +704,24 @@ type UptimeCheckConfigParameters struct { // +kubebuilder:validation:Optional SelectedRegions []*string `json:"selectedRegions,omitempty" tf:"selected_regions,omitempty"` + // A Synthetic Monitor deployed to a Cloud Functions V2 instance. + // Structure is documented below. + // +kubebuilder:validation:Optional + SyntheticMonitor []SyntheticMonitorParameters `json:"syntheticMonitor,omitempty" tf:"synthetic_monitor,omitempty"` + // Contains information needed to make a TCP check. // Structure is documented below. // +kubebuilder:validation:Optional TCPCheck []TCPCheckParameters `json:"tcpCheck,omitempty" tf:"tcp_check,omitempty"` - // The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + // The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). See the accepted formats // +kubebuilder:validation:Optional Timeout *string `json:"timeout,omitempty" tf:"timeout,omitempty"` + + // User-supplied key/value data to be used for organizing and identifying the UptimeCheckConfig objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. + // +kubebuilder:validation:Optional + // +mapType=granular + UserLabels map[string]*string `json:"userLabels,omitempty" tf:"user_labels,omitempty"` } // UptimeCheckConfigSpec defines the desired state of UptimeCheckConfig diff --git a/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go b/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go index b8eda8275..4d2b50f36 100644 --- a/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go +++ b/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go @@ -143,6 +143,22 @@ func (in *HubObservation) DeepCopyInto(out *HubObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -186,6 +202,22 @@ func (in *HubObservation) DeepCopyInto(out *HubObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UniqueID != nil { in, out := &in.UniqueID, &out.UniqueID *out = new(string) @@ -558,6 +590,119 @@ func (in *LinkedRouterApplianceInstancesParameters) DeepCopy() *LinkedRouterAppl return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinkedVPCNetworkInitParameters) DeepCopyInto(out *LinkedVPCNetworkInitParameters) { + *out = *in + if in.ExcludeExportRanges != nil { + in, out := &in.ExcludeExportRanges, &out.ExcludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } + if in.URIRef != nil { + in, out := &in.URIRef, &out.URIRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.URISelector != nil { + in, out := &in.URISelector, &out.URISelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedVPCNetworkInitParameters. +func (in *LinkedVPCNetworkInitParameters) DeepCopy() *LinkedVPCNetworkInitParameters { + if in == nil { + return nil + } + out := new(LinkedVPCNetworkInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinkedVPCNetworkObservation) DeepCopyInto(out *LinkedVPCNetworkObservation) { + *out = *in + if in.ExcludeExportRanges != nil { + in, out := &in.ExcludeExportRanges, &out.ExcludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedVPCNetworkObservation. +func (in *LinkedVPCNetworkObservation) DeepCopy() *LinkedVPCNetworkObservation { + if in == nil { + return nil + } + out := new(LinkedVPCNetworkObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinkedVPCNetworkParameters) DeepCopyInto(out *LinkedVPCNetworkParameters) { + *out = *in + if in.ExcludeExportRanges != nil { + in, out := &in.ExcludeExportRanges, &out.ExcludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } + if in.URIRef != nil { + in, out := &in.URIRef, &out.URIRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.URISelector != nil { + in, out := &in.URISelector, &out.URISelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedVPCNetworkParameters. +func (in *LinkedVPCNetworkParameters) DeepCopy() *LinkedVPCNetworkParameters { + if in == nil { + return nil + } + out := new(LinkedVPCNetworkParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedVPNTunnelsInitParameters) DeepCopyInto(out *LinkedVPNTunnelsInitParameters) { *out = *in @@ -781,6 +926,13 @@ func (in *SpokeInitParameters) DeepCopyInto(out *SpokeInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.LinkedVPCNetwork != nil { + in, out := &in.LinkedVPCNetwork, &out.LinkedVPCNetwork + *out = make([]LinkedVPCNetworkInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.LinkedVPNTunnels != nil { in, out := &in.LinkedVPNTunnels, &out.LinkedVPNTunnels *out = make([]LinkedVPNTunnelsInitParameters, len(*in)) @@ -860,6 +1012,22 @@ func (in *SpokeObservation) DeepCopyInto(out *SpokeObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Hub != nil { in, out := &in.Hub, &out.Hub *out = new(string) @@ -900,6 +1068,13 @@ func (in *SpokeObservation) DeepCopyInto(out *SpokeObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.LinkedVPCNetwork != nil { + in, out := &in.LinkedVPCNetwork, &out.LinkedVPCNetwork + *out = make([]LinkedVPCNetworkObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.LinkedVPNTunnels != nil { in, out := &in.LinkedVPNTunnels, &out.LinkedVPNTunnels *out = make([]LinkedVPNTunnelsObservation, len(*in)) @@ -927,6 +1102,22 @@ func (in *SpokeObservation) DeepCopyInto(out *SpokeObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UniqueID != nil { in, out := &in.UniqueID, &out.UniqueID *out = new(string) @@ -1002,6 +1193,13 @@ func (in *SpokeParameters) DeepCopyInto(out *SpokeParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.LinkedVPCNetwork != nil { + in, out := &in.LinkedVPCNetwork, &out.LinkedVPCNetwork + *out = make([]LinkedVPCNetworkParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.LinkedVPNTunnels != nil { in, out := &in.LinkedVPNTunnels, &out.LinkedVPNTunnels *out = make([]LinkedVPNTunnelsParameters, len(*in)) diff --git a/apis/networkconnectivity/v1beta1/zz_generated.resolvers.go b/apis/networkconnectivity/v1beta1/zz_generated.resolvers.go index 789cb5214..31c246cd1 100644 --- a/apis/networkconnectivity/v1beta1/zz_generated.resolvers.go +++ b/apis/networkconnectivity/v1beta1/zz_generated.resolvers.go @@ -81,6 +81,27 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { } } + for i3 := 0; i3 < len(mg.Spec.ForProvider.LinkedVPCNetwork); i3++ { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.LinkedVPCNetwork[i3].URI), + Extract: resource.ExtractParamPath("self_link", true), + Reference: mg.Spec.ForProvider.LinkedVPCNetwork[i3].URIRef, + Selector: mg.Spec.ForProvider.LinkedVPCNetwork[i3].URISelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.LinkedVPCNetwork[i3].URI") + } + mg.Spec.ForProvider.LinkedVPCNetwork[i3].URI = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.LinkedVPCNetwork[i3].URIRef = rsp.ResolvedReference + + } { m, l, err = apisresolver.GetManagedResource("networkconnectivity.gcp.upbound.io", "v1beta1", "Hub", "HubList") if err != nil { @@ -123,6 +144,27 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { } } + for i3 := 0; i3 < len(mg.Spec.InitProvider.LinkedVPCNetwork); i3++ { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.LinkedVPCNetwork[i3].URI), + Extract: resource.ExtractParamPath("self_link", true), + Reference: mg.Spec.InitProvider.LinkedVPCNetwork[i3].URIRef, + Selector: mg.Spec.InitProvider.LinkedVPCNetwork[i3].URISelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.LinkedVPCNetwork[i3].URI") + } + mg.Spec.InitProvider.LinkedVPCNetwork[i3].URI = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.LinkedVPCNetwork[i3].URIRef = rsp.ResolvedReference + + } return nil } diff --git a/apis/networkconnectivity/v1beta1/zz_hub_types.go b/apis/networkconnectivity/v1beta1/zz_hub_types.go index 64c51b65e..d3358b5a8 100755 --- a/apis/networkconnectivity/v1beta1/zz_hub_types.go +++ b/apis/networkconnectivity/v1beta1/zz_hub_types.go @@ -53,6 +53,9 @@ type HubObservation struct { // An optional description of the hub. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/global/hubs/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -72,6 +75,10 @@ type HubObservation struct { // Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id. UniqueID *string `json:"uniqueId,omitempty" tf:"unique_id,omitempty"` diff --git a/apis/networkconnectivity/v1beta1/zz_spoke_types.go b/apis/networkconnectivity/v1beta1/zz_spoke_types.go index 2a730a34c..d3a510c21 100755 --- a/apis/networkconnectivity/v1beta1/zz_spoke_types.go +++ b/apis/networkconnectivity/v1beta1/zz_spoke_types.go @@ -136,6 +136,55 @@ type LinkedRouterApplianceInstancesParameters struct { SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer" tf:"site_to_site_data_transfer,omitempty"` } +type LinkedVPCNetworkInitParameters struct { + + // IP ranges encompassing the subnets to be excluded from peering. + ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + + // The URI of the VPC network resource. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` + + // Reference to a Network in compute to populate uri. + // +kubebuilder:validation:Optional + URIRef *v1.Reference `json:"uriRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate uri. + // +kubebuilder:validation:Optional + URISelector *v1.Selector `json:"uriSelector,omitempty" tf:"-"` +} + +type LinkedVPCNetworkObservation struct { + + // IP ranges encompassing the subnets to be excluded from peering. + ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + + // The URI of the VPC network resource. + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type LinkedVPCNetworkParameters struct { + + // IP ranges encompassing the subnets to be excluded from peering. + // +kubebuilder:validation:Optional + ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + + // The URI of the VPC network resource. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` + + // Reference to a Network in compute to populate uri. + // +kubebuilder:validation:Optional + URIRef *v1.Reference `json:"uriRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate uri. + // +kubebuilder:validation:Optional + URISelector *v1.Selector `json:"uriSelector,omitempty" tf:"-"` +} + type LinkedVPNTunnelsInitParameters struct { // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. @@ -193,6 +242,9 @@ type SpokeInitParameters struct { // The URIs of linked Router appliance resources LinkedRouterApplianceInstances []LinkedRouterApplianceInstancesInitParameters `json:"linkedRouterApplianceInstances,omitempty" tf:"linked_router_appliance_instances,omitempty"` + // VPC network that is associated with the spoke. + LinkedVPCNetwork []LinkedVPCNetworkInitParameters `json:"linkedVpcNetwork,omitempty" tf:"linked_vpc_network,omitempty"` + // The URIs of linked VPN tunnel resources LinkedVPNTunnels []LinkedVPNTunnelsInitParameters `json:"linkedVpnTunnels,omitempty" tf:"linked_vpn_tunnels,omitempty"` @@ -214,6 +266,9 @@ type SpokeObservation struct { // An optional description of the spoke. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Immutable. The URI of the hub that this spoke is attached to. Hub *string `json:"hub,omitempty" tf:"hub,omitempty"` @@ -230,6 +285,9 @@ type SpokeObservation struct { // The URIs of linked Router appliance resources LinkedRouterApplianceInstances []LinkedRouterApplianceInstancesObservation `json:"linkedRouterApplianceInstances,omitempty" tf:"linked_router_appliance_instances,omitempty"` + // VPC network that is associated with the spoke. + LinkedVPCNetwork []LinkedVPCNetworkObservation `json:"linkedVpcNetwork,omitempty" tf:"linked_vpc_network,omitempty"` + // The URIs of linked VPN tunnel resources LinkedVPNTunnels []LinkedVPNTunnelsObservation `json:"linkedVpnTunnels,omitempty" tf:"linked_vpn_tunnels,omitempty"` @@ -245,6 +303,10 @@ type SpokeObservation struct { // Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id. UniqueID *string `json:"uniqueId,omitempty" tf:"unique_id,omitempty"` @@ -285,6 +347,10 @@ type SpokeParameters struct { // +kubebuilder:validation:Optional LinkedRouterApplianceInstances []LinkedRouterApplianceInstancesParameters `json:"linkedRouterApplianceInstances,omitempty" tf:"linked_router_appliance_instances,omitempty"` + // VPC network that is associated with the spoke. + // +kubebuilder:validation:Optional + LinkedVPCNetwork []LinkedVPCNetworkParameters `json:"linkedVpcNetwork,omitempty" tf:"linked_vpc_network,omitempty"` + // The URIs of linked VPN tunnel resources // +kubebuilder:validation:Optional LinkedVPNTunnels []LinkedVPNTunnelsParameters `json:"linkedVpnTunnels,omitempty" tf:"linked_vpn_tunnels,omitempty"` diff --git a/apis/networkmanagement/v1beta1/zz_connectivitytest_types.go b/apis/networkmanagement/v1beta1/zz_connectivitytest_types.go index 8864c9a3a..d949cb402 100755 --- a/apis/networkmanagement/v1beta1/zz_connectivitytest_types.go +++ b/apis/networkmanagement/v1beta1/zz_connectivitytest_types.go @@ -116,6 +116,9 @@ type ConnectivityTestObservation struct { // Structure is documented below. Destination []DestinationObservation `json:"destination,omitempty" tf:"destination,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/global/connectivityTests/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -158,6 +161,11 @@ type ConnectivityTestObservation struct { // you don't intend to test. // Structure is documented below. Source []SourceObservation `json:"source,omitempty" tf:"source,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type ConnectivityTestParameters struct { diff --git a/apis/networkmanagement/v1beta1/zz_generated.deepcopy.go b/apis/networkmanagement/v1beta1/zz_generated.deepcopy.go index 9b0b30b35..33db6a901 100644 --- a/apis/networkmanagement/v1beta1/zz_generated.deepcopy.go +++ b/apis/networkmanagement/v1beta1/zz_generated.deepcopy.go @@ -175,6 +175,22 @@ func (in *ConnectivityTestObservation) DeepCopyInto(out *ConnectivityTestObserva (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -229,6 +245,22 @@ func (in *ConnectivityTestObservation) DeepCopyInto(out *ConnectivityTestObserva (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectivityTestObservation. diff --git a/apis/notebooks/v1beta1/zz_generated.deepcopy.go b/apis/notebooks/v1beta1/zz_generated.deepcopy.go index ba8bab92d..caadca8c9 100644 --- a/apis/notebooks/v1beta1/zz_generated.deepcopy.go +++ b/apis/notebooks/v1beta1/zz_generated.deepcopy.go @@ -1476,6 +1476,11 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.DesiredState != nil { + in, out := &in.DesiredState, &out.DesiredState + *out = new(string) + **out = **in + } if in.DiskEncryption != nil { in, out := &in.DiskEncryption, &out.DiskEncryption *out = new(string) @@ -1718,11 +1723,32 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.DesiredState != nil { + in, out := &in.DesiredState, &out.DesiredState + *out = new(string) + **out = **in + } if in.DiskEncryption != nil { in, out := &in.DiskEncryption, &out.DiskEncryption *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1882,6 +1908,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { } } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -1948,6 +1990,11 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.DesiredState != nil { + in, out := &in.DesiredState, &out.DesiredState + *out = new(string) + **out = **in + } if in.DiskEncryption != nil { in, out := &in.DiskEncryption, &out.DiskEncryption *out = new(string) @@ -2877,6 +2924,22 @@ func (in *RuntimeInitParameters) DeepCopyInto(out *RuntimeInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -2950,6 +3013,22 @@ func (in *RuntimeObservation) DeepCopyInto(out *RuntimeObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.HealthState != nil { in, out := &in.HealthState, &out.HealthState *out = new(string) @@ -2960,6 +3039,22 @@ func (in *RuntimeObservation) DeepCopyInto(out *RuntimeObservation) { *out = new(string) **out = **in } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -2989,6 +3084,22 @@ func (in *RuntimeObservation) DeepCopyInto(out *RuntimeObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.VirtualMachine != nil { in, out := &in.VirtualMachine, &out.VirtualMachine *out = make([]VirtualMachineObservation, len(*in)) @@ -3018,6 +3129,22 @@ func (in *RuntimeParameters) DeepCopyInto(out *RuntimeParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) diff --git a/apis/notebooks/v1beta1/zz_instance_terraformed.go b/apis/notebooks/v1beta1/zz_instance_terraformed.go index 9c367d941..f0c437b7c 100755 --- a/apis/notebooks/v1beta1/zz_instance_terraformed.go +++ b/apis/notebooks/v1beta1/zz_instance_terraformed.go @@ -141,5 +141,5 @@ func (tr *Instance) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Instance) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/notebooks/v1beta1/zz_instance_types.go b/apis/notebooks/v1beta1/zz_instance_types.go index 0972780c5..ab02cc27a 100755 --- a/apis/notebooks/v1beta1/zz_instance_types.go +++ b/apis/notebooks/v1beta1/zz_instance_types.go @@ -128,6 +128,9 @@ type InstanceInitParameters struct { // Possible values are: DISK_TYPE_UNSPECIFIED, PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. DataDiskType *string `json:"dataDiskType,omitempty" tf:"data_disk_type,omitempty"` + // Desired state of the Notebook Instance. Set this field to ACTIVE to start the Instance, and STOPPED to stop the Instance. + DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` + // Disk encryption method used on the boot and data disks, defaults to GMEK. // Possible values are: DISK_ENCRYPTION_UNSPECIFIED, GMEK, CMEK. DiskEncryption *string `json:"diskEncryption,omitempty" tf:"disk_encryption,omitempty"` @@ -257,10 +260,17 @@ type InstanceObservation struct { // Possible values are: DISK_TYPE_UNSPECIFIED, PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. DataDiskType *string `json:"dataDiskType,omitempty" tf:"data_disk_type,omitempty"` + // Desired state of the Notebook Instance. Set this field to ACTIVE to start the Instance, and STOPPED to stop the Instance. + DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` + // Disk encryption method used on the boot and data disks, defaults to GMEK. // Possible values are: DISK_ENCRYPTION_UNSPECIFIED, GMEK, CMEK. DiskEncryption *string `json:"diskEncryption,omitempty" tf:"disk_encryption,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -356,6 +366,11 @@ type InstanceObservation struct { // The Compute Engine tags to add to instance. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Instance update time. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` @@ -406,6 +421,10 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional DataDiskType *string `json:"dataDiskType,omitempty" tf:"data_disk_type,omitempty"` + // Desired state of the Notebook Instance. Set this field to ACTIVE to start the Instance, and STOPPED to stop the Instance. + // +kubebuilder:validation:Optional + DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` + // Disk encryption method used on the boot and data disks, defaults to GMEK. // Possible values are: DISK_ENCRYPTION_UNSPECIFIED, GMEK, CMEK. // +kubebuilder:validation:Optional diff --git a/apis/notebooks/v1beta1/zz_runtime_types.go b/apis/notebooks/v1beta1/zz_runtime_types.go index e09ed243c..af2c6e213 100755 --- a/apis/notebooks/v1beta1/zz_runtime_types.go +++ b/apis/notebooks/v1beta1/zz_runtime_types.go @@ -432,6 +432,15 @@ type RuntimeInitParameters struct { // Structure is documented below. AccessConfig []AccessConfigInitParameters `json:"accessConfig,omitempty" tf:"access_config,omitempty"` + // The labels to associate with this runtime. Label keys must + // contain 1 to 63 characters, and must conform to [RFC 1035] + // (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + // empty, but, if present, must contain 1 to 63 characters, and must + // conform to RFC 1035. No + // more than 32 labels can be associated with a cluster. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -451,6 +460,10 @@ type RuntimeObservation struct { // Structure is documented below. AccessConfig []AccessConfigObservation `json:"accessConfig,omitempty" tf:"access_config,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The health state of this runtime. For a list of possible output // values, see https://cloud.google.com/vertex-ai/docs/workbench/ reference/rest/v1/projects.locations.runtimes#healthstate. HealthState *string `json:"healthState,omitempty" tf:"health_state,omitempty"` @@ -458,6 +471,15 @@ type RuntimeObservation struct { // an identifier for the resource with format projects/{{project}}/locations/{{location}}/runtimes/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // The labels to associate with this runtime. Label keys must + // contain 1 to 63 characters, and must conform to [RFC 1035] + // (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + // empty, but, if present, must contain 1 to 63 characters, and must + // conform to RFC 1035. No + // more than 32 labels can be associated with a cluster. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // A reference to the zone where the machine resides. Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -477,6 +499,11 @@ type RuntimeObservation struct { // The state of this runtime. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Use a Compute Engine VM image to start the managed notebook instance. // Structure is documented below. VirtualMachine []VirtualMachineObservation `json:"virtualMachine,omitempty" tf:"virtual_machine,omitempty"` @@ -489,6 +516,16 @@ type RuntimeParameters struct { // +kubebuilder:validation:Optional AccessConfig []AccessConfigParameters `json:"accessConfig,omitempty" tf:"access_config,omitempty"` + // The labels to associate with this runtime. Label keys must + // contain 1 to 63 characters, and must conform to [RFC 1035] + // (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + // empty, but, if present, must contain 1 to 63 characters, and must + // conform to RFC 1035. No + // more than 32 labels can be associated with a cluster. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // A reference to the zone where the machine resides. // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` diff --git a/apis/osconfig/v1beta1/zz_generated.deepcopy.go b/apis/osconfig/v1beta1/zz_generated.deepcopy.go index 7f425511d..00d2f74c3 100644 --- a/apis/osconfig/v1beta1/zz_generated.deepcopy.go +++ b/apis/osconfig/v1beta1/zz_generated.deepcopy.go @@ -7485,6 +7485,11 @@ func (in *WeekDayOfMonthInitParameters) DeepCopyInto(out *WeekDayOfMonthInitPara *out = new(string) **out = **in } + if in.DayOffset != nil { + in, out := &in.DayOffset, &out.DayOffset + *out = new(float64) + **out = **in + } if in.WeekOrdinal != nil { in, out := &in.WeekOrdinal, &out.WeekOrdinal *out = new(float64) @@ -7510,6 +7515,11 @@ func (in *WeekDayOfMonthObservation) DeepCopyInto(out *WeekDayOfMonthObservation *out = new(string) **out = **in } + if in.DayOffset != nil { + in, out := &in.DayOffset, &out.DayOffset + *out = new(float64) + **out = **in + } if in.WeekOrdinal != nil { in, out := &in.WeekOrdinal, &out.WeekOrdinal *out = new(float64) @@ -7535,6 +7545,11 @@ func (in *WeekDayOfMonthParameters) DeepCopyInto(out *WeekDayOfMonthParameters) *out = new(string) **out = **in } + if in.DayOffset != nil { + in, out := &in.DayOffset, &out.DayOffset + *out = new(float64) + **out = **in + } if in.WeekOrdinal != nil { in, out := &in.WeekOrdinal, &out.WeekOrdinal *out = new(float64) diff --git a/apis/osconfig/v1beta1/zz_ospolicyassignment_types.go b/apis/osconfig/v1beta1/zz_ospolicyassignment_types.go index eafc24bb4..982ba6d7c 100755 --- a/apis/osconfig/v1beta1/zz_ospolicyassignment_types.go +++ b/apis/osconfig/v1beta1/zz_ospolicyassignment_types.go @@ -2373,7 +2373,7 @@ type OsPolicyAssignmentStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// OsPolicyAssignment is the Schema for the OsPolicyAssignments API. +// OsPolicyAssignment is the Schema for the OsPolicyAssignments API. OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances. // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/osconfig/v1beta1/zz_patchdeployment_types.go b/apis/osconfig/v1beta1/zz_patchdeployment_types.go index 1b56aef3c..ed7a96402 100755 --- a/apis/osconfig/v1beta1/zz_patchdeployment_types.go +++ b/apis/osconfig/v1beta1/zz_patchdeployment_types.go @@ -1252,6 +1252,9 @@ type WeekDayOfMonthInitParameters struct { // Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. DayOfWeek *string `json:"dayOfWeek,omitempty" tf:"day_of_week,omitempty"` + // Represents the number of days before or after the given week day of month that the patch deployment is scheduled for. + DayOffset *float64 `json:"dayOffset,omitempty" tf:"day_offset,omitempty"` + // Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month. WeekOrdinal *float64 `json:"weekOrdinal,omitempty" tf:"week_ordinal,omitempty"` } @@ -1262,6 +1265,9 @@ type WeekDayOfMonthObservation struct { // Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. DayOfWeek *string `json:"dayOfWeek,omitempty" tf:"day_of_week,omitempty"` + // Represents the number of days before or after the given week day of month that the patch deployment is scheduled for. + DayOffset *float64 `json:"dayOffset,omitempty" tf:"day_offset,omitempty"` + // Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month. WeekOrdinal *float64 `json:"weekOrdinal,omitempty" tf:"week_ordinal,omitempty"` } @@ -1273,6 +1279,10 @@ type WeekDayOfMonthParameters struct { // +kubebuilder:validation:Optional DayOfWeek *string `json:"dayOfWeek" tf:"day_of_week,omitempty"` + // Represents the number of days before or after the given week day of month that the patch deployment is scheduled for. + // +kubebuilder:validation:Optional + DayOffset *float64 `json:"dayOffset,omitempty" tf:"day_offset,omitempty"` + // Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month. // +kubebuilder:validation:Optional WeekOrdinal *float64 `json:"weekOrdinal" tf:"week_ordinal,omitempty"` diff --git a/apis/privateca/v1beta1/zz_capool_types.go b/apis/privateca/v1beta1/zz_capool_types.go index 0f876db6b..c34807e11 100755 --- a/apis/privateca/v1beta1/zz_capool_types.go +++ b/apis/privateca/v1beta1/zz_capool_types.go @@ -409,6 +409,10 @@ type CAPoolInitParameters struct { type CAPoolObservation struct { + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/caPools/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -434,6 +438,11 @@ type CAPoolObservation struct { // Structure is documented below. PublishingOptions []PublishingOptionsObservation `json:"publishingOptions,omitempty" tf:"publishing_options,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The Tier of this CaPool. // Possible values are: ENTERPRISE, DEVOPS. Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` diff --git a/apis/privateca/v1beta1/zz_certificate_types.go b/apis/privateca/v1beta1/zz_certificate_types.go index 107f4f260..db9f1dae1 100755 --- a/apis/privateca/v1beta1/zz_certificate_types.go +++ b/apis/privateca/v1beta1/zz_certificate_types.go @@ -86,11 +86,6 @@ type CertificateDescriptionObservation struct { // Structure is documented below. CertFingerprint []CertFingerprintObservation `json:"certFingerprint,omitempty" tf:"cert_fingerprint,omitempty"` - // (Output, Deprecated) - // Describes some of the technical fields in a certificate. - // Structure is documented below. - ConfigValues []ConfigValuesObservation `json:"configValues,omitempty" tf:"config_values,omitempty"` - // (Output) // Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 CrlDistributionPoints []*string `json:"crlDistributionPoints,omitempty" tf:"crl_distribution_points,omitempty"` @@ -201,6 +196,10 @@ type CertificateObservation struct { // This is in RFC3339 text format. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -226,10 +225,6 @@ type CertificateObservation struct { // The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246. PemCertificateChain []*string `json:"pemCertificateChain,omitempty" tf:"pem_certificate_chain,omitempty"` - // (Deprecated) - // Required. Expected to be in leaf-to-root order according to RFC 5246. - PemCertificates []*string `json:"pemCertificates,omitempty" tf:"pem_certificates,omitempty"` - // Immutable. A pem-encoded X.509 certificate signing request (CSR). PemCsr *string `json:"pemCsr,omitempty" tf:"pem_csr,omitempty"` @@ -245,6 +240,11 @@ type CertificateObservation struct { // Structure is documented below. RevocationDetails []RevocationDetailsObservation `json:"revocationDetails,omitempty" tf:"revocation_details,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. The time at which this CertificateAuthority was updated. // This is in RFC3339 text format. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` @@ -404,65 +404,18 @@ type ConfigPublicKeyParameters struct { KeySecretRef *v1.SecretKeySelector `json:"keySecretRef,omitempty" tf:"-"` } -type ConfigValuesInitParameters struct { -} - -type ConfigValuesKeyUsageInitParameters struct { -} - -type ConfigValuesKeyUsageObservation struct { - - // Describes high-level ways in which a key may be used. - // Structure is documented below. - BaseKeyUsage []KeyUsageBaseKeyUsageObservation `json:"baseKeyUsage,omitempty" tf:"base_key_usage,omitempty"` - - // Describes high-level ways in which a key may be used. - // Structure is documented below. - ExtendedKeyUsage []KeyUsageExtendedKeyUsageObservation `json:"extendedKeyUsage,omitempty" tf:"extended_key_usage,omitempty"` - - // An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - // Structure is documented below. - UnknownExtendedKeyUsages []KeyUsageUnknownExtendedKeyUsagesObservation `json:"unknownExtendedKeyUsages,omitempty" tf:"unknown_extended_key_usages,omitempty"` -} - -type ConfigValuesKeyUsageParameters struct { -} - -type ConfigValuesObservation struct { - - // (Output) - // Indicates the intended use for keys that correspond to a certificate. - // Structure is documented below. - KeyUsage []ConfigValuesKeyUsageObservation `json:"keyUsage,omitempty" tf:"key_usage,omitempty"` -} - -type ConfigValuesParameters struct { -} - type CustomSansInitParameters struct { } -type CustomSansObectIDInitParameters struct { -} - -type CustomSansObectIDObservation struct { - - // An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - ObjectIDPath []*float64 `json:"objectIdPath,omitempty" tf:"object_id_path,omitempty"` -} - -type CustomSansObectIDParameters struct { -} - type CustomSansObservation struct { // Indicates whether or not the name constraints are marked critical. Critical *bool `json:"critical,omitempty" tf:"critical,omitempty"` // (Output) - // Required. Describes how some of the technical fields in a certificate should be populated. + // Describes how some of the technical fields in a certificate should be populated. // Structure is documented below. - ObectID []CustomSansObectIDObservation `json:"obectId,omitempty" tf:"obect_id,omitempty"` + ObectID []ObectIDObservation `json:"obectId,omitempty" tf:"obect_id,omitempty"` // (Output) // The value of this X.509 extension. @@ -477,10 +430,32 @@ type KeyUsageBaseKeyUsageInitParameters struct { type KeyUsageBaseKeyUsageObservation struct { - // (Output) - // Describes high-level ways in which a key may be used. - // Structure is documented below. - KeyUsageOptions []KeyUsageOptionsObservation `json:"keyUsageOptions,omitempty" tf:"key_usage_options,omitempty"` + // The key may be used to sign certificates. + CertSign *bool `json:"certSign,omitempty" tf:"cert_sign,omitempty"` + + // The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + ContentCommitment *bool `json:"contentCommitment,omitempty" tf:"content_commitment,omitempty"` + + // The key may be used sign certificate revocation lists. + CrlSign *bool `json:"crlSign,omitempty" tf:"crl_sign,omitempty"` + + // The key may be used to encipher data. + DataEncipherment *bool `json:"dataEncipherment,omitempty" tf:"data_encipherment,omitempty"` + + // The key may be used to decipher only. + DecipherOnly *bool `json:"decipherOnly,omitempty" tf:"decipher_only,omitempty"` + + // The key may be used for digital signatures. + DigitalSignature *bool `json:"digitalSignature,omitempty" tf:"digital_signature,omitempty"` + + // The key may be used to encipher only. + EncipherOnly *bool `json:"encipherOnly,omitempty" tf:"encipher_only,omitempty"` + + // The key may be used in a key agreement protocol. + KeyAgreement *bool `json:"keyAgreement,omitempty" tf:"key_agreement,omitempty"` + + // The key may be used to encipher other keys. + KeyEncipherment *bool `json:"keyEncipherment,omitempty" tf:"key_encipherment,omitempty"` } type KeyUsageBaseKeyUsageParameters struct { @@ -513,60 +488,13 @@ type KeyUsageExtendedKeyUsageObservation struct { type KeyUsageExtendedKeyUsageParameters struct { } -type KeyUsageOptionsInitParameters struct { -} - -type KeyUsageOptionsObservation struct { - - // (Output) - // The key may be used to sign certificates. - CertSign *bool `json:"certSign,omitempty" tf:"cert_sign,omitempty"` - - // (Output) - // The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - ContentCommitment *bool `json:"contentCommitment,omitempty" tf:"content_commitment,omitempty"` - - // (Output) - // The key may be used sign certificate revocation lists. - CrlSign *bool `json:"crlSign,omitempty" tf:"crl_sign,omitempty"` - - // (Output) - // The key may be used to encipher data. - DataEncipherment *bool `json:"dataEncipherment,omitempty" tf:"data_encipherment,omitempty"` - - // (Output) - // The key may be used to decipher only. - DecipherOnly *bool `json:"decipherOnly,omitempty" tf:"decipher_only,omitempty"` - - // (Output) - // The key may be used for digital signatures. - DigitalSignature *bool `json:"digitalSignature,omitempty" tf:"digital_signature,omitempty"` - - // (Output) - // The key may be used to encipher only. - EncipherOnly *bool `json:"encipherOnly,omitempty" tf:"encipher_only,omitempty"` - - // (Output) - // The key may be used in a key agreement protocol. - KeyAgreement *bool `json:"keyAgreement,omitempty" tf:"key_agreement,omitempty"` - - // (Output) - // The key may be used to encipher other keys. - KeyEncipherment *bool `json:"keyEncipherment,omitempty" tf:"key_encipherment,omitempty"` -} - -type KeyUsageOptionsParameters struct { -} - type KeyUsageUnknownExtendedKeyUsagesInitParameters struct { } type KeyUsageUnknownExtendedKeyUsagesObservation struct { - // (Output) - // Required. Describes how some of the technical fields in a certificate should be populated. - // Structure is documented below. - ObectID []ObectIDObservation `json:"obectId,omitempty" tf:"obect_id,omitempty"` + // An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + ObjectIDPath []*float64 `json:"objectIdPath,omitempty" tf:"object_id_path,omitempty"` } type KeyUsageUnknownExtendedKeyUsagesParameters struct { @@ -1063,125 +991,98 @@ type X509ConfigInitParameters struct { type X509ConfigKeyUsageBaseKeyUsageInitParameters struct { - // (Output) // The key may be used to sign certificates. CertSign *bool `json:"certSign,omitempty" tf:"cert_sign,omitempty"` - // (Output) // The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". ContentCommitment *bool `json:"contentCommitment,omitempty" tf:"content_commitment,omitempty"` - // (Output) // The key may be used sign certificate revocation lists. CrlSign *bool `json:"crlSign,omitempty" tf:"crl_sign,omitempty"` - // (Output) // The key may be used to encipher data. DataEncipherment *bool `json:"dataEncipherment,omitempty" tf:"data_encipherment,omitempty"` - // (Output) // The key may be used to decipher only. DecipherOnly *bool `json:"decipherOnly,omitempty" tf:"decipher_only,omitempty"` - // (Output) // The key may be used for digital signatures. DigitalSignature *bool `json:"digitalSignature,omitempty" tf:"digital_signature,omitempty"` - // (Output) // The key may be used to encipher only. EncipherOnly *bool `json:"encipherOnly,omitempty" tf:"encipher_only,omitempty"` - // (Output) // The key may be used in a key agreement protocol. KeyAgreement *bool `json:"keyAgreement,omitempty" tf:"key_agreement,omitempty"` - // (Output) // The key may be used to encipher other keys. KeyEncipherment *bool `json:"keyEncipherment,omitempty" tf:"key_encipherment,omitempty"` } type X509ConfigKeyUsageBaseKeyUsageObservation struct { - // (Output) // The key may be used to sign certificates. CertSign *bool `json:"certSign,omitempty" tf:"cert_sign,omitempty"` - // (Output) // The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". ContentCommitment *bool `json:"contentCommitment,omitempty" tf:"content_commitment,omitempty"` - // (Output) // The key may be used sign certificate revocation lists. CrlSign *bool `json:"crlSign,omitempty" tf:"crl_sign,omitempty"` - // (Output) // The key may be used to encipher data. DataEncipherment *bool `json:"dataEncipherment,omitempty" tf:"data_encipherment,omitempty"` - // (Output) // The key may be used to decipher only. DecipherOnly *bool `json:"decipherOnly,omitempty" tf:"decipher_only,omitempty"` - // (Output) // The key may be used for digital signatures. DigitalSignature *bool `json:"digitalSignature,omitempty" tf:"digital_signature,omitempty"` - // (Output) // The key may be used to encipher only. EncipherOnly *bool `json:"encipherOnly,omitempty" tf:"encipher_only,omitempty"` - // (Output) // The key may be used in a key agreement protocol. KeyAgreement *bool `json:"keyAgreement,omitempty" tf:"key_agreement,omitempty"` - // (Output) // The key may be used to encipher other keys. KeyEncipherment *bool `json:"keyEncipherment,omitempty" tf:"key_encipherment,omitempty"` } type X509ConfigKeyUsageBaseKeyUsageParameters struct { - // (Output) // The key may be used to sign certificates. // +kubebuilder:validation:Optional CertSign *bool `json:"certSign,omitempty" tf:"cert_sign,omitempty"` - // (Output) // The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". // +kubebuilder:validation:Optional ContentCommitment *bool `json:"contentCommitment,omitempty" tf:"content_commitment,omitempty"` - // (Output) // The key may be used sign certificate revocation lists. // +kubebuilder:validation:Optional CrlSign *bool `json:"crlSign,omitempty" tf:"crl_sign,omitempty"` - // (Output) // The key may be used to encipher data. // +kubebuilder:validation:Optional DataEncipherment *bool `json:"dataEncipherment,omitempty" tf:"data_encipherment,omitempty"` - // (Output) // The key may be used to decipher only. // +kubebuilder:validation:Optional DecipherOnly *bool `json:"decipherOnly,omitempty" tf:"decipher_only,omitempty"` - // (Output) // The key may be used for digital signatures. // +kubebuilder:validation:Optional DigitalSignature *bool `json:"digitalSignature,omitempty" tf:"digital_signature,omitempty"` - // (Output) // The key may be used to encipher only. // +kubebuilder:validation:Optional EncipherOnly *bool `json:"encipherOnly,omitempty" tf:"encipher_only,omitempty"` - // (Output) // The key may be used in a key agreement protocol. // +kubebuilder:validation:Optional KeyAgreement *bool `json:"keyAgreement,omitempty" tf:"key_agreement,omitempty"` - // (Output) // The key may be used to encipher other keys. // +kubebuilder:validation:Optional KeyEncipherment *bool `json:"keyEncipherment,omitempty" tf:"key_encipherment,omitempty"` @@ -1624,78 +1525,6 @@ type X509DescriptionCAOptionsParameters struct { type X509DescriptionInitParameters struct { } -type X509DescriptionKeyUsageBaseKeyUsageInitParameters struct { -} - -type X509DescriptionKeyUsageBaseKeyUsageObservation struct { - - // (Output) - // The key may be used to sign certificates. - CertSign *bool `json:"certSign,omitempty" tf:"cert_sign,omitempty"` - - // (Output) - // The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - ContentCommitment *bool `json:"contentCommitment,omitempty" tf:"content_commitment,omitempty"` - - // (Output) - // The key may be used sign certificate revocation lists. - CrlSign *bool `json:"crlSign,omitempty" tf:"crl_sign,omitempty"` - - // (Output) - // The key may be used to encipher data. - DataEncipherment *bool `json:"dataEncipherment,omitempty" tf:"data_encipherment,omitempty"` - - // (Output) - // The key may be used to decipher only. - DecipherOnly *bool `json:"decipherOnly,omitempty" tf:"decipher_only,omitempty"` - - // (Output) - // The key may be used for digital signatures. - DigitalSignature *bool `json:"digitalSignature,omitempty" tf:"digital_signature,omitempty"` - - // (Output) - // The key may be used to encipher only. - EncipherOnly *bool `json:"encipherOnly,omitempty" tf:"encipher_only,omitempty"` - - // (Output) - // The key may be used in a key agreement protocol. - KeyAgreement *bool `json:"keyAgreement,omitempty" tf:"key_agreement,omitempty"` - - // (Output) - // The key may be used to encipher other keys. - KeyEncipherment *bool `json:"keyEncipherment,omitempty" tf:"key_encipherment,omitempty"` -} - -type X509DescriptionKeyUsageBaseKeyUsageParameters struct { -} - -type X509DescriptionKeyUsageExtendedKeyUsageInitParameters struct { -} - -type X509DescriptionKeyUsageExtendedKeyUsageObservation struct { - - // Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - ClientAuth *bool `json:"clientAuth,omitempty" tf:"client_auth,omitempty"` - - // Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - CodeSigning *bool `json:"codeSigning,omitempty" tf:"code_signing,omitempty"` - - // Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - EmailProtection *bool `json:"emailProtection,omitempty" tf:"email_protection,omitempty"` - - // Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - OcspSigning *bool `json:"ocspSigning,omitempty" tf:"ocsp_signing,omitempty"` - - // Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - ServerAuth *bool `json:"serverAuth,omitempty" tf:"server_auth,omitempty"` - - // Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". - TimeStamping *bool `json:"timeStamping,omitempty" tf:"time_stamping,omitempty"` -} - -type X509DescriptionKeyUsageExtendedKeyUsageParameters struct { -} - type X509DescriptionKeyUsageInitParameters struct { } @@ -1703,32 +1532,20 @@ type X509DescriptionKeyUsageObservation struct { // Describes high-level ways in which a key may be used. // Structure is documented below. - BaseKeyUsage []X509DescriptionKeyUsageBaseKeyUsageObservation `json:"baseKeyUsage,omitempty" tf:"base_key_usage,omitempty"` + BaseKeyUsage []KeyUsageBaseKeyUsageObservation `json:"baseKeyUsage,omitempty" tf:"base_key_usage,omitempty"` // Describes high-level ways in which a key may be used. // Structure is documented below. - ExtendedKeyUsage []X509DescriptionKeyUsageExtendedKeyUsageObservation `json:"extendedKeyUsage,omitempty" tf:"extended_key_usage,omitempty"` + ExtendedKeyUsage []KeyUsageExtendedKeyUsageObservation `json:"extendedKeyUsage,omitempty" tf:"extended_key_usage,omitempty"` // An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. // Structure is documented below. - UnknownExtendedKeyUsages []X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation `json:"unknownExtendedKeyUsages,omitempty" tf:"unknown_extended_key_usages,omitempty"` + UnknownExtendedKeyUsages []KeyUsageUnknownExtendedKeyUsagesObservation `json:"unknownExtendedKeyUsages,omitempty" tf:"unknown_extended_key_usages,omitempty"` } type X509DescriptionKeyUsageParameters struct { } -type X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters struct { -} - -type X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation struct { - - // An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - ObjectIDPath []*float64 `json:"objectIdPath,omitempty" tf:"object_id_path,omitempty"` -} - -type X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters struct { -} - type X509DescriptionNameConstraintsInitParameters struct { } diff --git a/apis/privateca/v1beta1/zz_certificateauthority_types.go b/apis/privateca/v1beta1/zz_certificateauthority_types.go index ac7e7b58f..db87f2338 100755 --- a/apis/privateca/v1beta1/zz_certificateauthority_types.go +++ b/apis/privateca/v1beta1/zz_certificateauthority_types.go @@ -168,6 +168,9 @@ type CertificateAuthorityObservation struct { // Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The name of a Cloud Storage bucket where this CertificateAuthority will publish content, // such as the CA certificate and CRLs. This must be a bucket name, without any prefixes // (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named @@ -237,6 +240,11 @@ type CertificateAuthorityObservation struct { // Structure is documented below. SubordinateConfig []SubordinateConfigObservation `json:"subordinateConfig,omitempty" tf:"subordinate_config,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The Type of this CertificateAuthority. // ~> Note: For SUBORDINATE Certificate Authorities, they need to // be activated before they can issue certificates. diff --git a/apis/privateca/v1beta1/zz_certificatetemplate_types.go b/apis/privateca/v1beta1/zz_certificatetemplate_types.go index 11bd27635..5d2cb642c 100755 --- a/apis/privateca/v1beta1/zz_certificatetemplate_types.go +++ b/apis/privateca/v1beta1/zz_certificatetemplate_types.go @@ -98,6 +98,9 @@ type CertificateTemplateObservation struct { // Optional. A human-readable description of scenarios this template is intended for. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -120,6 +123,10 @@ type CertificateTemplateObservation struct { // The project for the resource Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Output only. The time at which this CertificateTemplate was updated. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } diff --git a/apis/privateca/v1beta1/zz_generated.deepcopy.go b/apis/privateca/v1beta1/zz_generated.deepcopy.go index 6804c3338..c255b6125 100644 --- a/apis/privateca/v1beta1/zz_generated.deepcopy.go +++ b/apis/privateca/v1beta1/zz_generated.deepcopy.go @@ -1300,6 +1300,22 @@ func (in *CAPoolList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CAPoolObservation) DeepCopyInto(out *CAPoolObservation) { *out = *in + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1345,6 +1361,22 @@ func (in *CAPoolObservation) DeepCopyInto(out *CAPoolObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Tier != nil { in, out := &in.Tier, &out.Tier *out = new(string) @@ -1909,6 +1941,22 @@ func (in *CertificateAuthorityObservation) DeepCopyInto(out *CertificateAuthorit *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.GcsBucket != nil { in, out := &in.GcsBucket, &out.GcsBucket *out = new(string) @@ -2005,6 +2053,22 @@ func (in *CertificateAuthorityObservation) DeepCopyInto(out *CertificateAuthorit (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) @@ -2222,13 +2286,6 @@ func (in *CertificateDescriptionObservation) DeepCopyInto(out *CertificateDescri (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.ConfigValues != nil { - in, out := &in.ConfigValues, &out.ConfigValues - *out = make([]ConfigValuesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.CrlDistributionPoints != nil { in, out := &in.CrlDistributionPoints, &out.CrlDistributionPoints *out = make([]*string, len(*in)) @@ -2442,6 +2499,22 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -2494,17 +2567,6 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { } } } - if in.PemCertificates != nil { - in, out := &in.PemCertificates, &out.PemCertificates - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } if in.PemCsr != nil { in, out := &in.PemCsr, &out.PemCsr *out = new(string) @@ -2527,6 +2589,22 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -3267,6 +3345,22 @@ func (in *CertificateTemplateObservation) DeepCopyInto(out *CertificateTemplateO *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -3319,6 +3413,22 @@ func (in *CertificateTemplateObservation) DeepCopyInto(out *CertificateTemplateO *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -4130,124 +4240,6 @@ func (in *ConfigSubjectConfigSubjectParameters) DeepCopy() *ConfigSubjectConfigS return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigValuesInitParameters) DeepCopyInto(out *ConfigValuesInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigValuesInitParameters. -func (in *ConfigValuesInitParameters) DeepCopy() *ConfigValuesInitParameters { - if in == nil { - return nil - } - out := new(ConfigValuesInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigValuesKeyUsageInitParameters) DeepCopyInto(out *ConfigValuesKeyUsageInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigValuesKeyUsageInitParameters. -func (in *ConfigValuesKeyUsageInitParameters) DeepCopy() *ConfigValuesKeyUsageInitParameters { - if in == nil { - return nil - } - out := new(ConfigValuesKeyUsageInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigValuesKeyUsageObservation) DeepCopyInto(out *ConfigValuesKeyUsageObservation) { - *out = *in - if in.BaseKeyUsage != nil { - in, out := &in.BaseKeyUsage, &out.BaseKeyUsage - *out = make([]KeyUsageBaseKeyUsageObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ExtendedKeyUsage != nil { - in, out := &in.ExtendedKeyUsage, &out.ExtendedKeyUsage - *out = make([]KeyUsageExtendedKeyUsageObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.UnknownExtendedKeyUsages != nil { - in, out := &in.UnknownExtendedKeyUsages, &out.UnknownExtendedKeyUsages - *out = make([]KeyUsageUnknownExtendedKeyUsagesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigValuesKeyUsageObservation. -func (in *ConfigValuesKeyUsageObservation) DeepCopy() *ConfigValuesKeyUsageObservation { - if in == nil { - return nil - } - out := new(ConfigValuesKeyUsageObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigValuesKeyUsageParameters) DeepCopyInto(out *ConfigValuesKeyUsageParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigValuesKeyUsageParameters. -func (in *ConfigValuesKeyUsageParameters) DeepCopy() *ConfigValuesKeyUsageParameters { - if in == nil { - return nil - } - out := new(ConfigValuesKeyUsageParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigValuesObservation) DeepCopyInto(out *ConfigValuesObservation) { - *out = *in - if in.KeyUsage != nil { - in, out := &in.KeyUsage, &out.KeyUsage - *out = make([]ConfigValuesKeyUsageObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigValuesObservation. -func (in *ConfigValuesObservation) DeepCopy() *ConfigValuesObservation { - if in == nil { - return nil - } - out := new(ConfigValuesObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigValuesParameters) DeepCopyInto(out *ConfigValuesParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigValuesParameters. -func (in *ConfigValuesParameters) DeepCopy() *ConfigValuesParameters { - if in == nil { - return nil - } - out := new(ConfigValuesParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigX509ConfigAdditionalExtensionsInitParameters) DeepCopyInto(out *ConfigX509ConfigAdditionalExtensionsInitParameters) { *out = *in @@ -5628,62 +5620,6 @@ func (in *CustomSansInitParameters) DeepCopy() *CustomSansInitParameters { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CustomSansObectIDInitParameters) DeepCopyInto(out *CustomSansObectIDInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSansObectIDInitParameters. -func (in *CustomSansObectIDInitParameters) DeepCopy() *CustomSansObectIDInitParameters { - if in == nil { - return nil - } - out := new(CustomSansObectIDInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CustomSansObectIDObservation) DeepCopyInto(out *CustomSansObectIDObservation) { - *out = *in - if in.ObjectIDPath != nil { - in, out := &in.ObjectIDPath, &out.ObjectIDPath - *out = make([]*float64, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(float64) - **out = **in - } - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSansObectIDObservation. -func (in *CustomSansObectIDObservation) DeepCopy() *CustomSansObectIDObservation { - if in == nil { - return nil - } - out := new(CustomSansObectIDObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CustomSansObectIDParameters) DeepCopyInto(out *CustomSansObectIDParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSansObectIDParameters. -func (in *CustomSansObectIDParameters) DeepCopy() *CustomSansObectIDParameters { - if in == nil { - return nil - } - out := new(CustomSansObectIDParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomSansObservation) DeepCopyInto(out *CustomSansObservation) { *out = *in @@ -5694,7 +5630,7 @@ func (in *CustomSansObservation) DeepCopyInto(out *CustomSansObservation) { } if in.ObectID != nil { in, out := &in.ObectID, &out.ObectID - *out = make([]CustomSansObectIDObservation, len(*in)) + *out = make([]ObectIDObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -6359,12 +6295,50 @@ func (in *KeyUsageBaseKeyUsageInitParameters) DeepCopy() *KeyUsageBaseKeyUsageIn // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeyUsageBaseKeyUsageObservation) DeepCopyInto(out *KeyUsageBaseKeyUsageObservation) { *out = *in - if in.KeyUsageOptions != nil { - in, out := &in.KeyUsageOptions, &out.KeyUsageOptions - *out = make([]KeyUsageOptionsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.CertSign != nil { + in, out := &in.CertSign, &out.CertSign + *out = new(bool) + **out = **in + } + if in.ContentCommitment != nil { + in, out := &in.ContentCommitment, &out.ContentCommitment + *out = new(bool) + **out = **in + } + if in.CrlSign != nil { + in, out := &in.CrlSign, &out.CrlSign + *out = new(bool) + **out = **in + } + if in.DataEncipherment != nil { + in, out := &in.DataEncipherment, &out.DataEncipherment + *out = new(bool) + **out = **in + } + if in.DecipherOnly != nil { + in, out := &in.DecipherOnly, &out.DecipherOnly + *out = new(bool) + **out = **in + } + if in.DigitalSignature != nil { + in, out := &in.DigitalSignature, &out.DigitalSignature + *out = new(bool) + **out = **in + } + if in.EncipherOnly != nil { + in, out := &in.EncipherOnly, &out.EncipherOnly + *out = new(bool) + **out = **in + } + if in.KeyAgreement != nil { + in, out := &in.KeyAgreement, &out.KeyAgreement + *out = new(bool) + **out = **in + } + if in.KeyEncipherment != nil { + in, out := &in.KeyEncipherment, &out.KeyEncipherment + *out = new(bool) + **out = **in } } @@ -6469,163 +6443,73 @@ func (in *KeyUsageExtendedKeyUsageParameters) DeepCopy() *KeyUsageExtendedKeyUsa } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyUsageInitParameters) DeepCopyInto(out *KeyUsageInitParameters) { - *out = *in - if in.BaseKeyUsage != nil { - in, out := &in.BaseKeyUsage, &out.BaseKeyUsage - *out = make([]BaseKeyUsageInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ExtendedKeyUsage != nil { - in, out := &in.ExtendedKeyUsage, &out.ExtendedKeyUsage - *out = make([]ExtendedKeyUsageInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.UnknownExtendedKeyUsages != nil { - in, out := &in.UnknownExtendedKeyUsages, &out.UnknownExtendedKeyUsages - *out = make([]UnknownExtendedKeyUsagesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageInitParameters. -func (in *KeyUsageInitParameters) DeepCopy() *KeyUsageInitParameters { - if in == nil { - return nil - } - out := new(KeyUsageInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyUsageObservation) DeepCopyInto(out *KeyUsageObservation) { - *out = *in - if in.BaseKeyUsage != nil { - in, out := &in.BaseKeyUsage, &out.BaseKeyUsage - *out = make([]BaseKeyUsageObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ExtendedKeyUsage != nil { - in, out := &in.ExtendedKeyUsage, &out.ExtendedKeyUsage - *out = make([]ExtendedKeyUsageObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.UnknownExtendedKeyUsages != nil { - in, out := &in.UnknownExtendedKeyUsages, &out.UnknownExtendedKeyUsages - *out = make([]UnknownExtendedKeyUsagesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageObservation. -func (in *KeyUsageObservation) DeepCopy() *KeyUsageObservation { - if in == nil { - return nil - } - out := new(KeyUsageObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyUsageOptionsInitParameters) DeepCopyInto(out *KeyUsageOptionsInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageOptionsInitParameters. -func (in *KeyUsageOptionsInitParameters) DeepCopy() *KeyUsageOptionsInitParameters { - if in == nil { - return nil - } - out := new(KeyUsageOptionsInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyUsageOptionsObservation) DeepCopyInto(out *KeyUsageOptionsObservation) { - *out = *in - if in.CertSign != nil { - in, out := &in.CertSign, &out.CertSign - *out = new(bool) - **out = **in - } - if in.ContentCommitment != nil { - in, out := &in.ContentCommitment, &out.ContentCommitment - *out = new(bool) - **out = **in - } - if in.CrlSign != nil { - in, out := &in.CrlSign, &out.CrlSign - *out = new(bool) - **out = **in - } - if in.DataEncipherment != nil { - in, out := &in.DataEncipherment, &out.DataEncipherment - *out = new(bool) - **out = **in - } - if in.DecipherOnly != nil { - in, out := &in.DecipherOnly, &out.DecipherOnly - *out = new(bool) - **out = **in - } - if in.DigitalSignature != nil { - in, out := &in.DigitalSignature, &out.DigitalSignature - *out = new(bool) - **out = **in - } - if in.EncipherOnly != nil { - in, out := &in.EncipherOnly, &out.EncipherOnly - *out = new(bool) - **out = **in +func (in *KeyUsageInitParameters) DeepCopyInto(out *KeyUsageInitParameters) { + *out = *in + if in.BaseKeyUsage != nil { + in, out := &in.BaseKeyUsage, &out.BaseKeyUsage + *out = make([]BaseKeyUsageInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.KeyAgreement != nil { - in, out := &in.KeyAgreement, &out.KeyAgreement - *out = new(bool) - **out = **in + if in.ExtendedKeyUsage != nil { + in, out := &in.ExtendedKeyUsage, &out.ExtendedKeyUsage + *out = make([]ExtendedKeyUsageInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.KeyEncipherment != nil { - in, out := &in.KeyEncipherment, &out.KeyEncipherment - *out = new(bool) - **out = **in + if in.UnknownExtendedKeyUsages != nil { + in, out := &in.UnknownExtendedKeyUsages, &out.UnknownExtendedKeyUsages + *out = make([]UnknownExtendedKeyUsagesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageOptionsObservation. -func (in *KeyUsageOptionsObservation) DeepCopy() *KeyUsageOptionsObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageInitParameters. +func (in *KeyUsageInitParameters) DeepCopy() *KeyUsageInitParameters { if in == nil { return nil } - out := new(KeyUsageOptionsObservation) + out := new(KeyUsageInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyUsageOptionsParameters) DeepCopyInto(out *KeyUsageOptionsParameters) { +func (in *KeyUsageObservation) DeepCopyInto(out *KeyUsageObservation) { *out = *in + if in.BaseKeyUsage != nil { + in, out := &in.BaseKeyUsage, &out.BaseKeyUsage + *out = make([]BaseKeyUsageObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExtendedKeyUsage != nil { + in, out := &in.ExtendedKeyUsage, &out.ExtendedKeyUsage + *out = make([]ExtendedKeyUsageObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UnknownExtendedKeyUsages != nil { + in, out := &in.UnknownExtendedKeyUsages, &out.UnknownExtendedKeyUsages + *out = make([]UnknownExtendedKeyUsagesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageOptionsParameters. -func (in *KeyUsageOptionsParameters) DeepCopy() *KeyUsageOptionsParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsageObservation. +func (in *KeyUsageObservation) DeepCopy() *KeyUsageObservation { if in == nil { return nil } - out := new(KeyUsageOptionsParameters) + out := new(KeyUsageObservation) in.DeepCopyInto(out) return out } @@ -6684,11 +6568,15 @@ func (in *KeyUsageUnknownExtendedKeyUsagesInitParameters) DeepCopy() *KeyUsageUn // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeyUsageUnknownExtendedKeyUsagesObservation) DeepCopyInto(out *KeyUsageUnknownExtendedKeyUsagesObservation) { *out = *in - if in.ObectID != nil { - in, out := &in.ObectID, &out.ObectID - *out = make([]ObectIDObservation, len(*in)) + if in.ObjectIDPath != nil { + in, out := &in.ObjectIDPath, &out.ObjectIDPath + *out = make([]*float64, len(*in)) for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(float64) + **out = **in + } } } } @@ -11189,171 +11077,6 @@ func (in *X509DescriptionInitParameters) DeepCopy() *X509DescriptionInitParamete return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageBaseKeyUsageInitParameters) DeepCopyInto(out *X509DescriptionKeyUsageBaseKeyUsageInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageBaseKeyUsageInitParameters. -func (in *X509DescriptionKeyUsageBaseKeyUsageInitParameters) DeepCopy() *X509DescriptionKeyUsageBaseKeyUsageInitParameters { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageBaseKeyUsageInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageBaseKeyUsageObservation) DeepCopyInto(out *X509DescriptionKeyUsageBaseKeyUsageObservation) { - *out = *in - if in.CertSign != nil { - in, out := &in.CertSign, &out.CertSign - *out = new(bool) - **out = **in - } - if in.ContentCommitment != nil { - in, out := &in.ContentCommitment, &out.ContentCommitment - *out = new(bool) - **out = **in - } - if in.CrlSign != nil { - in, out := &in.CrlSign, &out.CrlSign - *out = new(bool) - **out = **in - } - if in.DataEncipherment != nil { - in, out := &in.DataEncipherment, &out.DataEncipherment - *out = new(bool) - **out = **in - } - if in.DecipherOnly != nil { - in, out := &in.DecipherOnly, &out.DecipherOnly - *out = new(bool) - **out = **in - } - if in.DigitalSignature != nil { - in, out := &in.DigitalSignature, &out.DigitalSignature - *out = new(bool) - **out = **in - } - if in.EncipherOnly != nil { - in, out := &in.EncipherOnly, &out.EncipherOnly - *out = new(bool) - **out = **in - } - if in.KeyAgreement != nil { - in, out := &in.KeyAgreement, &out.KeyAgreement - *out = new(bool) - **out = **in - } - if in.KeyEncipherment != nil { - in, out := &in.KeyEncipherment, &out.KeyEncipherment - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageBaseKeyUsageObservation. -func (in *X509DescriptionKeyUsageBaseKeyUsageObservation) DeepCopy() *X509DescriptionKeyUsageBaseKeyUsageObservation { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageBaseKeyUsageObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageBaseKeyUsageParameters) DeepCopyInto(out *X509DescriptionKeyUsageBaseKeyUsageParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageBaseKeyUsageParameters. -func (in *X509DescriptionKeyUsageBaseKeyUsageParameters) DeepCopy() *X509DescriptionKeyUsageBaseKeyUsageParameters { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageBaseKeyUsageParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageExtendedKeyUsageInitParameters) DeepCopyInto(out *X509DescriptionKeyUsageExtendedKeyUsageInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageExtendedKeyUsageInitParameters. -func (in *X509DescriptionKeyUsageExtendedKeyUsageInitParameters) DeepCopy() *X509DescriptionKeyUsageExtendedKeyUsageInitParameters { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageExtendedKeyUsageInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageExtendedKeyUsageObservation) DeepCopyInto(out *X509DescriptionKeyUsageExtendedKeyUsageObservation) { - *out = *in - if in.ClientAuth != nil { - in, out := &in.ClientAuth, &out.ClientAuth - *out = new(bool) - **out = **in - } - if in.CodeSigning != nil { - in, out := &in.CodeSigning, &out.CodeSigning - *out = new(bool) - **out = **in - } - if in.EmailProtection != nil { - in, out := &in.EmailProtection, &out.EmailProtection - *out = new(bool) - **out = **in - } - if in.OcspSigning != nil { - in, out := &in.OcspSigning, &out.OcspSigning - *out = new(bool) - **out = **in - } - if in.ServerAuth != nil { - in, out := &in.ServerAuth, &out.ServerAuth - *out = new(bool) - **out = **in - } - if in.TimeStamping != nil { - in, out := &in.TimeStamping, &out.TimeStamping - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageExtendedKeyUsageObservation. -func (in *X509DescriptionKeyUsageExtendedKeyUsageObservation) DeepCopy() *X509DescriptionKeyUsageExtendedKeyUsageObservation { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageExtendedKeyUsageObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageExtendedKeyUsageParameters) DeepCopyInto(out *X509DescriptionKeyUsageExtendedKeyUsageParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageExtendedKeyUsageParameters. -func (in *X509DescriptionKeyUsageExtendedKeyUsageParameters) DeepCopy() *X509DescriptionKeyUsageExtendedKeyUsageParameters { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageExtendedKeyUsageParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *X509DescriptionKeyUsageInitParameters) DeepCopyInto(out *X509DescriptionKeyUsageInitParameters) { *out = *in @@ -11374,21 +11097,21 @@ func (in *X509DescriptionKeyUsageObservation) DeepCopyInto(out *X509DescriptionK *out = *in if in.BaseKeyUsage != nil { in, out := &in.BaseKeyUsage, &out.BaseKeyUsage - *out = make([]X509DescriptionKeyUsageBaseKeyUsageObservation, len(*in)) + *out = make([]KeyUsageBaseKeyUsageObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.ExtendedKeyUsage != nil { in, out := &in.ExtendedKeyUsage, &out.ExtendedKeyUsage - *out = make([]X509DescriptionKeyUsageExtendedKeyUsageObservation, len(*in)) + *out = make([]KeyUsageExtendedKeyUsageObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.UnknownExtendedKeyUsages != nil { in, out := &in.UnknownExtendedKeyUsages, &out.UnknownExtendedKeyUsages - *out = make([]X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation, len(*in)) + *out = make([]KeyUsageUnknownExtendedKeyUsagesObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -11420,62 +11143,6 @@ func (in *X509DescriptionKeyUsageParameters) DeepCopy() *X509DescriptionKeyUsage return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters) DeepCopyInto(out *X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters. -func (in *X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters) DeepCopy() *X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageUnknownExtendedKeyUsagesInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation) DeepCopyInto(out *X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation) { - *out = *in - if in.ObjectIDPath != nil { - in, out := &in.ObjectIDPath, &out.ObjectIDPath - *out = make([]*float64, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(float64) - **out = **in - } - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation. -func (in *X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation) DeepCopy() *X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageUnknownExtendedKeyUsagesObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters) DeepCopyInto(out *X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters. -func (in *X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters) DeepCopy() *X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters { - if in == nil { - return nil - } - out := new(X509DescriptionKeyUsageUnknownExtendedKeyUsagesParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *X509DescriptionNameConstraintsInitParameters) DeepCopyInto(out *X509DescriptionNameConstraintsInitParameters) { *out = *in diff --git a/apis/pubsub/v1beta1/zz_generated.deepcopy.go b/apis/pubsub/v1beta1/zz_generated.deepcopy.go index 5529f508b..1f774bf70 100644 --- a/apis/pubsub/v1beta1/zz_generated.deepcopy.go +++ b/apis/pubsub/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,66 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AvroConfigInitParameters) DeepCopyInto(out *AvroConfigInitParameters) { + *out = *in + if in.WriteMetadata != nil { + in, out := &in.WriteMetadata, &out.WriteMetadata + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvroConfigInitParameters. +func (in *AvroConfigInitParameters) DeepCopy() *AvroConfigInitParameters { + if in == nil { + return nil + } + out := new(AvroConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AvroConfigObservation) DeepCopyInto(out *AvroConfigObservation) { + *out = *in + if in.WriteMetadata != nil { + in, out := &in.WriteMetadata, &out.WriteMetadata + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvroConfigObservation. +func (in *AvroConfigObservation) DeepCopy() *AvroConfigObservation { + if in == nil { + return nil + } + out := new(AvroConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AvroConfigParameters) DeepCopyInto(out *AvroConfigParameters) { + *out = *in + if in.WriteMetadata != nil { + in, out := &in.WriteMetadata, &out.WriteMetadata + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvroConfigParameters. +func (in *AvroConfigParameters) DeepCopy() *AvroConfigParameters { + if in == nil { + return nil + } + out := new(AvroConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BigqueryConfigInitParameters) DeepCopyInto(out *BigqueryConfigInitParameters) { *out = *in @@ -38,6 +98,11 @@ func (in *BigqueryConfigInitParameters) DeepCopyInto(out *BigqueryConfigInitPara *out = new(string) **out = **in } + if in.UseTableSchema != nil { + in, out := &in.UseTableSchema, &out.UseTableSchema + *out = new(bool) + **out = **in + } if in.UseTopicSchema != nil { in, out := &in.UseTopicSchema, &out.UseTopicSchema *out = new(bool) @@ -73,6 +138,11 @@ func (in *BigqueryConfigObservation) DeepCopyInto(out *BigqueryConfigObservation *out = new(string) **out = **in } + if in.UseTableSchema != nil { + in, out := &in.UseTableSchema, &out.UseTableSchema + *out = new(bool) + **out = **in + } if in.UseTopicSchema != nil { in, out := &in.UseTopicSchema, &out.UseTopicSchema *out = new(bool) @@ -108,6 +178,11 @@ func (in *BigqueryConfigParameters) DeepCopyInto(out *BigqueryConfigParameters) *out = new(string) **out = **in } + if in.UseTableSchema != nil { + in, out := &in.UseTableSchema, &out.UseTableSchema + *out = new(bool) + **out = **in + } if in.UseTopicSchema != nil { in, out := &in.UseTopicSchema, &out.UseTopicSchema *out = new(bool) @@ -205,6 +280,152 @@ func (in *CapacityParameters) DeepCopy() *CapacityParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudStorageConfigInitParameters) DeepCopyInto(out *CloudStorageConfigInitParameters) { + *out = *in + if in.AvroConfig != nil { + in, out := &in.AvroConfig, &out.AvroConfig + *out = make([]AvroConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.FilenamePrefix != nil { + in, out := &in.FilenamePrefix, &out.FilenamePrefix + *out = new(string) + **out = **in + } + if in.FilenameSuffix != nil { + in, out := &in.FilenameSuffix, &out.FilenameSuffix + *out = new(string) + **out = **in + } + if in.MaxBytes != nil { + in, out := &in.MaxBytes, &out.MaxBytes + *out = new(float64) + **out = **in + } + if in.MaxDuration != nil { + in, out := &in.MaxDuration, &out.MaxDuration + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageConfigInitParameters. +func (in *CloudStorageConfigInitParameters) DeepCopy() *CloudStorageConfigInitParameters { + if in == nil { + return nil + } + out := new(CloudStorageConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudStorageConfigObservation) DeepCopyInto(out *CloudStorageConfigObservation) { + *out = *in + if in.AvroConfig != nil { + in, out := &in.AvroConfig, &out.AvroConfig + *out = make([]AvroConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.FilenamePrefix != nil { + in, out := &in.FilenamePrefix, &out.FilenamePrefix + *out = new(string) + **out = **in + } + if in.FilenameSuffix != nil { + in, out := &in.FilenameSuffix, &out.FilenameSuffix + *out = new(string) + **out = **in + } + if in.MaxBytes != nil { + in, out := &in.MaxBytes, &out.MaxBytes + *out = new(float64) + **out = **in + } + if in.MaxDuration != nil { + in, out := &in.MaxDuration, &out.MaxDuration + *out = new(string) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageConfigObservation. +func (in *CloudStorageConfigObservation) DeepCopy() *CloudStorageConfigObservation { + if in == nil { + return nil + } + out := new(CloudStorageConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudStorageConfigParameters) DeepCopyInto(out *CloudStorageConfigParameters) { + *out = *in + if in.AvroConfig != nil { + in, out := &in.AvroConfig, &out.AvroConfig + *out = make([]AvroConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.FilenamePrefix != nil { + in, out := &in.FilenamePrefix, &out.FilenamePrefix + *out = new(string) + **out = **in + } + if in.FilenameSuffix != nil { + in, out := &in.FilenameSuffix, &out.FilenameSuffix + *out = new(string) + **out = **in + } + if in.MaxBytes != nil { + in, out := &in.MaxBytes, &out.MaxBytes + *out = new(float64) + **out = **in + } + if in.MaxDuration != nil { + in, out := &in.MaxDuration, &out.MaxDuration + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageConfigParameters. +func (in *CloudStorageConfigParameters) DeepCopy() *CloudStorageConfigParameters { + if in == nil { + return nil + } + out := new(CloudStorageConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in @@ -2411,6 +2632,13 @@ func (in *SubscriptionInitParameters) DeepCopyInto(out *SubscriptionInitParamete (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CloudStorageConfig != nil { + in, out := &in.CloudStorageConfig, &out.CloudStorageConfig + *out = make([]CloudStorageConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DeadLetterPolicy != nil { in, out := &in.DeadLetterPolicy, &out.DeadLetterPolicy *out = make([]DeadLetterPolicyInitParameters, len(*in)) @@ -2559,6 +2787,13 @@ func (in *SubscriptionObservation) DeepCopyInto(out *SubscriptionObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CloudStorageConfig != nil { + in, out := &in.CloudStorageConfig, &out.CloudStorageConfig + *out = make([]CloudStorageConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DeadLetterPolicy != nil { in, out := &in.DeadLetterPolicy, &out.DeadLetterPolicy *out = make([]DeadLetterPolicyObservation, len(*in)) @@ -2566,6 +2801,22 @@ func (in *SubscriptionObservation) DeepCopyInto(out *SubscriptionObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableExactlyOnceDelivery != nil { in, out := &in.EnableExactlyOnceDelivery, &out.EnableExactlyOnceDelivery *out = new(bool) @@ -2638,6 +2889,22 @@ func (in *SubscriptionObservation) DeepCopyInto(out *SubscriptionObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Topic != nil { in, out := &in.Topic, &out.Topic *out = new(string) @@ -2670,6 +2937,13 @@ func (in *SubscriptionParameters) DeepCopyInto(out *SubscriptionParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.CloudStorageConfig != nil { + in, out := &in.CloudStorageConfig, &out.CloudStorageConfig + *out = make([]CloudStorageConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.DeadLetterPolicy != nil { in, out := &in.DeadLetterPolicy, &out.DeadLetterPolicy *out = make([]DeadLetterPolicyParameters, len(*in)) @@ -3278,6 +3552,22 @@ func (in *TopicList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TopicObservation) DeepCopyInto(out *TopicObservation) { *out = *in + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -3328,6 +3618,22 @@ func (in *TopicObservation) DeepCopyInto(out *TopicObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopicObservation. diff --git a/apis/pubsub/v1beta1/zz_schema_types.go b/apis/pubsub/v1beta1/zz_schema_types.go index 9ce456da6..0549887b1 100755 --- a/apis/pubsub/v1beta1/zz_schema_types.go +++ b/apis/pubsub/v1beta1/zz_schema_types.go @@ -33,7 +33,11 @@ type SchemaInitParameters struct { // The definition of the schema. // This should contain a string representing the full definition of the schema - // that is a valid schema definition of the type specified in type. + // that is a valid schema definition of the type specified in type. Changes + // to the definition commit new schema revisions. + // A schema can only have up to 20 revisions, so updates that fail with an + // error indicating that the limit has been reached require manually + // deleting old revisions. Definition *string `json:"definition,omitempty" tf:"definition,omitempty"` // The ID of the project in which the resource belongs. @@ -50,7 +54,11 @@ type SchemaObservation struct { // The definition of the schema. // This should contain a string representing the full definition of the schema - // that is a valid schema definition of the type specified in type. + // that is a valid schema definition of the type specified in type. Changes + // to the definition commit new schema revisions. + // A schema can only have up to 20 revisions, so updates that fail with an + // error indicating that the limit has been reached require manually + // deleting old revisions. Definition *string `json:"definition,omitempty" tf:"definition,omitempty"` // an identifier for the resource with format projects/{{project}}/schemas/{{name}} @@ -70,7 +78,11 @@ type SchemaParameters struct { // The definition of the schema. // This should contain a string representing the full definition of the schema - // that is a valid schema definition of the type specified in type. + // that is a valid schema definition of the type specified in type. Changes + // to the definition commit new schema revisions. + // A schema can only have up to 20 revisions, so updates that fail with an + // error indicating that the limit has been reached require manually + // deleting old revisions. // +kubebuilder:validation:Optional Definition *string `json:"definition,omitempty" tf:"definition,omitempty"` diff --git a/apis/pubsub/v1beta1/zz_subscription_types.go b/apis/pubsub/v1beta1/zz_subscription_types.go index 21638a961..19b078f80 100755 --- a/apis/pubsub/v1beta1/zz_subscription_types.go +++ b/apis/pubsub/v1beta1/zz_subscription_types.go @@ -29,16 +29,47 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AvroConfigInitParameters struct { + + // When true, writes the Pub/Sub message metadata to + // x-goog-pubsub-: headers of the HTTP request. Writes the + // Pub/Sub message attributes to : headers of the HTTP request. + WriteMetadata *bool `json:"writeMetadata,omitempty" tf:"write_metadata,omitempty"` +} + +type AvroConfigObservation struct { + + // When true, writes the Pub/Sub message metadata to + // x-goog-pubsub-: headers of the HTTP request. Writes the + // Pub/Sub message attributes to : headers of the HTTP request. + WriteMetadata *bool `json:"writeMetadata,omitempty" tf:"write_metadata,omitempty"` +} + +type AvroConfigParameters struct { + + // When true, writes the Pub/Sub message metadata to + // x-goog-pubsub-: headers of the HTTP request. Writes the + // Pub/Sub message attributes to : headers of the HTTP request. + // +kubebuilder:validation:Optional + WriteMetadata *bool `json:"writeMetadata,omitempty" tf:"write_metadata,omitempty"` +} + type BigqueryConfigInitParameters struct { - // When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - // Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + // When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + // are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + // and any messages with extra fields are not written and remain in the subscription's backlog. DropUnknownFields *bool `json:"dropUnknownFields,omitempty" tf:"drop_unknown_fields,omitempty"` // The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} Table *string `json:"table,omitempty" tf:"table,omitempty"` + // When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + // must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. + UseTableSchema *bool `json:"useTableSchema,omitempty" tf:"use_table_schema,omitempty"` + // When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + // Only one of use_topic_schema and use_table_schema can be set. UseTopicSchema *bool `json:"useTopicSchema,omitempty" tf:"use_topic_schema,omitempty"` // When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. @@ -48,14 +79,20 @@ type BigqueryConfigInitParameters struct { type BigqueryConfigObservation struct { - // When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - // Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + // When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + // are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + // and any messages with extra fields are not written and remain in the subscription's backlog. DropUnknownFields *bool `json:"dropUnknownFields,omitempty" tf:"drop_unknown_fields,omitempty"` // The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} Table *string `json:"table,omitempty" tf:"table,omitempty"` + // When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + // must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. + UseTableSchema *bool `json:"useTableSchema,omitempty" tf:"use_table_schema,omitempty"` + // When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + // Only one of use_topic_schema and use_table_schema can be set. UseTopicSchema *bool `json:"useTopicSchema,omitempty" tf:"use_topic_schema,omitempty"` // When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. @@ -65,8 +102,9 @@ type BigqueryConfigObservation struct { type BigqueryConfigParameters struct { - // When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - // Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + // When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + // are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + // and any messages with extra fields are not written and remain in the subscription's backlog. // +kubebuilder:validation:Optional DropUnknownFields *bool `json:"dropUnknownFields,omitempty" tf:"drop_unknown_fields,omitempty"` @@ -74,7 +112,13 @@ type BigqueryConfigParameters struct { // +kubebuilder:validation:Optional Table *string `json:"table" tf:"table,omitempty"` + // When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + // must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. + // +kubebuilder:validation:Optional + UseTableSchema *bool `json:"useTableSchema,omitempty" tf:"use_table_schema,omitempty"` + // When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + // Only one of use_topic_schema and use_table_schema can be set. // +kubebuilder:validation:Optional UseTopicSchema *bool `json:"useTopicSchema,omitempty" tf:"use_topic_schema,omitempty"` @@ -84,6 +128,91 @@ type BigqueryConfigParameters struct { WriteMetadata *bool `json:"writeMetadata,omitempty" tf:"write_metadata,omitempty"` } +type CloudStorageConfigInitParameters struct { + + // If set, message data will be written to Cloud Storage in Avro format. + // Structure is documented below. + AvroConfig []AvroConfigInitParameters `json:"avroConfig,omitempty" tf:"avro_config,omitempty"` + + // User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like "gs://". + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // User-provided prefix for Cloud Storage filename. + FilenamePrefix *string `json:"filenamePrefix,omitempty" tf:"filename_prefix,omitempty"` + + // User-provided suffix for Cloud Storage filename. Must not end in "/". + FilenameSuffix *string `json:"filenameSuffix,omitempty" tf:"filename_suffix,omitempty"` + + // The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + // The maxBytes limit may be exceeded in cases where messages are larger than the limit. + MaxBytes *float64 `json:"maxBytes,omitempty" tf:"max_bytes,omitempty"` + + // The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + // May not exceed the subscription's acknowledgement deadline. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + MaxDuration *string `json:"maxDuration,omitempty" tf:"max_duration,omitempty"` +} + +type CloudStorageConfigObservation struct { + + // If set, message data will be written to Cloud Storage in Avro format. + // Structure is documented below. + AvroConfig []AvroConfigObservation `json:"avroConfig,omitempty" tf:"avro_config,omitempty"` + + // User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like "gs://". + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // User-provided prefix for Cloud Storage filename. + FilenamePrefix *string `json:"filenamePrefix,omitempty" tf:"filename_prefix,omitempty"` + + // User-provided suffix for Cloud Storage filename. Must not end in "/". + FilenameSuffix *string `json:"filenameSuffix,omitempty" tf:"filename_suffix,omitempty"` + + // The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + // The maxBytes limit may be exceeded in cases where messages are larger than the limit. + MaxBytes *float64 `json:"maxBytes,omitempty" tf:"max_bytes,omitempty"` + + // The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + // May not exceed the subscription's acknowledgement deadline. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + MaxDuration *string `json:"maxDuration,omitempty" tf:"max_duration,omitempty"` + + // (Output) + // An output-only field that indicates whether or not the subscription can receive messages. + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type CloudStorageConfigParameters struct { + + // If set, message data will be written to Cloud Storage in Avro format. + // Structure is documented below. + // +kubebuilder:validation:Optional + AvroConfig []AvroConfigParameters `json:"avroConfig,omitempty" tf:"avro_config,omitempty"` + + // User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like "gs://". + // +kubebuilder:validation:Optional + Bucket *string `json:"bucket" tf:"bucket,omitempty"` + + // User-provided prefix for Cloud Storage filename. + // +kubebuilder:validation:Optional + FilenamePrefix *string `json:"filenamePrefix,omitempty" tf:"filename_prefix,omitempty"` + + // User-provided suffix for Cloud Storage filename. Must not end in "/". + // +kubebuilder:validation:Optional + FilenameSuffix *string `json:"filenameSuffix,omitempty" tf:"filename_suffix,omitempty"` + + // The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + // The maxBytes limit may be exceeded in cases where messages are larger than the limit. + // +kubebuilder:validation:Optional + MaxBytes *float64 `json:"maxBytes,omitempty" tf:"max_bytes,omitempty"` + + // The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + // May not exceed the subscription's acknowledgement deadline. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + // +kubebuilder:validation:Optional + MaxDuration *string `json:"maxDuration,omitempty" tf:"max_duration,omitempty"` +} + type DeadLetterPolicyInitParameters struct { // The name of the topic to which dead letter messages should be published. @@ -457,11 +586,17 @@ type SubscriptionInitParameters struct { AckDeadlineSeconds *float64 `json:"ackDeadlineSeconds,omitempty" tf:"ack_deadline_seconds,omitempty"` // If delivery to BigQuery is used with this subscription, this field is used to configure it. - // Either pushConfig or bigQueryConfig can be set, but not both. - // If both are empty, then the subscriber will pull and ack messages using API methods. + // Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + // If all three are empty, then the subscriber will pull and ack messages using API methods. // Structure is documented below. BigqueryConfig []BigqueryConfigInitParameters `json:"bigqueryConfig,omitempty" tf:"bigquery_config,omitempty"` + // If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + // Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + // If all three are empty, then the subscriber will pull and ack messages using API methods. + // Structure is documented below. + CloudStorageConfig []CloudStorageConfigInitParameters `json:"cloudStorageConfig,omitempty" tf:"cloud_storage_config,omitempty"` + // A policy that specifies the conditions for dead lettering messages in // this subscription. If dead_letter_policy is not set, dead lettering // is disabled. @@ -533,7 +668,9 @@ type SubscriptionInitParameters struct { // Structure is documented below. RetryPolicy []RetryPolicyInitParameters `json:"retryPolicy,omitempty" tf:"retry_policy,omitempty"` - // A reference to a Topic resource. + // A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + // (as in the id property of a google_pubsub_topic), or just a topic name if + // the topic is in the same project as the subscription. // +crossplane:generate:reference:type=Topic Topic *string `json:"topic,omitempty" tf:"topic,omitempty"` @@ -566,11 +703,17 @@ type SubscriptionObservation struct { AckDeadlineSeconds *float64 `json:"ackDeadlineSeconds,omitempty" tf:"ack_deadline_seconds,omitempty"` // If delivery to BigQuery is used with this subscription, this field is used to configure it. - // Either pushConfig or bigQueryConfig can be set, but not both. - // If both are empty, then the subscriber will pull and ack messages using API methods. + // Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + // If all three are empty, then the subscriber will pull and ack messages using API methods. // Structure is documented below. BigqueryConfig []BigqueryConfigObservation `json:"bigqueryConfig,omitempty" tf:"bigquery_config,omitempty"` + // If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + // Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + // If all three are empty, then the subscriber will pull and ack messages using API methods. + // Structure is documented below. + CloudStorageConfig []CloudStorageConfigObservation `json:"cloudStorageConfig,omitempty" tf:"cloud_storage_config,omitempty"` + // A policy that specifies the conditions for dead lettering messages in // this subscription. If dead_letter_policy is not set, dead lettering // is disabled. @@ -581,6 +724,10 @@ type SubscriptionObservation struct { // Structure is documented below. DeadLetterPolicy []DeadLetterPolicyObservation `json:"deadLetterPolicy,omitempty" tf:"dead_letter_policy,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // If true, Pub/Sub provides the following guarantees for the delivery // of a message with a given value of messageId on this Subscriptions': EnableExactlyOnceDelivery *bool `json:"enableExactlyOnceDelivery,omitempty" tf:"enable_exactly_once_delivery,omitempty"` @@ -645,7 +792,14 @@ type SubscriptionObservation struct { // Structure is documented below. RetryPolicy []RetryPolicyObservation `json:"retryPolicy,omitempty" tf:"retry_policy,omitempty"` - // A reference to a Topic resource. + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + + // A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + // (as in the id property of a google_pubsub_topic), or just a topic name if + // the topic is in the same project as the subscription. Topic *string `json:"topic,omitempty" tf:"topic,omitempty"` } @@ -670,12 +824,19 @@ type SubscriptionParameters struct { AckDeadlineSeconds *float64 `json:"ackDeadlineSeconds,omitempty" tf:"ack_deadline_seconds,omitempty"` // If delivery to BigQuery is used with this subscription, this field is used to configure it. - // Either pushConfig or bigQueryConfig can be set, but not both. - // If both are empty, then the subscriber will pull and ack messages using API methods. + // Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + // If all three are empty, then the subscriber will pull and ack messages using API methods. // Structure is documented below. // +kubebuilder:validation:Optional BigqueryConfig []BigqueryConfigParameters `json:"bigqueryConfig,omitempty" tf:"bigquery_config,omitempty"` + // If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + // Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + // If all three are empty, then the subscriber will pull and ack messages using API methods. + // Structure is documented below. + // +kubebuilder:validation:Optional + CloudStorageConfig []CloudStorageConfigParameters `json:"cloudStorageConfig,omitempty" tf:"cloud_storage_config,omitempty"` + // A policy that specifies the conditions for dead lettering messages in // this subscription. If dead_letter_policy is not set, dead lettering // is disabled. @@ -758,7 +919,9 @@ type SubscriptionParameters struct { // +kubebuilder:validation:Optional RetryPolicy []RetryPolicyParameters `json:"retryPolicy,omitempty" tf:"retry_policy,omitempty"` - // A reference to a Topic resource. + // A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + // (as in the id property of a google_pubsub_topic), or just a topic name if + // the topic is in the same project as the subscription. // +crossplane:generate:reference:type=Topic // +kubebuilder:validation:Optional Topic *string `json:"topic,omitempty" tf:"topic,omitempty"` diff --git a/apis/pubsub/v1beta1/zz_topic_types.go b/apis/pubsub/v1beta1/zz_topic_types.go index 623069f07..485d48d60 100755 --- a/apis/pubsub/v1beta1/zz_topic_types.go +++ b/apis/pubsub/v1beta1/zz_topic_types.go @@ -136,7 +136,8 @@ type TopicInitParameters struct { // For instance, it allows any attached subscription to seek to a timestamp // that is up to messageRetentionDuration in the past. If this field is not // set, message retention is controlled by settings on individual subscriptions. - // Cannot be more than 31 days or less than 10 minutes. + // The rotation period has the format of a decimal number, followed by the + // letter s (seconds). Cannot be more than 31 days or less than 10 minutes. MessageRetentionDuration *string `json:"messageRetentionDuration,omitempty" tf:"message_retention_duration,omitempty"` // Policy constraining the set of Google Cloud Platform regions where @@ -156,6 +157,10 @@ type TopicInitParameters struct { type TopicObservation struct { + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/topics/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -176,7 +181,8 @@ type TopicObservation struct { // For instance, it allows any attached subscription to seek to a timestamp // that is up to messageRetentionDuration in the past. If this field is not // set, message retention is controlled by settings on individual subscriptions. - // Cannot be more than 31 days or less than 10 minutes. + // The rotation period has the format of a decimal number, followed by the + // letter s (seconds). Cannot be more than 31 days or less than 10 minutes. MessageRetentionDuration *string `json:"messageRetentionDuration,omitempty" tf:"message_retention_duration,omitempty"` // Policy constraining the set of Google Cloud Platform regions where @@ -192,6 +198,11 @@ type TopicObservation struct { // Settings for validating messages published against a schema. // Structure is documented below. SchemaSettings []SchemaSettingsObservation `json:"schemaSettings,omitempty" tf:"schema_settings,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type TopicParameters struct { @@ -225,7 +236,8 @@ type TopicParameters struct { // For instance, it allows any attached subscription to seek to a timestamp // that is up to messageRetentionDuration in the past. If this field is not // set, message retention is controlled by settings on individual subscriptions. - // Cannot be more than 31 days or less than 10 minutes. + // The rotation period has the format of a decimal number, followed by the + // letter s (seconds). Cannot be more than 31 days or less than 10 minutes. // +kubebuilder:validation:Optional MessageRetentionDuration *string `json:"messageRetentionDuration,omitempty" tf:"message_retention_duration,omitempty"` diff --git a/apis/redis/v1beta1/zz_generated.deepcopy.go b/apis/redis/v1beta1/zz_generated.deepcopy.go index 7147f78b9..a69a3ac07 100644 --- a/apis/redis/v1beta1/zz_generated.deepcopy.go +++ b/apis/redis/v1beta1/zz_generated.deepcopy.go @@ -70,6 +70,16 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.AuthorizedNetworkRef != nil { + in, out := &in.AuthorizedNetworkRef, &out.AuthorizedNetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.AuthorizedNetworkSelector != nil { + in, out := &in.AuthorizedNetworkSelector, &out.AuthorizedNetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.ConnectMode != nil { in, out := &in.ConnectMode, &out.ConnectMode *out = new(string) @@ -278,6 +288,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Host != nil { in, out := &in.Host, &out.Host *out = new(string) @@ -420,6 +446,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Tier != nil { in, out := &in.Tier, &out.Tier *out = new(string) @@ -460,6 +502,16 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.AuthorizedNetworkRef != nil { + in, out := &in.AuthorizedNetworkRef, &out.AuthorizedNetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.AuthorizedNetworkSelector != nil { + in, out := &in.AuthorizedNetworkSelector, &out.AuthorizedNetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.ConnectMode != nil { in, out := &in.ConnectMode, &out.ConnectMode *out = new(string) diff --git a/apis/redis/v1beta1/zz_generated.resolvers.go b/apis/redis/v1beta1/zz_generated.resolvers.go index bcce964ec..c92f457b1 100644 --- a/apis/redis/v1beta1/zz_generated.resolvers.go +++ b/apis/redis/v1beta1/zz_generated.resolvers.go @@ -38,6 +38,25 @@ func (mg *Instance) ResolveReferences(ctx context.Context, c client.Reader) erro var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AuthorizedNetwork), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.AuthorizedNetworkRef, + Selector: mg.Spec.ForProvider.AuthorizedNetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.AuthorizedNetwork") + } + mg.Spec.ForProvider.AuthorizedNetwork = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.AuthorizedNetworkRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("kms.gcp.upbound.io", "v1beta1", "CryptoKey", "CryptoKeyList") if err != nil { @@ -57,6 +76,25 @@ func (mg *Instance) ResolveReferences(ctx context.Context, c client.Reader) erro } mg.Spec.ForProvider.CustomerManagedKey = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.CustomerManagedKeyRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AuthorizedNetwork), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.AuthorizedNetworkRef, + Selector: mg.Spec.InitProvider.AuthorizedNetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.AuthorizedNetwork") + } + mg.Spec.InitProvider.AuthorizedNetwork = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.AuthorizedNetworkRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("kms.gcp.upbound.io", "v1beta1", "CryptoKey", "CryptoKeyList") if err != nil { diff --git a/apis/redis/v1beta1/zz_instance_types.go b/apis/redis/v1beta1/zz_instance_types.go index 267c91d12..5b0feb796 100755 --- a/apis/redis/v1beta1/zz_instance_types.go +++ b/apis/redis/v1beta1/zz_instance_types.go @@ -45,8 +45,18 @@ type InstanceInitParameters struct { // The full name of the Google Compute Engine network to which the // instance is connected. If left unspecified, the default network // will be used. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() AuthorizedNetwork *string `json:"authorizedNetwork,omitempty" tf:"authorized_network,omitempty"` + // Reference to a Network in compute to populate authorizedNetwork. + // +kubebuilder:validation:Optional + AuthorizedNetworkRef *v1.Reference `json:"authorizedNetworkRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate authorizedNetwork. + // +kubebuilder:validation:Optional + AuthorizedNetworkSelector *v1.Selector `json:"authorizedNetworkSelector,omitempty" tf:"-"` + // The connection mode of the Redis instance. // Default value is DIRECT_PEERING. // Possible values are: DIRECT_PEERING, PRIVATE_SERVICE_ACCESS. @@ -70,6 +80,8 @@ type InstanceInitParameters struct { DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Resource labels to represent user provided metadata. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -177,6 +189,9 @@ type InstanceObservation struct { // An arbitrary and optional user-provided name for the instance. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Hostname or IP address of the exposed Redis endpoint used by clients // to connect to the service. Host *string `json:"host,omitempty" tf:"host,omitempty"` @@ -185,6 +200,8 @@ type InstanceObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` // Resource labels to represent user provided metadata. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -277,6 +294,11 @@ type InstanceObservation struct { // Structure is documented below. ServerCACerts []ServerCACertsObservation `json:"serverCaCerts,omitempty" tf:"server_ca_certs,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The service tier of the instance. Must be one of these values: Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` @@ -302,9 +324,19 @@ type InstanceParameters struct { // The full name of the Google Compute Engine network to which the // instance is connected. If left unspecified, the default network // will be used. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional AuthorizedNetwork *string `json:"authorizedNetwork,omitempty" tf:"authorized_network,omitempty"` + // Reference to a Network in compute to populate authorizedNetwork. + // +kubebuilder:validation:Optional + AuthorizedNetworkRef *v1.Reference `json:"authorizedNetworkRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate authorizedNetwork. + // +kubebuilder:validation:Optional + AuthorizedNetworkSelector *v1.Selector `json:"authorizedNetworkSelector,omitempty" tf:"-"` + // The connection mode of the Redis instance. // Default value is DIRECT_PEERING. // Possible values are: DIRECT_PEERING, PRIVATE_SERVICE_ACCESS. @@ -331,6 +363,8 @@ type InstanceParameters struct { DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Resource labels to represent user provided metadata. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/secretmanager/v1beta1/zz_generated.deepcopy.go b/apis/secretmanager/v1beta1/zz_generated.deepcopy.go index c5bfe6d2d..d0ebc35b9 100644 --- a/apis/secretmanager/v1beta1/zz_generated.deepcopy.go +++ b/apis/secretmanager/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,72 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoInitParameters) DeepCopyInto(out *AutoInitParameters) { + *out = *in + if in.CustomerManagedEncryption != nil { + in, out := &in.CustomerManagedEncryption, &out.CustomerManagedEncryption + *out = make([]CustomerManagedEncryptionInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoInitParameters. +func (in *AutoInitParameters) DeepCopy() *AutoInitParameters { + if in == nil { + return nil + } + out := new(AutoInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoObservation) DeepCopyInto(out *AutoObservation) { + *out = *in + if in.CustomerManagedEncryption != nil { + in, out := &in.CustomerManagedEncryption, &out.CustomerManagedEncryption + *out = make([]CustomerManagedEncryptionObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoObservation. +func (in *AutoObservation) DeepCopy() *AutoObservation { + if in == nil { + return nil + } + out := new(AutoObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoParameters) DeepCopyInto(out *AutoParameters) { + *out = *in + if in.CustomerManagedEncryption != nil { + in, out := &in.CustomerManagedEncryption, &out.CustomerManagedEncryption + *out = make([]CustomerManagedEncryptionParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoParameters. +func (in *AutoParameters) DeepCopy() *AutoParameters { + if in == nil { + return nil + } + out := new(AutoParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in @@ -175,12 +241,72 @@ func (in *CustomerManagedEncryptionParameters) DeepCopy() *CustomerManagedEncryp return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicasCustomerManagedEncryptionInitParameters) DeepCopyInto(out *ReplicasCustomerManagedEncryptionInitParameters) { + *out = *in + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicasCustomerManagedEncryptionInitParameters. +func (in *ReplicasCustomerManagedEncryptionInitParameters) DeepCopy() *ReplicasCustomerManagedEncryptionInitParameters { + if in == nil { + return nil + } + out := new(ReplicasCustomerManagedEncryptionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicasCustomerManagedEncryptionObservation) DeepCopyInto(out *ReplicasCustomerManagedEncryptionObservation) { + *out = *in + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicasCustomerManagedEncryptionObservation. +func (in *ReplicasCustomerManagedEncryptionObservation) DeepCopy() *ReplicasCustomerManagedEncryptionObservation { + if in == nil { + return nil + } + out := new(ReplicasCustomerManagedEncryptionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicasCustomerManagedEncryptionParameters) DeepCopyInto(out *ReplicasCustomerManagedEncryptionParameters) { + *out = *in + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicasCustomerManagedEncryptionParameters. +func (in *ReplicasCustomerManagedEncryptionParameters) DeepCopy() *ReplicasCustomerManagedEncryptionParameters { + if in == nil { + return nil + } + out := new(ReplicasCustomerManagedEncryptionParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReplicasInitParameters) DeepCopyInto(out *ReplicasInitParameters) { *out = *in if in.CustomerManagedEncryption != nil { in, out := &in.CustomerManagedEncryption, &out.CustomerManagedEncryption - *out = make([]CustomerManagedEncryptionInitParameters, len(*in)) + *out = make([]ReplicasCustomerManagedEncryptionInitParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -207,7 +333,7 @@ func (in *ReplicasObservation) DeepCopyInto(out *ReplicasObservation) { *out = *in if in.CustomerManagedEncryption != nil { in, out := &in.CustomerManagedEncryption, &out.CustomerManagedEncryption - *out = make([]CustomerManagedEncryptionObservation, len(*in)) + *out = make([]ReplicasCustomerManagedEncryptionObservation, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -234,7 +360,7 @@ func (in *ReplicasParameters) DeepCopyInto(out *ReplicasParameters) { *out = *in if in.CustomerManagedEncryption != nil { in, out := &in.CustomerManagedEncryption, &out.CustomerManagedEncryption - *out = make([]CustomerManagedEncryptionParameters, len(*in)) + *out = make([]ReplicasCustomerManagedEncryptionParameters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -259,10 +385,12 @@ func (in *ReplicasParameters) DeepCopy() *ReplicasParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReplicationInitParameters) DeepCopyInto(out *ReplicationInitParameters) { *out = *in - if in.Automatic != nil { - in, out := &in.Automatic, &out.Automatic - *out = new(bool) - **out = **in + if in.Auto != nil { + in, out := &in.Auto, &out.Auto + *out = make([]AutoInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.UserManaged != nil { in, out := &in.UserManaged, &out.UserManaged @@ -286,10 +414,12 @@ func (in *ReplicationInitParameters) DeepCopy() *ReplicationInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReplicationObservation) DeepCopyInto(out *ReplicationObservation) { *out = *in - if in.Automatic != nil { - in, out := &in.Automatic, &out.Automatic - *out = new(bool) - **out = **in + if in.Auto != nil { + in, out := &in.Auto, &out.Auto + *out = make([]AutoObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.UserManaged != nil { in, out := &in.UserManaged, &out.UserManaged @@ -313,10 +443,12 @@ func (in *ReplicationObservation) DeepCopy() *ReplicationObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReplicationParameters) DeepCopyInto(out *ReplicationParameters) { *out = *in - if in.Automatic != nil { - in, out := &in.Automatic, &out.Automatic - *out = new(bool) - **out = **in + if in.Auto != nil { + in, out := &in.Auto, &out.Auto + *out = make([]AutoParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.UserManaged != nil { in, out := &in.UserManaged, &out.UserManaged @@ -692,6 +824,22 @@ func (in *SecretIAMMemberStatus) DeepCopy() *SecretIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretInitParameters) DeepCopyInto(out *SecretInitParameters) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ExpireTime != nil { in, out := &in.ExpireTime, &out.ExpireTime *out = new(string) @@ -744,6 +892,22 @@ func (in *SecretInitParameters) DeepCopyInto(out *SecretInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.VersionAliases != nil { + in, out := &in.VersionAliases, &out.VersionAliases + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretInitParameters. @@ -791,11 +955,59 @@ func (in *SecretList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.CreateTime != nil { in, out := &in.CreateTime, &out.CreateTime *out = new(string) **out = **in } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ExpireTime != nil { in, out := &in.ExpireTime, &out.ExpireTime *out = new(string) @@ -851,6 +1063,22 @@ func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Topics != nil { in, out := &in.Topics, &out.Topics *out = make([]TopicsObservation, len(*in)) @@ -858,6 +1086,22 @@ func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.VersionAliases != nil { + in, out := &in.VersionAliases, &out.VersionAliases + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretObservation. @@ -873,6 +1117,22 @@ func (in *SecretObservation) DeepCopy() *SecretObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretParameters) DeepCopyInto(out *SecretParameters) { *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ExpireTime != nil { in, out := &in.ExpireTime, &out.ExpireTime *out = new(string) @@ -925,6 +1185,22 @@ func (in *SecretParameters) DeepCopyInto(out *SecretParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.VersionAliases != nil { + in, out := &in.VersionAliases, &out.VersionAliases + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretParameters. @@ -1002,11 +1278,21 @@ func (in *SecretVersion) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretVersionInitParameters) DeepCopyInto(out *SecretVersionInitParameters) { *out = *in + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) **out = **in } + if in.IsSecretDataBase64 != nil { + in, out := &in.IsSecretDataBase64, &out.IsSecretDataBase64 + *out = new(bool) + **out = **in + } if in.Secret != nil { in, out := &in.Secret, &out.Secret *out = new(string) @@ -1074,6 +1360,11 @@ func (in *SecretVersionObservation) DeepCopyInto(out *SecretVersionObservation) *out = new(string) **out = **in } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.DestroyTime != nil { in, out := &in.DestroyTime, &out.DestroyTime *out = new(string) @@ -1089,6 +1380,11 @@ func (in *SecretVersionObservation) DeepCopyInto(out *SecretVersionObservation) *out = new(string) **out = **in } + if in.IsSecretDataBase64 != nil { + in, out := &in.IsSecretDataBase64, &out.IsSecretDataBase64 + *out = new(bool) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -1119,11 +1415,21 @@ func (in *SecretVersionObservation) DeepCopy() *SecretVersionObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretVersionParameters) DeepCopyInto(out *SecretVersionParameters) { *out = *in + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) **out = **in } + if in.IsSecretDataBase64 != nil { + in, out := &in.IsSecretDataBase64, &out.IsSecretDataBase64 + *out = new(bool) + **out = **in + } if in.Secret != nil { in, out := &in.Secret, &out.Secret *out = new(string) diff --git a/apis/secretmanager/v1beta1/zz_secret_types.go b/apis/secretmanager/v1beta1/zz_secret_types.go index d44cb4e36..ec14b96c5 100755 --- a/apis/secretmanager/v1beta1/zz_secret_types.go +++ b/apis/secretmanager/v1beta1/zz_secret_types.go @@ -29,6 +29,28 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AutoInitParameters struct { + + // Customer Managed Encryption for the secret. + // Structure is documented below. + CustomerManagedEncryption []CustomerManagedEncryptionInitParameters `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` +} + +type AutoObservation struct { + + // Customer Managed Encryption for the secret. + // Structure is documented below. + CustomerManagedEncryption []CustomerManagedEncryptionObservation `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` +} + +type AutoParameters struct { + + // Customer Managed Encryption for the secret. + // Structure is documented below. + // +kubebuilder:validation:Optional + CustomerManagedEncryption []CustomerManagedEncryptionParameters `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` +} + type CustomerManagedEncryptionInitParameters struct { // Describes the Cloud KMS encryption key that will be used to protect destination secret. @@ -48,11 +70,30 @@ type CustomerManagedEncryptionParameters struct { KMSKeyName *string `json:"kmsKeyName" tf:"kms_key_name,omitempty"` } +type ReplicasCustomerManagedEncryptionInitParameters struct { + + // Describes the Cloud KMS encryption key that will be used to protect destination secret. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` +} + +type ReplicasCustomerManagedEncryptionObservation struct { + + // Describes the Cloud KMS encryption key that will be used to protect destination secret. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` +} + +type ReplicasCustomerManagedEncryptionParameters struct { + + // Describes the Cloud KMS encryption key that will be used to protect destination secret. + // +kubebuilder:validation:Optional + KMSKeyName *string `json:"kmsKeyName" tf:"kms_key_name,omitempty"` +} + type ReplicasInitParameters struct { // Customer Managed Encryption for the secret. // Structure is documented below. - CustomerManagedEncryption []CustomerManagedEncryptionInitParameters `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` + CustomerManagedEncryption []ReplicasCustomerManagedEncryptionInitParameters `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` // The canonical IDs of the location to replicate data. For example: "us-east1". Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -62,7 +103,7 @@ type ReplicasObservation struct { // Customer Managed Encryption for the secret. // Structure is documented below. - CustomerManagedEncryption []CustomerManagedEncryptionObservation `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` + CustomerManagedEncryption []ReplicasCustomerManagedEncryptionObservation `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` // The canonical IDs of the location to replicate data. For example: "us-east1". Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -73,7 +114,7 @@ type ReplicasParameters struct { // Customer Managed Encryption for the secret. // Structure is documented below. // +kubebuilder:validation:Optional - CustomerManagedEncryption []CustomerManagedEncryptionParameters `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` + CustomerManagedEncryption []ReplicasCustomerManagedEncryptionParameters `json:"customerManagedEncryption,omitempty" tf:"customer_managed_encryption,omitempty"` // The canonical IDs of the location to replicate data. For example: "us-east1". // +kubebuilder:validation:Optional @@ -83,7 +124,8 @@ type ReplicasParameters struct { type ReplicationInitParameters struct { // The Secret will automatically be replicated without any restrictions. - Automatic *bool `json:"automatic,omitempty" tf:"automatic,omitempty"` + // Structure is documented below. + Auto []AutoInitParameters `json:"auto,omitempty" tf:"auto,omitempty"` // The Secret will be replicated to the regions specified by the user. // Structure is documented below. @@ -93,7 +135,8 @@ type ReplicationInitParameters struct { type ReplicationObservation struct { // The Secret will automatically be replicated without any restrictions. - Automatic *bool `json:"automatic,omitempty" tf:"automatic,omitempty"` + // Structure is documented below. + Auto []AutoObservation `json:"auto,omitempty" tf:"auto,omitempty"` // The Secret will be replicated to the regions specified by the user. // Structure is documented below. @@ -103,8 +146,9 @@ type ReplicationObservation struct { type ReplicationParameters struct { // The Secret will automatically be replicated without any restrictions. + // Structure is documented below. // +kubebuilder:validation:Optional - Automatic *bool `json:"automatic,omitempty" tf:"automatic,omitempty"` + Auto []AutoParameters `json:"auto,omitempty" tf:"auto,omitempty"` // The Secret will be replicated to the regions specified by the user. // Structure is documented below. @@ -149,8 +193,22 @@ type RotationParameters struct { type SecretInitParameters struct { + // Custom metadata about the secret. + // Annotations are distinct from various forms of labels. Annotations exist to allow + // client tools to store their own state information without requiring a database. + // Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + // maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + // may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + // symbols. + // The total size of annotation keys and values must be less than 16KiB. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + // Only one of expire_time or ttl can be provided. ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` // The labels assigned to this Secret. @@ -179,20 +237,51 @@ type SecretInitParameters struct { // The TTL for the Secret. // A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + // Only one of ttl or expire_time can be provided. TTL *string `json:"ttl,omitempty" tf:"ttl,omitempty"` // A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. // Structure is documented below. Topics []TopicsInitParameters `json:"topics,omitempty" tf:"topics,omitempty"` + + // Mapping from version alias to version name. + // A version alias is a string with a maximum length of 63 characters and can contain + // uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + // characters. An alias string must start with a letter and cannot be the string + // 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + VersionAliases map[string]*string `json:"versionAliases,omitempty" tf:"version_aliases,omitempty"` } type SecretObservation struct { + // Custom metadata about the secret. + // Annotations are distinct from various forms of labels. Annotations exist to allow + // client tools to store their own state information without requiring a database. + // Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + // maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + // may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + // symbols. + // The total size of annotation keys and values must be less than 16KiB. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // The time at which the Secret was created. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + // Only one of expire_time or ttl can be provided. ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` // an identifier for the resource with format projects/{{project}}/secrets/{{secret_id}} @@ -228,17 +317,48 @@ type SecretObservation struct { // The TTL for the Secret. // A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + // Only one of ttl or expire_time can be provided. TTL *string `json:"ttl,omitempty" tf:"ttl,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. // Structure is documented below. Topics []TopicsObservation `json:"topics,omitempty" tf:"topics,omitempty"` + + // Mapping from version alias to version name. + // A version alias is a string with a maximum length of 63 characters and can contain + // uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + // characters. An alias string must start with a letter and cannot be the string + // 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + VersionAliases map[string]*string `json:"versionAliases,omitempty" tf:"version_aliases,omitempty"` } type SecretParameters struct { + // Custom metadata about the secret. + // Annotations are distinct from various forms of labels. Annotations exist to allow + // client tools to store their own state information without requiring a database. + // Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + // maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + // may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + // symbols. + // The total size of annotation keys and values must be less than 16KiB. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + // Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + // Only one of expire_time or ttl can be provided. // +kubebuilder:validation:Optional ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` @@ -272,6 +392,7 @@ type SecretParameters struct { // The TTL for the Secret. // A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + // Only one of ttl or expire_time can be provided. // +kubebuilder:validation:Optional TTL *string `json:"ttl,omitempty" tf:"ttl,omitempty"` @@ -279,6 +400,17 @@ type SecretParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional Topics []TopicsParameters `json:"topics,omitempty" tf:"topics,omitempty"` + + // Mapping from version alias to version name. + // A version alias is a string with a maximum length of 63 characters and can contain + // uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + // characters. An alias string must start with a letter and cannot be the string + // 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + // An object containing a list of "key": value pairs. Example: + // { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + VersionAliases map[string]*string `json:"versionAliases,omitempty" tf:"version_aliases,omitempty"` } type TopicsInitParameters struct { diff --git a/apis/secretmanager/v1beta1/zz_secretversion_types.go b/apis/secretmanager/v1beta1/zz_secretversion_types.go index 25c22bad9..77af5979e 100755 --- a/apis/secretmanager/v1beta1/zz_secretversion_types.go +++ b/apis/secretmanager/v1beta1/zz_secretversion_types.go @@ -31,9 +31,17 @@ import ( type SecretVersionInitParameters struct { + // The deletion policy for the secret version. Setting ABANDON allows the resource + // to be abandoned rather than deleted. Setting DISABLE allows the resource to be + // disabled rather than deleted. Default is DELETE. Possible values are: + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // The current state of the SecretVersion. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is. + IsSecretDataBase64 *bool `json:"isSecretDataBase64,omitempty" tf:"is_secret_data_base64,omitempty"` + // Secret Manager secret resource // +crossplane:generate:reference:type=Secret // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.ExtractResourceID() @@ -53,6 +61,11 @@ type SecretVersionObservation struct { // The time at which the Secret was created. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // The deletion policy for the secret version. Setting ABANDON allows the resource + // to be abandoned rather than deleted. Setting DISABLE allows the resource to be + // disabled rather than deleted. Default is DELETE. Possible values are: + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // The time at which the Secret was destroyed. Only present if state is DESTROYED. DestroyTime *string `json:"destroyTime,omitempty" tf:"destroy_time,omitempty"` @@ -62,6 +75,9 @@ type SecretVersionObservation struct { // an identifier for the resource with format {{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is. + IsSecretDataBase64 *bool `json:"isSecretDataBase64,omitempty" tf:"is_secret_data_base64,omitempty"` + // The resource name of the SecretVersion. Format: // projects/{{project}}/secrets/{{secret_id}}/versions/{{version}} Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -75,10 +91,20 @@ type SecretVersionObservation struct { type SecretVersionParameters struct { + // The deletion policy for the secret version. Setting ABANDON allows the resource + // to be abandoned rather than deleted. Setting DISABLE allows the resource to be + // disabled rather than deleted. Default is DELETE. Possible values are: + // +kubebuilder:validation:Optional + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // The current state of the SecretVersion. // +kubebuilder:validation:Optional Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is. + // +kubebuilder:validation:Optional + IsSecretDataBase64 *bool `json:"isSecretDataBase64,omitempty" tf:"is_secret_data_base64,omitempty"` + // Secret Manager secret resource // +crossplane:generate:reference:type=Secret // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.ExtractResourceID() diff --git a/apis/servicenetworking/v1beta1/zz_connection_types.go b/apis/servicenetworking/v1beta1/zz_connection_types.go index 2300ff87b..7dbe83a23 100755 --- a/apis/servicenetworking/v1beta1/zz_connection_types.go +++ b/apis/servicenetworking/v1beta1/zz_connection_types.go @@ -31,6 +31,9 @@ import ( type ConnectionInitParameters struct { + // The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. Use with care as it can lead to dangling resources. + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // Name of VPC network connected with service producers using VPC peering. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() @@ -65,6 +68,10 @@ type ConnectionInitParameters struct { } type ConnectionObservation struct { + + // The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. Use with care as it can lead to dangling resources. + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // Name of VPC network connected with service producers using VPC peering. @@ -86,6 +93,10 @@ type ConnectionObservation struct { type ConnectionParameters struct { + // The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. Use with care as it can lead to dangling resources. + // +kubebuilder:validation:Optional + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + // Name of VPC network connected with service producers using VPC peering. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() diff --git a/apis/servicenetworking/v1beta1/zz_generated.deepcopy.go b/apis/servicenetworking/v1beta1/zz_generated.deepcopy.go index ba1f89938..f1690075e 100644 --- a/apis/servicenetworking/v1beta1/zz_generated.deepcopy.go +++ b/apis/servicenetworking/v1beta1/zz_generated.deepcopy.go @@ -55,6 +55,11 @@ func (in *Connection) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectionInitParameters) DeepCopyInto(out *ConnectionInitParameters) { *out = *in + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -145,6 +150,11 @@ func (in *ConnectionList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectionObservation) DeepCopyInto(out *ConnectionObservation) { *out = *in + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -191,6 +201,11 @@ func (in *ConnectionObservation) DeepCopy() *ConnectionObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectionParameters) DeepCopyInto(out *ConnectionParameters) { *out = *in + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) diff --git a/apis/spanner/v1beta1/zz_generated.deepcopy.go b/apis/spanner/v1beta1/zz_generated.deepcopy.go index 6001dceba..6cbfebf41 100644 --- a/apis/spanner/v1beta1/zz_generated.deepcopy.go +++ b/apis/spanner/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,273 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingConfigInitParameters) DeepCopyInto(out *AutoscalingConfigInitParameters) { + *out = *in + if in.AutoscalingLimits != nil { + in, out := &in.AutoscalingLimits, &out.AutoscalingLimits + *out = make([]AutoscalingLimitsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AutoscalingTargets != nil { + in, out := &in.AutoscalingTargets, &out.AutoscalingTargets + *out = make([]AutoscalingTargetsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingConfigInitParameters. +func (in *AutoscalingConfigInitParameters) DeepCopy() *AutoscalingConfigInitParameters { + if in == nil { + return nil + } + out := new(AutoscalingConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingConfigObservation) DeepCopyInto(out *AutoscalingConfigObservation) { + *out = *in + if in.AutoscalingLimits != nil { + in, out := &in.AutoscalingLimits, &out.AutoscalingLimits + *out = make([]AutoscalingLimitsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AutoscalingTargets != nil { + in, out := &in.AutoscalingTargets, &out.AutoscalingTargets + *out = make([]AutoscalingTargetsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingConfigObservation. +func (in *AutoscalingConfigObservation) DeepCopy() *AutoscalingConfigObservation { + if in == nil { + return nil + } + out := new(AutoscalingConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingConfigParameters) DeepCopyInto(out *AutoscalingConfigParameters) { + *out = *in + if in.AutoscalingLimits != nil { + in, out := &in.AutoscalingLimits, &out.AutoscalingLimits + *out = make([]AutoscalingLimitsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AutoscalingTargets != nil { + in, out := &in.AutoscalingTargets, &out.AutoscalingTargets + *out = make([]AutoscalingTargetsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingConfigParameters. +func (in *AutoscalingConfigParameters) DeepCopy() *AutoscalingConfigParameters { + if in == nil { + return nil + } + out := new(AutoscalingConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingLimitsInitParameters) DeepCopyInto(out *AutoscalingLimitsInitParameters) { + *out = *in + if in.MaxNodes != nil { + in, out := &in.MaxNodes, &out.MaxNodes + *out = new(float64) + **out = **in + } + if in.MaxProcessingUnits != nil { + in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits + *out = new(float64) + **out = **in + } + if in.MinNodes != nil { + in, out := &in.MinNodes, &out.MinNodes + *out = new(float64) + **out = **in + } + if in.MinProcessingUnits != nil { + in, out := &in.MinProcessingUnits, &out.MinProcessingUnits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingLimitsInitParameters. +func (in *AutoscalingLimitsInitParameters) DeepCopy() *AutoscalingLimitsInitParameters { + if in == nil { + return nil + } + out := new(AutoscalingLimitsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingLimitsObservation) DeepCopyInto(out *AutoscalingLimitsObservation) { + *out = *in + if in.MaxNodes != nil { + in, out := &in.MaxNodes, &out.MaxNodes + *out = new(float64) + **out = **in + } + if in.MaxProcessingUnits != nil { + in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits + *out = new(float64) + **out = **in + } + if in.MinNodes != nil { + in, out := &in.MinNodes, &out.MinNodes + *out = new(float64) + **out = **in + } + if in.MinProcessingUnits != nil { + in, out := &in.MinProcessingUnits, &out.MinProcessingUnits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingLimitsObservation. +func (in *AutoscalingLimitsObservation) DeepCopy() *AutoscalingLimitsObservation { + if in == nil { + return nil + } + out := new(AutoscalingLimitsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingLimitsParameters) DeepCopyInto(out *AutoscalingLimitsParameters) { + *out = *in + if in.MaxNodes != nil { + in, out := &in.MaxNodes, &out.MaxNodes + *out = new(float64) + **out = **in + } + if in.MaxProcessingUnits != nil { + in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits + *out = new(float64) + **out = **in + } + if in.MinNodes != nil { + in, out := &in.MinNodes, &out.MinNodes + *out = new(float64) + **out = **in + } + if in.MinProcessingUnits != nil { + in, out := &in.MinProcessingUnits, &out.MinProcessingUnits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingLimitsParameters. +func (in *AutoscalingLimitsParameters) DeepCopy() *AutoscalingLimitsParameters { + if in == nil { + return nil + } + out := new(AutoscalingLimitsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingTargetsInitParameters) DeepCopyInto(out *AutoscalingTargetsInitParameters) { + *out = *in + if in.HighPriorityCPUUtilizationPercent != nil { + in, out := &in.HighPriorityCPUUtilizationPercent, &out.HighPriorityCPUUtilizationPercent + *out = new(float64) + **out = **in + } + if in.StorageUtilizationPercent != nil { + in, out := &in.StorageUtilizationPercent, &out.StorageUtilizationPercent + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingTargetsInitParameters. +func (in *AutoscalingTargetsInitParameters) DeepCopy() *AutoscalingTargetsInitParameters { + if in == nil { + return nil + } + out := new(AutoscalingTargetsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingTargetsObservation) DeepCopyInto(out *AutoscalingTargetsObservation) { + *out = *in + if in.HighPriorityCPUUtilizationPercent != nil { + in, out := &in.HighPriorityCPUUtilizationPercent, &out.HighPriorityCPUUtilizationPercent + *out = new(float64) + **out = **in + } + if in.StorageUtilizationPercent != nil { + in, out := &in.StorageUtilizationPercent, &out.StorageUtilizationPercent + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingTargetsObservation. +func (in *AutoscalingTargetsObservation) DeepCopy() *AutoscalingTargetsObservation { + if in == nil { + return nil + } + out := new(AutoscalingTargetsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingTargetsParameters) DeepCopyInto(out *AutoscalingTargetsParameters) { + *out = *in + if in.HighPriorityCPUUtilizationPercent != nil { + in, out := &in.HighPriorityCPUUtilizationPercent, &out.HighPriorityCPUUtilizationPercent + *out = new(float64) + **out = **in + } + if in.StorageUtilizationPercent != nil { + in, out := &in.StorageUtilizationPercent, &out.StorageUtilizationPercent + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingTargetsParameters. +func (in *AutoscalingTargetsParameters) DeepCopy() *AutoscalingTargetsParameters { + if in == nil { + return nil + } + out := new(AutoscalingTargetsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in @@ -1128,6 +1395,13 @@ func (in *InstanceIAMMemberStatus) DeepCopy() *InstanceIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = *in + if in.AutoscalingConfig != nil { + in, out := &in.AutoscalingConfig, &out.AutoscalingConfig + *out = make([]AutoscalingConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Config != nil { in, out := &in.Config, &out.Config *out = new(string) @@ -1221,6 +1495,13 @@ func (in *InstanceList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = *in + if in.AutoscalingConfig != nil { + in, out := &in.AutoscalingConfig, &out.AutoscalingConfig + *out = make([]AutoscalingConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Config != nil { in, out := &in.Config, &out.Config *out = new(string) @@ -1231,6 +1512,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ForceDestroy != nil { in, out := &in.ForceDestroy, &out.ForceDestroy *out = new(bool) @@ -1277,6 +1574,22 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceObservation. @@ -1292,6 +1605,13 @@ func (in *InstanceObservation) DeepCopy() *InstanceObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = *in + if in.AutoscalingConfig != nil { + in, out := &in.AutoscalingConfig, &out.AutoscalingConfig + *out = make([]AutoscalingConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Config != nil { in, out := &in.Config, &out.Config *out = new(string) diff --git a/apis/spanner/v1beta1/zz_instance_types.go b/apis/spanner/v1beta1/zz_instance_types.go index 7d13e05c6..4f762f45e 100755 --- a/apis/spanner/v1beta1/zz_instance_types.go +++ b/apis/spanner/v1beta1/zz_instance_types.go @@ -29,8 +29,173 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AutoscalingConfigInitParameters struct { + + // Defines scale in controls to reduce the risk of response latency + // and outages due to abrupt scale-in events. Users can define the minimum and + // maximum compute capacity allocated to the instance, and the autoscaler will + // only scale within that range. Users can either use nodes or processing + // units to specify the limits, but should use the same unit to set both the + // min_limit and max_limit. + // Structure is documented below. + AutoscalingLimits []AutoscalingLimitsInitParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` + + // Defines scale in controls to reduce the risk of response latency + // and outages due to abrupt scale-in events + // Structure is documented below. + AutoscalingTargets []AutoscalingTargetsInitParameters `json:"autoscalingTargets,omitempty" tf:"autoscaling_targets,omitempty"` +} + +type AutoscalingConfigObservation struct { + + // Defines scale in controls to reduce the risk of response latency + // and outages due to abrupt scale-in events. Users can define the minimum and + // maximum compute capacity allocated to the instance, and the autoscaler will + // only scale within that range. Users can either use nodes or processing + // units to specify the limits, but should use the same unit to set both the + // min_limit and max_limit. + // Structure is documented below. + AutoscalingLimits []AutoscalingLimitsObservation `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` + + // Defines scale in controls to reduce the risk of response latency + // and outages due to abrupt scale-in events + // Structure is documented below. + AutoscalingTargets []AutoscalingTargetsObservation `json:"autoscalingTargets,omitempty" tf:"autoscaling_targets,omitempty"` +} + +type AutoscalingConfigParameters struct { + + // Defines scale in controls to reduce the risk of response latency + // and outages due to abrupt scale-in events. Users can define the minimum and + // maximum compute capacity allocated to the instance, and the autoscaler will + // only scale within that range. Users can either use nodes or processing + // units to specify the limits, but should use the same unit to set both the + // min_limit and max_limit. + // Structure is documented below. + // +kubebuilder:validation:Optional + AutoscalingLimits []AutoscalingLimitsParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` + + // Defines scale in controls to reduce the risk of response latency + // and outages due to abrupt scale-in events + // Structure is documented below. + // +kubebuilder:validation:Optional + AutoscalingTargets []AutoscalingTargetsParameters `json:"autoscalingTargets,omitempty" tf:"autoscaling_targets,omitempty"` +} + +type AutoscalingLimitsInitParameters struct { + + // Specifies maximum number of nodes allocated to the instance. If set, this number + // should be greater than or equal to min_nodes. + MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` + + // Specifies maximum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000 and be greater than or equal to + // min_processing_units. + MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + + // Specifies number of nodes allocated to the instance. If set, this number + // should be greater than or equal to 1. + MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` + + // Specifies minimum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000. + MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` +} + +type AutoscalingLimitsObservation struct { + + // Specifies maximum number of nodes allocated to the instance. If set, this number + // should be greater than or equal to min_nodes. + MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` + + // Specifies maximum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000 and be greater than or equal to + // min_processing_units. + MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + + // Specifies number of nodes allocated to the instance. If set, this number + // should be greater than or equal to 1. + MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` + + // Specifies minimum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000. + MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` +} + +type AutoscalingLimitsParameters struct { + + // Specifies maximum number of nodes allocated to the instance. If set, this number + // should be greater than or equal to min_nodes. + // +kubebuilder:validation:Optional + MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` + + // Specifies maximum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000 and be greater than or equal to + // min_processing_units. + // +kubebuilder:validation:Optional + MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + + // Specifies number of nodes allocated to the instance. If set, this number + // should be greater than or equal to 1. + // +kubebuilder:validation:Optional + MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` + + // Specifies minimum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000. + // +kubebuilder:validation:Optional + MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` +} + +type AutoscalingTargetsInitParameters struct { + + // Specifies the target high priority cpu utilization percentage that the autoscaler + // should be trying to achieve for the instance. + // This number is on a scale from 0 (no utilization) to 100 (full utilization).. + HighPriorityCPUUtilizationPercent *float64 `json:"highPriorityCpuUtilizationPercent,omitempty" tf:"high_priority_cpu_utilization_percent,omitempty"` + + // Specifies the target storage utilization percentage that the autoscaler + // should be trying to achieve for the instance. + // This number is on a scale from 0 (no utilization) to 100 (full utilization). + StorageUtilizationPercent *float64 `json:"storageUtilizationPercent,omitempty" tf:"storage_utilization_percent,omitempty"` +} + +type AutoscalingTargetsObservation struct { + + // Specifies the target high priority cpu utilization percentage that the autoscaler + // should be trying to achieve for the instance. + // This number is on a scale from 0 (no utilization) to 100 (full utilization).. + HighPriorityCPUUtilizationPercent *float64 `json:"highPriorityCpuUtilizationPercent,omitempty" tf:"high_priority_cpu_utilization_percent,omitempty"` + + // Specifies the target storage utilization percentage that the autoscaler + // should be trying to achieve for the instance. + // This number is on a scale from 0 (no utilization) to 100 (full utilization). + StorageUtilizationPercent *float64 `json:"storageUtilizationPercent,omitempty" tf:"storage_utilization_percent,omitempty"` +} + +type AutoscalingTargetsParameters struct { + + // Specifies the target high priority cpu utilization percentage that the autoscaler + // should be trying to achieve for the instance. + // This number is on a scale from 0 (no utilization) to 100 (full utilization).. + // +kubebuilder:validation:Optional + HighPriorityCPUUtilizationPercent *float64 `json:"highPriorityCpuUtilizationPercent,omitempty" tf:"high_priority_cpu_utilization_percent,omitempty"` + + // Specifies the target storage utilization percentage that the autoscaler + // should be trying to achieve for the instance. + // This number is on a scale from 0 (no utilization) to 100 (full utilization). + // +kubebuilder:validation:Optional + StorageUtilizationPercent *float64 `json:"storageUtilizationPercent,omitempty" tf:"storage_utilization_percent,omitempty"` +} + type InstanceInitParameters struct { + // The autoscaling configuration. Autoscaling is enabled if this field is set. + // When autoscaling is enabled, num_nodes and processing_units are treated as, + // OUTPUT_ONLY fields and reflect the current compute capacity allocated to + // the instance. + // Structure is documented below. + AutoscalingConfig []AutoscalingConfigInitParameters `json:"autoscalingConfig,omitempty" tf:"autoscaling_config,omitempty"` + // The name of the instance's configuration (similar but not // quite the same as a region) which defines the geographic placement and // replication of your databases in this instance. It determines where your data @@ -65,6 +230,13 @@ type InstanceInitParameters struct { type InstanceObservation struct { + // The autoscaling configuration. Autoscaling is enabled if this field is set. + // When autoscaling is enabled, num_nodes and processing_units are treated as, + // OUTPUT_ONLY fields and reflect the current compute capacity allocated to + // the instance. + // Structure is documented below. + AutoscalingConfig []AutoscalingConfigObservation `json:"autoscalingConfig,omitempty" tf:"autoscaling_config,omitempty"` + // The name of the instance's configuration (similar but not // quite the same as a region) which defines the geographic placement and // replication of your databases in this instance. It determines where your data @@ -77,6 +249,10 @@ type InstanceObservation struct { // unique per project and between 4 and 30 characters in length. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // When deleting a spanner instance, this boolean option will delete all backups of this instance. // This must be set to true if you created a backup manually in the console. ForceDestroy *bool `json:"forceDestroy,omitempty" tf:"force_destroy,omitempty"` @@ -101,10 +277,23 @@ type InstanceObservation struct { // Instance status: CREATING or READY. State *string `json:"state,omitempty" tf:"state,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` } type InstanceParameters struct { + // The autoscaling configuration. Autoscaling is enabled if this field is set. + // When autoscaling is enabled, num_nodes and processing_units are treated as, + // OUTPUT_ONLY fields and reflect the current compute capacity allocated to + // the instance. + // Structure is documented below. + // +kubebuilder:validation:Optional + AutoscalingConfig []AutoscalingConfigParameters `json:"autoscalingConfig,omitempty" tf:"autoscaling_config,omitempty"` + // The name of the instance's configuration (similar but not // quite the same as a region) which defines the geographic placement and // replication of your databases in this instance. It determines where your data diff --git a/apis/sql/v1beta1/zz_databaseinstance_terraformed.go b/apis/sql/v1beta1/zz_databaseinstance_terraformed.go index 0d2704f30..fde4846a6 100755 --- a/apis/sql/v1beta1/zz_databaseinstance_terraformed.go +++ b/apis/sql/v1beta1/zz_databaseinstance_terraformed.go @@ -37,7 +37,7 @@ func (mg *DatabaseInstance) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this DatabaseInstance func (tr *DatabaseInstance) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"replica_configuration[*].password": "spec.forProvider.replicaConfiguration[*].passwordSecretRef", "root_password": "spec.forProvider.rootPasswordSecretRef"} + return map[string]string{"replica_configuration[*].password": "spec.forProvider.replicaConfiguration[*].passwordSecretRef", "root_password": "spec.forProvider.rootPasswordSecretRef", "server_ca_cert[*]": "status.atProvider.serverCaCert[*]"} } // GetObservation of this DatabaseInstance diff --git a/apis/sql/v1beta1/zz_databaseinstance_types.go b/apis/sql/v1beta1/zz_databaseinstance_types.go index 213cc02ee..a0a20e57d 100755 --- a/apis/sql/v1beta1/zz_databaseinstance_types.go +++ b/apis/sql/v1beta1/zz_databaseinstance_types.go @@ -246,6 +246,9 @@ type CloneInitParameters struct { // The timestamp of the point in time that should be restored. PointInTime *string `json:"pointInTime,omitempty" tf:"point_in_time,omitempty"` + // (Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance. clone-unavailable-instance + PreferredZone *string `json:"preferredZone,omitempty" tf:"preferred_zone,omitempty"` + // Name of the source instance which will be cloned. SourceInstanceName *string `json:"sourceInstanceName,omitempty" tf:"source_instance_name,omitempty"` } @@ -261,6 +264,9 @@ type CloneObservation struct { // The timestamp of the point in time that should be restored. PointInTime *string `json:"pointInTime,omitempty" tf:"point_in_time,omitempty"` + // (Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance. clone-unavailable-instance + PreferredZone *string `json:"preferredZone,omitempty" tf:"preferred_zone,omitempty"` + // Name of the source instance which will be cloned. SourceInstanceName *string `json:"sourceInstanceName,omitempty" tf:"source_instance_name,omitempty"` } @@ -279,6 +285,10 @@ type CloneParameters struct { // +kubebuilder:validation:Optional PointInTime *string `json:"pointInTime,omitempty" tf:"point_in_time,omitempty"` + // (Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance. clone-unavailable-instance + // +kubebuilder:validation:Optional + PreferredZone *string `json:"preferredZone,omitempty" tf:"preferred_zone,omitempty"` + // Name of the source instance which will be cloned. // +kubebuilder:validation:Optional SourceInstanceName *string `json:"sourceInstanceName" tf:"source_instance_name,omitempty"` @@ -286,22 +296,19 @@ type CloneParameters struct { type DataCacheConfigInitParameters struct { - // Whether data cache is enabled for the instance. Defaults to false - // Can only be used with MYSQL. + // Whether data cache is enabled for the instance. Defaults to false. Can be used with MYSQL and PostgreSQL only. DataCacheEnabled *bool `json:"dataCacheEnabled,omitempty" tf:"data_cache_enabled,omitempty"` } type DataCacheConfigObservation struct { - // Whether data cache is enabled for the instance. Defaults to false - // Can only be used with MYSQL. + // Whether data cache is enabled for the instance. Defaults to false. Can be used with MYSQL and PostgreSQL only. DataCacheEnabled *bool `json:"dataCacheEnabled,omitempty" tf:"data_cache_enabled,omitempty"` } type DataCacheConfigParameters struct { - // Whether data cache is enabled for the instance. Defaults to false - // Can only be used with MYSQL. + // Whether data cache is enabled for the instance. Defaults to false. Can be used with MYSQL and PostgreSQL only. // +kubebuilder:validation:Optional DataCacheEnabled *bool `json:"dataCacheEnabled,omitempty" tf:"data_cache_enabled,omitempty"` } @@ -412,6 +419,10 @@ type DatabaseInstanceObservation struct { // connection strings. For example, when connecting with Cloud SQL Proxy. ConnectionName *string `json:"connectionName,omitempty" tf:"connection_name,omitempty"` + // The name of the instance. This is done because after a name is used, it cannot be reused for + // up to one week. + DNSName *string `json:"dnsName,omitempty" tf:"dns_name,omitempty"` + // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include MYSQL_5_6, // MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, @@ -461,6 +472,9 @@ type DatabaseInstanceObservation struct { // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // the URI that points to the service attachment of the instance. + PscServiceAttachmentLink *string `json:"pscServiceAttachmentLink,omitempty" tf:"psc_service_attachment_link,omitempty"` + // The first public (PRIMARY) IPv4 address assigned. PublicIPAddress *string `json:"publicIpAddress,omitempty" tf:"public_ip_address,omitempty"` @@ -479,8 +493,6 @@ type DatabaseInstanceObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` - ServerCACert []ServerCACertObservation `json:"serverCaCert,omitempty" tf:"server_ca_cert,omitempty"` - // The service account email address assigned to the // instance. ServiceAccountEmailAddress *string `json:"serviceAccountEmailAddress,omitempty" tf:"service_account_email_address,omitempty"` @@ -653,8 +665,13 @@ type IPConfigurationInitParameters struct { // +kubebuilder:validation:Optional PrivateNetworkSelector *v1.Selector `json:"privateNetworkSelector,omitempty" tf:"-"` - // Whether SSL connections over IP are enforced or not. + PscConfig []PscConfigInitParameters `json:"pscConfig,omitempty" tf:"psc_config,omitempty"` + + // Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. RequireSSL *bool `json:"requireSsl,omitempty" tf:"require_ssl,omitempty"` + + // Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl. + SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` } type IPConfigurationObservation struct { @@ -679,8 +696,13 @@ type IPConfigurationObservation struct { // This setting can be updated, but it cannot be removed after it is set. PrivateNetwork *string `json:"privateNetwork,omitempty" tf:"private_network,omitempty"` - // Whether SSL connections over IP are enforced or not. + PscConfig []PscConfigObservation `json:"pscConfig,omitempty" tf:"psc_config,omitempty"` + + // Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. RequireSSL *bool `json:"requireSsl,omitempty" tf:"require_ssl,omitempty"` + + // Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl. + SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` } type IPConfigurationParameters struct { @@ -720,9 +742,16 @@ type IPConfigurationParameters struct { // +kubebuilder:validation:Optional PrivateNetworkSelector *v1.Selector `json:"privateNetworkSelector,omitempty" tf:"-"` - // Whether SSL connections over IP are enforced or not. + // +kubebuilder:validation:Optional + PscConfig []PscConfigParameters `json:"pscConfig,omitempty" tf:"psc_config,omitempty"` + + // Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. // +kubebuilder:validation:Optional RequireSSL *bool `json:"requireSsl,omitempty" tf:"require_ssl,omitempty"` + + // Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl. + // +kubebuilder:validation:Optional + SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` } type InsightsConfigInitParameters struct { @@ -940,6 +969,38 @@ type PasswordValidationPolicyParameters struct { ReuseInterval *float64 `json:"reuseInterval,omitempty" tf:"reuse_interval,omitempty"` } +type PscConfigInitParameters struct { + + // List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric). + // +listType=set + AllowedConsumerProjects []*string `json:"allowedConsumerProjects,omitempty" tf:"allowed_consumer_projects,omitempty"` + + // Whether PSC connectivity is enabled for this instance. + PscEnabled *bool `json:"pscEnabled,omitempty" tf:"psc_enabled,omitempty"` +} + +type PscConfigObservation struct { + + // List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric). + // +listType=set + AllowedConsumerProjects []*string `json:"allowedConsumerProjects,omitempty" tf:"allowed_consumer_projects,omitempty"` + + // Whether PSC connectivity is enabled for this instance. + PscEnabled *bool `json:"pscEnabled,omitempty" tf:"psc_enabled,omitempty"` +} + +type PscConfigParameters struct { + + // List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric). + // +kubebuilder:validation:Optional + // +listType=set + AllowedConsumerProjects []*string `json:"allowedConsumerProjects,omitempty" tf:"allowed_consumer_projects,omitempty"` + + // Whether PSC connectivity is enabled for this instance. + // +kubebuilder:validation:Optional + PscEnabled *bool `json:"pscEnabled,omitempty" tf:"psc_enabled,omitempty"` +} + type ReplicaConfigurationInitParameters struct { // PEM representation of the trusted CA's x509 @@ -973,6 +1034,7 @@ type ReplicaConfigurationInitParameters struct { // heartbeats. MasterHeartbeatPeriod *float64 `json:"masterHeartbeatPeriod,omitempty" tf:"master_heartbeat_period,omitempty"` + // Permissible ciphers for use in SSL encryption. SSLCipher *string `json:"sslCipher,omitempty" tf:"ssl_cipher,omitempty"` // Username for replication connection. @@ -1016,6 +1078,7 @@ type ReplicaConfigurationObservation struct { // heartbeats. MasterHeartbeatPeriod *float64 `json:"masterHeartbeatPeriod,omitempty" tf:"master_heartbeat_period,omitempty"` + // Permissible ciphers for use in SSL encryption. SSLCipher *string `json:"sslCipher,omitempty" tf:"ssl_cipher,omitempty"` // Username for replication connection. @@ -1070,6 +1133,7 @@ type ReplicaConfigurationParameters struct { // +kubebuilder:validation:Optional PasswordSecretRef *v1.SecretKeySelector `json:"passwordSecretRef,omitempty" tf:"-"` + // Permissible ciphers for use in SSL encryption. // +kubebuilder:validation:Optional SSLCipher *string `json:"sslCipher,omitempty" tf:"ssl_cipher,omitempty"` diff --git a/apis/sql/v1beta1/zz_generated.deepcopy.go b/apis/sql/v1beta1/zz_generated.deepcopy.go index 240aa6b8c..1382c1404 100644 --- a/apis/sql/v1beta1/zz_generated.deepcopy.go +++ b/apis/sql/v1beta1/zz_generated.deepcopy.go @@ -490,6 +490,11 @@ func (in *CloneInitParameters) DeepCopyInto(out *CloneInitParameters) { *out = new(string) **out = **in } + if in.PreferredZone != nil { + in, out := &in.PreferredZone, &out.PreferredZone + *out = new(string) + **out = **in + } if in.SourceInstanceName != nil { in, out := &in.SourceInstanceName, &out.SourceInstanceName *out = new(string) @@ -531,6 +536,11 @@ func (in *CloneObservation) DeepCopyInto(out *CloneObservation) { *out = new(string) **out = **in } + if in.PreferredZone != nil { + in, out := &in.PreferredZone, &out.PreferredZone + *out = new(string) + **out = **in + } if in.SourceInstanceName != nil { in, out := &in.SourceInstanceName, &out.SourceInstanceName *out = new(string) @@ -572,6 +582,11 @@ func (in *CloneParameters) DeepCopyInto(out *CloneParameters) { *out = new(string) **out = **in } + if in.PreferredZone != nil { + in, out := &in.PreferredZone, &out.PreferredZone + *out = new(string) + **out = **in + } if in.SourceInstanceName != nil { in, out := &in.SourceInstanceName, &out.SourceInstanceName *out = new(string) @@ -949,6 +964,11 @@ func (in *DatabaseInstanceObservation) DeepCopyInto(out *DatabaseInstanceObserva *out = new(string) **out = **in } + if in.DNSName != nil { + in, out := &in.DNSName, &out.DNSName + *out = new(string) + **out = **in + } if in.DatabaseVersion != nil { in, out := &in.DatabaseVersion, &out.DatabaseVersion *out = new(string) @@ -1006,6 +1026,11 @@ func (in *DatabaseInstanceObservation) DeepCopyInto(out *DatabaseInstanceObserva *out = new(string) **out = **in } + if in.PscServiceAttachmentLink != nil { + in, out := &in.PscServiceAttachmentLink, &out.PscServiceAttachmentLink + *out = new(string) + **out = **in + } if in.PublicIPAddress != nil { in, out := &in.PublicIPAddress, &out.PublicIPAddress *out = new(string) @@ -1035,13 +1060,6 @@ func (in *DatabaseInstanceObservation) DeepCopyInto(out *DatabaseInstanceObserva *out = new(string) **out = **in } - if in.ServerCACert != nil { - in, out := &in.ServerCACert, &out.ServerCACert - *out = make([]ServerCACertObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.ServiceAccountEmailAddress != nil { in, out := &in.ServiceAccountEmailAddress, &out.ServiceAccountEmailAddress *out = new(string) @@ -1541,11 +1559,23 @@ func (in *IPConfigurationInitParameters) DeepCopyInto(out *IPConfigurationInitPa *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.PscConfig != nil { + in, out := &in.PscConfig, &out.PscConfig + *out = make([]PscConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.RequireSSL != nil { in, out := &in.RequireSSL, &out.RequireSSL *out = new(bool) **out = **in } + if in.SSLMode != nil { + in, out := &in.SSLMode, &out.SSLMode + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPConfigurationInitParameters. @@ -1588,11 +1618,23 @@ func (in *IPConfigurationObservation) DeepCopyInto(out *IPConfigurationObservati *out = new(string) **out = **in } + if in.PscConfig != nil { + in, out := &in.PscConfig, &out.PscConfig + *out = make([]PscConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.RequireSSL != nil { in, out := &in.RequireSSL, &out.RequireSSL *out = new(bool) **out = **in } + if in.SSLMode != nil { + in, out := &in.SSLMode, &out.SSLMode + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPConfigurationObservation. @@ -1645,11 +1687,23 @@ func (in *IPConfigurationParameters) DeepCopyInto(out *IPConfigurationParameters *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.PscConfig != nil { + in, out := &in.PscConfig, &out.PscConfig + *out = make([]PscConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.RequireSSL != nil { in, out := &in.RequireSSL, &out.RequireSSL *out = new(bool) **out = **in } + if in.SSLMode != nil { + in, out := &in.SSLMode, &out.SSLMode + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPConfigurationParameters. @@ -2209,6 +2263,99 @@ func (in *PasswordValidationPolicyParameters) DeepCopy() *PasswordValidationPoli return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscConfigInitParameters) DeepCopyInto(out *PscConfigInitParameters) { + *out = *in + if in.AllowedConsumerProjects != nil { + in, out := &in.AllowedConsumerProjects, &out.AllowedConsumerProjects + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PscEnabled != nil { + in, out := &in.PscEnabled, &out.PscEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscConfigInitParameters. +func (in *PscConfigInitParameters) DeepCopy() *PscConfigInitParameters { + if in == nil { + return nil + } + out := new(PscConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscConfigObservation) DeepCopyInto(out *PscConfigObservation) { + *out = *in + if in.AllowedConsumerProjects != nil { + in, out := &in.AllowedConsumerProjects, &out.AllowedConsumerProjects + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PscEnabled != nil { + in, out := &in.PscEnabled, &out.PscEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscConfigObservation. +func (in *PscConfigObservation) DeepCopy() *PscConfigObservation { + if in == nil { + return nil + } + out := new(PscConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscConfigParameters) DeepCopyInto(out *PscConfigParameters) { + *out = *in + if in.AllowedConsumerProjects != nil { + in, out := &in.AllowedConsumerProjects, &out.AllowedConsumerProjects + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PscEnabled != nil { + in, out := &in.PscEnabled, &out.PscEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscConfigParameters. +func (in *PscConfigParameters) DeepCopy() *PscConfigParameters { + if in == nil { + return nil + } + out := new(PscConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReplicaConfigurationInitParameters) DeepCopyInto(out *ReplicaConfigurationInitParameters) { *out = *in @@ -2752,11 +2899,6 @@ func (in *SSLCertList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SSLCertObservation) DeepCopyInto(out *SSLCertObservation) { *out = *in - if in.Cert != nil { - in, out := &in.Cert, &out.Cert - *out = new(string) - **out = **in - } if in.CertSerialNumber != nil { in, out := &in.CertSerialNumber, &out.CertSerialNumber *out = new(string) @@ -2792,11 +2934,6 @@ func (in *SSLCertObservation) DeepCopyInto(out *SSLCertObservation) { *out = new(string) **out = **in } - if in.ServerCACert != nil { - in, out := &in.ServerCACert, &out.ServerCACert - *out = new(string) - **out = **in - } if in.Sha1Fingerprint != nil { in, out := &in.Sha1Fingerprint, &out.Sha1Fingerprint *out = new(string) diff --git a/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go b/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go index c9371a409..2f551ad08 100755 --- a/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go +++ b/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go @@ -47,7 +47,7 @@ type SourceRepresentationInstanceInitParameters struct { // A file in the bucket that contains the data from the external server. DumpFilePath *string `json:"dumpFilePath,omitempty" tf:"dump_file_path,omitempty"` - // The externally accessible IPv4 address for the source database server. + // The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. Host *string `json:"host,omitempty" tf:"host,omitempty"` // The externally accessible port for the source database server. @@ -84,7 +84,7 @@ type SourceRepresentationInstanceObservation struct { // A file in the bucket that contains the data from the external server. DumpFilePath *string `json:"dumpFilePath,omitempty" tf:"dump_file_path,omitempty"` - // The externally accessible IPv4 address for the source database server. + // The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. Host *string `json:"host,omitempty" tf:"host,omitempty"` // an identifier for the resource with format projects/{{project}}/instances/{{name}} @@ -129,7 +129,7 @@ type SourceRepresentationInstanceParameters struct { // +kubebuilder:validation:Optional DumpFilePath *string `json:"dumpFilePath,omitempty" tf:"dump_file_path,omitempty"` - // The externally accessible IPv4 address for the source database server. + // The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. // +kubebuilder:validation:Optional Host *string `json:"host,omitempty" tf:"host,omitempty"` diff --git a/apis/sql/v1beta1/zz_sslcert_terraformed.go b/apis/sql/v1beta1/zz_sslcert_terraformed.go index 361f29cb0..4d539bbec 100755 --- a/apis/sql/v1beta1/zz_sslcert_terraformed.go +++ b/apis/sql/v1beta1/zz_sslcert_terraformed.go @@ -37,7 +37,7 @@ func (mg *SSLCert) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this SSLCert func (tr *SSLCert) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"private_key": "status.atProvider.privateKey"} + return map[string]string{"cert": "status.atProvider.cert", "private_key": "status.atProvider.privateKey", "server_ca_cert": "status.atProvider.serverCaCert"} } // GetObservation of this SSLCert diff --git a/apis/sql/v1beta1/zz_sslcert_types.go b/apis/sql/v1beta1/zz_sslcert_types.go index e51a64064..081fd512e 100755 --- a/apis/sql/v1beta1/zz_sslcert_types.go +++ b/apis/sql/v1beta1/zz_sslcert_types.go @@ -55,9 +55,6 @@ type SSLCertInitParameters struct { type SSLCertObservation struct { - // The actual certificate data for this client certificate. - Cert *string `json:"cert,omitempty" tf:"cert,omitempty"` - // The serial number extracted from the certificate data. CertSerialNumber *string `json:"certSerialNumber,omitempty" tf:"cert_serial_number,omitempty"` @@ -83,9 +80,6 @@ type SSLCertObservation struct { // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The CA cert of the server this client cert was generated from. - ServerCACert *string `json:"serverCaCert,omitempty" tf:"server_ca_cert,omitempty"` - // The SHA1 Fingerprint of the certificate. Sha1Fingerprint *string `json:"sha1Fingerprint,omitempty" tf:"sha1_fingerprint,omitempty"` } diff --git a/apis/sql/v1beta1/zz_user_types.go b/apis/sql/v1beta1/zz_user_types.go index f83995d62..c0fbbce8c 100755 --- a/apis/sql/v1beta1/zz_user_types.go +++ b/apis/sql/v1beta1/zz_user_types.go @@ -140,7 +140,7 @@ type UserInitParameters struct { // The user type. It determines the method to authenticate the // user during login. The default is the database's built-in user type. Flags - // include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + // include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -172,7 +172,7 @@ type UserObservation struct { // The user type. It determines the method to authenticate the // user during login. The default is the database's built-in user type. Flags - // include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + // include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -221,7 +221,7 @@ type UserParameters struct { // The user type. It determines the method to authenticate the // user during login. The default is the database's built-in user type. Flags - // include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + // include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". // +kubebuilder:validation:Optional Type *string `json:"type,omitempty" tf:"type,omitempty"` } diff --git a/apis/storage/v1beta1/zz_bucket_terraformed.go b/apis/storage/v1beta1/zz_bucket_terraformed.go index e71373bcf..83a5dd2ae 100755 --- a/apis/storage/v1beta1/zz_bucket_terraformed.go +++ b/apis/storage/v1beta1/zz_bucket_terraformed.go @@ -141,5 +141,5 @@ func (tr *Bucket) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Bucket) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/storage/v1beta1/zz_bucket_types.go b/apis/storage/v1beta1/zz_bucket_types.go index 91f2fd2f3..6bd035dad 100755 --- a/apis/storage/v1beta1/zz_bucket_types.go +++ b/apis/storage/v1beta1/zz_bucket_types.go @@ -62,12 +62,18 @@ type AutoclassInitParameters struct { // While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE. + TerminalStorageClass *string `json:"terminalStorageClass,omitempty" tf:"terminal_storage_class,omitempty"` } type AutoclassObservation struct { // While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE. + TerminalStorageClass *string `json:"terminalStorageClass,omitempty" tf:"terminal_storage_class,omitempty"` } type AutoclassParameters struct { @@ -75,6 +81,10 @@ type AutoclassParameters struct { // While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern. // +kubebuilder:validation:Optional Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + + // The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE. + // +kubebuilder:validation:Optional + TerminalStorageClass *string `json:"terminalStorageClass,omitempty" tf:"terminal_storage_class,omitempty"` } type BucketInitParameters struct { @@ -91,6 +101,9 @@ type BucketInitParameters struct { // Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. DefaultEventBasedHold *bool `json:"defaultEventBasedHold,omitempty" tf:"default_event_based_hold,omitempty"` + // Enables object retention on a storage bucket. + EnableObjectRetention *bool `json:"enableObjectRetention,omitempty" tf:"enable_object_retention,omitempty"` + // The bucket's encryption configuration. Structure is documented below. Encryption []EncryptionInitParameters `json:"encryption,omitempty" tf:"encryption,omitempty"` @@ -124,6 +137,9 @@ type BucketInitParameters struct { // Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. Structure is documented below. RetentionPolicy []RetentionPolicyInitParameters `json:"retentionPolicy,omitempty" tf:"retention_policy,omitempty"` + // The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. "DEFAULT" sets default replication. "ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only. See Turbo Replication for more information. If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets. NOTE If used with single-region bucket, It will throw an error. + Rpo *string `json:"rpo,omitempty" tf:"rpo,omitempty"` + // The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. StorageClass *string `json:"storageClass,omitempty" tf:"storage_class,omitempty"` @@ -151,6 +167,13 @@ type BucketObservation struct { // Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. DefaultEventBasedHold *bool `json:"defaultEventBasedHold,omitempty" tf:"default_event_based_hold,omitempty"` + // A map of key/value label pairs to assign to the bucket. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + + // Enables object retention on a storage bucket. + EnableObjectRetention *bool `json:"enableObjectRetention,omitempty" tf:"enable_object_retention,omitempty"` + // The bucket's encryption configuration. Structure is documented below. Encryption []EncryptionObservation `json:"encryption,omitempty" tf:"encryption,omitempty"` @@ -186,12 +209,19 @@ type BucketObservation struct { // Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. Structure is documented below. RetentionPolicy []RetentionPolicyObservation `json:"retentionPolicy,omitempty" tf:"retention_policy,omitempty"` + // The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. "DEFAULT" sets default replication. "ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only. See Turbo Replication for more information. If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets. NOTE If used with single-region bucket, It will throw an error. + Rpo *string `json:"rpo,omitempty" tf:"rpo,omitempty"` + // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` // The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. StorageClass *string `json:"storageClass,omitempty" tf:"storage_class,omitempty"` + // A map of key/value label pairs to assign to the bucket. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The base URL of the bucket, in the format gs://. URL *string `json:"url,omitempty" tf:"url,omitempty"` @@ -223,6 +253,10 @@ type BucketParameters struct { // +kubebuilder:validation:Optional DefaultEventBasedHold *bool `json:"defaultEventBasedHold,omitempty" tf:"default_event_based_hold,omitempty"` + // Enables object retention on a storage bucket. + // +kubebuilder:validation:Optional + EnableObjectRetention *bool `json:"enableObjectRetention,omitempty" tf:"enable_object_retention,omitempty"` + // The bucket's encryption configuration. Structure is documented below. // +kubebuilder:validation:Optional Encryption []EncryptionParameters `json:"encryption,omitempty" tf:"encryption,omitempty"` @@ -266,6 +300,10 @@ type BucketParameters struct { // +kubebuilder:validation:Optional RetentionPolicy []RetentionPolicyParameters `json:"retentionPolicy,omitempty" tf:"retention_policy,omitempty"` + // The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. "DEFAULT" sets default replication. "ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only. See Turbo Replication for more information. If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets. NOTE If used with single-region bucket, It will throw an error. + // +kubebuilder:validation:Optional + Rpo *string `json:"rpo,omitempty" tf:"rpo,omitempty"` + // The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. // +kubebuilder:validation:Optional StorageClass *string `json:"storageClass,omitempty" tf:"storage_class,omitempty"` @@ -309,6 +347,9 @@ type ConditionInitParameters struct { // One or more matching name suffixes to satisfy this condition. MatchesSuffix []*string `json:"matchesSuffix,omitempty" tf:"matches_suffix,omitempty"` + // While set true, age value will be omitted. Note Required to set true when age is unset in the config file. + NoAge *bool `json:"noAge,omitempty" tf:"no_age,omitempty"` + // Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. NoncurrentTimeBefore *string `json:"noncurrentTimeBefore,omitempty" tf:"noncurrent_time_before,omitempty"` @@ -345,6 +386,9 @@ type ConditionObservation struct { // One or more matching name suffixes to satisfy this condition. MatchesSuffix []*string `json:"matchesSuffix,omitempty" tf:"matches_suffix,omitempty"` + // While set true, age value will be omitted. Note Required to set true when age is unset in the config file. + NoAge *bool `json:"noAge,omitempty" tf:"no_age,omitempty"` + // Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. NoncurrentTimeBefore *string `json:"noncurrentTimeBefore,omitempty" tf:"noncurrent_time_before,omitempty"` @@ -389,6 +433,10 @@ type ConditionParameters struct { // +kubebuilder:validation:Optional MatchesSuffix []*string `json:"matchesSuffix,omitempty" tf:"matches_suffix,omitempty"` + // While set true, age value will be omitted. Note Required to set true when age is unset in the config file. + // +kubebuilder:validation:Optional + NoAge *bool `json:"noAge,omitempty" tf:"no_age,omitempty"` + // Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. // +kubebuilder:validation:Optional NoncurrentTimeBefore *string `json:"noncurrentTimeBefore,omitempty" tf:"noncurrent_time_before,omitempty"` diff --git a/apis/storage/v1beta1/zz_bucketobject_types.go b/apis/storage/v1beta1/zz_bucketobject_types.go index 9f8703283..64af35065 100755 --- a/apis/storage/v1beta1/zz_bucketobject_types.go +++ b/apis/storage/v1beta1/zz_bucketobject_types.go @@ -82,6 +82,9 @@ type BucketObjectInitParameters struct { // The name of the object. If you're interpolating the name of this object, see output_name instead. Name *string `json:"name,omitempty" tf:"name,omitempty"` + // The object retention settings for the object. The retention settings allow an object to be retained until a provided date. Structure is documented below. + Retention []RetentionInitParameters `json:"retention,omitempty" tf:"retention,omitempty"` + // A path to the data you want to upload. Must be defined // if content is not. Source *string `json:"source,omitempty" tf:"source,omitempty"` @@ -154,6 +157,9 @@ type BucketObjectObservation struct { // google_storage_object_acl resources when your google_storage_bucket_object is recreated. OutputName *string `json:"outputName,omitempty" tf:"output_name,omitempty"` + // The object retention settings for the object. The retention settings allow an object to be retained until a provided date. Structure is documented below. + Retention []RetentionObservation `json:"retention,omitempty" tf:"retention,omitempty"` + // (Computed) A url reference to this object. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` @@ -236,6 +242,10 @@ type BucketObjectParameters struct { // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` + // The object retention settings for the object. The retention settings allow an object to be retained until a provided date. Structure is documented below. + // +kubebuilder:validation:Optional + Retention []RetentionParameters `json:"retention,omitempty" tf:"retention,omitempty"` + // A path to the data you want to upload. Must be defined // if content is not. // +kubebuilder:validation:Optional @@ -275,6 +285,35 @@ type CustomerEncryptionParameters struct { EncryptionKeySecretRef v1.SecretKeySelector `json:"encryptionKeySecretRef" tf:"-"` } +type RetentionInitParameters struct { + + // The retention policy mode. Either Locked or Unlocked. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // The time to retain the object until in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. + RetainUntilTime *string `json:"retainUntilTime,omitempty" tf:"retain_until_time,omitempty"` +} + +type RetentionObservation struct { + + // The retention policy mode. Either Locked or Unlocked. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // The time to retain the object until in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. + RetainUntilTime *string `json:"retainUntilTime,omitempty" tf:"retain_until_time,omitempty"` +} + +type RetentionParameters struct { + + // The retention policy mode. Either Locked or Unlocked. + // +kubebuilder:validation:Optional + Mode *string `json:"mode" tf:"mode,omitempty"` + + // The time to retain the object until in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. + // +kubebuilder:validation:Optional + RetainUntilTime *string `json:"retainUntilTime" tf:"retain_until_time,omitempty"` +} + // BucketObjectSpec defines the desired state of BucketObject type BucketObjectSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/storage/v1beta1/zz_generated.deepcopy.go b/apis/storage/v1beta1/zz_generated.deepcopy.go index 3d6feb704..3cdcd18e5 100644 --- a/apis/storage/v1beta1/zz_generated.deepcopy.go +++ b/apis/storage/v1beta1/zz_generated.deepcopy.go @@ -108,6 +108,11 @@ func (in *AutoclassInitParameters) DeepCopyInto(out *AutoclassInitParameters) { *out = new(bool) **out = **in } + if in.TerminalStorageClass != nil { + in, out := &in.TerminalStorageClass, &out.TerminalStorageClass + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoclassInitParameters. @@ -128,6 +133,11 @@ func (in *AutoclassObservation) DeepCopyInto(out *AutoclassObservation) { *out = new(bool) **out = **in } + if in.TerminalStorageClass != nil { + in, out := &in.TerminalStorageClass, &out.TerminalStorageClass + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoclassObservation. @@ -148,6 +158,11 @@ func (in *AutoclassParameters) DeepCopyInto(out *AutoclassParameters) { *out = new(bool) **out = **in } + if in.TerminalStorageClass != nil { + in, out := &in.TerminalStorageClass, &out.TerminalStorageClass + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoclassParameters. @@ -1002,6 +1017,11 @@ func (in *BucketInitParameters) DeepCopyInto(out *BucketInitParameters) { *out = new(bool) **out = **in } + if in.EnableObjectRetention != nil { + in, out := &in.EnableObjectRetention, &out.EnableObjectRetention + *out = new(bool) + **out = **in + } if in.Encryption != nil { in, out := &in.Encryption, &out.Encryption *out = make([]EncryptionInitParameters, len(*in)) @@ -1071,6 +1091,11 @@ func (in *BucketInitParameters) DeepCopyInto(out *BucketInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Rpo != nil { + in, out := &in.Rpo, &out.Rpo + *out = new(string) + **out = **in + } if in.StorageClass != nil { in, out := &in.StorageClass, &out.StorageClass *out = new(string) @@ -1257,6 +1282,13 @@ func (in *BucketObjectInitParameters) DeepCopyInto(out *BucketObjectInitParamete *out = new(string) **out = **in } + if in.Retention != nil { + in, out := &in.Retention, &out.Retention + *out = make([]RetentionInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Source != nil { in, out := &in.Source, &out.Source *out = new(string) @@ -1422,6 +1454,13 @@ func (in *BucketObjectObservation) DeepCopyInto(out *BucketObjectObservation) { *out = new(string) **out = **in } + if in.Retention != nil { + in, out := &in.Retention, &out.Retention + *out = make([]RetentionObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.SelfLink != nil { in, out := &in.SelfLink, &out.SelfLink *out = new(string) @@ -1545,6 +1584,13 @@ func (in *BucketObjectParameters) DeepCopyInto(out *BucketObjectParameters) { *out = new(string) **out = **in } + if in.Retention != nil { + in, out := &in.Retention, &out.Retention + *out = make([]RetentionParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Source != nil { in, out := &in.Source, &out.Source *out = new(string) @@ -1636,6 +1682,27 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { *out = new(bool) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.EnableObjectRetention != nil { + in, out := &in.EnableObjectRetention, &out.EnableObjectRetention + *out = new(bool) + **out = **in + } if in.Encryption != nil { in, out := &in.Encryption, &out.Encryption *out = make([]EncryptionObservation, len(*in)) @@ -1710,6 +1777,11 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Rpo != nil { + in, out := &in.Rpo, &out.Rpo + *out = new(string) + **out = **in + } if in.SelfLink != nil { in, out := &in.SelfLink, &out.SelfLink *out = new(string) @@ -1720,6 +1792,22 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.URL != nil { in, out := &in.URL, &out.URL *out = new(string) @@ -1785,6 +1873,11 @@ func (in *BucketParameters) DeepCopyInto(out *BucketParameters) { *out = new(bool) **out = **in } + if in.EnableObjectRetention != nil { + in, out := &in.EnableObjectRetention, &out.EnableObjectRetention + *out = new(bool) + **out = **in + } if in.Encryption != nil { in, out := &in.Encryption, &out.Encryption *out = make([]EncryptionParameters, len(*in)) @@ -1854,6 +1947,11 @@ func (in *BucketParameters) DeepCopyInto(out *BucketParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Rpo != nil { + in, out := &in.Rpo, &out.Rpo + *out = new(string) + **out = **in + } if in.StorageClass != nil { in, out := &in.StorageClass, &out.StorageClass *out = new(string) @@ -1986,6 +2084,11 @@ func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { } } } + if in.NoAge != nil { + in, out := &in.NoAge, &out.NoAge + *out = new(bool) + **out = **in + } if in.NoncurrentTimeBefore != nil { in, out := &in.NoncurrentTimeBefore, &out.NoncurrentTimeBefore *out = new(string) @@ -2074,6 +2177,11 @@ func (in *ConditionObservation) DeepCopyInto(out *ConditionObservation) { } } } + if in.NoAge != nil { + in, out := &in.NoAge, &out.NoAge + *out = new(bool) + **out = **in + } if in.NoncurrentTimeBefore != nil { in, out := &in.NoncurrentTimeBefore, &out.NoncurrentTimeBefore *out = new(string) @@ -2162,6 +2270,11 @@ func (in *ConditionParameters) DeepCopyInto(out *ConditionParameters) { } } } + if in.NoAge != nil { + in, out := &in.NoAge, &out.NoAge + *out = new(bool) + **out = **in + } if in.NoncurrentTimeBefore != nil { in, out := &in.NoncurrentTimeBefore, &out.NoncurrentTimeBefore *out = new(string) @@ -4150,6 +4263,81 @@ func (in *ProjectTeamParameters) DeepCopy() *ProjectTeamParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RetentionInitParameters) DeepCopyInto(out *RetentionInitParameters) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.RetainUntilTime != nil { + in, out := &in.RetainUntilTime, &out.RetainUntilTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetentionInitParameters. +func (in *RetentionInitParameters) DeepCopy() *RetentionInitParameters { + if in == nil { + return nil + } + out := new(RetentionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RetentionObservation) DeepCopyInto(out *RetentionObservation) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.RetainUntilTime != nil { + in, out := &in.RetainUntilTime, &out.RetainUntilTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetentionObservation. +func (in *RetentionObservation) DeepCopy() *RetentionObservation { + if in == nil { + return nil + } + out := new(RetentionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RetentionParameters) DeepCopyInto(out *RetentionParameters) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.RetainUntilTime != nil { + in, out := &in.RetainUntilTime, &out.RetainUntilTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetentionParameters. +func (in *RetentionParameters) DeepCopy() *RetentionParameters { + if in == nil { + return nil + } + out := new(RetentionParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionPolicyInitParameters) DeepCopyInto(out *RetentionPolicyInitParameters) { *out = *in diff --git a/apis/tpu/v1beta1/zz_generated.deepcopy.go b/apis/tpu/v1beta1/zz_generated.deepcopy.go index 9eee4eee6..722789d43 100644 --- a/apis/tpu/v1beta1/zz_generated.deepcopy.go +++ b/apis/tpu/v1beta1/zz_generated.deepcopy.go @@ -240,6 +240,22 @@ func (in *NodeObservation) DeepCopyInto(out *NodeObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -295,6 +311,22 @@ func (in *NodeObservation) DeepCopyInto(out *NodeObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UseServiceNetworking != nil { in, out := &in.UseServiceNetworking, &out.UseServiceNetworking *out = new(bool) diff --git a/apis/tpu/v1beta1/zz_node_types.go b/apis/tpu/v1beta1/zz_node_types.go index 324e967c2..f2f4b73c7 100755 --- a/apis/tpu/v1beta1/zz_node_types.go +++ b/apis/tpu/v1beta1/zz_node_types.go @@ -65,6 +65,8 @@ type NodeInitParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Resource labels to represent user provided metadata. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -120,10 +122,15 @@ type NodeObservation struct { // The user-supplied description of the TPU. Maximum of 512 characters. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{zone}}/nodes/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // Resource labels to represent user provided metadata. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -156,6 +163,11 @@ type NodeObservation struct { // The version of Tensorflow running in the Node. TensorflowVersion *string `json:"tensorflowVersion,omitempty" tf:"tensorflow_version,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Whether the VPC peering for the node is set up through Service Networking API. // The VPC Peering should be set up before provisioning the node. If this field is set, // cidr_block field should not be specified. If the network that you want to peer the @@ -188,6 +200,8 @@ type NodeParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Resource labels to represent user provided metadata. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` diff --git a/apis/vertexai/v1beta1/zz_dataset_types.go b/apis/vertexai/v1beta1/zz_dataset_types.go index a892fcd9f..aa686db13 100755 --- a/apis/vertexai/v1beta1/zz_dataset_types.go +++ b/apis/vertexai/v1beta1/zz_dataset_types.go @@ -61,6 +61,10 @@ type DatasetObservation struct { // The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key. // Structure is documented below. EncryptionSpec []EncryptionSpecObservation `json:"encryptionSpec,omitempty" tf:"encryption_spec,omitempty"` @@ -85,6 +89,11 @@ type DatasetObservation struct { // The region of the dataset. eg us-central1 Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The timestamp of when the dataset was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } diff --git a/apis/vertexai/v1beta1/zz_featurestore_types.go b/apis/vertexai/v1beta1/zz_featurestore_types.go index f64504ce5..36f045dcc 100755 --- a/apis/vertexai/v1beta1/zz_featurestore_types.go +++ b/apis/vertexai/v1beta1/zz_featurestore_types.go @@ -81,6 +81,10 @@ type FeaturestoreObservation struct { // The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // If set, both of the online and offline data storage will be secured by this key. // Structure is documented below. EncryptionSpec []FeaturestoreEncryptionSpecObservation `json:"encryptionSpec,omitempty" tf:"encryption_spec,omitempty"` @@ -112,6 +116,11 @@ type FeaturestoreObservation struct { // The region of the dataset. eg us-central1 Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } diff --git a/apis/vertexai/v1beta1/zz_featurestoreentitytype_types.go b/apis/vertexai/v1beta1/zz_featurestoreentitytype_types.go index ea78f05a3..e5c44f02c 100755 --- a/apis/vertexai/v1beta1/zz_featurestoreentitytype_types.go +++ b/apis/vertexai/v1beta1/zz_featurestoreentitytype_types.go @@ -87,6 +87,10 @@ type FeaturestoreEntitytypeObservation struct { // Optional. Description of the EntityType. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Used to perform consistent read-modify-write updates. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -110,6 +114,11 @@ type FeaturestoreEntitytypeObservation struct { Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } diff --git a/apis/vertexai/v1beta1/zz_generated.deepcopy.go b/apis/vertexai/v1beta1/zz_generated.deepcopy.go index 7d65ba9ca..0e736734f 100644 --- a/apis/vertexai/v1beta1/zz_generated.deepcopy.go +++ b/apis/vertexai/v1beta1/zz_generated.deepcopy.go @@ -215,6 +215,22 @@ func (in *DatasetObservation) DeepCopyInto(out *DatasetObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EncryptionSpec != nil { in, out := &in.EncryptionSpec, &out.EncryptionSpec *out = make([]EncryptionSpecObservation, len(*in)) @@ -263,6 +279,22 @@ func (in *DatasetObservation) DeepCopyInto(out *DatasetObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -655,6 +687,22 @@ func (in *FeaturestoreEntitytypeObservation) DeepCopyInto(out *FeaturestoreEntit *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.Etag != nil { in, out := &in.Etag, &out.Etag *out = new(string) @@ -703,6 +751,22 @@ func (in *FeaturestoreEntitytypeObservation) DeepCopyInto(out *FeaturestoreEntit *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -923,6 +987,22 @@ func (in *FeaturestoreObservation) DeepCopyInto(out *FeaturestoreObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EncryptionSpec != nil { in, out := &in.EncryptionSpec, &out.EncryptionSpec *out = make([]FeaturestoreEncryptionSpecObservation, len(*in)) @@ -983,6 +1063,22 @@ func (in *FeaturestoreObservation) DeepCopyInto(out *FeaturestoreObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) @@ -1795,6 +1891,22 @@ func (in *TensorboardObservation) DeepCopyInto(out *TensorboardObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EncryptionSpec != nil { in, out := &in.EncryptionSpec, &out.EncryptionSpec *out = make([]TensorboardEncryptionSpecObservation, len(*in)) @@ -1843,6 +1955,22 @@ func (in *TensorboardObservation) DeepCopyInto(out *TensorboardObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) diff --git a/apis/vertexai/v1beta1/zz_tensorboard_types.go b/apis/vertexai/v1beta1/zz_tensorboard_types.go index a50e830c4..26e3e3500 100755 --- a/apis/vertexai/v1beta1/zz_tensorboard_types.go +++ b/apis/vertexai/v1beta1/zz_tensorboard_types.go @@ -80,6 +80,10 @@ type TensorboardObservation struct { // Description of this Tensorboard. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key. // Structure is documented below. EncryptionSpec []TensorboardEncryptionSpecObservation `json:"encryptionSpec,omitempty" tf:"encryption_spec,omitempty"` @@ -104,6 +108,11 @@ type TensorboardObservation struct { // The number of Runs stored in this Tensorboard. RunCount *string `json:"runCount,omitempty" tf:"run_count,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The timestamp of when the Tensorboard was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` } diff --git a/apis/workflows/v1beta1/zz_generated.deepcopy.go b/apis/workflows/v1beta1/zz_generated.deepcopy.go index 9335ba5cb..666596145 100644 --- a/apis/workflows/v1beta1/zz_generated.deepcopy.go +++ b/apis/workflows/v1beta1/zz_generated.deepcopy.go @@ -55,6 +55,11 @@ func (in *Workflow) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkflowInitParameters) DeepCopyInto(out *WorkflowInitParameters) { *out = *in + if in.CallLogLevel != nil { + in, out := &in.CallLogLevel, &out.CallLogLevel + *out = new(string) + **out = **in + } if in.CryptoKeyName != nil { in, out := &in.CryptoKeyName, &out.CryptoKeyName *out = new(string) @@ -121,6 +126,22 @@ func (in *WorkflowInitParameters) DeepCopyInto(out *WorkflowInitParameters) { *out = new(string) **out = **in } + if in.UserEnvVars != nil { + in, out := &in.UserEnvVars, &out.UserEnvVars + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowInitParameters. @@ -168,6 +189,11 @@ func (in *WorkflowList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkflowObservation) DeepCopyInto(out *WorkflowObservation) { *out = *in + if in.CallLogLevel != nil { + in, out := &in.CallLogLevel, &out.CallLogLevel + *out = new(string) + **out = **in + } if in.CreateTime != nil { in, out := &in.CreateTime, &out.CreateTime *out = new(string) @@ -183,6 +209,22 @@ func (in *WorkflowObservation) DeepCopyInto(out *WorkflowObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -244,11 +286,43 @@ func (in *WorkflowObservation) DeepCopyInto(out *WorkflowObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.UpdateTime != nil { in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) **out = **in } + if in.UserEnvVars != nil { + in, out := &in.UserEnvVars, &out.UserEnvVars + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowObservation. @@ -264,6 +338,11 @@ func (in *WorkflowObservation) DeepCopy() *WorkflowObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkflowParameters) DeepCopyInto(out *WorkflowParameters) { *out = *in + if in.CallLogLevel != nil { + in, out := &in.CallLogLevel, &out.CallLogLevel + *out = new(string) + **out = **in + } if in.CryptoKeyName != nil { in, out := &in.CryptoKeyName, &out.CryptoKeyName *out = new(string) @@ -330,6 +409,22 @@ func (in *WorkflowParameters) DeepCopyInto(out *WorkflowParameters) { *out = new(string) **out = **in } + if in.UserEnvVars != nil { + in, out := &in.UserEnvVars, &out.UserEnvVars + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowParameters. diff --git a/apis/workflows/v1beta1/zz_workflow_types.go b/apis/workflows/v1beta1/zz_workflow_types.go index cfa815dfd..1a307624a 100755 --- a/apis/workflows/v1beta1/zz_workflow_types.go +++ b/apis/workflows/v1beta1/zz_workflow_types.go @@ -31,6 +31,12 @@ import ( type WorkflowInitParameters struct { + // Describes the level of platform logging to apply to calls and call responses during + // executions of this workflow. If both the workflow and the execution specify a logging level, + // the execution level takes precedence. + // Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. + CallLogLevel *string `json:"callLogLevel,omitempty" tf:"call_log_level,omitempty"` + // The KMS key used to encrypt workflow and execution data. // Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} CryptoKeyName *string `json:"cryptoKeyName,omitempty" tf:"crypto_key_name,omitempty"` @@ -75,12 +81,22 @@ type WorkflowInitParameters struct { // +kubebuilder:validation:Optional ServiceAccountSelector *v1.Selector `json:"serviceAccountSelector,omitempty" tf:"-"` - // Workflow code to be executed. The size limit is 32KB. + // Workflow code to be executed. The size limit is 128KB. SourceContents *string `json:"sourceContents,omitempty" tf:"source_contents,omitempty"` + + // User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS". + // +mapType=granular + UserEnvVars map[string]*string `json:"userEnvVars,omitempty" tf:"user_env_vars,omitempty"` } type WorkflowObservation struct { + // Describes the level of platform logging to apply to calls and call responses during + // executions of this workflow. If both the workflow and the execution specify a logging level, + // the execution level takes precedence. + // Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. + CallLogLevel *string `json:"callLogLevel,omitempty" tf:"call_log_level,omitempty"` + // The timestamp of when the workflow was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` @@ -91,6 +107,10 @@ type WorkflowObservation struct { // Description of the workflow provided by the user. Must be at most 1000 unicode characters long. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // for all of the labels present on the resource. + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -124,18 +144,34 @@ type WorkflowObservation struct { // Modifying this field for an existing workflow results in a new workflow revision. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` - // Workflow code to be executed. The size limit is 32KB. + // Workflow code to be executed. The size limit is 128KB. SourceContents *string `json:"sourceContents,omitempty" tf:"source_contents,omitempty"` // State of the workflow deployment. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The timestamp of when the workflow was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` + + // User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS". + // +mapType=granular + UserEnvVars map[string]*string `json:"userEnvVars,omitempty" tf:"user_env_vars,omitempty"` } type WorkflowParameters struct { + // Describes the level of platform logging to apply to calls and call responses during + // executions of this workflow. If both the workflow and the execution specify a logging level, + // the execution level takes precedence. + // Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. + // +kubebuilder:validation:Optional + CallLogLevel *string `json:"callLogLevel,omitempty" tf:"call_log_level,omitempty"` + // The KMS key used to encrypt workflow and execution data. // Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} // +kubebuilder:validation:Optional @@ -188,9 +224,14 @@ type WorkflowParameters struct { // +kubebuilder:validation:Optional ServiceAccountSelector *v1.Selector `json:"serviceAccountSelector,omitempty" tf:"-"` - // Workflow code to be executed. The size limit is 32KB. + // Workflow code to be executed. The size limit is 128KB. // +kubebuilder:validation:Optional SourceContents *string `json:"sourceContents,omitempty" tf:"source_contents,omitempty"` + + // User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS". + // +kubebuilder:validation:Optional + // +mapType=granular + UserEnvVars map[string]*string `json:"userEnvVars,omitempty" tf:"user_env_vars,omitempty"` } // WorkflowSpec defines the desired state of Workflow diff --git a/apis/zz_register.go b/apis/zz_register.go index bf25033dc..a57b8046b 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -41,7 +41,6 @@ import ( v1beta1cloudbuild "github.com/upbound/provider-gcp/apis/cloudbuild/v1beta1" v1beta1cloudfunctions "github.com/upbound/provider-gcp/apis/cloudfunctions/v1beta1" v1beta1cloudfunctions2 "github.com/upbound/provider-gcp/apis/cloudfunctions2/v1beta1" - v1beta1cloudiot "github.com/upbound/provider-gcp/apis/cloudiot/v1beta1" v1beta1cloudplatform "github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1" v1beta1cloudrun "github.com/upbound/provider-gcp/apis/cloudrun/v1beta1" v1beta1cloudscheduler "github.com/upbound/provider-gcp/apis/cloudscheduler/v1beta1" @@ -119,7 +118,6 @@ func init() { v1beta1cloudbuild.SchemeBuilder.AddToScheme, v1beta1cloudfunctions.SchemeBuilder.AddToScheme, v1beta1cloudfunctions2.SchemeBuilder.AddToScheme, - v1beta1cloudiot.SchemeBuilder.AddToScheme, v1beta1cloudplatform.SchemeBuilder.AddToScheme, v1beta1cloudrun.SchemeBuilder.AddToScheme, v1beta1cloudscheduler.SchemeBuilder.AddToScheme, diff --git a/cmd/provider/cloudiot/zz_main.go b/cmd/provider/cloudiot/zz_main.go deleted file mode 100644 index 6dd66cda1..000000000 --- a/cmd/provider/cloudiot/zz_main.go +++ /dev/null @@ -1,212 +0,0 @@ -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "context" - "fmt" - "os" - "path/filepath" - "time" - - xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - "github.com/crossplane/crossplane-runtime/pkg/certificates" - xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" - "github.com/crossplane/crossplane-runtime/pkg/feature" - "github.com/crossplane/crossplane-runtime/pkg/logging" - "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" - "github.com/crossplane/crossplane-runtime/pkg/resource" - tjcontroller "github.com/crossplane/upjet/pkg/controller" - "gopkg.in/alecthomas/kingpin.v2" - kerrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - "k8s.io/client-go/tools/leaderelection/resourcelock" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/cache" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - "sigs.k8s.io/controller-runtime/pkg/webhook" - - "github.com/upbound/provider-gcp/apis" - "github.com/upbound/provider-gcp/apis/v1alpha1" - "github.com/upbound/provider-gcp/config" - resolverapis "github.com/upbound/provider-gcp/internal/apis" - "github.com/upbound/provider-gcp/internal/clients" - "github.com/upbound/provider-gcp/internal/controller" - "github.com/upbound/provider-gcp/internal/features" -) - -const ( - webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" - tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" - certsDirEnvVar = "CERTS_DIR" - tlsServerCertDir = "/tls/server" -) - -func deprecationAction(flagName string) kingpin.Action { - return func(c *kingpin.ParseContext) error { - _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) - kingpin.FatalIfError(err, "Failed to print the deprecation notice.") - return nil - } -} - -func main() { - var ( - app = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for GCP").DefaultEnvars() - debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() - syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() - pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() - leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() - maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("100").Int() - - namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() - essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() - enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() - enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - - certsDirSet = false - // we record whether the command-line option "--certs-dir" was supplied - // in the registered PreAction for the flag. - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { - certsDirSet = true - return nil - }).String() - - // now deprecated command-line arguments with the Terraform SDK-based upjet architecture - _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() - _ = app.Flag("terraform-version", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform version.").Envar("TERRAFORM_VERSION").Hidden().Action(deprecationAction("terraform-version")).String() - _ = app.Flag("terraform-provider-version", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform provider version.").Envar("TERRAFORM_PROVIDER_VERSION").Hidden().Action(deprecationAction("terraform-provider-version")).String() - _ = app.Flag("terraform-native-provider-path", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform native provider path for shared execution.").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").Hidden().Action(deprecationAction("terraform-native-provider-path")).String() - _ = app.Flag("terraform-provider-source", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform provider source.").Envar("TERRAFORM_PROVIDER_SOURCE").Hidden().Action(deprecationAction("terraform-provider-source")).String() - ) - - kingpin.MustParse(app.Parse(os.Args[1:])) - - zl := zap.New(zap.UseDevMode(*debug)) - log := logging.NewLogrLogger(zl.WithName("provider-gcp")) - if *debug { - // The controller-runtime runs with a no-op logger by default. It is - // *very* verbose even at info level, so we only provide it a real - // logger when we're running in debug mode. - ctrl.SetLogger(zl) - } - - // currently, we configure the jitter to be the 5% of the poll interval - pollJitter := time.Duration(float64(*pollInterval) * 0.05) - log.Debug("Starting", "sync-interval", syncInterval.String(), - "poll-interval", pollInterval.String(), "poll-jitter", pollJitter, "max-reconcile-rate", *maxReconcileRate) - - cfg, err := ctrl.GetConfig() - kingpin.FatalIfError(err, "Cannot get API server rest config") - - // Get the TLS certs directory from the environment variables set by - // Crossplane if they're available. - // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions - // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied - // via the command-line options, then these environment variables are used - // instead. - if !certsDirSet { - // backwards-compatibility concerns - xpCertsDir := os.Getenv(certsDirEnvVar) - if xpCertsDir == "" { - xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) - } - if xpCertsDir == "" { - xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) - } - // we probably don't need this condition but just to be on the - // safe side, if we are missing any kingpin machinery details... - if xpCertsDir != "" { - *certsDir = xpCertsDir - } - } - - mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ - LeaderElection: *leaderElection, - LeaderElectionID: "crossplane-leader-election-provider-gcp-cloudiot", - Cache: cache.Options{ - SyncPeriod: syncInterval, - }, - WebhookServer: webhook.NewServer( - webhook.Options{ - CertDir: *certsDir, - }), - LeaderElectionResourceLock: resourcelock.LeasesResourceLock, - LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), - RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), - }) - kingpin.FatalIfError(err, "Cannot create controller manager") - kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add GCP APIs to scheme") - kingpin.FatalIfError(resolverapis.BuildScheme(apis.AddToSchemes), "Cannot register the GCP APIs with the API resolver's runtime scheme") - - ctx := context.Background() - provider, err := config.GetProvider(ctx, false) - kingpin.FatalIfError(err, "Cannot initialize the provider configuration") - o := tjcontroller.Options{ - Options: xpcontroller.Options{ - Logger: log, - GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), - PollInterval: *pollInterval, - MaxConcurrentReconciles: *maxReconcileRate, - Features: &feature.Flags{}, - }, - Provider: provider, - SetupFn: clients.TerraformSetupBuilder(provider.TerraformProvider), - PollJitter: pollJitter, - OperationTrackerStore: tjcontroller.NewOperationStore(log), - StartWebhooks: *certsDir != "", - } - - if *enableManagementPolicies { - o.Features.Enable(features.EnableBetaManagementPolicies) - log.Info("Beta feature enabled", "flag", features.EnableBetaManagementPolicies) - } - - if *enableExternalSecretStores { - o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind - log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) - - o.ESSOptions = &tjcontroller.ESSOptions{} - if *essTLSCertsPath != "" { - log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") - tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) - kingpin.FatalIfError(err, "Cannot load ESS TLS config.") - - o.ESSOptions.TLSConfig = tCfg - } - - // Ensure default store config exists. - kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(ctx, &v1alpha1.StoreConfig{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "default", - }, - Spec: v1alpha1.StoreConfigSpec{ - // NOTE(turkenh): We only set required spec and expect optional - // ones to properly be initialized with CRD level default values. - SecretStoreConfig: xpv1.SecretStoreConfig{ - DefaultScope: *namespace, - }, - }, - Status: v1alpha1.StoreConfigStatus{}, - })), "cannot create default store config") - } - - kingpin.FatalIfError(controller.Setup_cloudiot(mgr, o), "Cannot setup GCP controllers") - kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") -} diff --git a/config/cloudiot/config.go b/config/cloudiot/config.go deleted file mode 100644 index 417804364..000000000 --- a/config/cloudiot/config.go +++ /dev/null @@ -1,31 +0,0 @@ -package cloudiot - -import ( - "github.com/crossplane/upjet/pkg/config" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" -) - -// Configure configures individual resources by adding custom -// ResourceConfigurators. -func Configure(p *config.Provider) { - p.AddResourceConfigurator("google_cloudiot_device", func(r *config.Resource) { - // Note(turkenh): We have to modify schema of - // "last_error_status.details", since it is a map where elements - // configured as nil, but needs to be String: - r.TerraformResource. - Schema["last_error_status"].Elem.(*schema.Resource). - Schema["details"].Elem = schema.TypeString - }) - - p.AddResourceConfigurator("google_cloudiot_registry", func(r *config.Resource) { - // Note(turkenh): We have to modify schema of - // "credentials.public_key_certificate", since it is a map where elements - // configured as nil, but needs to be String: - r.TerraformResource. - Schema["credentials"].Elem.(*schema.Resource). - Schema["public_key_certificate"].Elem = schema.TypeString - r.TerraformResource.Schema["http_config"].Elem = schema.TypeString - r.TerraformResource.Schema["mqtt_config"].Elem = schema.TypeString - r.TerraformResource.Schema["state_notification_config"].Elem = schema.TypeString - }) -} diff --git a/config/dataflow/config.go b/config/dataflow/config.go index 4ddf775de..c134bd03b 100644 --- a/config/dataflow/config.go +++ b/config/dataflow/config.go @@ -3,6 +3,7 @@ package dataflow import ( "github.com/crossplane/upjet/pkg/config" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) // Configure configures individual resources by adding custom @@ -15,5 +16,12 @@ func Configure(p *config.Provider) { r.TerraformResource.Schema["labels"].Elem = schema.TypeString r.TerraformResource.Schema["parameters"].Elem = schema.TypeString r.TerraformResource.Schema["transform_name_mapping"].Elem = schema.TypeString + r.MetaResource.Description = "Creates a job in Dataflow according to a provided config file. Dataflow jobs are different from most other Google resources. The Dataflow resource is considered 'existing' while it is in a nonterminal state. If it reaches a terminal state (e.g. 'FAILED', 'COMPLETE', 'CANCELLED'), it will be recreated on the next 'reconcile'. This resource does not support import" + r.TerraformCustomDiff = func(diff *terraform.InstanceDiff, _ *terraform.InstanceState, _ *terraform.ResourceConfig) (*terraform.InstanceDiff, error) { + if diff != nil { + delete(diff.Attributes, "additional_experiments.#") + } + return diff, nil + } }) } diff --git a/config/externalname.go b/config/externalname.go index dfc71593c..4857d9e98 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -498,8 +498,8 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // gkehub // - // Imported by using the following format: projects/{{project}}/locations/global/memberships/{{membership_id}} - "google_gke_hub_membership": config.TemplatedStringAsIdentifier("membership_id", "projects/{{ .setup.configuration.project }}/locations/global/memberships/{{ .external_name }}"), + // Imported by using the following format: projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} + "google_gke_hub_membership": config.TemplatedStringAsIdentifier("membership_id", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/memberships/{{ .external_name }}"), // Imported by using the following projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com "google_gke_hub_membership_iam_member": config.IdentifierFromProvider, @@ -822,13 +822,6 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // projects/{{project}}/locations/{{location}}/workerPools/{{name}} "google_cloudbuild_worker_pool": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/workerPools/{{ .external_name }}"), - // cloudiot - // - // {{registry}}/devices/{{name}} - "google_cloudiot_device": config.TemplatedStringAsIdentifier("name", "{{ .parameters.registry }}/devices/{{ .external_name }}"), - // {{project}}/locations/{{region}}/registries/{{name}} - "google_cloudiot_registry": config.IdentifierFromProvider, - // bigtable // // projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}} @@ -987,8 +980,8 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // // projects/{{project}}/locations/global/certificates/{{name}} "google_certificate_manager_certificate": config.TemplatedStringAsIdentifier("name", "projects/{{ if .parameters.project }}{{ .parameters.project }}{{ else }}{{ .setup.configuration.project }}{{ end }}/locations/{{ .parameters.location }}/certificates/{{ .external_name }}"), - // projects/{{project}}/locations/global/dnsAuthorizations/{{name}} - "google_certificate_manager_dns_authorization": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/global/dnsAuthorizations/{{ .external_name }}"), + // projects/{{project}}/locations/{{location}}/dnsAuthorizations/{{name}} + "google_certificate_manager_dns_authorization": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/dnsAuthorizations/{{ .external_name }}"), // Imported by using the following projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries/{{name}} "google_certificate_manager_certificate_map_entry": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/global/certificateMaps/{{ .parameters.map }}/certificateMapEntries/{{ .external_name }}"), } diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 672e6a638..6db79769f 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -283,10 +283,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ // Imported by using the following projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com "google_cloudfunctions2_function_iam_member": config.TemplatedStringAsIdentifier("cloud_function", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/functions/{{ .external_name }} {{ .parameters.role }} {{ .parameters.member }}"), - // cloudiot - // - // Imported by using the following projects/{{project}}/locations/{{location}}/registries/{{device_registry}} roles/viewer user:jane@example.com - "google_cloudiot_registry_iam_member": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/registries/{{ .external_name }} {{ .parameters.role }} {{ .parameters.member }}"), // compute // // No import diff --git a/config/generated.lst b/config/generated.lst index 4b2ea2be0..a385a388d 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_envgroup","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_cloudiot_device","google_cloudiot_registry","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file +["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_envgroup","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file diff --git a/config/provider-metadata.yaml b/config/provider-metadata.yaml index 62a698533..c5dfa07c8 100644 --- a/config/provider-metadata.yaml +++ b/config/provider-metadata.yaml @@ -132,6 +132,11 @@ resources: does not exist is an error. All access levels listed must be granted for the Condition to be true. Format: accessPolicies/{policy_id}/accessLevels/{short_name} + conditions.vpc_network_sources: |- + - + (Optional) + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. create: '- Default is 20 minutes.' custom: |- - @@ -230,6 +235,19 @@ resources: (Required) Human readable title. Must be unique within the Policy. update: '- Default is 20 minutes.' + vpc_network_sources.vpc_subnetwork: |- + - + (Optional) + Sub networks within a VPC network. + Structure is documented below. + vpc_network_sources.vpc_subnetwork.network: |- + - + (Required) + Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + vpc_network_sources.vpc_subnetwork.vpc_ip_subnetworks: |- + - + (Optional) + CIDR block IP subnetwork specification. Must be IPv4. importStatements: [] google_access_context_manager_access_level_condition: subCategory: Access Context Manager (VPC Service Controls) @@ -415,6 +433,24 @@ resources: does not exist is an error. All access levels listed must be granted for the Condition to be true. Format: accessPolicies/{policy_id}/accessLevels/{short_name} + vpc_network_sources: |- + - + (Optional) + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + vpc_network_sources.vpc_subnetwork: |- + - + (Optional) + Sub networks within a VPC network. + Structure is documented below. + vpc_network_sources.vpc_subnetwork.network: |- + - + (Required) + Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + vpc_network_sources.vpc_subnetwork.vpc_ip_subnetworks: |- + - + (Optional) + CIDR block IP subnetwork specification. Must be IPv4. importStatements: [] google_access_context_manager_access_levels: subCategory: Access Context Manager (VPC Service Controls) @@ -585,6 +621,11 @@ resources: does not exist is an error. All access levels listed must be granted for the Condition to be true. Format: accessPolicies/{policy_id}/accessLevels/{short_name} + conditions.vpc_network_sources: |- + - + (Optional) + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. create: '- Default is 20 minutes.' custom.expr: |- - @@ -659,6 +700,19 @@ resources: The AccessPolicy this AccessLevel lives in. Format: accessPolicies/{policy_id} update: '- Default is 20 minutes.' + vpc_network_sources.vpc_subnetwork: |- + - + (Optional) + Sub networks within a VPC network. + Structure is documented below. + vpc_network_sources.vpc_subnetwork.network: |- + - + (Required) + Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. + vpc_network_sources.vpc_subnetwork.vpc_ip_subnetworks: |- + - + (Optional) + CIDR block IP subnetwork specification. Must be IPv4. importStatements: [] google_access_context_manager_access_policy: subCategory: Access Context Manager (VPC Service Controls) @@ -1176,6 +1230,16 @@ resources: perimeter. If left unspecified, then members of identities field will be allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. + egress_from.source_restriction: |- + - + (Optional) + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + egress_from.sources: |- + - + (Optional) + Sources that this EgressPolicy authorizes access from. + Structure is documented below. egress_policies.egress_from: |- - (Optional) @@ -1613,6 +1677,16 @@ resources: perimeter. If left unspecified, then members of identities field will be allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. + egress_from.source_restriction: |- + - + (Optional) + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + egress_from.sources: |- + - + (Optional) + Sources that this EgressPolicy authorizes access from. + Structure is documented below. egress_policies.egress_from: |- - (Optional) @@ -1957,6 +2031,9 @@ resources: (Required) The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. fqdn: |- - The fully-qualified domain name of the exposed domain used by clients to connect to the service. @@ -1966,6 +2043,8 @@ resources: - (Optional) Resource labels that can contain user-provided metadata + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. locations: |- - (Required) @@ -1982,6 +2061,10 @@ resources: (Required) The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger. Ranges must be unique and non-overlapping with existing subnets in authorizedNetworks + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 60 minutes.' importStatements: [] google_active_directory_domain_trust: @@ -2113,11 +2196,16 @@ resources: - (Required) Full domain resource path for the Managed AD Domain involved in peering. The resource path should be in the form projects/{projectId}/locations/global/domains/{domainName} + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/domains/{{peering_id}}' labels: |- - (Optional) Resource labels that can contain user-provided metadata + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - Unique name of the peering in this scope including projects and location using the form: projects/{projectId}/locations/global/peerings/{peeringId}. @@ -2135,6 +2223,10 @@ resources: - (Optional) Additional information about the current status of this peering, if available. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_alloydb_backup: @@ -2160,7 +2252,7 @@ resources: { "cluster_id": "alloydb-cluster", "location": "us-central1", - "network": "${data.google_compute_network.default.id}" + "network": "${google_compute_network.default.id}" } google_alloydb_instance.default: |- { @@ -2175,13 +2267,17 @@ resources: { "address_type": "INTERNAL", "name": "alloydb-cluster", - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.default: |- + { + "name": "alloydb-network" + } google_service_networking_connection.vpc_connection: |- { - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "reserved_peering_ranges": [ "${google_compute_global_address.private_ip_alloc.name}" ], @@ -2199,7 +2295,8 @@ resources: "labels": { "label": "key" }, - "location": "us-central1" + "location": "us-central1", + "type": "ON_DEMAND" } references: cluster_name: google_alloydb_cluster.default.name @@ -2208,7 +2305,7 @@ resources: { "cluster_id": "alloydb-cluster", "location": "us-central1", - "network": "${data.google_compute_network.default.id}" + "network": "${google_compute_network.default.id}" } google_alloydb_instance.default: |- { @@ -2223,19 +2320,28 @@ resources: { "address_type": "INTERNAL", "name": "alloydb-cluster", - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.default: |- + { + "name": "alloydb-network" + } google_service_networking_connection.vpc_connection: |- { - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "reserved_peering_ranges": [ "${google_compute_global_address.private_ip_alloc.name}" ], "service": "servicenetworking.googleapis.com" } argumentDocs: + annotations: |- + - + (Optional) + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. backup_id: |- - (Required) @@ -2244,15 +2350,29 @@ resources: - (Required) The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + cluster_uid: |- + - + Output only. The system-generated UID of the cluster which was used to create this resource. create: '- Default is 10 minutes.' create_time: |- - - Time the Backup was created in UTC. + Output only. Create time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". delete: '- Default is 10 minutes.' + delete_time: |- + - + Output only. Delete time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". description: |- - (Optional) User-provided description of the backup. + display_name: |- + - + (Optional) + User-settable and human-readable display name for the Backup. + effective_annotations: for all of the annotations present on the resource. + effective_labels: for all of the labels present on the resource. encryption_config: |- - (Optional) @@ -2276,12 +2396,29 @@ resources: Output only. Cloud KMS key versions that are being used to protect the database or the backup. etag: |- - - A hash of the resource. + For Resource freshness validation (https://google.aip.dev/154) + expiry_quantity: |- + - + Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy. + Once the expiry quantity is over retention, the backup is eligible to be garbage collected. + Structure is documented below. + expiry_quantity.retention_count: |- + - + (Output) + Output only. The backup's position among its backups with the same source cluster and type, by descending chronological order create time (i.e. newest first). + expiry_quantity.total_retention_count: |- + - + (Output) + Output only. The length of the quantity-based queue, specified by the backup's retention policy. + expiry_time: |- + - + Output only. The time at which after the backup is eligible to be garbage collected. + It is the duration specified by the backup's retention policy, added to the backup's createTime. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{backup_id}}' labels: |- - (Optional) - User-defined labels for the alloydb backup. + User-defined labels for the alloydb backup. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. location: |- - (Required) @@ -2294,17 +2431,31 @@ resources: If it is not provided, the provider project is used. reconciling: |- - - If true, indicates that the service is actively updating the resource. This can happen due to user-triggered updates or system actions like failover or maintenance. + Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource. + This can happen due to user-triggered updates or system actions like failover or maintenance. + size_bytes: |- + - + Output only. The size of the backup in bytes. state: |- - - The current state of the backup. + Output only. The current state of the backup. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: |- + - + (Optional) + The backup type, which suggests the trigger for the backup. + Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. uid: |- - Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted. update: '- Default is 10 minutes.' update_time: |- - - Time the Backup was updated in UTC. + Output only. Update time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". importStatements: [] google_alloydb_cluster: subCategory: AlloyDB @@ -2366,6 +2517,7 @@ resources: "recovery_window_days": 14 } ], + "database_version": "POSTGRES_15", "initial_user": [ { "password": "alloydb-cluster-full", @@ -2385,7 +2537,280 @@ resources: { "name": "alloydb-cluster-full" } + - name: source + manifest: |- + { + "cluster_id": "alloydb-source-cluster", + "initial_user": [ + { + "password": "alloydb-source-cluster" + } + ], + "location": "us-central1", + "network": "${data.google_compute_network.default.id}" + } + references: + network: data.google_compute_network.default.id + dependencies: + google_alloydb_backup.source: |- + { + "backup_id": "alloydb-backup", + "cluster_name": "${google_alloydb_cluster.source.name}", + "depends_on": [ + "${google_alloydb_instance.source}" + ], + "location": "us-central1" + } + google_alloydb_instance.source: |- + { + "cluster": "${google_alloydb_cluster.source.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-instance", + "instance_type": "PRIMARY", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-source-cluster", + "network": "${data.google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${data.google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: restored_from_backup + manifest: |- + { + "cluster_id": "alloydb-backup-restored", + "location": "us-central1", + "network": "${data.google_compute_network.default.id}", + "restore_backup_source": [ + { + "backup_name": "${google_alloydb_backup.source.name}" + } + ] + } + references: + network: data.google_compute_network.default.id + restore_backup_source.backup_name: google_alloydb_backup.source.name + dependencies: + google_alloydb_backup.source: |- + { + "backup_id": "alloydb-backup", + "cluster_name": "${google_alloydb_cluster.source.name}", + "depends_on": [ + "${google_alloydb_instance.source}" + ], + "location": "us-central1" + } + google_alloydb_instance.source: |- + { + "cluster": "${google_alloydb_cluster.source.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-instance", + "instance_type": "PRIMARY", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-source-cluster", + "network": "${data.google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${data.google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: restored_via_pitr + manifest: |- + { + "cluster_id": "alloydb-pitr-restored", + "location": "us-central1", + "network": "${data.google_compute_network.default.id}", + "restore_continuous_backup_source": [ + { + "cluster": "${google_alloydb_cluster.source.name}", + "point_in_time": "2023-08-03T19:19:00.094Z" + } + ] + } + references: + network: data.google_compute_network.default.id + restore_continuous_backup_source.cluster: google_alloydb_cluster.source.name + dependencies: + google_alloydb_backup.source: |- + { + "backup_id": "alloydb-backup", + "cluster_name": "${google_alloydb_cluster.source.name}", + "depends_on": [ + "${google_alloydb_instance.source}" + ], + "location": "us-central1" + } + google_alloydb_instance.source: |- + { + "cluster": "${google_alloydb_cluster.source.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-instance", + "instance_type": "PRIMARY", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-source-cluster", + "network": "${data.google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${data.google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: primary + manifest: |- + { + "cluster_id": "alloydb-primary-cluster", + "location": "us-central1", + "network": "${google_compute_network.default.id}" + } + references: + network: google_compute_network.default.id + dependencies: + google_alloydb_instance.primary: |- + { + "cluster": "${google_alloydb_cluster.primary.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-primary-instance", + "instance_type": "PRIMARY", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-secondary-cluster", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "alloydb-secondary-cluster" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: secondary + manifest: |- + { + "cluster_id": "alloydb-secondary-cluster", + "cluster_type": "SECONDARY", + "continuous_backup_config": [ + { + "enabled": false + } + ], + "depends_on": [ + "${google_alloydb_instance.primary}" + ], + "location": "us-east1", + "network": "${google_compute_network.default.id}", + "secondary_config": [ + { + "primary_cluster_name": "${google_alloydb_cluster.primary.name}" + } + ] + } + references: + network: google_compute_network.default.id + secondary_config.primary_cluster_name: google_alloydb_cluster.primary.name + dependencies: + google_alloydb_instance.primary: |- + { + "cluster": "${google_alloydb_cluster.primary.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-primary-instance", + "instance_type": "PRIMARY", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-secondary-cluster", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "alloydb-secondary-cluster" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } argumentDocs: + annotations: |- + - + (Optional) + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. automated_backup_policy: |- - (Optional) @@ -2441,6 +2866,12 @@ resources: - (Required) The ID of the alloydb cluster. + cluster_type: |- + - + (Optional) + The type of cluster. If not set, defaults to PRIMARY. + Default value is PRIMARY. + Possible values are: PRIMARY, SECONDARY. continuous_backup_config: |- - (Optional) @@ -2482,15 +2913,24 @@ resources: - (Output) Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request. - create: '- Default is 10 minutes.' + create: '- Default is 30 minutes.' database_version: |- - - The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. - delete: '- Default is 10 minutes.' + (Optional) + The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. + delete: '- Default is 30 minutes.' + deletion_policy: |- + - (Optional) Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. display_name: |- - (Optional) User-settable and human-readable display name for the Cluster. + effective_annotations: for all of the annotations present on the resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. encryption_config: |- - (Optional) @@ -2512,6 +2952,10 @@ resources: - (Output) Output only. Cloud KMS key versions that are being used to protect the database or the backup. + etag: |- + - + (Optional) + For Resource freshness validation (https://google.aip.dev/154) id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}' initial_user: |- - @@ -2531,6 +2975,8 @@ resources: - (Optional) User-defined labels for the alloydb cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Required) @@ -2556,9 +3002,24 @@ resources: The name of the cluster resource. network: |- - - (Required) + (Optional, Deprecated) The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". + network_config: |- + - + (Optional) + Metadata related to network configuration. + Structure is documented below. + network_config.allocated_ip_range: |- + - + (Optional) + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + network_config.network: |- + - + (Optional) + The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -2566,6 +3027,43 @@ resources: - (Optional) The number of backups to retain. + reconciling: |- + - + Output only. Reconciling (https://google.aip.dev/128#reconciliation). + Set to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them. + This can happen due to user-triggered updates or system actions like failover or maintenance. + restore_backup_source: |- + - + (Optional) + The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + Structure is documented below. + restore_backup_source.backup_name: |- + - + (Required) + The name of the backup that this cluster is restored from. + restore_continuous_backup_source: |- + - + (Optional) + The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + Structure is documented below. + restore_continuous_backup_source.cluster: |- + - + (Required) + The name of the source cluster that this cluster is restored from. + restore_continuous_backup_source.point_in_time: |- + - + (Required) + The point in time that this cluster is restored to, in RFC 3339 format. + secondary_config: |- + - + (Optional) + Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + Structure is documented below. + secondary_config.primary_cluster_name: |- + - + (Required) + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' start_times.hours: |- - (Optional) @@ -2582,6 +3080,13 @@ resources: - (Optional) Seconds of minutes of the time. Currently, only the value 0 is supported. + state: |- + - + Output only. The current serving state of the cluster. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. time_based_retention.retention_period: |- - (Optional) @@ -2590,7 +3095,7 @@ resources: uid: |- - The system-generated UID of the resource. - update: '- Default is 10 minutes.' + update: '- Default is 30 minutes.' weekly_schedule.days_of_week: |- - (Optional) @@ -2635,19 +3140,168 @@ resources: } ], "location": "us-central1", - "network": "${data.google_compute_network.default.id}" + "network": "${google_compute_network.default.id}" } google_compute_global_address.private_ip_alloc: |- { "address_type": "INTERNAL", "name": "alloydb-cluster", - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.default: |- + { + "name": "alloydb-network" + } google_service_networking_connection.vpc_connection: |- { - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: primary + manifest: |- + { + "cluster": "${google_alloydb_cluster.primary.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-primary-instance", + "instance_type": "PRIMARY", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + references: + cluster: google_alloydb_cluster.primary.name + dependencies: + google_alloydb_cluster.primary: |- + { + "cluster_id": "alloydb-primary-cluster", + "location": "us-central1", + "network": "${google_compute_network.default.id}" + } + google_alloydb_cluster.secondary: |- + { + "cluster_id": "alloydb-secondary-cluster", + "cluster_type": "SECONDARY", + "continuous_backup_config": [ + { + "enabled": false + } + ], + "deletion_policy": "FORCE", + "depends_on": [ + "${google_alloydb_instance.primary}" + ], + "lifecycle": [ + { + "ignore_changes": [ + "${instance_type}" + ] + } + ], + "location": "us-east1", + "network": "${google_compute_network.default.id}", + "secondary_config": [ + { + "primary_cluster_name": "${google_alloydb_cluster.primary.name}" + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-secondary-instance", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "alloydb-secondary-network" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: secondary + manifest: |- + { + "cluster": "${google_alloydb_cluster.secondary.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-secondary-instance", + "instance_type": "${google_alloydb_cluster.secondary.cluster_type}", + "machine_config": [ + { + "cpu_count": 2 + } + ] + } + references: + cluster: google_alloydb_cluster.secondary.name + instance_type: google_alloydb_cluster.secondary.cluster_type + dependencies: + google_alloydb_cluster.primary: |- + { + "cluster_id": "alloydb-primary-cluster", + "location": "us-central1", + "network": "${google_compute_network.default.id}" + } + google_alloydb_cluster.secondary: |- + { + "cluster_id": "alloydb-secondary-cluster", + "cluster_type": "SECONDARY", + "continuous_backup_config": [ + { + "enabled": false + } + ], + "deletion_policy": "FORCE", + "depends_on": [ + "${google_alloydb_instance.primary}" + ], + "lifecycle": [ + { + "ignore_changes": [ + "${instance_type}" + ] + } + ], + "location": "us-east1", + "network": "${google_compute_network.default.id}", + "secondary_config": [ + { + "primary_cluster_name": "${google_alloydb_cluster.primary.name}" + } + ] + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-secondary-instance", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "alloydb-secondary-network" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", "reserved_peering_ranges": [ "${google_compute_global_address.private_ip_alloc.name}" ], @@ -2658,6 +3312,8 @@ resources: - (Optional) Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. availability_type: |- - (Optional) @@ -2668,12 +3324,26 @@ resources: Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more can have regional availability (nodes are present in 2 or more zones in a region).' Possible values are: AVAILABILITY_TYPE_UNSPECIFIED, ZONAL, REGIONAL. + client_connection_config: |- + - + (Optional) + Client connection specific configurations. + Structure is documented below. + client_connection_config.require_connectors: |- + - + (Optional) + Configuration to enforce connectors only (ex: AuthProxy) connections to the database. + client_connection_config.ssl_config: |- + - + (Optional) + SSL config option for this instance. + Structure is documented below. cluster: |- - (Required) Identifies the alloydb cluster. Must be in the format 'projects/{project}/locations/{location}/clusters/{cluster_id}' - create: '- Default is 40 minutes.' + create: '- Default is 120 minutes.' create_time: |- - Time the Instance was created in UTC. @@ -2681,11 +3351,17 @@ resources: - (Optional) Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary. - delete: '- Default is 40 minutes.' + delete: '- Default is 120 minutes.' display_name: |- - (Optional) User-settable and human-readable display name for the Instance. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. gce_zone: |- - (Optional) @@ -2698,8 +3374,14 @@ resources: instance_type: |- - (Required) - The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - Possible values are: PRIMARY, READ_POOL. + The type of the instance. + If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + Example: {instance_type = google_alloydb_cluster..cluster_type} instead of {instance_type = SECONDARY} + If the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead. + Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. + Possible values are: PRIMARY, READ_POOL, SECONDARY. ip_address: |- - The IP address for the Instance. This is the connection endpoint for an end-user application. @@ -2707,6 +3389,8 @@ resources: - (Optional) User-defined labels for the alloydb instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. machine_config: |- - (Optional) @@ -2719,10 +3403,31 @@ resources: name: |- - The name of the instance resource. + query_insights_config: |- + - + (Optional) + Configuration for query insights. + Structure is documented below. + query_insights_config.query_plans_per_minute: |- + - + (Optional) + Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid. + query_insights_config.query_string_length: |- + - + (Optional) + Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid. + query_insights_config.record_application_tags: |- + - + (Optional) + Record application tags for an instance. This flag is turned "on" by default. + query_insights_config.record_client_address: |- + - + (Optional) + Record client address for an instance. Client address is PII information. This flag is turned "on" by default. read_pool_config: |- - (Optional) - Read pool specific config. + Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. Structure is documented below. read_pool_config.node_count: |- - @@ -2731,17 +3436,176 @@ resources: reconciling: |- - Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance. + ssl_config.ssl_mode: |- + - + (Optional) + SSL mode. Specifies client-server SSL/TLS connection behavior. + Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. state: |- - The current state of the alloydb instance. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. uid: |- - The system-generated UID of the resource. - update: '- Default is 40 minutes.' + update: '- Default is 120 minutes.' update_time: |- - Time the Instance was updated in UTC. importStatements: [] + google_alloydb_user: + subCategory: AlloyDB + description: A database user in an AlloyDB cluster. + name: google_alloydb_user + title: "" + examples: + - name: user1 + manifest: |- + { + "cluster": "${google_alloydb_cluster.default.name}", + "database_roles": [ + "alloydbsuperuser" + ], + "depends_on": [ + "${google_alloydb_instance.default}" + ], + "password": "user_secret", + "user_id": "user1", + "user_type": "ALLOYDB_BUILT_IN" + } + references: + cluster: google_alloydb_cluster.default.name + dependencies: + google_alloydb_cluster.default: |- + { + "cluster_id": "alloydb-cluster", + "initial_user": [ + { + "password": "cluster_secret" + } + ], + "location": "us-central1", + "network": "${google_compute_network.default.id}" + } + google_alloydb_instance.default: |- + { + "cluster": "${google_alloydb_cluster.default.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-instance", + "instance_type": "PRIMARY" + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-cluster", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "alloydb-network" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: user2 + manifest: |- + { + "cluster": "${google_alloydb_cluster.default.name}", + "database_roles": [ + "alloydbiamuser" + ], + "depends_on": [ + "${google_alloydb_instance.default}" + ], + "user_id": "user2@foo.com", + "user_type": "ALLOYDB_IAM_USER" + } + references: + cluster: google_alloydb_cluster.default.name + dependencies: + google_alloydb_cluster.default: |- + { + "cluster_id": "alloydb-cluster", + "initial_user": [ + { + "password": "cluster_secret" + } + ], + "location": "us-central1", + "network": "${google_compute_network.default.id}" + } + google_alloydb_instance.default: |- + { + "cluster": "${google_alloydb_cluster.default.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "alloydb-instance", + "instance_type": "PRIMARY" + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "alloydb-cluster", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "alloydb-network" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + argumentDocs: + cluster: |- + - + (Required) + Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + create: '- Default is 20 minutes.' + database_roles: |- + - + (Optional) + List of database roles this database user has. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{cluster}}/users/{{user_id}}' + name: |- + - + Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}. + password: |- + - + (Optional) + Password for this database user. + update: '- Default is 20 minutes.' + user_id: |- + - + (Required) + The database role name of the user. + user_type: |- + - + (Required) + The type of this user. + Possible values are: ALLOYDB_BUILT_IN, ALLOYDB_IAM_USER. + importStatements: [] google_api_gateway_api: subCategory: API Gateway description: A consumable API that can be used by multiple Gateways. @@ -2770,6 +3634,7 @@ resources: - (Optional) A user-visible name for the API. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/locations/global/apis/{{api_id}}' labels: |- - @@ -2786,6 +3651,10 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_api_gateway_api_config: @@ -2808,7 +3677,7 @@ resources: { "document": [ { - "contents": "${filebase64(\"test-fixtures/apigateway/openapi.yaml\")}", + "contents": "${filebase64(\"test-fixtures/openapi.yaml\")}", "path": "spec.yaml" } ] @@ -2834,7 +3703,7 @@ resources: { "file_descriptor_set": [ { - "contents": "${filebase64(\"test-fixtures/apigateway/api_descriptor.pb\")}", + "contents": "${filebase64(\"test-fixtures/api_descriptor.pb\")}", "path": "api_descriptor.pb" } ] @@ -2880,6 +3749,7 @@ resources: - (Optional) A user-visible name for the API. + effective_labels: for all of the labels present on the resource. file_descriptor_set.contents: |- - (Required) @@ -2975,6 +3845,10 @@ resources: - (Required) The file path (full or relative path). This is typically the path of the file when it is uploaded. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_api_gateway_api_config_iam_policy: @@ -3091,7 +3965,7 @@ resources: { "document": [ { - "contents": "${filebase64(\"test-fixtures/apigateway/openapi.yaml\")}", + "contents": "${filebase64(\"test-fixtures/openapi.yaml\")}", "path": "spec.yaml" } ] @@ -3104,7 +3978,8 @@ resources: - (Required) Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. - When changing api configs please ensure the new config is a new resource and the lifecycle rule create_before_destroy is set. + When changing api configs please ensure the new config is a new resource and the + lifecycle rule create_before_destroy is set. create: '- Default is 20 minutes.' default_hostname: |- - @@ -3114,6 +3989,7 @@ resources: - (Optional) A user-visible name for the API. + effective_labels: for all of the labels present on the resource. gateway_id: |- - (Required) @@ -3133,6 +4009,10 @@ resources: - (Optional) The region of the gateway for the API. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_api_gateway_gateway_iam_policy: @@ -3719,6 +4599,14 @@ resources: (Required) The Apigee Organization associated with the Apigee environment, in the format organizations/{{org_name}}. + type: |- + - + (Optional) + Types that can be selected for an Environment. Each of the types are + limited by capability and capacity. Refer to Apigee's public documentation + to understand about each of these types in details. + An Apigee org can support heterogeneous Environments. + Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. update: '- Default is 20 minutes.' importStatements: [] google_apigee_environment_iam_policy: @@ -3900,7 +4788,7 @@ resources: "authorized_network": "${google_compute_network.apigee_network.id}", "depends_on": [ "${google_service_networking_connection.apigee_vpc_connection}", - "${google_kms_crypto_key_iam_binding.apigee_sa_keyuser}" + "${google_kms_crypto_key_iam_member.apigee_sa_keyuser}" ], "description": "Terraform-provisioned Apigee Org.", "display_name": "apigee-org", @@ -3929,12 +4817,10 @@ resources: ], "name": "apigee-key" } - google_kms_crypto_key_iam_binding.apigee_sa_keyuser: |- + google_kms_crypto_key_iam_member.apigee_sa_keyuser: |- { "crypto_key_id": "${google_kms_crypto_key.apigee_key.id}", - "members": [ - "serviceAccount:${google_project_service_identity.apigee_sa.email}" - ], + "member": "serviceAccount:${google_project_service_identity.apigee_sa.email}", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } google_kms_key_ring.apigee_keyring: |- @@ -4121,7 +5007,7 @@ resources: - (Required) The Apigee instance associated with the Apigee environment, - in the format organisations/{{org_name}}/instances/{{instance_name}}. + in the format organizations/{{org_name}}/instances/{{instance_name}}. name: |- - The name of the newly created attachment (output parameter). @@ -4399,7 +5285,7 @@ resources: "authorized_network": "${google_compute_network.apigee_network.id}", "depends_on": [ "${google_service_networking_connection.apigee_vpc_connection}", - "${google_kms_crypto_key_iam_binding.apigee_sa_keyuser}" + "${google_kms_crypto_key_iam_member.apigee_sa_keyuser}" ], "description": "Terraform-provisioned Apigee Org.", "display_name": "apigee-org", @@ -4428,12 +5314,10 @@ resources: ], "name": "apigee-key" } - google_kms_crypto_key_iam_binding.apigee_sa_keyuser: |- + google_kms_crypto_key_iam_member.apigee_sa_keyuser: |- { "crypto_key_id": "${google_kms_crypto_key.apigee_key.id}", - "members": [ - "serviceAccount:${google_project_service_identity.apigee_sa.email}" - ], + "member": "serviceAccount:${google_project_service_identity.apigee_sa.email}", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } google_kms_key_ring.apigee_keyring: |- @@ -4532,7 +5416,7 @@ resources: "authorized_network": "${google_compute_network.apigee_network.id}", "depends_on": [ "${google_service_networking_connection.apigee_vpc_connection}", - "${google_kms_crypto_key_iam_binding.apigee_sa_keyuser}" + "${google_kms_crypto_key_iam_member.apigee_sa_keyuser}" ], "description": "Terraform-provisioned Apigee Org.", "display_name": "apigee-org", @@ -4566,12 +5450,10 @@ resources: ], "name": "apigee-key" } - google_kms_crypto_key_iam_binding.apigee_sa_keyuser: |- + google_kms_crypto_key_iam_member.apigee_sa_keyuser: |- { "crypto_key_id": "${google_kms_crypto_key.apigee_key.id}", - "members": [ - "serviceAccount:${google_project_service_identity.apigee_sa.email}" - ], + "member": "serviceAccount:${google_project_service_identity.apigee_sa.email}", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } google_kms_key_ring.apigee_keyring: |- @@ -4598,7 +5480,7 @@ resources: { "analytics_region": "us-central1", "depends_on": [ - "${google_kms_crypto_key_iam_binding.apigee_sa_keyuser}" + "${google_kms_crypto_key_iam_member.apigee_sa_keyuser}" ], "description": "Terraform-provisioned Apigee Org without VPC Peering.", "disable_vpc_peering": true, @@ -4620,12 +5502,10 @@ resources: ], "name": "apigee-key" } - google_kms_crypto_key_iam_binding.apigee_sa_keyuser: |- + google_kms_crypto_key_iam_member.apigee_sa_keyuser: |- { "crypto_key_id": "${google_kms_crypto_key.apigee_key.id}", - "members": [ - "serviceAccount:${google_project_service_identity.apigee_sa.email}" - ], + "member": "serviceAccount:${google_project_service_identity.apigee_sa.email}", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } google_kms_key_ring.apigee_keyring: |- @@ -4733,11 +5613,11 @@ resources: Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). update: '- Default is 45 minutes.' importStatements: [] - google_apigee_shared_flow: + google_apigee_sharedflow: subCategory: Apigee description: You can combine policies and resources into a shared flow that you can consume from multiple API proxies, and even from other shared flows. - name: google_apigee_shared_flow - title: google_apigee_shared_flow + name: google_apigee_sharedflow + title: google_apigee_sharedflow argumentDocs: config_bundle: |- - @@ -4858,6 +5738,184 @@ resources: Name of the Apigee organization. update: '- Default is 20 minutes.' importStatements: [] + google_apigee_target_server: + subCategory: Apigee + description: TargetServer configuration. + name: google_apigee_target_server + title: "" + examples: + - name: apigee_target_server + manifest: |- + { + "description": "Apigee Target Server", + "env_id": "${google_apigee_environment.apigee_environment.id}", + "host": "abc.foo.com", + "name": "my-target-server", + "port": 8080, + "protocol": "HTTP" + } + references: + env_id: google_apigee_environment.apigee_environment.id + dependencies: + google_apigee_environment.apigee_environment: |- + { + "description": "Apigee Environment", + "display_name": "environment-1", + "name": "my-environment-name", + "org_id": "${google_apigee_organization.apigee_org.id}" + } + google_apigee_organization.apigee_org: |- + { + "analytics_region": "us-central1", + "authorized_network": "${google_compute_network.apigee_network.id}", + "depends_on": [ + "${google_service_networking_connection.apigee_vpc_connection}", + "${google_project_service.apigee}" + ], + "project_id": "${google_project.project.project_id}" + } + google_compute_global_address.apigee_range: |- + { + "address_type": "INTERNAL", + "name": "apigee-range", + "network": "${google_compute_network.apigee_network.id}", + "prefix_length": 16, + "project": "${google_project.project.project_id}", + "purpose": "VPC_PEERING" + } + google_compute_network.apigee_network: |- + { + "depends_on": [ + "${google_project_service.compute}" + ], + "name": "apigee-network", + "project": "${google_project.project.project_id}" + } + google_project.project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "my-project", + "org_id": "123456789", + "project_id": "my-project" + } + google_project_service.apigee: |- + { + "project": "${google_project.project.project_id}", + "service": "apigee.googleapis.com" + } + google_project_service.compute: |- + { + "depends_on": [ + "${google_project_service.servicenetworking}" + ], + "project": "${google_project.project.project_id}", + "service": "compute.googleapis.com" + } + google_project_service.servicenetworking: |- + { + "depends_on": [ + "${google_project_service.apigee}" + ], + "project": "${google_project.project.project_id}", + "service": "servicenetworking.googleapis.com" + } + google_service_networking_connection.apigee_vpc_connection: |- + { + "depends_on": [ + "${google_project_service.servicenetworking}" + ], + "network": "${google_compute_network.apigee_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.apigee_range.name}" + ], + "service": "servicenetworking.googleapis.com" + } + argumentDocs: + common_name.value: |- + - + (Optional) + The TLS Common Name string of the certificate. + common_name.wildcard_match: |- + - + (Optional) + Indicates whether the cert should be matched against as a wildcard cert. + create: '- Default is 1 minutes.' + delete: '- Default is 1 minutes.' + description: |- + - + (Optional) + A human-readable description of this TargetServer. + env_id: |- + - + (Required) + The Apigee environment group associated with the Apigee environment, + in the format organizations/{{org_name}}/environments/{{env_name}}. + host: |- + - + (Required) + The host name this target connects to. Value must be a valid hostname as described by RFC-1123. + id: '- an identifier for the resource with format {{env_id}}/targetservers/{{name}}' + is_enabled: |- + - + (Optional) + Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true. + name: |- + - + (Required) + The resource id of this reference. Values must match the regular expression [\w\s-.]+. + port: |- + - + (Required) + The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive. + protocol: |- + - + (Optional) + Immutable. The protocol used by this TargetServer. + Possible values are: HTTP, HTTP2, GRPC_TARGET, GRPC, EXTERNAL_CALLOUT. + s_sl_info: |- + - + (Optional) + Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration. + Structure is documented below. + s_sl_info.ciphers: |- + - + (Optional) + The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3. + s_sl_info.client_auth_enabled: |- + - + (Optional) + Enables two-way TLS. + s_sl_info.common_name: |- + - + (Optional) + The TLS Common Name of the certificate. + Structure is documented below. + s_sl_info.enabled: |- + - + (Required) + Enables TLS. If false, neither one-way nor two-way TLS will be enabled. + s_sl_info.ignore_validation_errors: |- + - + (Optional) + If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails. + s_sl_info.key_alias: |- + - + (Optional) + Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert. + s_sl_info.key_store: |- + - + (Optional) + Required if clientAuthEnabled is true. The resource ID of the keystore. + s_sl_info.protocols: |- + - + (Optional) + The TLS versioins to be used. + s_sl_info.trust_store: |- + - + (Optional) + The resource ID of the truststore. + update: '- Default is 1 minutes.' + importStatements: [] google_apikeys_key: subCategory: Apikeys description: The Apikeys Key resource @@ -5210,7 +6268,7 @@ resources: "env_variables": { "port": "8080" }, - "runtime": "nodejs10", + "runtime": "nodejs20", "service": "admin", "version_id": "v3" } @@ -5223,7 +6281,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } argumentDocs: create: '- Default is 20 minutes.' @@ -5521,7 +6579,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } argumentDocs: api_config.auth_fail_action: |- @@ -6108,7 +7166,7 @@ resources: "env_variables": { "port": "8080" }, - "runtime": "nodejs10", + "runtime": "nodejs20", "service": "internalapp", "version_id": "v1" } @@ -6121,7 +7179,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } argumentDocs: create: '- Default is 20 minutes.' @@ -6191,7 +7249,7 @@ resources: "env_variables": { "port": "8080" }, - "runtime": "nodejs10", + "runtime": "nodejs20", "service": "liveapp", "version_id": "v1" } @@ -6215,7 +7273,7 @@ resources: "port": "8080" }, "noop_on_destroy": true, - "runtime": "nodejs10", + "runtime": "nodejs20", "service": "liveapp", "version_id": "v2" } @@ -6228,7 +7286,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } argumentDocs: create: '- Default is 20 minutes.' @@ -6305,7 +7363,7 @@ resources: "env_variables": { "port": "8080" }, - "runtime": "nodejs10", + "runtime": "nodejs20", "service": "myapp", "service_account": "${google_service_account.custom_service_account.email}", "version_id": "v1" @@ -6339,7 +7397,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } - name: myapp_v2 manifest: |- @@ -6368,7 +7426,7 @@ resources: "port": "8080" }, "noop_on_destroy": true, - "runtime": "nodejs10", + "runtime": "nodejs20", "service": "myapp", "service_account": "${google_service_account.custom_service_account.email}", "version_id": "v2" @@ -6402,7 +7460,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } argumentDocs: automatic_scaling.max_concurrent_requests: |- @@ -6731,13 +7789,21 @@ resources: "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } - - name: my-repo-upstream + - name: my-repo-upstream-1 manifest: |- { - "description": "example docker repository (upstream source)", + "description": "example docker repository (upstream source) 1", "format": "DOCKER", "location": "us-central1", - "repository_id": "my-repository-upstream" + "repository_id": "my-repository-upstream-1" + } + - name: my-repo-upstream-2 + manifest: |- + { + "description": "example docker repository (upstream source) 2", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository-upstream-2" } - name: my-repo manifest: |- @@ -6752,16 +7818,21 @@ resources: { "upstream_policies": [ { - "id": "my-repository-upstream", - "priority": 1, - "repository": "${google_artifact_registry_repository.my-repo-upstream.id}" + "id": "my-repository-upstream-1", + "priority": 20, + "repository": "${google_artifact_registry_repository.my-repo-upstream-1.id}" + }, + { + "id": "my-repository-upstream-2", + "priority": 10, + "repository": "${google_artifact_registry_repository.my-repo-upstream-2.id}" } ] } ] } references: - virtual_repository_config.upstream_policies.repository: google_artifact_registry_repository.my-repo-upstream.id + virtual_repository_config.upstream_policies.repository: google_artifact_registry_repository.my-repo-upstream-2.id - name: my-repo manifest: |- { @@ -6781,7 +7852,234 @@ resources: ], "repository_id": "my-repository" } + - name: my-repo + manifest: |- + { + "description": "example remote apt repository", + "format": "APT", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "apt_repository": [ + { + "public_repository": [ + { + "repository_base": "DEBIAN", + "repository_path": "debian/dists/buster" + } + ] + } + ], + "description": "Debian buster remote repository" + } + ], + "repository_id": "debian-buster" + } + - name: my-repo + manifest: |- + { + "description": "example remote yum repository", + "format": "YUM", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "description": "Centos 8 remote repository", + "yum_repository": [ + { + "public_repository": [ + { + "repository_base": "CENTOS", + "repository_path": "centos/8-stream/BaseOS/x86_64/os" + } + ] + } + ] + } + ], + "repository_id": "centos-8" + } + - name: my-repo + manifest: |- + { + "cleanup_policies": [ + { + "action": "DELETE", + "condition": [ + { + "older_than": "2592000s", + "tag_prefixes": [ + "alpha", + "v0" + ], + "tag_state": "TAGGED" + } + ], + "id": "delete-prerelease" + }, + { + "action": "KEEP", + "condition": [ + { + "package_name_prefixes": [ + "webapp", + "mobile" + ], + "tag_prefixes": [ + "release" + ], + "tag_state": "TAGGED" + } + ], + "id": "keep-tagged-release" + }, + { + "action": "KEEP", + "id": "keep-minimum-versions", + "most_recent_versions": [ + { + "keep_count": 5, + "package_name_prefixes": [ + "webapp", + "mobile", + "sandbox" + ] + } + ] + } + ], + "cleanup_policy_dry_run": false, + "description": "example docker repository with cleanup policies", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository" + } + - name: my-repo + manifest: |- + { + "description": "example remote docker repository with credentials", + "format": "DOCKER", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "description": "docker hub with custom credentials", + "docker_repository": [ + { + "public_repository": "DOCKER_HUB" + } + ], + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-custom-remote-secret_version.name}", + "username": "remote-username" + } + ] + } + ] + } + ], + "repository_id": "example-custom-remote" + } + references: + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-custom-remote-secret_version.name + dependencies: + google_secret_manager_secret.example-custom-remote-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" + } + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-custom-remote-secret.id}" + } + google_secret_manager_secret_version.example-custom-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-custom-remote-secret.id}", + "secret_data": "remote-password" + } argumentDocs: + apt_repository.public_repository: |- + - + (Optional) + One of the publicly available Apt repositories supported by Artifact Registry. + Structure is documented below. + apt_repository.public_repository.repository_base: |- + - + (Required) + A common public repository base for Apt, e.g. "debian/dists/buster" + Possible values are: DEBIAN, UBUNTU. + apt_repository.public_repository.repository_path: |- + - + (Required) + Specific repository from the base. + cleanup_policies: |- + - + (Optional) + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + Structure is documented below. + cleanup_policies.action: |- + - + (Optional) + Policy action. + Possible values are: DELETE, KEEP. + cleanup_policies.condition: |- + - + (Optional) + Policy condition for matching versions. + Structure is documented below. + cleanup_policies.id: '- (Required) The identifier for this object. Format specified above.' + cleanup_policies.most_recent_versions: |- + - + (Optional) + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + Structure is documented below. + cleanup_policy_dry_run: |- + - + (Optional) + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + condition.newer_than: |- + - + (Optional) + Match versions newer than a duration. + condition.older_than: |- + - + (Optional) + Match versions older than a duration. + condition.package_name_prefixes: |- + - + (Optional) + Match versions by package prefix. Applied on any prefix match. + condition.tag_prefixes: |- + - + (Optional) + Match versions by tag prefix. Applied on any prefix match. + condition.tag_state: |- + - + (Optional) + Match versions by tag status. + Default value is ANY. + Possible values are: TAGGED, UNTAGGED, ANY. + condition.version_name_prefixes: |- + - + (Optional) + Match versions by version name prefix. Applied on any prefix match. create: '- Default is 20 minutes.' create_time: |- - @@ -6806,6 +8104,7 @@ resources: Address of the remote repository. Default value is DOCKER_HUB. Possible values are: DOCKER_HUB. + effective_labels: for all of the labels present on the resource. format: |- - (Required) @@ -6863,6 +8162,14 @@ resources: The mode configures the repository to serve artifacts from different sources. Default value is STANDARD_REPOSITORY. Possible values are: STANDARD_REPOSITORY, VIRTUAL_REPOSITORY, REMOTE_REPOSITORY. + most_recent_versions.keep_count: |- + - + (Optional) + Minimum number of versions to keep. + most_recent_versions.package_name_prefixes: |- + - + (Optional) + Match versions by package prefix. Applied on any prefix match. name: |- - The name of the repository, for example: @@ -6887,6 +8194,11 @@ resources: (Optional) Configuration specific for a Remote Repository. Structure is documented below. + remote_repository_config.apt_repository: |- + - + (Optional) + Specific settings for an Apt remote repository. + Structure is documented below. remote_repository_config.description: |- - (Optional) @@ -6911,15 +8223,44 @@ resources: (Optional) Specific settings for a Python remote repository. Structure is documented below. + remote_repository_config.upstream_credentials: |- + - + (Optional) + The credentials used to access the remote repository. + Structure is documented below. + remote_repository_config.yum_repository: |- + - + (Optional) + Specific settings for an Yum remote repository. + Structure is documented below. repository_id: |- - (Required) The last part of the repository name, for example: "repo1" + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - The time when the repository was last updated. + upstream_credentials.username_password_credentials: |- + - + (Optional) + Use username and password to access the remote repository. + Structure is documented below. + upstream_credentials.username_password_credentials.password_secret_version: |- + - + (Optional) + The Secret Manager key version that holds the password to access the + remote repository. Must be in the format of + projects/{project}/secrets/{secret}/versions/{version}. + upstream_credentials.username_password_credentials.username: |- + - + (Optional) + The username to access the remote repository. virtual_repository_config: |- - (Optional) @@ -6944,6 +8285,20 @@ resources: (Optional) A reference to the repository resource, for example: "projects/p1/locations/us-central1/repository/repo1". + yum_repository.public_repository: |- + - + (Optional) + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + yum_repository.public_repository.repository_base: |- + - + (Required) + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + yum_repository.public_repository.repository_path: |- + - + (Required) + Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" importStatements: [] google_artifact_registry_repository_iam_policy: subCategory: Artifact Registry @@ -6987,6 +8342,43 @@ resources: google_artifact_registry_repository_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_artifact_registry_vpcsc_config: + subCategory: Artifact Registry + description: The Artifact Registry VPC SC config that applies to a Project. + name: google_artifact_registry_vpcsc_config + title: "" + examples: + - name: my-config + manifest: |- + { + "location": "us-central1", + "provider": "${google-beta}", + "vpcsc_policy": "ALLOW" + } + references: + provider: google-beta + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/vpcscConfig' + location: |- + - + (Optional) + The name of the location this config is located in. + name: |- + - + The name of the project's VPC SC Config. + Always of the form: projects/{project}/location/{location}/vpcscConfig + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + vpcsc_policy: |- + - + (Optional) + The VPC SC policy for project and location. + Possible values are: DENY, ALLOW. + importStatements: [] google_assured_workloads_workload: subCategory: AssuredWorkloads description: The AssuredWorkloads Workload resource @@ -6998,7 +8390,7 @@ resources: { "billing_account": "billingAccounts/000000-0000000-0000000-000000", "compliance_regime": "FEDRAMP_MODERATE", - "display_name": "Workload Example", + "display_name": "{{display}}", "kms_settings": [ { "next_rotation_time": "9999-10-02T15:01:23Z", @@ -7013,7 +8405,41 @@ resources: "provisioned_resources_parent": "folders/519620126891", "resource_settings": [ { - "resource_type": "CONSUMER_PROJECT" + "display_name": "folder-display-name", + "resource_type": "CONSUMER_FOLDER" + }, + { + "resource_type": "ENCRYPTION_KEYS_PROJECT" + }, + { + "resource_id": "ring", + "resource_type": "KEYRING" + } + ], + "violation_notifications_enabled": true + } + - name: primary + manifest: |- + { + "billing_account": "billingAccounts/000000-0000000-0000000-000000", + "compliance_regime": "EU_REGIONS_AND_SUPPORT", + "display_name": "display", + "enable_sovereign_controls": true, + "kms_settings": [ + { + "next_rotation_time": "9999-10-02T15:01:23Z", + "rotation_period": "10368000s" + } + ], + "labels": { + "label-one": "value-one" + }, + "location": "europe-west9", + "organization": "123456789", + "provider": "${google-beta}", + "resource_settings": [ + { + "resource_type": "CONSUMER_FOLDER" }, { "resource_type": "ENCRYPTION_KEYS_PROJECT" @@ -7024,15 +8450,23 @@ resources: } ] } + references: + provider: google-beta argumentDocs: billing_account: |- - - (Required) - Required. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, 'billingAccounts/012345-567890-ABCDEF`. + (Optional) + Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF. compliance_regime: |- - (Required) - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS + Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT + compliance_status: |- + - + Output only. Count of active Violations in the Workload. + compliant_but_disallowed_services: |- + - + Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment. create: '- Default is 20 minutes.' create_time: |- - @@ -7042,11 +8476,24 @@ resources: - (Required) Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + ekm_provisioning_response: |- + - + Optional. Represents the Ekm Provisioning State of the given workload. + enable_sovereign_controls: |- + - + (Optional) + Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/workloads/{{name}}' + kaj_enrollment_state: |- + - + Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE kms_settings: |- - (Optional) - Input only. Settings used to create a CMEK crypto key. When set a project with a KMS CMEK key is provisioned. This field is mandatory for a subset of Compliance Regimes. + DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. kms_settings.next_rotation_time: |- - (Required) @@ -7070,18 +8517,42 @@ resources: - (Required) The organization for the resource + partner: |- + - + (Optional) + Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN + partner_permissions: |- + - + (Optional) + Optional. Permissions granted to the AW Partner SA account for the customer workload + partner_permissions.assured_workloads_monitoring: |- + - + (Optional) + Optional. Allow partner to view violation alerts. + partner_permissions.data_logs_viewer: |- + - + (Optional) + Allow the partner to view inspectability logs and monitoring violations. + partner_permissions.service_access_approver: |- + - + (Optional) + Optional. Allow partner to view access approval logs. provisioned_resources_parent: |- - (Optional) - Input only. The parent resource for the resources managed by this Assured Workload. May be either an organization or a folder. Must be the same or a child of the Workload parent. If not specified all resources are created under the Workload parent. Formats: folders/{folder_id}, organizations/{organization_id} + Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} resource_settings: |- - (Optional) Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. + resource_settings.display_name: |- + - + (Optional) + User-assigned resource display name. If not empty it will be used to create a resource with the specified name. resource_settings.resource_id: |- - (Optional) - Resource identifier. For a project this represents project_number. If the project is already taken, the workload creation will fail. + Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. resource_settings.resource_type: |- - (Optional) @@ -7089,7 +8560,119 @@ resources: resources: |- - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. + saa_enrollment_response: |- + - + Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. update: '- Default is 20 minutes.' + violation_notifications_enabled: |- + - + (Optional) + Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. + importStatements: [] + google_backup_dr_management_server: + subCategory: Backup and DR + description: A Backup and DR Management Server (Also referred as Management Console) + name: google_backup_dr_management_server + title: "" + examples: + - name: ms-console + manifest: |- + { + "depends_on": [ + "${google_service_networking_connection.default}" + ], + "location": "us-central1", + "name": "ms-console", + "networks": [ + { + "network": "${google_compute_network.default.id}", + "peering_mode": "PRIVATE_SERVICE_ACCESS" + } + ], + "provider": "${google-beta}", + "type": "BACKUP_RESTORE" + } + references: + networks.network: google_compute_network.default.id + provider: google-beta + dependencies: + google_compute_global_address.private_ip_address: |- + { + "address_type": "INTERNAL", + "name": "vpc-network", + "network": "${google_compute_network.default.id}", + "prefix_length": 20, + "provider": "${google-beta}", + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "vpc-network", + "provider": "${google-beta}" + } + google_service_networking_connection.default: |- + { + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_address.name}" + ], + "service": "servicenetworking.googleapis.com" + } + argumentDocs: + create: '- Default is 40 minutes.' + delete: '- Default is 40 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/managementServers/{{name}}' + location: |- + - + (Required) + The location for the management server (management console) + management_uri: |- + - + The management console URI + Structure is documented below. + management_uri.api: |- + - + (Output) + The management console api endpoint. + management_uri.web_ui: |- + - + (Output) + The management console webUi. + name: |- + - + (Required) + The name of management server (management console) + networks: |- + - + (Required) + Network details to create management server (management console). + Structure is documented below. + networks.network: |- + - + (Required) + Network with format projects/{{project_id}}/global/networks/{{network_id}} + networks.peering_mode: |- + - + (Optional) + Type of Network peeringMode + Default value is PRIVATE_SERVICE_ACCESS. + Possible values are: PRIVATE_SERVICE_ACCESS. + networks.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + networks.type: |- + - + (Optional) + The type of management server (management console). + Default value is BACKUP_RESTORE. + Possible values are: BACKUP_RESTORE. + oauth2_client_id: |- + - + The oauth2ClientId of management console. importStatements: [] google_beyondcorp_app_connection: subCategory: BeyondCorp @@ -7197,6 +8780,7 @@ resources: - (Optional) An arbitrary user-provided name for the AppConnection. + application_endpoint.effective_labels: for all of the labels present on the resource. application_endpoint.gateway: |- - (Optional) @@ -7229,6 +8813,9 @@ resources: for a list of possible values. create: '- Default is 30 minutes.' delete: '- Default is 30 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. gateway.app_gateway: |- - (Required) @@ -7252,6 +8839,10 @@ resources: - (Required) ID of the AppConnection. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' importStatements: [] google_beyondcorp_app_connector: @@ -7313,6 +8904,9 @@ resources: argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnectors/{{name}}' name: |- - @@ -7332,6 +8926,7 @@ resources: - (Optional) An arbitrary user-provided name for the AppConnector. + principal_info.service_account.effective_labels: for all of the labels present on the resource. principal_info.service_account.email: |- - (Required) @@ -7350,6 +8945,10 @@ resources: state: |- - Represents the different states of a AppConnector. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_beyondcorp_app_gateway: @@ -7398,6 +8997,7 @@ resources: - (Optional) An arbitrary user-provided name for the AppGateway. + effective_labels: for all of the labels present on the resource. host_type: |- - (Optional) @@ -7423,16 +9023,328 @@ resources: state: |- - Represents the different states of a AppGateway. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. type: |- - (Optional) The type of network connectivity used by the AppGateway. Default value is TYPE_UNSPECIFIED. Possible values are: TYPE_UNSPECIFIED, TCP_PROXY. + update: '- Default is 20 minutes.' uri: |- - Server-defined URI for this resource. importStatements: [] + google_biglake_catalog: + subCategory: Biglake + description: Catalogs are top-level containers for Databases and Tables. + name: google_biglake_catalog + title: "" + examples: + - name: default + manifest: |- + { + "location": "US", + "name": "my_catalog" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation time of the catalog. A timestamp in RFC3339 UTC + "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. The deletion time of the catalog. Only set after the catalog + is deleted. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + expire_time: |- + - + Output only. The time when this catalog is considered expired. Only set + after the catalog is deleted. Only set after the catalog is deleted. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/catalogs/{{name}}' + location: |- + - + (Required) + The geographic location where the Catalog should reside. + name: |- + - + (Required) + The name of the Catalog. Format: + projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update_time: |- + - + Output only. The last modification time of the catalog. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. + importStatements: [] + google_biglake_database: + subCategory: Biglake + description: Databases are containers of tables. + name: google_biglake_database + title: "" + examples: + - name: database + manifest: |- + { + "catalog": "${google_biglake_catalog.catalog.id}", + "hive_options": [ + { + "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}", + "parameters": { + "owner": "John Doe" + } + } + ], + "name": "my_database", + "type": "HIVE" + } + references: + catalog: google_biglake_catalog.catalog.id + dependencies: + google_biglake_catalog.catalog: |- + { + "location": "US", + "name": "my_catalog" + } + google_storage_bucket.bucket: |- + { + "force_destroy": true, + "location": "US", + "name": "my_bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.metadata_folder: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "metadata/" + } + argumentDocs: + catalog: |- + - + (Required) + The parent catalog. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation time of the database. A timestamp in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. The deletion time of the database. Only set after the + database is deleted. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + expire_time: |- + - + Output only. The time when this database is considered expired. Only set + after the database is deleted. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + hive_options: |- + - + (Required) + Options of a Hive database. + Structure is documented below. + hive_options.location_uri: |- + - + (Optional) + Cloud Storage folder URI where the database data is stored, starting with "gs://". + hive_options.parameters: |- + - + (Optional) + Stores user supplied Hive database parameters. An object containing a + list of"key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + id: '- an identifier for the resource with format {{catalog}}/databases/{{name}}' + name: |- + - + (Required) + The name of the database. + type: |- + - + (Required) + The database type. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last modification time of the database. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + importStatements: [] + google_biglake_table: + subCategory: Biglake + description: Represents a table. + name: google_biglake_table + title: "" + examples: + - name: table + manifest: |- + { + "database": "${google_biglake_database.database.id}", + "hive_options": [ + { + "parameters": { + "owner": "John Doe", + "provider": "iceberg", + "spark.sql.create.version": "3.1.3", + "spark.sql.partitionProvider": "catalog", + "spark.sql.sources.provider": "iceberg", + "spark.sql.sources.schema.numParts": "1", + "spark.sql.sources.schema.part.0": "{\"type\":\"struct\",\"fields\":[{\"name\":\"id\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}},{\"name\":\"name\",\"type\":\"string\",\"nullable\":true,\"metadata\":{}},{\"name\":\"age\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}}]}", + "transient_lastDdlTime": "1680894197" + }, + "storage_descriptor": [ + { + "input_format": "org.apache.hadoop.mapred.SequenceFileInputFormat", + "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.data_folder.name}", + "output_format": "org.apache.hadoop.hive.ql.io.HiveSequenceFileOutputFormat" + } + ], + "table_type": "MANAGED_TABLE" + } + ], + "name": "my_table", + "type": "HIVE" + } + references: + database: google_biglake_database.database.id + dependencies: + google_biglake_catalog.catalog: |- + { + "location": "US", + "name": "my_catalog" + } + google_biglake_database.database: |- + { + "catalog": "${google_biglake_catalog.catalog.id}", + "hive_options": [ + { + "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}", + "parameters": { + "owner": "Alex" + } + } + ], + "name": "my_database", + "type": "HIVE" + } + google_storage_bucket.bucket: |- + { + "force_destroy": true, + "location": "US", + "name": "my_bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.data_folder: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "data/" + } + google_storage_bucket_object.metadata_folder: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "metadata/" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation time of the table. A timestamp in RFC3339 UTC + "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + database: |- + - + (Optional) + The id of the parent database. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. The deletion time of the table. Only set after the + table is deleted. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + etag: |- + - + The checksum of a table object computed by the server based on the value + of other fields. It may be sent on update requests to ensure the client + has an up-to-date value before proceeding. It is only checked for update + table operations. + expire_time: |- + - + Output only. The time when this table is considered expired. Only set + after the table is deleted. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + hive_options: |- + - + (Optional) + Options of a Hive table. + Structure is documented below. + hive_options.parameters: |- + - + (Optional) + Stores user supplied Hive table parameters. An object containing a + list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + hive_options.storage_descriptor: |- + - + (Optional) + Stores physical storage information on the data. + Structure is documented below. + hive_options.table_type: |- + - + (Optional) + Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. + id: '- an identifier for the resource with format {{database}}/tables/{{name}}' + name: |- + - + (Required) + Output only. The name of the Table. Format: + projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} + storage_descriptor.input_format: |- + - + (Optional) + The fully qualified Java class name of the input format. + storage_descriptor.location_uri: |- + - + (Optional) + Cloud Storage folder URI where the table data is stored, starting with "gs://". + storage_descriptor.output_format: |- + - + (Optional) + The fully qualified Java class name of the output format. + type: |- + - + (Optional) + The database type. + Possible values are: HIVE. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last modification time of the table. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_bigquery_analytics_hub_data_exchange: subCategory: Bigquery Analytics Hub description: A Bigquery Analytics Hub data exchange @@ -7571,6 +9483,44 @@ resources: "friendly_name": "my_listing", "location": "US" } + - name: listing + manifest: |- + { + "bigquery_dataset": [ + { + "dataset": "${google_bigquery_dataset.listing.id}" + } + ], + "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id}", + "description": "example data exchange", + "display_name": "my_listing", + "listing_id": "my_listing", + "location": "US", + "restricted_export_config": [ + { + "enabled": true, + "restrict_query_result": true + } + ] + } + references: + bigquery_dataset.dataset: google_bigquery_dataset.listing.id + data_exchange_id: google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id + dependencies: + google_bigquery_analytics_hub_data_exchange.listing: |- + { + "data_exchange_id": "my_data_exchange", + "description": "example data exchange", + "display_name": "my_data_exchange", + "location": "US" + } + google_bigquery_dataset.listing: |- + { + "dataset_id": "my_listing", + "description": "example data exchange", + "friendly_name": "my_listing", + "location": "US" + } argumentDocs: bigquery_dataset: |- - @@ -7618,6 +9568,11 @@ resources: - (Optional) Email or URL of the request access of the listing. Subscribers can use this reference to request access. + bigquery_dataset.restricted_export_config: |- + - + (Optional) + If set, restricted export configuration will be propagated and enforced on the linked dataset. + Structure is documented below. create: '- Default is 20 minutes.' data_exchange_id: |- - @@ -7656,6 +9611,14 @@ resources: - (Optional) Email or URL of the listing publisher. + restricted_export_config.enabled: |- + - + (Optional) + If true, enable restricted export. + restricted_export_config.restrict_query_result: |- + - + (Optional) + If true, restrict export of query result derived from restricted linked dataset table. update: '- Default is 20 minutes.' importStatements: [] google_bigquery_analytics_hub_listing_iam_policy: @@ -7703,6 +9666,59 @@ resources: google_bigquery_analytics_hub_listing_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_bigquery_bi_reservation: + subCategory: BigQuery Reservation + description: Represents a BI Reservation. + name: google_bigquery_bi_reservation + title: "" + examples: + - name: reservation + manifest: |- + { + "location": "us-west2", + "size": "3000000000" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/biReservation' + location: |- + - + (Required) + LOCATION_DESCRIPTION + name: |- + - + The resource name of the singleton BI reservation. Reservation names have the form projects/{projectId}/locations/{locationId}/biReservation. + preferred_tables: |- + - + (Optional) + Preferred tables to use BI capacity for. + Structure is documented below. + preferred_tables.dataset_id: |- + - + (Optional) + The ID of the dataset in the above project. + preferred_tables.project_id: |- + - + (Optional) + The assigned project ID of the project. + preferred_tables.table_id: |- + - + (Optional) + The ID of the table in the above dataset. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + size: |- + - + (Optional) + Size of a reservation, in bytes. + update: '- Default is 20 minutes.' + update_time: |- + - + The last update timestamp of a reservation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_bigquery_capacity_commitment: subCategory: BigQuery Reservation description: Capacity commitment is a way to purchase compute capacity for BigQuery jobs (in the form of slots) with some committed period of usage. @@ -7742,7 +9758,7 @@ resources: - (Optional) If true, fail the request if another project in the organization has a capacity commitment. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/capacityCommitments/{{capacity_commitment_id}}' + id: '- an identifier for the resource with format {{name}}' location: |- - (Optional) @@ -7761,7 +9777,7 @@ resources: renewal_plan: |- - (Optional) - The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable some commitment plans. + The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans. slot_count: |- - (Required) @@ -7856,7 +9872,41 @@ resources: - name: connection manifest: "{\n \"azure\": [\n {\n \"customer_tenant_id\": \"customer-tenant-id\",\n \"federated_application_client_id\": \"b43eeeee-eeee-eeee-eeee-a480155501ce\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"azure-eastus2\"\n}" - name: connection - manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"database_role\": \"database_role\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + - name: connection + manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"max_parallelism\": 100,\n \"use_data_boost\": true,\n \"use_parallelism\": true\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + - name: connection + manifest: "{\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\",\n \"spark\": [\n {\n \"spark_history_server_config\": [\n {\n \"dataproc_cluster\": \"${google_dataproc_cluster.basic.id}\"\n }\n ]\n }\n ]\n}" + references: + spark.spark_history_server_config.dataproc_cluster: google_dataproc_cluster.basic.id + dependencies: + google_dataproc_cluster.basic: |- + { + "cluster_config": [ + { + "master_config": [ + { + "disk_config": [ + { + "boot_disk_size_gb": 35 + } + ], + "machine_type": "e2-standard-2", + "num_instances": 1 + } + ], + "software_config": [ + { + "override_properties": { + "dataproc:dataproc.allow.zero.workers": "true" + } + } + ] + } + ], + "name": "my-connection", + "region": "us-central1" + } argumentDocs: aws: |- - @@ -7926,15 +9976,28 @@ resources: cloud_spanner.database: |- - (Required) - Cloud Spanner database in the form `project/instance/database' + Cloud Spanner database in the form `project/instance/database'. + cloud_spanner.database_role: |- + - + (Optional) + Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as SELECT and INSERT. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + cloud_spanner.max_parallelism: |- + - + (Optional) + Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. useParallelism and useDataBoost must be set when setting max parallelism. + cloud_spanner.use_data_boost: |- + - + (Optional) + If set, the request will be executed via Spanner independent compute resources. use_parallelism must be set when using data boost. cloud_spanner.use_parallelism: |- - (Optional) - If parallelism should be used when reading from Cloud Spanner + If parallelism should be used when reading from Cloud Spanner. cloud_spanner.use_serverless_analytics: |- - - (Optional) - If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics + (Optional, Deprecated) + If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. + cloud_spanner.useServerlessAnalytics: is deprecated and will be removed in a future major release. Use useDataBoost instead. cloud_sql: |- - (Optional) @@ -7999,6 +10062,10 @@ resources: Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 + metastore_service_config.metastore_service: |- + - + (Optional) + Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. name: |- - The resource name of the connection in the form of: @@ -8006,6 +10073,29 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + spark: |- + - + (Optional) + Container for connection properties to execute stored procedures for Apache Spark. resources. + Structure is documented below. + spark.metastore_service_config: |- + - + (Optional) + Dataproc Metastore Service configuration for the connection. + Structure is documented below. + spark.service_account_id: |- + - + (Output) + The account ID of the service created for the purpose of this connection. + spark.spark_history_server_config: |- + - + (Optional) + Spark History Server configuration for the connection. + Structure is documented below. + spark_history_server_config.dataproc_cluster: |- + - + (Optional) + Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. update: '- Default is 20 minutes.' importStatements: [] google_bigquery_connection_iam_policy: @@ -8145,8 +10235,9 @@ resources: name: |- - The resource name of the transfer config. Transfer config names have the - form projects/{projectId}/locations/{location}/transferConfigs/{configId}. - Where configId is usually a uuid, but this is not required. + form projects/{projectId}/locations/{location}/transferConfigs/{configId} + or projects/{projectId}/transferConfigs/{configId}, + where configId is usually a uuid, but this is not required. The name is ignored when creating a transfer config. notification_pubsub_topic: |- - @@ -8539,6 +10630,23 @@ resources: "routine_id": "public_routine", "routine_type": "TABLE_VALUED_FUNCTION" } + - name: dataset + manifest: |- + { + "dataset_id": "example_dataset", + "description": "This is a test description", + "external_dataset_reference": [ + { + "connection": "projects/project/locations/aws-us-east-1/connections/connection", + "external_source": "aws-glue://arn:aws:glue:us-east-1:999999999999:database/database" + } + ], + "friendly_name": "test", + "location": "aws-us-east-1", + "provider": "${google-beta}" + } + references: + provider: google-beta argumentDocs: US: |- . @@ -8562,6 +10670,11 @@ resources: - (Optional) An email address of a Google Group to grant access to. + access.iam_member: |- + - + (Optional) + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: allUsers access.role: |- - (Optional) @@ -8669,6 +10782,7 @@ resources: - (Optional) A user-friendly description of the dataset + effective_labels: for all of the labels present on the resource. etag: |- - A hash of the resource. @@ -8692,6 +10806,20 @@ resources: table expires, or if you provide an explicit expirationTime when creating a table, that value takes precedence over the default expiration time indicated by this property. + external_dataset_reference: |- + - + (Optional, Beta) + Information about the external metadata storage where the dataset is defined. + Structure is documented below. + external_dataset_reference.connection: |- + - + (Required) + The connection id that is used to access the externalSource. + Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + external_dataset_reference.external_source: |- + - + (Required) + External source that backs this dataset. friendly_name: |- - (Optional) @@ -8707,7 +10835,7 @@ resources: - (Optional) The labels associated with this dataset. You can use these to - organize and group your datasets + organize and group your datasets. last_modified_time: |- - The date when this dataset or any of its tables was last modified, in @@ -8749,6 +10877,10 @@ resources: Set this flag value to LOGICAL to use logical bytes for storage billing, or to PHYSICAL to use physical bytes instead. LOGICAL is the default if this flag isn't specified. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' view.dataset_id: |- - @@ -9329,7 +11461,7 @@ resources: { "bucket": "${google_storage_bucket.test.name}", "name": "job_load_bucket_object", - "source": "./test-fixtures/bigquerytable/test.parquet.gzip" + "source": "./test-fixtures/test.parquet.gzip" } - name: job manifest: |- @@ -9545,6 +11677,10 @@ resources: (Required) The table. Can be specified {{table_id}} if project_id and dataset_id are also set, or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. + effective_labels: |- + - + (Output) + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. error_result.location: |- - (Optional) @@ -9897,6 +12033,7 @@ resources: - (Required) The ID of the dataset containing this model. + source_model.effective_labels: for all of the labels present on the resource. source_model.extract: |- - (Optional) @@ -9981,6 +12118,11 @@ resources: - (Output) Running state of the job. Valid states include 'PENDING', 'RUNNING', and 'DONE'. + terraform_labels: |- + - + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. time_partitioning.expiration_ms: |- - (Optional) @@ -9996,6 +12138,7 @@ resources: (Required) The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, but in OnePlatform the field will be treated as unset. + update: '- Default is 20 minutes.' user_defined_function_resources.inline_code: |- - (Optional) @@ -10213,6 +12356,153 @@ resources: { "dataset_id": "dataset_id" } + - name: pyspark + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n", + "language": "PYTHON", + "routine_id": "routine_id", + "routine_type": "PROCEDURE", + "spark_options": [ + { + "connection": "${google_bigquery_connection.test.name}", + "runtime_version": "2.1" + } + ] + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + spark_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "connection_id": "connection_id", + "location": "US", + "spark": [ + {} + ] + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: pyspark_mainfile + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "", + "language": "PYTHON", + "routine_id": "routine_id", + "routine_type": "PROCEDURE", + "spark_options": [ + { + "archive_uris": [ + "gs://test-bucket/distribute_in_executor.tar.gz" + ], + "connection": "${google_bigquery_connection.test.name}", + "file_uris": [ + "gs://test-bucket/distribute_in_executor.json" + ], + "main_file_uri": "gs://test-bucket/main.py", + "py_file_uris": [ + "gs://test-bucket/lib.py" + ], + "runtime_version": "2.1" + } + ] + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + spark_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "connection_id": "connection_id", + "location": "US", + "spark": [ + {} + ] + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: spark_jar + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "", + "language": "SCALA", + "routine_id": "routine_id", + "routine_type": "PROCEDURE", + "spark_options": [ + { + "connection": "${google_bigquery_connection.test.name}", + "container_image": "gcr.io/my-project-id/my-spark-image:latest", + "jar_uris": [ + "gs://test-bucket/uberjar_spark_spark3.jar" + ], + "main_class": "com.google.test.jar.MainClass", + "properties": { + "spark.dataproc.scaling.version": "2", + "spark.reducer.fetchMigratedShuffle.enabled": "true" + }, + "runtime_version": "2.1" + } + ] + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + spark_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "connection_id": "connection_id", + "location": "US", + "spark": [ + {} + ] + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: remote_function + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "", + "remote_function_options": [ + { + "connection": "${google_bigquery_connection.test.name}", + "endpoint": "https://us-east1-my_gcf_project.cloudfunctions.net/remote_add", + "max_batching_rows": "10", + "user_defined_context": { + "z": "1.5" + } + } + ], + "return_type": "{\"typeKind\" : \"STRING\"}", + "routine_id": "routine_id", + "routine_type": "SCALAR_FUNCTION" + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + remote_function_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "cloud_resource": [ + {} + ], + "connection_id": "connection_id", + "location": "US" + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } argumentDocs: arguments: |- - @@ -10278,7 +12568,7 @@ resources: - (Optional) The language of the routine. - Possible values are: SQL, JAVASCRIPT. + Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. last_modified_time: |- - The time when this routine was modified, in milliseconds since the @@ -10286,6 +12576,35 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + remote_function_options: |- + - + (Optional) + Remote function specific options. + Structure is documented below. + remote_function_options.connection: |- + - + (Optional) + Fully qualified name of the user-provided connection object which holds + the authentication information to send requests to the remote service. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + remote_function_options.endpoint: |- + - + (Optional) + Endpoint of the user-provided remote service, e.g. + https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + remote_function_options.max_batching_rows: |- + - + (Optional) + Max number of rows in each batch sent to the remote service. If absent or if 0, + BigQuery dynamically decides the number of rows in a batch. + remote_function_options.user_defined_context: |- + - + (Optional) + User-defined context as a set of key/value pairs, which will be sent as function + invocation context together with batched arguments in the requests to the remote + service. The total number of bytes of keys and values must be less than 8KB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. return_table_type: |- - (Optional) @@ -10311,9 +12630,60 @@ resources: The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters. routine_type: |- - - (Optional) + (Required) The type of routine. Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. + spark_options: |- + - + (Optional) + Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + Structure is documented below. + spark_options.archive_uris: |- + - + (Optional) + Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. + spark_options.connection: |- + - + (Optional) + Fully qualified name of the user-provided Spark connection object. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + spark_options.container_image: |- + - + (Optional) + Custom container image for the runtime environment. + spark_options.file_uris: |- + - + (Optional) + Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. + spark_options.jar_uris: |- + - + (Optional) + JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. + spark_options.main_class: |- + - + (Optional) + The fully qualified name of a class in jarUris, for example, com.example.wordcount. + Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + spark_options.main_file_uri: |- + - + (Optional) + The main file/jar URI of the Spark application. + Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + spark_options.properties: |- + - + (Optional) + Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + For more information, see Apache Spark and the procedure option list. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + spark_options.py_file_uris: |- + - + (Optional) + Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. + spark_options.runtime_version: |- + - + (Optional) + Runtime version. If not specified, the default runtime version is used. update: '- Default is 20 minutes.' importStatements: [] google_bigquery_table: @@ -10399,6 +12769,10 @@ resources: - (Optional) Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order. + column_references.referenced_column: |- + : (Required) The column in the primary key that are + referenced by the referencingColumn + column_references.referencing_column: ': (Required) The column that composes the foreign key.' creation_time: '- The time when this table was created, in milliseconds since the epoch.' csv_options.allow_jagged_rows: |- (Optional) - Indicates if BigQuery should accept rows @@ -10429,6 +12803,9 @@ resources: - (Optional) Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. description: '- (Optional) The field description.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. encryption_configuration: |- - (Optional) Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process @@ -10467,6 +12844,14 @@ resources: external_data_configuration.csv_options: |- (Optional) - Additional properties to set if source_format is set to "CSV". Structure is documented below. + external_data_configuration.external_data_configuration.connection_id: |- + , the + table schema must be specified using the top-level schema field + documented above. + external_data_configuration.file_set_spec_type: |- + - (Optional) Specifies how source URIs are interpreted for constructing the file set to load. + By default source URIs are expanded against the underlying storage. + Other options include specifying manifest files. Only applicable to object storage systems. Docs external_data_configuration.google_sheets_options: |- (Optional) - Additional options if source_format is set to "GOOGLE_SHEETS". Structure is @@ -10515,6 +12900,14 @@ resources: external_data_configuration.source_uris: |- - (Required) A list of the fully-qualified URIs that point to your data in Google Cloud. + foreign_keys.column_references: |- + : (Required) The pair of the foreign key column and primary key column. + Structure is documented below. + foreign_keys.name: ': (Optional) Set only if the foreign key constraint is named.' + foreign_keys.referenced_table: |- + : (Required) The table that holds the primary key + and is referenced by this foreign key. + Structure is documented below. friendly_name: '- (Optional) A descriptive name for the table.' google_sheets_options.range: |- (Optional) - Range of a sheet to query from. Only used when @@ -10550,6 +12943,9 @@ resources: materialized_view: |- - (Optional) If specified, configures this table as a materialized view. Structure is documented below. + materialized_view.allow_non_incremental_definition: |- + - (Optional) Allow non incremental materialized view definition. + The default value is false. materialized_view.enable_refresh: |- - (Optional) Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. The default value is true. @@ -10557,11 +12953,17 @@ resources: materialized_view.refresh_interval_ms: |- - (Optional) The maximum frequency at which this materialized view will be refreshed. The default value is 1800000 + max_staleness: |- + : (Optional) The maximum staleness of data that could be + returned when the table (or stale MV) is queried. Staleness encoded as a + string encoding of SQL IntervalValue + type. num_bytes: '- The size of this table in bytes, excluding any data in the streaming buffer.' num_long_term_bytes: '- The number of bytes in the table that are considered "long-term storage".' num_rows: '- The number of rows of data in this table, excluding any data in the streaming buffer.' parquet_options.enable_list_inference: (Optional) - Indicates whether to use schema inference specifically for Parquet LIST logical type. parquet_options.enum_as_string: (Optional) - Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default. + primary_key.columns: ': (Required) The columns that are composed of the primary key constraint.' project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -10577,11 +12979,38 @@ resources: range_partitioning.range: |- - (Required) Information required to partition based on ranges. Structure is documented below. + referenced_table.dataset_id: ': (Required) The ID of the dataset containing this table.' + referenced_table.project_id: ': (Required) The ID of the project containing this table.' + referenced_table.table_id: |- + : (Required) The ID of the table. The ID must contain only + letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum + length is 1,024 characters. Certain operations allow suffixing of + the table ID with a partition decorator, such as + sample_table$20190123. + require_partition_filter: |- + - (Optional) If set to true, queries over this table + require a partition filter that can be used for partition elimination to be + specified. schema: '- (Optional) A JSON schema for the table.' self_link: '- The URI of the created resource.' + table_constraints: |- + - (Optional) Defines the primary key and foreign keys. + Structure is documented below. + table_constraints.foreign_keys: |- + - (Optional) Present only if the table has a foreign key. + The foreign key is not enforced. + Structure is documented below. + table_constraints.primary_key: |- + - (Optional) Represents the primary key constraint + on a table's columns. Present only if the table has a primary key. + The primary key is not enforced. + Structure is documented below. table_id: |- - (Required) A unique ID for the resource. Changing this forces a new resource to be created. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. time_partitioning: |- - (Optional) If specified, configures time-based partitioning for this table. Structure is documented below. @@ -10595,7 +13024,8 @@ resources: time_partitioning.require_partition_filter: |- - (Optional) If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. time_partitioning.type: |- - (Required) The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively. @@ -10776,6 +13206,40 @@ resources: "deletion_protection": "true", "name": "bt-instance" } + - name: ap + manifest: |- + { + "app_profile_id": "bt-profile", + "ignore_warnings": true, + "instance": "${google_bigtable_instance.instance.name}", + "single_cluster_routing": [ + { + "allow_transactional_writes": true, + "cluster_id": "cluster-1" + } + ], + "standard_isolation": [ + { + "priority": "PRIORITY_LOW" + } + ] + } + references: + instance: google_bigtable_instance.instance.name + dependencies: + google_bigtable_instance.instance: |- + { + "cluster": [ + { + "cluster_id": "cluster-1", + "num_nodes": 3, + "storage_type": "HDD", + "zone": "us-central1-b" + } + ], + "deletion_protection": "true", + "name": "bt-instance" + } argumentDocs: app_profile_id: |- - @@ -10822,6 +13286,16 @@ resources: - (Required) The cluster to which read/write requests should be routed. + standard_isolation: |- + - + (Optional) + The standard options used for isolating this app profile's traffic from other use cases. + Structure is documented below. + standard_isolation.priority: |- + - + (Required) + The priority of requests sent using this app profile. + Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. update: '- Default is 20 minutes.' importStatements: [] google_bigtable_gc_policy: @@ -10985,6 +13459,7 @@ resources: - (Required) A block of cluster configuration options. This can be specified at least once, and up to as many as possible within 8 cloud regions. Removing the field entirely from the config will cause the provider to default to the backend value. See structure below. + cluster.0.state: '- describes the current state of the cluster.' cluster.autoscaling_config: '- (Optional) Autoscaling config for the cluster, contains the following arguments:' cluster.cluster_id: '- (Required) The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.' cluster.kms_key_name: '- (Optional) Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster.' @@ -11004,6 +13479,9 @@ resources: - (Optional) Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. display_name: '- (Optional) The human-readable display name of the Bigtable instance. Defaults to the instance name.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/instances/{{name}}' instance_type: |- - (Optional, Deprecated) The instance type to create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". @@ -11018,7 +13496,11 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + read: '- Default is 60 minutes.' storage_target: '- The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. update: '- Default is 60 minutes.' importStatements: [] google_bigtable_instance_iam_policy: @@ -11265,6 +13747,9 @@ resources: "projects": [ "projects/${data.google_project.project.number}" ], + "resource_ancestors": [ + "organizations/123456789" + ], "services": [ "services/24E6-581D-38E5" ] @@ -11482,6 +13967,13 @@ resources: included in the budget. If omitted, the report will include all usage for the billing account, regardless of which project the usage occurred on. + budget_filter.resource_ancestors: |- + - + (Optional) + A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId}, + specifying that usage from only this set of folders and organizations should be included in the budget. + If omitted, the budget includes all usage that the billing account pays for. If the folder or organization + contains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects. budget_filter.services: |- - (Optional) @@ -11601,6 +14093,49 @@ resources: 1.0-based percentage, so 0.5 = 50%. Must be >= 0. update: '- Default is 20 minutes.' importStatements: [] + google_billing_project_info: + subCategory: Cloud Billing + description: Billing information for a project. + name: google_billing_project_info + title: "" + examples: + - name: default + manifest: |- + { + "billing_account": "000000-0000000-0000000-000000", + "project": "${google_project.project.project_id}" + } + references: + project: google_project.project.project_id + dependencies: + google_project.project: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${billing_account}" + ] + } + ], + "name": "tf-test", + "org_id": "123456789", + "project_id": "tf-test" + } + argumentDocs: + billing_account: |- + - + (Required) + The ID of the billing account associated with the project, if + any. Set to empty string to disable billing for the project. + For example, "012345-567890-ABCDEF" or "". + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/billingInfo' + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + importStatements: [] google_billing_subaccount: subCategory: Cloud Platform description: Allows management of a Google Cloud Billing Subaccount. @@ -12051,6 +14586,203 @@ resources: id: '- an identifier for the resource with format projects/{{project}}' update: '- Default is 20 minutes.' importStatements: [] + google_blockchain_node_engine_blockchain_nodes: + subCategory: Blockchain node engine + description: A representation of a blockchain node. + name: google_blockchain_node_engine_blockchain_nodes + title: "" + examples: + - name: default_node + manifest: |- + { + "blockchain_node_id": "blockchain_basic_node", + "blockchain_type": "ETHEREUM", + "ethereum_details": [ + { + "api_enable_admin": true, + "api_enable_debug": true, + "consensus_client": "LIGHTHOUSE", + "execution_client": "ERIGON", + "network": "MAINNET", + "node_type": "ARCHIVE", + "validator_config": [ + { + "mev_relay_urls": [ + "https://mev1.example.org/", + "https://mev2.example.org/" + ] + } + ] + } + ], + "labels": { + "environment": "dev" + }, + "location": "us-central1" + } + - name: default_node_geth + manifest: |- + { + "blockchain_node_id": "blockchain_geth_node", + "blockchain_type": "ETHEREUM", + "ethereum_details": [ + { + "api_enable_admin": true, + "api_enable_debug": true, + "consensus_client": "LIGHTHOUSE", + "execution_client": "GETH", + "geth_details": [ + { + "garbage_collection_mode": "FULL" + } + ], + "network": "MAINNET", + "node_type": "FULL", + "validator_config": [ + { + "mev_relay_urls": [ + "https://mev1.example.org/", + "https://mev2.example.org/" + ] + } + ] + } + ], + "labels": { + "environment": "dev" + }, + "location": "us-central1" + } + argumentDocs: + additional_endpoints.beacon_api_endpoint: |- + - + (Output) + The assigned URL for the node's Beacon API endpoint. + additional_endpoints.beacon_prometheus_metrics_api_endpoint: |- + - + (Output) + The assigned URL for the node's Beacon Prometheus metrics endpoint. + additional_endpoints.execution_client_prometheus_metrics_api_endpoint: |- + - + (Output) + The assigned URL for the node's execution client's Prometheus metrics endpoint. + blockchain_node_id: |- + - + (Required) + ID of the requesting object. + blockchain_type: |- + - + (Optional) + User-provided key-value pairs + Possible values are: ETHEREUM. + connection_info: |- + - + The connection information through which to interact with a blockchain node. + Structure is documented below. + connection_info.endpoint_info: |- + - + (Output) + The endpoint information through which to interact with a blockchain node. + Structure is documented below. + connection_info.service_attachment: |- + - + (Output) + A service attachment that exposes a node, and has the following format: projects/{project}/regions/{region}/serviceAttachments/{service_attachment_name} + create: '- Default is 45 minutes.' + create_time: |- + - + The timestamp at which the blockchain node was first created. + delete: '- Default is 35 minutes.' + effective_labels: for all of the labels present on the resource. + endpoint_info.json_rpc_api_endpoint: |- + - + (Output) + The assigned URL for the node JSON-RPC API endpoint. + endpoint_info.websockets_api_endpoint: |- + - + (Output) + The assigned URL for the node WebSockets API endpoint. + ethereum_details: |- + - + (Optional) + User-provided key-value pairs + Structure is documented below. + ethereum_details.additional_endpoints: |- + - + (Output) + User-provided key-value pairs + Structure is documented below. + ethereum_details.api_enable_admin: |- + - + (Optional) + Enables JSON-RPC access to functions in the admin namespace. Defaults to false. + ethereum_details.api_enable_debug: |- + - + (Optional) + Enables JSON-RPC access to functions in the debug namespace. Defaults to false. + ethereum_details.consensus_client: |- + - + (Optional) + The consensus client + Possible values are: CONSENSUS_CLIENT_UNSPECIFIED, LIGHTHOUSE. + ethereum_details.execution_client: |- + - + (Optional) + The execution client + Possible values are: EXECUTION_CLIENT_UNSPECIFIED, GETH, ERIGON. + ethereum_details.geth_details: |- + - + (Optional) + User-provided key-value pairs + Structure is documented below. + ethereum_details.network: |- + - + (Optional) + The Ethereum environment being accessed. + Possible values are: MAINNET, TESTNET_GOERLI_PRATER, TESTNET_SEPOLIA. + ethereum_details.node_type: |- + - + (Optional) + The type of Ethereum node. + Possible values are: LIGHT, FULL, ARCHIVE. + ethereum_details.validator_config: |- + - + (Optional) + Configuration for validator-related parameters on the beacon client, and for any managed validator client. + Structure is documented below. + geth_details.garbage_collection_mode: |- + - + (Optional) + Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. + Possible values are: FULL, ARCHIVE. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/blockchainNodes/{{blockchain_node_id}}' + labels: |- + - + (Optional) + User-provided key-value pairs + location: |- + - + (Required) + Location of Blockchain Node being created. + name: |- + - + The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp at which the blockchain node was last updated. + validator_config.mev_relay_urls: |- + - + (Optional) + URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client. + importStatements: [] google_certificate_manager_certificate: subCategory: Certificate manager description: Certificate represents a HTTP-reachable backend for a Certificate. @@ -12061,6 +14793,9 @@ resources: manifest: |- { "description": "The default cert", + "labels": { + "env": "test" + }, "managed": [ { "dns_authorizations": [ @@ -12124,18 +14859,18 @@ resources: "description": "sample description for the certificate issuanceConfigs", "key_algorithm": "ECDSA_P256", "lifetime": "1814400s", - "name": "issuanceconfigtestterraform", + "name": "issuance-config", "rotation_window_percentage": 34 } google_privateca_ca_pool.pool: |- { "location": "us-central1", - "name": "my-ca-pool", + "name": "ca-pool", "tier": "ENTERPRISE" } google_privateca_certificate_authority.ca_authority: |- { - "certificate_authority_id": "my-ca", + "certificate_authority_id": "ca-authority", "config": [ { "subject_config": [ @@ -12197,11 +14932,11 @@ resources: { "description": "Global cert", "name": "self-managed-cert", - "scope": "EDGE_CACHE", + "scope": "ALL_REGIONS", "self_managed": [ { - "pem_certificate": "${file(\"test-fixtures/certificatemanager/cert.pem\")}", - "pem_private_key": "${file(\"test-fixtures/certificatemanager/private-key.pem\")}" + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" } ] } @@ -12213,11 +14948,146 @@ resources: "name": "self-managed-cert", "self_managed": [ { - "pem_certificate": "${file(\"test-fixtures/certificatemanager/cert.pem\")}", - "pem_private_key": "${file(\"test-fixtures/certificatemanager/private-key.pem\")}" + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" } ] } + - name: default + manifest: |- + { + "description": "sample google managed all_regions certificate with issuance config for terraform", + "managed": [ + { + "domains": [ + "terraform.subdomain1.com" + ], + "issuance_config": "${google_certificate_manager_certificate_issuance_config.issuanceconfig.id}" + } + ], + "name": "issuance-config-cert", + "scope": "ALL_REGIONS" + } + references: + managed.issuance_config: google_certificate_manager_certificate_issuance_config.issuanceconfig.id + dependencies: + google_certificate_manager_certificate_issuance_config.issuanceconfig: |- + { + "certificate_authority_config": [ + { + "certificate_authority_service_config": [ + { + "ca_pool": "${google_privateca_ca_pool.pool.id}" + } + ] + } + ], + "depends_on": [ + "${google_privateca_certificate_authority.ca_authority}" + ], + "description": "sample description for the certificate issuanceConfigs", + "key_algorithm": "ECDSA_P256", + "lifetime": "1814400s", + "name": "issuance-config", + "rotation_window_percentage": 34 + } + google_privateca_ca_pool.pool: |- + { + "location": "us-central1", + "name": "ca-pool", + "tier": "ENTERPRISE" + } + google_privateca_certificate_authority.ca_authority: |- + { + "certificate_authority_id": "ca-authority", + "config": [ + { + "subject_config": [ + { + "subject": [ + { + "common_name": "my-certificate-authority", + "organization": "HashiCorp" + } + ], + "subject_alt_name": [ + { + "dns_names": [ + "hashicorp.com" + ] + } + ] + } + ], + "x509_config": [ + { + "ca_options": [ + { + "is_ca": true + } + ], + "key_usage": [ + { + "base_key_usage": [ + { + "cert_sign": true, + "crl_sign": true + } + ], + "extended_key_usage": [ + { + "server_auth": true + } + ] + } + ] + } + ] + } + ], + "deletion_protection": false, + "ignore_active_certificates_on_deletion": true, + "key_spec": [ + { + "algorithm": "RSA_PKCS1_4096_SHA256" + } + ], + "location": "us-central1", + "pool": "${google_privateca_ca_pool.pool.name}", + "skip_grace_period": true + } + - name: default + manifest: |- + { + "description": "The default cert", + "managed": [ + { + "dns_authorizations": [ + "${google_certificate_manager_dns_authorization.instance.id}", + "${google_certificate_manager_dns_authorization.instance2.id}" + ], + "domains": [ + "${google_certificate_manager_dns_authorization.instance.domain}", + "${google_certificate_manager_dns_authorization.instance2.domain}" + ] + } + ], + "name": "dns-cert", + "scope": "ALL_REGIONS" + } + dependencies: + google_certificate_manager_dns_authorization.instance: |- + { + "description": "The default dnss", + "domain": "subdomain.hashicorptest.com", + "name": "dns-auth" + } + google_certificate_manager_dns_authorization.instance2: |- + { + "description": "The default dnss", + "domain": "subdomain2.hashicorptest.com", + "name": "dns-auth2" + } argumentDocs: authorization_attempt_info.details: |- - @@ -12243,11 +15113,16 @@ resources: - (Optional) A human-readable description of the resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/certificates/{{name}}' labels: |- - (Optional) Set of label tags associated with the Certificate resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -12314,9 +15189,10 @@ resources: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. - EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - served from non-core Google data centers. - Currently allowed only for managed certificates. + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + See https://cloud.google.com/vpc/docs/edge-locations. + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + See https://cloud.google.com/compute/docs/regions-zones self_managed: |- - (Optional) @@ -12327,7 +15203,7 @@ resources: self_managed.certificate_pem: |- - (Optional, Deprecated) - Deprecated The certificate chain in PEM-encoded form. + The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan. self_managed.pem_certificate: |- @@ -12343,8 +15219,12 @@ resources: self_managed.private_key_pem: |- - (Optional, Deprecated) - Deprecated The private key of the leaf certificate in PEM-encoded form. + The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_certificate_manager_certificate_issuance_config: @@ -12375,7 +15255,7 @@ resources: "name": "wrench" }, "lifetime": "1814400s", - "name": "issuanceconfigtestterraform", + "name": "issuance-config", "rotation_window_percentage": 34 } references: @@ -12384,12 +15264,12 @@ resources: google_privateca_ca_pool.pool: |- { "location": "us-central1", - "name": "my-ca-pool", + "name": "ca-pool", "tier": "ENTERPRISE" } google_privateca_certificate_authority.ca_authority: |- { - "certificate_authority_id": "my-ca", + "certificate_authority_id": "ca-authority", "config": [ { "subject_config": [ @@ -12467,6 +15347,7 @@ resources: - (Optional) One or more paragraphs of text description of a CertificateIssuanceConfig. + certificate_authority_config.certificate_authority_service_config.effective_labels: for all of the labels present on the resource. certificate_authority_config.certificate_authority_service_config.labels: |- - (Optional) @@ -12486,6 +15367,9 @@ resources: accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}' key_algorithm: |- - @@ -12509,6 +15393,11 @@ resources: Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' update_time: |- - The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, @@ -12543,6 +15432,7 @@ resources: - (Optional) A human-readable description of the resource. + effective_labels: for all of the labels present on the resource. gclb_targets: |- - A list of target proxies that use this Certificate Map @@ -12585,6 +15475,10 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -12673,6 +15567,7 @@ resources: - (Optional) A human-readable description of the resource. + effective_labels: for all of the labels present on the resource. hostname: |- - (Optional) @@ -12706,6 +15601,10 @@ resources: state: |- - A serving state of this Certificate Map Entry. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -12722,8 +15621,9 @@ resources: - name: default manifest: |- { - "description": "The default dnss", + "description": "The default dns", "domain": "subdomain.hashicorptest.com", + "location": "global", "name": "dns-auth" } argumentDocs: @@ -12758,11 +15658,20 @@ resources: A domain which is being authorized. A DnsAuthorization resource covers a single domain and its wildcard, e.g. authorization for "example.com" can be used to issue certificates for "example.com" and "*.example.com". - id: '- an identifier for the resource with format projects/{{project}}/locations/global/dnsAuthorizations/{{name}}' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dnsAuthorizations/{{name}}' labels: |- - (Optional) Set of label tags associated with the DNS Authorization resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Optional) + The Certificate Manager location. If not specified, "global" is used. name: |- - (Required) @@ -12772,8 +15681,115 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] + google_certificate_manager_trust_config: + subCategory: Certificate manager + description: TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios. + name: google_certificate_manager_trust_config + title: "" + examples: + - name: default + manifest: |- + { + "description": "sample description for the trust config", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "name": "trust-config", + "trust_stores": [ + { + "intermediate_cas": [ + { + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}" + } + ], + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}" + } + ] + } + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + The creation timestamp of a TrustConfig. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + One or more paragraphs of text description of a trust config. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}' + intermediate_cas.pem_certificate: |- + - + (Optional) + PEM intermediate certificate used for building up paths for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + labels: |- + - + (Optional) + Set of label tags associated with the trust config. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The trust config location. + name: |- + - + (Required) + A user-defined name of the trust config. Trust config names must be unique globally. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + trust_anchors.pem_certificate: |- + - + (Optional) + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + trust_stores: |- + - + (Optional) + Set of trust stores to perform validation against. + This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + Structure is documented below. + trust_stores.intermediate_cas: |- + - + (Optional) + Set of intermediate CA certificates used for the path building phase of chain validation. + The field is currently not supported if trust config is used for the workload certificate feature. + Structure is documented below. + trust_stores.trust_anchors: |- + - + (Optional) + List of Trust Anchors to be used while performing validation against a given TrustStore. + Structure is documented below. + update: '- Default is 20 minutes.' + update_time: |- + - + The last update timestamp of a TrustConfig. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_cloud_asset_folder_feed: subCategory: Cloud Asset Inventory description: Describes a Cloud Asset Inventory feed used to to listen to asset updates. @@ -13186,6 +16202,28 @@ resources: "parent": "customers/A01b123xz" } argumentDocs: + additional_group_keys: |- + - + Additional group keys associated with the Group + Structure is documented below. + additional_group_keys.id: |- + - + (Output) + The ID of the entity. + For Google-managed entities, the id must be the email address of an existing + group or user. + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + Must be unique within a namespace. + additional_group_keys.namespace: |- + - + (Output) + The namespace in which the entity exists. + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of identitysources/{identity_source_id}. create: '- Default is 20 minutes.' create_time: |- - @@ -13348,6 +16386,23 @@ resources: - The time when the Membership was created. delete: '- Default is 20 minutes.' + expiry_detail.expire_time: |- + - + (Required) + The time at which the MembershipRole will expire. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + expiry_detail.member_key: |- + - + (Optional, Beta) + EntityKey of the member. + Structure is documented below. + expiry_detail.preferred_member_key: |- + - + (Optional) + EntityKey of the member. + Structure is documented below. group: |- - (Required) @@ -13398,21 +16453,17 @@ resources: The MembershipRoles that apply to the Membership. Must not contain duplicate MembershipRoles with the same name. Structure is documented below. - roles.member_key: |- + roles.expiry_detail: |- - - (Optional, Beta) - EntityKey of the member. + (Optional) + The MembershipRole expiry details, only supported for MEMBER role. + Other roles cannot be accompanied with MEMBER role having expiry. Structure is documented below. roles.name: |- - (Required) The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values are: OWNER, MANAGER, MEMBER. - roles.preferred_member_key: |- - - - (Optional) - EntityKey of the member. - Structure is documented below. type: |- - The type of the membership. @@ -13579,11 +16630,6 @@ resources: - (Required) The location of the cloud run instance. eg us-central1 - metadata: |- - - - (Required) - Metadata associated with this DomainMapping. - Structure is documented below. metadata.annotations: |- - (Optional) @@ -13593,6 +16639,16 @@ resources: Note: The Cloud Run API may add additional annotations that were not provided in your config. If terraform plan shows a diff where a server-side annotation is added, you can add it to your config or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + metadata.effective_annotations: |- + - + (Output) + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + metadata.effective_labels: |- + - + (Output) + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. metadata.generation: |- - (Output) @@ -13604,14 +16660,13 @@ resources: (scope and select) objects. May match selectors of replication controllers and routes. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. metadata.namespace: |- - (Required) In Cloud Run the namespace must be equal to either the project ID or project number. - metadata.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. metadata.resource_version: |- - (Output) @@ -13626,6 +16681,11 @@ resources: - (Output) SelfLink is a URL representing this object. + metadata.terraform_labels: |- + - + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. metadata.uid: |- - (Output) @@ -13669,6 +16729,14 @@ resources: It is recommended that the user leaves this empty to receive an error warning about a potential conflict and only set it once the respective UI has given such a warning. + spec.metadata: |- + - + (Optional) + Metadata associated with this DomainMapping. + Structure is documented below. + spec.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. spec.route_name: |- - (Required) @@ -14051,31 +17119,30 @@ resources: If not specified, the container runtime's default will be used, which might be configured in the container image. create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - empty_dir.autogenerate_revision_name: |- + csi.autogenerate_revision_name: |- - (Optional) If set to true, the revision name (template.metadata.name) will be omitted and autogenerated by Cloud Run. This cannot be set to true while template.metadata.name is also set. (For legacy support, if template.metadata.name is unset in state while this field is set to false, the revision name will still autogenerate.) - empty_dir.medium: |- + csi.driver: |- - - (Optional) - The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. - empty_dir.metadata: |- + (Required) + Unique name representing the type of file system to be created. Cloud Run supports the following values: + csi.metadata: |- - (Optional) Metadata associated with this Service, including name, namespace, labels, and annotations. Structure is documented below. - empty_dir.project: |- + csi.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - empty_dir.size_limit: |- + csi.read_only: |- - (Optional) - Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. - empty_dir.template: |- + If true, all mounts created from this volume will be read-only. + csi.template: |- - (Optional) template holds the latest specification for the Revision to @@ -14088,12 +17155,25 @@ resources: Cloud Run does not currently support referencing a build that is responsible for materializing the container image from source. Structure is documented below. - empty_dir.traffic: |- + csi.traffic: |- - (Optional) Traffic specifies how to distribute traffic over a collection of Knative Revisions and Configurations Structure is documented below. + csi.volume_attributes: |- + - + (Optional) + Driver-specific attributes. The following options are supported for available drivers: + delete: '- Default is 20 minutes.' + empty_dir.medium: |- + - + (Optional) + The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. + empty_dir.size_limit: |- + - + (Optional) + Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. env.name: |- - (Optional) @@ -14225,6 +17305,14 @@ resources: or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. Annotations with run.googleapis.com/ and autoscaling.knative.dev are restricted. Use the following annotation keys to configure features on a Revision template: + metadata.effective_annotations: |- + - + (Output) + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + metadata.effective_labels: |- + - + (Output) + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. metadata.generation: |- - (Output) @@ -14257,6 +17345,11 @@ resources: - (Output) SelfLink is a URL representing this object. + metadata.terraform_labels: |- + - + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. metadata.uid: |- - (Output) @@ -14324,6 +17417,8 @@ resources: run.googleapis.com/launch-stage: |- sets the launch stage when a preview feature is used. For example, "run.googleapis.com/launch-stage": "BETA" + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. run.googleapis.com/post-key-revocation-action-type: |- sets the action type @@ -14565,6 +17660,11 @@ resources: - (Required) This must match the Name of a Volume. + volumes.csi: |- + - + (Optional, Beta) + A filesystem specified by the Container Storage Interface (CSI). + Structure is documented below. volumes.empty_dir: |- - (Optional, Beta) @@ -14631,13 +17731,6 @@ resources: - name: default manifest: |- { - "lifecycle": [ - { - "ignore_changes": [ - "${launch_stage}" - ] - } - ], "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -14664,6 +17757,33 @@ resources: ] } ], + "location": "us-central1", + "name": "cloudrun-job", + "template": [ + { + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello", + "resources": [ + { + "limits": { + "cpu": "2", + "memory": "1024Mi" + } + } + ] + } + ] + } + ] + } + ] + } + - name: default + manifest: |- + { "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -14724,7 +17844,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret" @@ -14758,13 +17880,6 @@ resources: - name: default manifest: |- { - "lifecycle": [ - { - "ignore_changes": [ - "${launch_stage}" - ] - } - ], "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -14818,16 +17933,45 @@ resources: - name: default manifest: |- { - "depends_on": [ - "${google_secret_manager_secret_version.secret-version-data}", - "${google_secret_manager_secret_iam_member.secret-access}" - ], - "lifecycle": [ + "launch_stage": "BETA", + "location": "us-central1", + "name": "cloudrun-job", + "template": [ { - "ignore_changes": [ - "${launch_stage}" + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/job" + } + ], + "vpc_access": [ + { + "egress": "ALL_TRAFFIC", + "network_interfaces": [ + { + "network": "default", + "subnetwork": "default", + "tags": [ + "tag1", + "tag2", + "tag3" + ] + } + ] + } + ] + } ] } + ] + } + - name: default + manifest: |- + { + "depends_on": [ + "${google_secret_manager_secret_version.secret-version-data}", + "${google_secret_manager_secret_iam_member.secret-access}" ], "location": "us-central1", "name": "cloudrun-job", @@ -14876,7 +18020,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret" @@ -14899,13 +18045,6 @@ resources: manifest: |- { "launch_stage": "BETA", - "lifecycle": [ - { - "ignore_changes": [ - "${launch_stage}" - ] - } - ], "location": "us-central1", "name": "cloudrun-job", "provider": "${google-beta}", @@ -15009,12 +18148,6 @@ resources: - (Required) URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images - containers.liveness_probe: |- - - - (Optional, Deprecated) - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. containers.name: |- - (Optional) @@ -15030,12 +18163,6 @@ resources: (Optional) Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources Structure is documented below. - containers.startup_probe: |- - - - (Optional, Deprecated) - Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. containers.volume_mounts: |- - (Optional) @@ -15046,7 +18173,22 @@ resources: (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. create: '- Default is 20 minutes.' + create_time: |- + - + The creation time. + creator: |- + - + Email address of the authenticated creator. delete: '- Default is 20 minutes.' + delete_time: |- + - + The deletion time. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. empty_dir.medium: |- - (Optional) @@ -15076,30 +18218,16 @@ resources: execution_count: |- - Number of executions created for this job. + expire_time: |- + - + For a deleted resource, the time after which it will be permamently deleted. generation: |- - A number that monotonically increases every time the user modifies the desired state. - http_get.http_headers: |- - - - (Optional) - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - http_get.path: |- - - - (Optional) - Path to access on the HTTP server. Defaults to '/'. - http_headers.name: |- - - - (Required) - The header field name - http_headers.value: |- - - - (Optional) - The header field value id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/jobs/{{name}}' items.mode: |- - - (Required) + (Optional) Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. items.path: |- - @@ -15109,6 +18237,9 @@ resources: - (Required) The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version + last_modifier: |- + - + Email address of the last authenticated modifier. latest_created_execution: |- - Name of the last created execution. @@ -15127,36 +18258,71 @@ resources: - (Output) Name of the execution. - liveness_probe.failure_threshold: |- + location: |- + - + (Required) + The location of the cloud run job + name: |- + - + (Required) + Name of the Job. + network_interfaces.annotations: |- - (Optional) - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - liveness_probe.http_get: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. + All system annotations in v1 now have a corresponding field in v2 Job. + This field follows Kubernetes annotations' namespacing, limits, and rules. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + network_interfaces.binary_authorization: |- - (Optional) - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + Settings for the Binary Authorization feature. Structure is documented below. - liveness_probe.initial_delay_seconds: |- + network_interfaces.client: |- - (Optional) - Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - liveness_probe.period_seconds: |- + Arbitrary identifier for the API client. + network_interfaces.client_version: |- - (Optional) - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - liveness_probe.tcp_socket: |- + Arbitrary version identifier for the API client. + network_interfaces.labels: |- - (Optional) - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - liveness_probe.timeout_seconds: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, + environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 Job. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + network_interfaces.launch_stage: |- - (Optional) - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - name: |- + The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. + Possible values are: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. + network_interfaces.network: |- - - (Required) - Name of the Job. + (Optional) + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + network_interfaces.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + network_interfaces.subnetwork: |- + - + (Optional) + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + network_interfaces.tags: |- + - + (Optional) + Network tags applied to this Cloud Run job. observed_generation: |- - The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run. @@ -15177,7 +18343,7 @@ resources: resources.limits: |- - (Optional) - Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go secret.default_mode: |- - (Optional) @@ -15191,36 +18357,6 @@ resources: - (Required) The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - startup_probe.failure_threshold: |- - - - (Optional) - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - startup_probe.http_get: |- - - - (Optional) - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - startup_probe.initial_delay_seconds: |- - - - (Optional) - Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - startup_probe.period_seconds: |- - - - (Optional) - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - startup_probe.tcp_socket: |- - - - (Optional) - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - startup_probe.timeout_seconds: |- - - - (Optional) - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - tcp_socket.port: |- - - - (Optional) - Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. template: |- - (Required) @@ -15328,10 +18464,17 @@ resources: - (Output) type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. uid: |- - Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. update: '- Default is 20 minutes.' + update_time: |- + - + The last-modified time. value_source.secret_key_ref: |- - (Optional) @@ -15372,26 +18515,6 @@ resources: (Optional) Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret Structure is documented below. - vpc_access.annotations: |- - - - (Optional) - Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - All system annotations in v1 now have a corresponding field in v2 Job. - This field follows Kubernetes annotations' namespacing, limits, and rules. - vpc_access.binary_authorization: |- - - - (Optional) - Settings for the Binary Authorization feature. - Structure is documented below. - vpc_access.client: |- - - - (Optional) - Arbitrary identifier for the API client. - vpc_access.client_version: |- - - - (Optional) - Arbitrary version identifier for the API client. vpc_access.connector: |- - (Optional) @@ -15401,27 +18524,11 @@ resources: (Optional) Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. - vpc_access.labels: |- - - - (Optional) - Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. - Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - All system labels in v1 now have a corresponding field in v2 Job. - vpc_access.launch_stage: |- - - - (Optional) - The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. - If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. - For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. - Possible values are: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. - vpc_access.location: |- + vpc_access.network_interfaces: |- - (Optional) - The location of the cloud run job - vpc_access.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. importStatements: [] google_cloud_run_v2_job_iam_policy: subCategory: Cloud Run (v2 API) @@ -15485,6 +18592,30 @@ resources: } ] } + - name: default + manifest: |- + { + "ingress": "INGRESS_TRAFFIC_ALL", + "location": "us-central1", + "name": "cloudrun-service", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello", + "resources": [ + { + "limits": { + "cpu": "2", + "memory": "1024Mi" + } + } + ] + } + ] + } + ] + } - name: default manifest: |- { @@ -15559,7 +18690,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret-1" @@ -15639,6 +18772,38 @@ resources: } ] } + - name: default + manifest: |- + { + "launch_stage": "BETA", + "location": "us-central1", + "name": "cloudrun-service", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello" + } + ], + "vpc_access": [ + { + "egress": "ALL_TRAFFIC", + "network_interfaces": [ + { + "network": "default", + "subnetwork": "default", + "tags": [ + "tag1", + "tag2", + "tag3" + ] + } + ] + } + ] + } + ] + } - name: default manifest: |- { @@ -15706,7 +18871,6 @@ resources: "default_mode": 292, "items": [ { - "mode": 256, "path": "my-secret", "version": "1" } @@ -15726,7 +18890,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret-1" @@ -15750,13 +18916,6 @@ resources: { "ingress": "INGRESS_TRAFFIC_ALL", "launch_stage": "BETA", - "lifecycle": [ - { - "ignore_changes": [ - "${launch_stage}" - ] - } - ], "location": "us-central1", "name": "cloudrun-service", "provider": "${google-beta}", @@ -15782,8 +18941,23 @@ resources: ] }, { + "env": [ + { + "name": "PORT", + "value": "8081" + } + ], "image": "us-docker.pkg.dev/cloudrun/container/hello", - "name": "hello-2" + "name": "hello-2", + "startup_probe": [ + { + "http_get": [ + { + "port": 8081 + } + ] + } + ] } ], "volumes": [ @@ -15802,6 +18976,117 @@ resources: } references: provider: google-beta + - name: default + manifest: |- + { + "launch_stage": "BETA", + "location": "us-central1", + "name": "cloudrun-service", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello", + "volume_mounts": [ + { + "mount_path": "/var/www", + "name": "bucket" + } + ] + } + ], + "execution_environment": "EXECUTION_ENVIRONMENT_GEN2", + "volumes": [ + { + "gcs": [ + { + "bucket": "${google_storage_bucket.default.name}", + "read_only": false + } + ], + "name": "bucket" + } + ] + } + ] + } + references: + template.volumes.gcs.bucket: google_storage_bucket.default.name + dependencies: + google_storage_bucket.default: |- + { + "location": "US", + "name": "cloudrun-service" + } + - name: default + manifest: |- + { + "ingress": "INGRESS_TRAFFIC_ALL", + "launch_stage": "BETA", + "location": "us-central1", + "name": "cloudrun-service", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello:latest", + "volume_mounts": [ + { + "mount_path": "/mnt/nfs/filestore", + "name": "nfs" + } + ] + } + ], + "execution_environment": "EXECUTION_ENVIRONMENT_GEN2", + "volumes": [ + { + "name": "nfs", + "nfs": [ + { + "path": "/share1", + "read_only": false, + "server": "${google_filestore_instance.default.networks[0].ip_addresses[0]}" + } + ] + } + ], + "vpc_access": [ + { + "network_interfaces": [ + { + "network": "default", + "subnetwork": "default" + } + ] + } + ] + } + ] + } + references: + template.volumes.nfs.server: google_filestore_instance.default.networks[0].ip_addresses[0] + dependencies: + google_filestore_instance.default: |- + { + "file_shares": [ + { + "capacity_gb": 1024, + "name": "share1" + } + ], + "location": "us-central1-b", + "name": "cloudrun-service", + "networks": [ + { + "modes": [ + "MODE_IPV4" + ], + "network": "default" + } + ], + "tier": "BASIC_HDD" + } argumentDocs: binary_authorization.breakglass_justification: |- - @@ -15862,7 +19147,7 @@ resources: Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell containers.depends_on: |- - - (Optional, Beta) + (Optional) Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. containers.env: |- - @@ -15908,77 +19193,32 @@ resources: (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - empty_dir.annotations: |- - - - (Optional) - Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected in new resources. - All system annotations in v1 now have a corresponding field in v2 Service. - This field follows Kubernetes annotations' namespacing, limits, and rules. - empty_dir.binary_authorization: |- - - - (Optional) - Settings for the Binary Authorization feature. - Structure is documented below. - empty_dir.client: |- - - - (Optional) - Arbitrary identifier for the API client. - empty_dir.client_version: |- - - - (Optional) - Arbitrary version identifier for the API client. - empty_dir.custom_audiences: |- - - - (Optional, Beta) - One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. - For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. - empty_dir.description: |- + create_time: |- - - (Optional) - User-provided description of the Service. This field currently has a 512-character limit. - empty_dir.ingress: |- + The creation time. + creator: |- - - (Optional) - Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. - Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. - empty_dir.labels: |- + Email address of the authenticated creator. + delete: '- Default is 20 minutes.' + delete_time: |- - - (Optional) - Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. - Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - All system labels in v1 now have a corresponding field in v2 Service. - empty_dir.launch_stage: |- + The deletion time. + effective_annotations: |- - - (Optional) - The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. - If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. - For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. - Possible values are: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. - empty_dir.location: |- + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- - - (Optional) - The location of the cloud run service + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. empty_dir.medium: |- - (Optional) The different types of medium supported for EmptyDir. Default value is MEMORY. Possible values are: MEMORY. - empty_dir.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. empty_dir.size_limit: |- - (Optional) Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. - empty_dir.traffic: |- - - - (Optional) - Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. - Structure is documented below. env.name: |- - (Required) @@ -15995,6 +19235,17 @@ resources: etag: |- - A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. + expire_time: |- + - + For a deleted resource, the time after which it will be permamently deleted. + gcs.bucket: |- + - + (Required) + GCS Bucket name + gcs.read_only: |- + - + (Optional) + If true, mount the GCS bucket as read-only generation: |- - A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. @@ -16034,7 +19285,7 @@ resources: id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/services/{{name}}' items.mode: |- - - (Required) + (Optional) Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. items.path: |- - @@ -16044,6 +19295,9 @@ resources: - (Optional) The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version + last_modifier: |- + - + Email address of the last authenticated modifier. latest_created_revision: |- - Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. @@ -16074,17 +19328,109 @@ resources: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds liveness_probe.tcp_socket: |- - - (Optional, Deprecated) - TCPSocket specifies an action involving a TCP port. This field is not supported in liveness probe currently. + (Optional) + TCPSocketAction describes an action based on opening a socket Structure is documented below. liveness_probe.timeout_seconds: |- - (Optional) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + location: |- + - + (Required) + The location of the cloud run service name: |- - (Required) Name of the Service. + network_interfaces.network: |- + - + (Optional) + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + network_interfaces.subnetwork: |- + - + (Optional) + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + network_interfaces.tags: |- + - + (Optional) + Network tags applied to this Cloud Run service. + nfs.annotations: |- + - + (Optional) + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected in new resources. + All system annotations in v1 now have a corresponding field in v2 Service. + This field follows Kubernetes annotations' namespacing, limits, and rules. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + nfs.binary_authorization: |- + - + (Optional) + Settings for the Binary Authorization feature. + Structure is documented below. + nfs.client: |- + - + (Optional) + Arbitrary identifier for the API client. + nfs.client_version: |- + - + (Optional) + Arbitrary version identifier for the API client. + nfs.custom_audiences: |- + - + (Optional) + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + nfs.description: |- + - + (Optional) + User-provided description of the Service. This field currently has a 512-character limit. + nfs.ingress: |- + - + (Optional) + Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. + Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. + nfs.labels: |- + - + (Optional) + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, + environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 Service. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + nfs.launch_stage: |- + - + (Optional) + The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. + Possible values are: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. + nfs.path: |- + - + (Required) + Path that is exported by the NFS server. + nfs.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + nfs.read_only: |- + - + (Optional) + If true, mount the NFS volume as read only + nfs.server: |- + - + (Required) + Hostname or IP address of the NFS server + nfs.traffic: |- + - + (Optional) + Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. + Structure is documented below. observed_generation: |- - The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. @@ -16105,11 +19451,12 @@ resources: resources.cpu_idle: |- - (Optional) - Determines whether CPU should be throttled or not outside of requests. + Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + resources is set, this field must be explicitly set to true to preserve the default behavior. resources.limits: |- - (Optional) - Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go resources.startup_cpu_boost: |- - (Optional) @@ -16168,8 +19515,10 @@ resources: Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes tcp_socket.port: |- - - (Optional) - Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + (Required) + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. template: |- - (Required) @@ -16275,6 +19624,10 @@ resources: - (Output) type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. traffic.percent: |- - (Optional) @@ -16320,6 +19673,9 @@ resources: - Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. update: '- Default is 20 minutes.' + update_time: |- + - + The last-modified time. uri: |- - The main URI in which this Service is serving traffic. @@ -16354,10 +19710,20 @@ resources: (Optional, Beta) Ephemeral storage used as a shared volume. Structure is documented below. + volumes.gcs: |- + - + (Optional) + Represents a GCS Bucket mounted as a volume. + Structure is documented below. volumes.name: |- - (Required) Volume's name. + volumes.nfs: |- + - + (Optional) + Represents an NFS mount. + Structure is documented below. volumes.secret: |- - (Optional) @@ -16372,6 +19738,11 @@ resources: (Optional) Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. + vpc_access.network_interfaces: |- + - + (Optional) + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. importStatements: [] google_cloud_run_v2_service_iam_policy: subCategory: Cloud Run (v2 API) @@ -16447,6 +19818,9 @@ resources: "http_target": [ { "body": "${base64encode(\"{\\\"foo\\\":\\\"bar\\\"}\")}", + "headers": { + "Content-Type": "application/json" + }, "http_method": "POST", "uri": "https://example.com/" } @@ -16468,6 +19842,9 @@ resources: "http_target": [ { "body": "${base64encode(\"{\\\"foo\\\":\\\"bar\\\"}\")}", + "headers": { + "Content-Type": "application/json" + }, "http_method": "POST", "uri": "https://example.com/ping" } @@ -17037,7 +20414,7 @@ resources: ], "host_uri": "https://bbs.com", "location": "us-central1", - "peered_network": "${replace(data.google_compute_network.vpc_network.id, data.google_project.project.name, data.google_project.project.number)}", + "peered_network": "${replace(google_compute_network.vpc_network.id, data.google_project.project.name, data.google_project.project.number)}", "secrets": [ { "admin_access_token_version_name": "projects/myProject/secrets/mybbspat/versions/1", @@ -17053,10 +20430,17 @@ resources: { "address_type": "INTERNAL", "name": "private-ip-alloc", - "network": "${data.google_compute_network.vpc_network.id}", + "network": "${google_compute_network.vpc_network.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.vpc_network: |- + { + "depends_on": [ + "${google_project_service.servicenetworking}" + ], + "name": "vpc-network" + } google_project_service.servicenetworking: |- { "disable_on_destroy": false, @@ -17067,7 +20451,7 @@ resources: "depends_on": [ "${google_project_service.servicenetworking}" ], - "network": "${data.google_compute_network.vpc_network.id}", + "network": "${google_compute_network.vpc_network.id}", "reserved_peering_ranges": [ "${google_compute_global_address.private_ip_alloc.name}" ], @@ -17184,6 +20568,21 @@ resources: "images": [ "gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA" ], + "maven_artifacts": [ + { + "artifact_id": "my-app", + "group_id": "com.mycompany.app", + "path": "/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar", + "repository": "https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo", + "version": "1.0" + } + ], + "npm_packages": [ + { + "package_path": "package.json", + "repository": "https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo" + } + ], "objects": [ { "location": "gs://bucket/path/to/somewhere/", @@ -17191,6 +20590,14 @@ resources: "path" ] } + ], + "python_packages": [ + { + "paths": [ + "dist/*" + ], + "repository": "https://us-west1-python.pkg.dev/myProject/quickstart-python-repo" + } ] } ], @@ -17280,6 +20687,7 @@ resources: } ], "location": "global", + "name": "my-trigger", "trigger_template": [ { "branch_name": "main", @@ -17377,7 +20785,7 @@ resources: dependencies: google_pubsub_topic.mytopic: |- { - "name": "mytopic" + "name": "my-topic" } - name: webhook-config-trigger manifest: |- @@ -17423,7 +20831,7 @@ resources: ] } ], - "secret_id": "webhook_trigger-secret-key-1" + "secret_id": "webhook-trigger-secret-key" } google_secret_manager_secret_iam_policy.policy: |- { @@ -17452,7 +20860,7 @@ resources: "uri": "https://hashicorp/terraform-provider-google-beta" } ], - "name": "manual-build", + "name": "manual-trigger", "source_to_build": [ { "ref": "refs/heads/main", @@ -17473,7 +20881,7 @@ resources: "uri": "https://hashicorp/terraform-provider-google-beta" } ], - "name": "terraform-manual-ghe-trigger", + "name": "", "source_to_build": [ { "github_enterprise_config": "projects/myProject/locations/global/githubEnterpriseConfigs/configID", @@ -17483,6 +20891,28 @@ resources: } ] } + - name: manual-bitbucket-trigger + manifest: |- + { + "git_file_source": [ + { + "bitbucket_server_config": "projects/myProject/locations/global/bitbucketServerConfigs/configID", + "path": "cloudbuild.yaml", + "repo_type": "BITBUCKET_SERVER", + "revision": "refs/heads/main", + "uri": "https://bbs.com/scm/stag/test-repo.git" + } + ], + "name": "terraform-manual-bbs-trigger", + "source_to_build": [ + { + "bitbucket_server_config": "projects/myProject/locations/global/bitbucketServerConfigs/configID", + "ref": "refs/heads/main", + "repo_type": "BITBUCKET_SERVER", + "uri": "https://bbs.com/scm/stag/test-repo.git" + } + ] + } - name: repo-trigger manifest: |- { @@ -17536,12 +20966,12 @@ resources: "tag": "^0.1.*" } ], - "repo_slug": "terraform-provider-google" + "repo_slug": "bbs-push-trigger" } ], "filename": "cloudbuild.yaml", "location": "us-central1", - "name": "terraform-bbs-push-trigger" + "name": "bbs-push-trigger" } - name: bbs-pull-request-trigger manifest: |- @@ -17562,7 +20992,7 @@ resources: ], "filename": "cloudbuild.yaml", "location": "us-central1", - "name": "terraform-bbs-pull-request-trigger" + "name": "ghe-trigger" } - name: ghe-trigger manifest: |- @@ -17581,7 +21011,7 @@ resources: } ], "location": "us-central1", - "name": "terraform-ghe-trigger" + "name": "ghe-trigger" } - name: allow-failure-trigger manifest: |- @@ -17681,6 +21111,7 @@ resources: } ], "location": "global", + "name": "my-trigger", "trigger_template": [ { "branch_name": "main", @@ -17789,6 +21220,7 @@ resources: } ], "location": "global", + "name": "my-trigger", "trigger_template": [ { "branch_name": "main", @@ -17850,7 +21282,7 @@ resources: } google_pubsub_topic.mytopic: |- { - "name": "mytopic" + "name": "my-topic" } argumentDocs: approval_config: |- @@ -17872,6 +21304,20 @@ resources: The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE. + artifacts.maven_artifacts: |- + - + (Optional) + A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + artifacts.npm_packages: |- + - + (Optional) + Npm package to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. artifacts.objects: |- - (Optional) @@ -17881,6 +21327,13 @@ resources: The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE. Structure is documented below. + artifacts.python_packages: |- + - + (Optional) + Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. available_secrets.secret_manager: |- - (Required) @@ -18023,6 +21476,11 @@ resources: (Optional) The file source describing the local or remote Build template. Structure is documented below. + git_file_source.bitbucket_server_config: |- + - + (Optional) + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. git_file_source.github_enterprise_config: |- - (Optional) @@ -18120,10 +21578,40 @@ resources: (Optional) The Cloud Build location for the trigger. If not specified, "global" is used. + maven_artifacts.artifact_id: |- + - + (Optional) + Maven artifactId value used when uploading the artifact to Artifact Registry. + maven_artifacts.group_id: |- + - + (Optional) + Maven groupId value used when uploading the artifact to Artifact Registry. + maven_artifacts.path: |- + - + (Optional) + Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar. + maven_artifacts.repository: |- + - + (Optional) + Artifact Registry repository, in the form "https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY" + Artifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix. + maven_artifacts.version: |- + - + (Optional) + Maven version value used when uploading the artifact to Artifact Registry. name: |- - (Optional) Name of the trigger. Must be unique within the project. + npm_packages.package_path: |- + - + (Optional) + Path to the package.json. e.g. workspace/path/to/package + npm_packages.repository: |- + - + (Optional) + Artifact Registry repository, in the form "https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY" + Npm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix. objects.location: |- - (Optional) @@ -18269,6 +21757,15 @@ resources: Regex of tags to match. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax + python_packages.paths: |- + - + (Optional) + Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. + python_packages.repository: |- + - + (Optional) + Artifact Registry repository, in the form "https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY" + Files in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix. repo_source.branch_name: |- - (Optional) @@ -18365,6 +21862,11 @@ resources: This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. One of trigger_template, github, pubsub_config webhook_config or source_to_build must be provided. Structure is documented below. + source_to_build.bitbucket_server_config: |- + - + (Optional) + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. source_to_build.github_enterprise_config: |- - (Optional) @@ -18745,10 +22247,26 @@ resources: importStatements: [] google_cloudbuildv2_connection: subCategory: Cloud Build v2 - description: The Cloudbuildv2 Connection resource + description: A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center or GitLab. name: google_cloudbuildv2_connection title: "" examples: + - name: my-connection + manifest: |- + { + "github_config": [ + { + "app_installation_id": 0, + "authorizer_credential": [ + { + "oauth_token_secret_version": "projects/gcb-terraform-creds/secrets/github-pat/versions/1" + } + ] + } + ], + "location": "us-central1", + "name": "tf-test-connection" + } - name: my-connection manifest: |- { @@ -18777,7 +22295,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "ghe-pk-secret" @@ -18786,7 +22306,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "github-token-secret" @@ -18824,7 +22346,7 @@ resources: ] } ], - "location": "us-west1", + "location": "us-central1", "name": "my-connection" } references: @@ -18834,7 +22356,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "github-token-secret" @@ -18850,6 +22374,12 @@ resources: "secret_data": "${file(\"my-github-token.txt\")}" } argumentDocs: + annotations: |- + - + (Optional) + Allows clients to store small amounts of arbitrary data. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. authorizer_credential.oauth_token_secret_version: |- - (Optional) @@ -18860,15 +22390,28 @@ resources: Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: projects/*/secrets/*/versions/*. authorizer_credential.username: |- - + (Output) Output only. The username associated to this token. create: '- Default is 20 minutes.' create_time: |- - Output only. Server assigned timestamp for when the connection was created. delete: '- Default is 20 minutes.' + disabled: |- + - + (Optional) + If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. etag: |- - This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. + github_config: |- + - + (Optional) + Configuration for connections to github.com. + Structure is documented below. github_config.app_installation_id: |- - (Optional) @@ -18877,6 +22420,12 @@ resources: - (Optional) OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App. + Structure is documented below. + github_enterprise_config: |- + - + (Optional) + Configuration for connections to an instance of GitHub Enterprise. + Structure is documented below. github_enterprise_config.app_id: |- - (Optional) @@ -18901,6 +22450,7 @@ resources: - (Optional) Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet. + Structure is documented below. github_enterprise_config.ssl_ca: |- - (Optional) @@ -18909,10 +22459,16 @@ resources: - (Optional) SecretManager resource containing the webhook secret of the GitHub App, formatted as projects/*/secrets/*/versions/*. + gitlab_config: |- + - + (Optional) + Configuration for connections to gitlab.com or an instance of GitLab Enterprise. + Structure is documented below. gitlab_config.authorizer_credential: |- - (Required) Required. A GitLab personal access token with the api scope access. + Structure is documented below. gitlab_config.host_uri: |- - (Optional) @@ -18921,13 +22477,16 @@ resources: - (Required) Required. A GitLab personal access token with the minimum read_api scope access. + Structure is documented below. gitlab_config.server_version: |- - + (Output) Output only. Version of the GitLab Enterprise server running on the host_uri. gitlab_config.service_directory_config: |- - (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. + Structure is documented below. gitlab_config.ssl_ca: |- - (Optional) @@ -18940,6 +22499,19 @@ resources: installation_state: |- - Output only. Installation state of the Connection. + Structure is documented below. + installation_state.action_uri: |- + - + (Output) + Output only. Link to follow for next action. Empty string if the installation is already complete. + installation_state.message: |- + - + (Output) + Output only. Message of what the user should do next to continue the installation. Empty string if the installation is already complete. + installation_state.stage: |- + - + (Output) + Output only. Current step of the installation process. location: |- - (Required) @@ -18947,37 +22519,17 @@ resources: name: |- - (Required) - Immutable. The resource name of the connection, in the format projects/{project}/locations/{location}/connections/{connection_id}. - read_authorizer_credential.annotations: |- - - - (Optional) - Allows clients to store small amounts of arbitrary data. - read_authorizer_credential.disabled: |- - - - (Optional) - If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled. - read_authorizer_credential.github_config: |- - - - (Optional) - Configuration for connections to github.com. - read_authorizer_credential.github_enterprise_config: |- - - - (Optional) - Configuration for connections to an instance of GitHub Enterprise. - read_authorizer_credential.gitlab_config: |- - - - (Optional) - Configuration for connections to gitlab.com or an instance of GitLab Enterprise. - read_authorizer_credential.project: |- - - - (Optional) - The project for the resource + Immutable. The resource name of the connection. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. read_authorizer_credential.user_token_secret_version: |- - (Required) Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: projects/*/secrets/*/versions/*. read_authorizer_credential.username: |- - + (Output) Output only. The username associated to this token. reconciling: |- - @@ -19015,6 +22567,7 @@ resources: google_cloudbuildv2_connection_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.' google_cloudbuildv2_connection_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.' google_cloudbuildv2_connection_iam_policy: ': Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.' + location: '- (Required) The location for the resource Used to find the parent resource to bind the IAM policy to' member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: @@ -19032,7 +22585,7 @@ resources: importStatements: [] google_cloudbuildv2_repository: subCategory: Cloud Build v2 - description: The Cloudbuildv2 Repository resource + description: A repository associated to a parent connection. name: google_cloudbuildv2_repository title: "" examples: @@ -19070,7 +22623,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "ghe-pk-secret" @@ -19079,7 +22634,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "github-token-secret" @@ -19107,7 +22664,7 @@ resources: - name: my-repository manifest: |- { - "location": "us-west1", + "location": "us-central1", "name": "my-repo", "parent_connection": "${google_cloudbuildv2_connection.my-connection.name}", "remote_uri": "https://github.com/myuser/myrepo.git" @@ -19127,14 +22684,16 @@ resources: ] } ], - "location": "us-west1", + "location": "us-central1", "name": "my-connection" } google_secret_manager_secret.github-token-secret: |- { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "github-token-secret" @@ -19154,11 +22713,16 @@ resources: - (Optional) Allows clients to store small amounts of arbitrary data. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. create: '- Default is 20 minutes.' create_time: |- - Output only. Server assigned timestamp for when the connection was created. delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. etag: |- - This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. @@ -19176,9 +22740,8 @@ resources: (Required) The connection for the resource project: |- - - - (Optional) - The project for the resource + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. remote_uri: |- - (Required) @@ -19187,6 +22750,451 @@ resources: - Output only. Server assigned timestamp for when the connection was updated. importStatements: [] + google_clouddeploy_automation: + subCategory: Cloud Deploy + description: An + name: google_clouddeploy_automation + title: "" + examples: + - name: b-automation + manifest: |- + { + "delivery_pipeline": "${google_clouddeploy_delivery_pipeline.pipeline.name}", + "location": "${google_clouddeploy_delivery_pipeline.pipeline.location}", + "name": "cd-automation", + "project": "${google_clouddeploy_delivery_pipeline.pipeline.project}", + "rules": [ + { + "promote_release_rule": [ + { + "id": "promote-release" + } + ] + } + ], + "selector": [ + { + "targets": [ + { + "id": "*" + } + ] + } + ], + "service_account": "my@service-account.com", + "suspended": false + } + references: + delivery_pipeline: google_clouddeploy_delivery_pipeline.pipeline.name + location: google_clouddeploy_delivery_pipeline.pipeline.location + project: google_clouddeploy_delivery_pipeline.pipeline.project + dependencies: + google_clouddeploy_delivery_pipeline.pipeline: |- + { + "location": "us-central1", + "name": "cd-pipeline", + "serial_pipeline": [ + { + "stages": [ + { + "profiles": [], + "target_id": "test" + } + ] + } + ] + } + - name: f-automation + manifest: |- + { + "annotations": { + "my_first_annotation": "example-annotation-1", + "my_second_annotation": "example-annotation-2" + }, + "delivery_pipeline": "${google_clouddeploy_delivery_pipeline.pipeline.name}", + "description": "automation resource", + "labels": { + "my_first_label": "example-label-1", + "my_second_label": "example-label-2" + }, + "location": "us-central1", + "name": "cd-automation", + "rules": [ + { + "promote_release_rule": [ + { + "destination_phase": "stable", + "destination_target_id": "@next", + "id": "promote-release", + "wait": "200s" + } + ] + }, + { + "advance_rollout_rule": [ + { + "id": "advance-rollout", + "source_phases": [ + "deploy" + ], + "wait": "200s" + } + ] + } + ], + "selector": [ + { + "targets": [ + { + "id": "test", + "labels": { + "foo": "bar" + } + } + ] + } + ], + "service_account": "my@service-account.com", + "suspended": true + } + references: + delivery_pipeline: google_clouddeploy_delivery_pipeline.pipeline.name + dependencies: + google_clouddeploy_delivery_pipeline.pipeline: |- + { + "location": "us-central1", + "name": "cd-pipeline", + "serial_pipeline": [ + { + "stages": [ + { + "profiles": [ + "test-profile" + ], + "target_id": "test" + } + ] + } + ] + } + argumentDocs: + advance_rollout_rule.annotations: |- + - + (Optional) + Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash (/). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots(.), not longer than 253 characters in total, followed by a slash (/). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + advance_rollout_rule.description: |- + - + (Optional) + Optional. Description of the Automation. Max length is 255 characters. + advance_rollout_rule.id: |- + - + (Required) + Required. ID of the rule. This id must be unique in the Automation resource to which this rule belongs. The format is a-z{0,62}. + advance_rollout_rule.labels: |- + - + (Optional) + Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be <= 63 characters. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + advance_rollout_rule.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + advance_rollout_rule.source_phases: |- + - + (Optional) + Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$. + advance_rollout_rule.suspended: |- + - + (Optional) + Optional. When Suspended, automation is deactivated from execution. + advance_rollout_rule.wait: |- + - + (Optional) + Optional. How long to wait after a rollout is finished. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Time at which the automation was created. + delete: '- Default is 20 minutes.' + delivery_pipeline: |- + - + (Required) + The delivery_pipeline for the resource + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- + - + Optional. The weak etag of the Automation resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/deliveryPipelines/{{delivery_pipeline}}/automations/{{name}}' + location: |- + - + (Required) + The location for the resource + name: |- + - + (Required) + Name of the Automation. + promote_release_rule.destination_phase: |- + - + (Optional) + Optional. The starting phase of the rollout created by this operation. Default to the first phase. + promote_release_rule.destination_target_id: |- + - + (Optional) + Optional. The ID of the stage in the pipeline to which this Release is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * "@next", the next target in the promotion sequence. + promote_release_rule.id: |- + - + (Required) + Required. ID of the rule. This id must be unique in the Automation resource to which this rule belongs. The format is a-z{0,62}. + promote_release_rule.wait: |- + - + (Optional) + Optional. How long the release need to be paused until being promoted to the next target. + rules: |- + - + (Required) + Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution. + Structure is documented below. + rules.advance_rollout_rule: |- + - + (Optional) + Optional. The AdvanceRolloutRule will automatically advance a successful Rollout. + Structure is documented below. + rules.promote_release_rule: |- + - + (Optional) + Optional. PromoteReleaseRule will automatically promote a release from the current target to a specified target. + Structure is documented below. + selector: |- + - + (Required) + Required. Selected resources to which the automation will be applied. + Structure is documented below. + selector.targets: |- + - + (Required) + Contains attributes about a target. + Structure is documented below. + selector.targets.id: |- + - + (Optional) + ID of the Target. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * "*", all targets in a location. + selector.targets.labels: |- + - + (Optional) + Target labels. + service_account: |- + - + (Required) + Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Output only. Unique identifier of the Automation. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Time at which the automation was updated. + importStatements: [] + google_clouddeploy_custom_target_type: + subCategory: Cloud Deploy + description: A Cloud Deploy + name: google_clouddeploy_custom_target_type + title: "" + examples: + - name: custom-target-type + manifest: |- + { + "annotations": { + "my_first_annotation": "example-annotation-1", + "my_second_annotation": "example-annotation-2" + }, + "custom_actions": [ + { + "deploy_action": "deployAction", + "render_action": "renderAction" + } + ], + "description": "My custom target type", + "labels": { + "my_first_label": "example-label-1", + "my_second_label": "example-label-2" + }, + "location": "us-central1", + "name": "my-custom-target-type" + } + - name: custom-target-type + manifest: |- + { + "custom_actions": [ + { + "deploy_action": "deployAction", + "include_skaffold_modules": [ + { + "configs": [ + "my-config" + ], + "git": [ + { + "path": "configs/skaffold.yaml", + "ref": "main", + "repo": "http://github.com/example/example-repo.git" + } + ] + } + ], + "render_action": "renderAction" + } + ], + "description": "My custom target type", + "location": "us-central1", + "name": "my-custom-target-type" + } + - name: custom-target-type + manifest: |- + { + "custom_actions": [ + { + "deploy_action": "deployAction", + "include_skaffold_modules": [ + { + "configs": [ + "my-config" + ], + "google_cloud_storage": [ + { + "path": "skaffold.yaml", + "source": "gs://example-bucket/dir/configs/*" + } + ] + } + ], + "render_action": "renderAction" + } + ], + "description": "My custom target type", + "location": "us-central1", + "name": "my-custom-target-type" + } + argumentDocs: + annotations: |- + - + (Optional) + User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + create: '- Default is 20 minutes.' + create_time: |- + - + Time at which the CustomTargetType was created. + custom_actions: |- + - + (Optional) + Configures render and deploy for the CustomTargetType using Skaffold custom actions. + Structure is documented below. + custom_actions.deploy_action: |- + - + (Required) + The Skaffold custom action responsible for deploy operations. + custom_actions.include_skaffold_modules: |- + - + (Optional) + List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose. + Structure is documented below. + custom_actions.render_action: |- + - + (Optional) + The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via skaffold render. + custom_target_type_id: |- + - + Resource id of the CustomTargetType. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Description of the CustomTargetType. Max length is 255 characters. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- + - + The weak etag of the CustomTargetType resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. + git.path: |- + - + (Optional) + Relative path from the repository root to the Skaffold file. + git.ref: |- + - + (Optional) + Git ref the package should be cloned from. + git.repo: |- + - + (Required) + Git repository the package should be cloned from. + google_cloud_storage.path: |- + - + (Optional) + Relative path from the source to the Skaffold file. + google_cloud_storage.source: |- + - + (Required) + Cloud Storage source paths to copy recursively. For example, providing gs://my-bucket/dir/configs/* will result in Skaffold copying all files within the dir/configs directory in the bucket my-bucket. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/customTargetTypes/{{name}}' + include_skaffold_modules.configs: |- + - + (Optional) + The Skaffold Config modules to use from the specified source. + include_skaffold_modules.git: |- + - + (Optional) + Remote git repository containing the Skaffold Config modules. + Structure is documented below. + include_skaffold_modules.google_cloud_storage: |- + - + (Optional) + Cloud Storage bucket containing Skaffold Config modules. + Structure is documented below. + labels: |- + - + (Optional) + Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be <= 128 bytes. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The location of the source. + name: |- + - + (Required) + Name of the CustomTargetType. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Unique identifier of the CustomTargetType. + update: '- Default is 20 minutes.' + update_time: |- + - + Time at which the CustomTargetType was updated. + importStatements: [] google_clouddeploy_delivery_pipeline: subCategory: Cloud Deploy description: The Cloud Deploy @@ -19427,6 +23435,14 @@ resources: - (Required) Required. The percentage based deployments that will occur as a part of a Rollout. List is expected in ascending order and each integer n is 0 <= n < 100. + canary_deployment.postdeploy: |- + - + (Optional) + Optional. Configuration for the postdeploy job of the last phase. If this is not configured, postdeploy job will not be present. + canary_deployment.predeploy: |- + - + (Optional) + Optional. Configuration for the predeploy job of the first phase. If this is not configured, predeploy job will not be present. canary_deployment.verify: |- - (Optional) @@ -19435,6 +23451,18 @@ resources: - (Optional) Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments. + cloud_run.canary_revision_tags: |- + - + (Optional) + Optional. A list of tags that are added to the canary revision while the canary phase is in progress. + cloud_run.prior_revision_tags: |- + - + (Optional) + Optional. A list of tags that are added to the prior revision while the canary phase is in progress. + cloud_run.stable_revision_tags: |- + - + (Optional) + Optional. A list of tags that are added to the final stable revision when the stable phase is applied. condition: |- - Output only. Information around the state of the Delivery Pipeline. @@ -19455,6 +23483,12 @@ resources: - (Required) Required. Values are deploy parameters in key-value pairs. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. etag: |- - This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. @@ -19466,10 +23500,18 @@ resources: - (Required) Required. Name of the Gateway API HTTPRoute. + gateway_service_mesh.route_update_wait_time: |- + - + (Optional) + Optional. The time to wait for route updates to propagate. The maximum configurable time is 3 hours, in seconds format. If unspecified, there is no wait time. gateway_service_mesh.service: |- - (Required) Required. Name of the Kubernetes Service. + gateway_service_mesh.stable_cutback_duration: |- + - + (Optional) + Optional. The amount of time to migrate traffic back from the canary Service to the original Service during the stable phase deployment. If specified, must be between 15s and 3600s. If unspecified, there is no cutback time. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/deliveryPipelines/{{name}}' kubernetes.gateway_service_mesh: |- - @@ -19507,6 +23549,14 @@ resources: - (Required) Required. The ID to assign to the Rollout phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$. + phase_configs.postdeploy: |- + - + (Optional) + Optional. Configuration for the postdeploy job of this phase. If this is not configured, postdeploy job will not be present for this phase. + phase_configs.predeploy: |- + - + (Optional) + Optional. Configuration for the predeploy job of this phase. If this is not configured, predeploy job will not be present for this phase. phase_configs.profiles: |- - (Optional) @@ -19527,6 +23577,14 @@ resources: - (Optional) Whether to run verify tests after the deployment. + postdeploy.actions: |- + - + (Optional) + Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job. + predeploy.actions: |- + - + (Optional) + Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job. runtime_config.cloud_run: |- - (Optional) @@ -19567,6 +23625,14 @@ resources: - (Required) Required. Name of the Kubernetes Service. + standard.postdeploy: |- + - + (Optional) + Optional. Configuration for the postdeploy job. If this is not configured, postdeploy job will not be present. + standard.predeploy: |- + - + (Optional) + Optional. Configuration for the predeploy job. If this is not configured, predeploy job will not be present. standard.verify: |- - (Optional) @@ -19579,6 +23645,9 @@ resources: - (Optional) Standard deployment strategy executes a single deploy and allows verifying the deployment. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. uid: |- - Output only. Unique identifier of the DeliveryPipeline. @@ -19587,6 +23656,45 @@ resources: - Output only. Most recent time at which the pipeline was updated. importStatements: [] + google_clouddeploy_delivery_pipeline_iam_policy: + subCategory: Cloud Deploy + description: Collection of resources to manage IAM policy for Cloud Deploy DeliveryPipeline + name: google_clouddeploy_delivery_pipeline_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_clouddeploy_delivery_pipeline.default.location}", + "name": "${google_clouddeploy_delivery_pipeline.default.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_clouddeploy_delivery_pipeline.default.project}" + } + references: + location: google_clouddeploy_delivery_pipeline.default.location + name: google_clouddeploy_delivery_pipeline.default.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_clouddeploy_delivery_pipeline.default.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_clouddeploy_delivery_pipeline_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the deliverypipeline are preserved.' + google_clouddeploy_delivery_pipeline_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the deliverypipeline are preserved.' + google_clouddeploy_delivery_pipeline_iam_policy: ': Authoritative. Sets the IAM policy for the deliverypipeline and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_clouddeploy_delivery_pipeline_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_clouddeploy_delivery_pipeline_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_clouddeploy_target: subCategory: Cloud Deploy description: The Cloud Deploy @@ -19717,6 +23825,12 @@ resources: - (Optional) Optional. Description of the Target. Max length is 255 characters. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. etag: |- - Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. @@ -19768,7 +23882,7 @@ resources: multi_target: |- - (Optional) - (Beta only) Information specifying a multiTarget. + Information specifying a multiTarget. multi_target.target_ids: |- - (Required) @@ -19796,6 +23910,9 @@ resources: target_id: |- - Output only. Resource id of the Target. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. uid: |- - Output only. Unique identifier of the Target. @@ -19804,6 +23921,423 @@ resources: - Output only. Most recent time at which the Target was updated. importStatements: [] + google_clouddeploy_target_iam_policy: + subCategory: Cloud Deploy + description: Collection of resources to manage IAM policy for Cloud Deploy Target + name: google_clouddeploy_target_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_clouddeploy_target.default.location}", + "name": "${google_clouddeploy_target.default.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_clouddeploy_target.default.project}" + } + references: + location: google_clouddeploy_target.default.location + name: google_clouddeploy_target.default.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_clouddeploy_target.default.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_clouddeploy_target_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the target are preserved.' + google_clouddeploy_target_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the target are preserved.' + google_clouddeploy_target_iam_policy: ': Authoritative. Sets the IAM policy for the target and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_clouddeploy_target_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_clouddeploy_target_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_clouddomains_registration: + subCategory: Cloud Domains + description: Registers a new domain name and creates a corresponding Registration resource. + name: google_clouddomains_registration + title: "" + examples: + - name: my_registration + manifest: |- + { + "contact_settings": [ + { + "admin_contact": [ + { + "email": "user@example.com", + "phone_number": "+12345000000", + "postal_address": [ + { + "address_lines": [ + "1234 Example street" + ], + "administrative_area": "CA", + "locality": "Example City", + "postal_code": "95050", + "recipients": [ + "example recipient" + ], + "region_code": "US" + } + ] + } + ], + "privacy": "REDACTED_CONTACT_DATA", + "registrant_contact": [ + { + "email": "user@example.com", + "phone_number": "+12345000000", + "postal_address": [ + { + "address_lines": [ + "1234 Example street" + ], + "administrative_area": "CA", + "locality": "Example City", + "postal_code": "95050", + "recipients": [ + "example recipient" + ], + "region_code": "US" + } + ] + } + ], + "technical_contact": [ + { + "email": "user@example.com", + "phone_number": "+12345000000", + "postal_address": [ + { + "address_lines": [ + "1234 Example street" + ], + "administrative_area": "CA", + "locality": "Example City", + "postal_code": "95050", + "recipients": [ + "example recipient" + ], + "region_code": "US" + } + ] + } + ] + } + ], + "dns_settings": [ + { + "custom_dns": [ + { + "name_servers": [ + "ns-cloud-a1.googledomains.com.", + "ns-cloud-a2.googledomains.com.", + "ns-cloud-a3.googledomains.com.", + "ns-cloud-a4.googledomains.com." + ] + } + ] + } + ], + "domain_name": "example-domain.com", + "labels": { + "labelkey": "labelvalue" + }, + "location": "global", + "yearly_price": [ + { + "currency_code": "USD", + "units": 12 + } + ] + } + argumentDocs: + admin_contact.email: |- + - + (Required) + Required. Email address of the contact. + admin_contact.fax_number: |- + - + (Optional) + Fax number of the contact in international format. For example, "+1-800-555-0123". + admin_contact.phone_number: |- + - + (Required) + Required. Phone number of the contact in international format. For example, "+1-800-555-0123". + admin_contact.postal_address: |- + - + (Required) + Required. Postal address of the contact. + Structure is documented below. + contact_settings: |- + - + (Required) + Required. Settings for contact information linked to the Registration. + Structure is documented below. + contact_settings.admin_contact: |- + - + (Required) + Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain. + Warning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to + avoid domain suspension. + Structure is documented below. + contact_settings.privacy: |- + - + (Required) + Required. Privacy setting for the contacts associated with the Registration. + Values are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA + contact_settings.registrant_contact: |- + - + (Required) + Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain. + Warning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to + avoid domain suspension. + Structure is documented below. + contact_settings.technical_contact: |- + - + (Required) + Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain. + Warning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to + avoid domain suspension. + Structure is documented below. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Time at which the automation was created. + custom_dns.ds_records: |- + - + (Optional) + The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide + the values to set here. If this field is empty, DNSSEC is disabled. + Structure is documented below. + custom_dns.name_servers: |- + - + (Required) + Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain + name, with Unicode domain names expressed in Punycode format. + delete: '- Default is 20 minutes.' + dns_settings.custom_dns: |- + - + (Optional) + Configuration for an arbitrary DNS provider. + Structure is documented below. + dns_settings.glue_records: |- + - + (Optional) + The list of glue records for this Registration. Commonly empty. + Structure is documented below. + domain_name: |- + - + (Required) + Required. The domain name. Unicode domain names must be expressed in Punycode format. + ds_records.algorithm: |- + - + (Optional) + The algorithm used to generate the referenced DNSKEY. + ds_records.digest: |- + - + (Optional) + The digest generated from the referenced DNSKEY. + ds_records.digest_type: |- + - + (Optional) + The hash function used to generate the digest of the referenced DNSKEY. + ds_records.key_tag: |- + - + (Optional) + The key tag of the record. Must be set in range 0 -- 65535. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + expire_time: |- + - + Output only. Time at which the automation was updated. + glue_records.host_name: |- + - + (Required) + Required. Domain name of the host in Punycode format. + glue_records.ipv4_addresses: |- + - + (Optional) + List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1). + At least one of ipv4_address and ipv6_address must be set. + glue_records.ipv6_addresses: |- + - + (Optional) + List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1). + At least one of ipv4_address and ipv6_address must be set. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/registrations/{{domain_name}}' + issues: |- + - + Output only. The set of issues with the Registration that require attention. + location: |- + - + (Required) + The location for the resource + management_settings.preferred_renewal_method: |- + - + (Optional) + The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice. + If unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL. + You cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration + resource has state ACTIVE or SUSPENDED. + When preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of + problems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After + the problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours. + management_settings.renewal_method: |- + - + (Output) + Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL, + the actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account + or reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the + renewalMethod is automatically updated to preferredRenewalMethod in a few hours. + management_settings.transfer_lock_state: |- + - + (Optional) + Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED. + name: |- + - + Output only. Name of the Registration resource, in the format projects//locations//registrations/. + postal_address.address_lines: |- + - + (Optional) + Unstructured address lines describing the lower levels of an address. + Because values in addressLines do not have type information and may sometimes contain multiple values in a single + field (e.g. "Austin, TX"), it is important that the line order is clear. The order of address lines should be + "envelope order" for the country/region of the address. In places where this can vary (e.g. Japan), address_language + is used to make it explicit (e.g. "ja" for large-to-small ordering and "ja-Latn" or "en" for small-to-large). This way, + the most specific line of an address can be selected based on the language. + postal_address.administrative_area: |- + - + (Optional) + Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state, + a province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community + (e.g. "Barcelona" and not "Catalonia"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland + this should be left unpopulated. + postal_address.contact_notices: |- + - + (Optional) + The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT + postal_address.dns_settings: |- + - + (Optional) + Settings controlling the DNS configuration of the Registration. + Structure is documented below. + postal_address.domain_notices: |- + - + (Optional) + The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED + postal_address.labels: |- + - + (Optional) + Set of labels associated with the Registration. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + postal_address.locality: |- + - + (Optional) + Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world + where localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines. + postal_address.management_settings: |- + - + (Optional) + Settings for management of the Registration, including renewal, billing, and transfer + Structure is documented below. + postal_address.organization: |- + - + (Optional) + The name of the organization at the address. + postal_address.postal_code: |- + - + (Optional) + Postal code of the address. Not all countries use or require postal codes to be present, but where they are used, + they may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.). + postal_address.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + postal_address.recipients: |- + - + (Optional) + The recipient at the address. This field may, under certain circumstances, contain multiline information. For example, + it might contain "care of" information. + postal_address.region_code: |- + - + (Required) + Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to + ensure the value is correct. See https://cldr.unicode.org/ and + https://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: "CH" for Switzerland. + register_failure_reason: |- + - + Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state. + registrant_contact.email: |- + - + (Required) + Required. Email address of the contact. + registrant_contact.fax_number: |- + - + (Optional) + Fax number of the contact in international format. For example, "+1-800-555-0123". + registrant_contact.phone_number: |- + - + (Required) + Required. Phone number of the contact in international format. For example, "+1-800-555-0123". + registrant_contact.postal_address: |- + - + (Required) + Required. Postal address of the contact. + Structure is documented below. + state: |- + - + Output only. The current state of the Registration. + supported_privacy: |- + - + Output only. Set of options for the contactSettings.privacy field that this Registration supports. + technical_contact.email: |- + - + (Required) + Required. Email address of the contact. + technical_contact.fax_number: |- + - + (Optional) + Fax number of the contact in international format. For example, "+1-800-555-0123". + technical_contact.phone_number: |- + - + (Required) + Required. Phone number of the contact in international format. For example, "+1-800-555-0123". + technical_contact.postal_address: |- + - + (Required) + Required. Postal address of the contact. + Structure is documented below. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + yearly_price: |- + - + (Required) + Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from + registrations.retrieveRegisterParameters or registrations.searchDomains calls. + Structure is documented below. + yearly_price.currency_code: |- + - + (Optional) + The three-letter currency code defined in ISO 4217. + yearly_price.units: |- + - + (Optional) + The whole units of the amount. For example if currencyCode is "USD", then 1 unit is one US dollar. + importStatements: [] google_cloudfunctions_function: subCategory: Cloud Functions description: Creates a new Cloud Function. @@ -19893,11 +24427,15 @@ resources: SECURE_OPTIONAL: Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly. available_memory_mb: '- (Optional) Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.' build_environment_variables: '- (Optional) A set of key/value environment variable pairs available during build time.' + build_worker_pool: '- (Optional) Name of the Cloud Build Custom Worker Pool that should be used to build the function.' create: '- Default is 5 minutes.' delete: '- Default is 5 minutes.' description: '- (Optional) Description of the function.' docker_registry: '- (Optional) Docker Registry to use for storing the function''s Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.' docker_repository: '- (Optional) User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. entry_point: '- (Optional) Name of the function that will be executed when the Google Cloud Function is triggered.' environment_variables: '- (Optional) A set of key/value environment variable pairs to assign to the function.' event_trigger: '- (Optional) A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.' @@ -19945,6 +24483,9 @@ resources: Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.* source_repository.0.deployed_url: '- The URL pointing to the hosted repository where the function was defined at the time of deployment.' source_repository.url: '- (Required) The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. timeout: '- (Optional) Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.' trigger_http: '- (Optional) Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.' update: '- Default is 5 minutes.' @@ -20251,8 +24792,7 @@ resources: ], "event_type": "google.cloud.storage.object.v1.finalized", "retry_policy": "RETRY_POLICY_RETRY", - "service_account_email": "${google_service_account.account.email}", - "trigger_region": "us-central1" + "service_account_email": "${google_service_account.account.email}" } ], "location": "us-central1", @@ -20678,6 +25218,112 @@ resources: "name": "function-source.zip", "source": "function-source.zip" } + - name: function + manifest: |- + { + "build_config": [ + { + "docker_repository": "${google_artifact_registry_repository.encoded-ar-repo.id}", + "entry_point": "helloHttp", + "runtime": "nodejs16", + "source": [ + { + "storage_source": [ + { + "bucket": "${google_storage_bucket.bucket.name}", + "object": "${google_storage_bucket_object.object.name}" + } + ] + } + ] + } + ], + "depends_on": [ + "${google_kms_crypto_key_iam_binding.gcf_cmek_keyuser}" + ], + "description": "CMEK function", + "kms_key_name": "cmek-key", + "location": "us-central1", + "name": "function-cmek", + "provider": "${google-beta}", + "service_config": [ + { + "available_memory": "256M", + "max_instance_count": 1, + "timeout_seconds": 60 + } + ] + } + references: + build_config.docker_repository: google_artifact_registry_repository.encoded-ar-repo.id + build_config.source.storage_source.bucket: google_storage_bucket.bucket.name + build_config.source.storage_source.object: google_storage_bucket_object.object.name + provider: google-beta + dependencies: + google_artifact_registry_repository.encoded-ar-repo: |- + { + "depends_on": [ + "${google_kms_crypto_key_iam_binding.gcf_cmek_keyuser}" + ], + "format": "DOCKER", + "kms_key_name": "cmek-key", + "location": "us-central1", + "provider": "${google-beta}", + "repository_id": "cmek-repo" + } + google_artifact_registry_repository.unencoded-ar-repo: |- + { + "format": "DOCKER", + "location": "us-central1", + "provider": "${google-beta}", + "repository_id": "ar-repo" + } + google_artifact_registry_repository_iam_binding.binding: |- + { + "location": "${google_artifact_registry_repository.encoded-ar-repo.location}", + "members": [ + "serviceAccount:service-${data.google_project.project.number}@gcf-admin-robot.iam.gserviceaccount.com" + ], + "provider": "${google-beta}", + "repository": "${google_artifact_registry_repository.encoded-ar-repo.name}", + "role": "roles/artifactregistry.admin" + } + google_kms_crypto_key_iam_binding.gcf_cmek_keyuser: |- + { + "crypto_key_id": "cmek-key", + "depends_on": [ + "${google_project_service_identity.ea_sa}" + ], + "members": [ + "serviceAccount:service-${data.google_project.project.number}@gcf-admin-robot.iam.gserviceaccount.com", + "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "serviceAccount:service-${data.google_project.project.number}@gs-project-accounts.iam.gserviceaccount.com", + "serviceAccount:service-${data.google_project.project.number}@serverless-robot-prod.iam.gserviceaccount.com", + "serviceAccount:${google_project_service_identity.ea_sa.email}" + ], + "provider": "${google-beta}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_project_service_identity.ea_sa: |- + { + "project": "${data.google_project.project.project_id}", + "provider": "${google-beta}", + "service": "eventarc.googleapis.com" + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "${local.project}-gcf-source", + "provider": "${google-beta}", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.object: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "name": "function-source.zip", + "provider": "${google-beta}", + "source": "function-source.zip" + } argumentDocs: build_config: |- - @@ -20726,6 +25372,7 @@ resources: - (Optional) User-provided description of a function. + effective_labels: for all of the labels present on the resource. environment: |- - The environment the function is hosted on. @@ -20777,7 +25424,9 @@ resources: event_trigger.service_account_email: |- - (Optional) - The email of the service account for this function. + Optional. The email of the trigger's service account. The service account + must have permission to invoke Cloud Run services. If empty, defaults to the + Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. event_trigger.trigger: |- - (Output) @@ -20790,13 +25439,18 @@ resources: region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/functions/{{name}}' + kms_key_name: |- + - + (Optional) + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. labels: |- - (Optional) A set of key/value label pairs associated with this Cloud Function. location: |- - - (Optional) + (Required) The location of this cloud function. name: |- - @@ -20979,6 +25633,10 @@ resources: - (Optional) Google Cloud Storage object containing the source. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 60 minutes.' update_time: |- - @@ -21035,389 +25693,6 @@ resources: google_cloudfunctions2_function_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_cloudiot_device: - subCategory: Cloud IoT Core - description: A Google Cloud IoT Core device. - name: google_cloudiot_device - title: "" - examples: - - name: test-device - manifest: |- - { - "name": "cloudiot-device", - "registry": "${google_cloudiot_registry.registry.id}" - } - references: - registry: google_cloudiot_registry.registry.id - dependencies: - google_cloudiot_registry.registry: |- - { - "name": "cloudiot-device-registry" - } - - name: test-device - manifest: |- - { - "blocked": false, - "credentials": [ - { - "public_key": [ - { - "format": "RSA_PEM", - "key": "${file(\"test-fixtures/rsa_public.pem\")}" - } - ] - } - ], - "gateway_config": [ - { - "gateway_type": "NON_GATEWAY" - } - ], - "log_level": "INFO", - "metadata": { - "test_key_1": "test_value_1" - }, - "name": "cloudiot-device", - "registry": "${google_cloudiot_registry.registry.id}" - } - references: - registry: google_cloudiot_registry.registry.id - dependencies: - google_cloudiot_registry.registry: |- - { - "name": "cloudiot-device-registry" - } - argumentDocs: - blocked: |- - - - (Optional) - If a device is blocked, connections or requests from this device will fail. - config: |- - - - The most recent device configuration, which is eventually sent from Cloud IoT Core to the device. - Structure is documented below. - config.binary_data: |- - - - (Optional) - The device configuration data. - config.cloud_update_time: |- - - - (Output) - The time at which this configuration version was updated in Cloud IoT Core. - config.device_ack_time: |- - - - (Output) - The time at which Cloud IoT Core received the acknowledgment from the device, - indicating that the device has received this configuration version. - config.version: |- - - - (Output) - The version of this update. - create: '- Default is 20 minutes.' - credentials: |- - - - (Optional) - The credentials used to authenticate this device. - Structure is documented below. - credentials.expiration_time: |- - - - (Optional) - The time at which this credential becomes invalid. - credentials.public_key: |- - - - (Required) - A public key used to verify the signature of JSON Web Tokens (JWTs). - Structure is documented below. - delete: '- Default is 20 minutes.' - gateway_config: |- - - - (Optional) - Gateway-related configuration and state. - Structure is documented below. - gateway_config.gateway_auth_method: |- - - - (Optional) - Indicates whether the device is a gateway. - Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - gateway_config.gateway_type: |- - - - (Optional) - Indicates whether the device is a gateway. - Default value is NON_GATEWAY. - Possible values are: GATEWAY, NON_GATEWAY. - gateway_config.last_accessed_gateway_id: |- - - - (Output) - The ID of the gateway the device accessed most recently. - gateway_config.last_accessed_gateway_time: |- - - - (Output) - The most recent time at which the device accessed the gateway specified in last_accessed_gateway. - id: '- an identifier for the resource with format {{registry}}/devices/{{name}}' - last_config_ack_time: |- - - - The last time a cloud-to-device config version acknowledgment was received from the device. - last_config_send_time: |- - - - The last time a cloud-to-device config version was sent to the device. - last_error_status: |- - - - The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub. - Structure is documented below. - last_error_status.details: |- - - - (Optional) - A list of messages that carry the error details. - last_error_status.message: |- - - - (Optional) - A developer-facing error message, which should be in English. - last_error_status.number: |- - - - (Optional) - The status code, which should be an enum value of google.rpc.Code. - last_error_time: |- - - - The time the most recent error occurred, such as a failure to publish to Cloud Pub/Sub. - last_event_time: |- - - - The last time a telemetry event was received. - last_heartbeat_time: |- - - - The last time an MQTT PINGREQ was received. - last_state_time: |- - - - The last time a state event was received. - log_level: |- - - - (Optional) - The logging verbosity for device activity. - Possible values are: NONE, ERROR, INFO, DEBUG. - metadata: |- - - - (Optional) - The metadata key-value pairs assigned to the device. - name: |- - - - (Required) - A unique name for the resource. - num_id: |- - - - A server-defined unique numeric ID for the device. - This is a more compact way to identify devices, and it is globally unique. - public_key.format: |- - - - (Required) - The format of the key. - Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - public_key.key: |- - - - (Required) - The key data. - registry: |- - - - (Required) - The name of the device registry where this device should be created. - state: |- - - - The state most recently received from the device. - Structure is documented below. - state.binary_data: |- - - - (Optional) - The device state data. - state.update_time: |- - - - (Optional) - The time at which this state version was updated in Cloud IoT Core. - update: '- Default is 20 minutes.' - importStatements: [] - google_cloudiot_registry: - subCategory: Cloud IoT Core - description: A Google Cloud IoT Core device registry. - name: google_cloudiot_registry - title: "" - examples: - - name: test-registry - manifest: |- - { - "name": "cloudiot-registry" - } - - name: test-registry - manifest: |- - { - "event_notification_configs": [ - { - "pubsub_topic_name": "${google_pubsub_topic.default-telemetry.id}", - "subfolder_matches": "" - } - ], - "name": "cloudiot-registry" - } - references: - event_notification_configs.pubsub_topic_name: google_pubsub_topic.default-telemetry.id - dependencies: - google_pubsub_topic.default-telemetry: |- - { - "name": "default-telemetry" - } - - name: test-registry - manifest: |- - { - "credentials": [ - { - "public_key_certificate": { - "certificate": "${file(\"test-fixtures/rsa_cert.pem\")}", - "format": "X509_CERTIFICATE_PEM" - } - } - ], - "event_notification_configs": [ - { - "pubsub_topic_name": "${google_pubsub_topic.additional-telemetry.id}", - "subfolder_matches": "test/path" - }, - { - "pubsub_topic_name": "${google_pubsub_topic.default-telemetry.id}", - "subfolder_matches": "" - } - ], - "http_config": { - "http_enabled_state": "HTTP_ENABLED" - }, - "log_level": "INFO", - "mqtt_config": { - "mqtt_enabled_state": "MQTT_ENABLED" - }, - "name": "cloudiot-registry", - "state_notification_config": { - "pubsub_topic_name": "${google_pubsub_topic.default-devicestatus.id}" - } - } - references: - event_notification_configs.pubsub_topic_name: google_pubsub_topic.default-telemetry.id - dependencies: - google_pubsub_topic.additional-telemetry: |- - { - "name": "additional-telemetry" - } - google_pubsub_topic.default-devicestatus: |- - { - "name": "default-devicestatus" - } - google_pubsub_topic.default-telemetry: |- - { - "name": "default-telemetry" - } - argumentDocs: - create: '- Default is 20 minutes.' - credentials: |- - - List of public key certificates to authenticate devices. - The structure is documented below. - credentials.public_key_certificate: '- A public key certificate format and data.' - credentials.public_key_certificate.certificate: '- The certificate data.' - credentials.public_key_certificate.format: '- The field allows only X509_CERTIFICATE_PEM.' - delete: '- Default is 20 minutes.' - event_notification_configs: |- - - - (Optional) - List of configurations for event notifications, such as PubSub topics - to publish device events to. - Structure is documented below. - event_notification_configs.pubsub_topic_name: |- - - - (Required) - PubSub topic name to publish device events. - event_notification_configs.subfolder_matches: |- - - - (Optional) - If the subfolder name matches this string exactly, this - configuration will be used. The string must not include the - leading '/' character. If empty, all strings are matched. Empty - value can only be used for the last event_notification_configs - item. - http_config: |- - - Activate or deactivate HTTP. - The structure is documented below. - http_config.http_enabled_state: '- The field allows HTTP_ENABLED or HTTP_DISABLED.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/registries/{{name}}' - log_level: |- - - - (Optional) - The default logging verbosity for activity from devices in this - registry. Specifies which events should be written to logs. For - example, if the LogLevel is ERROR, only events that terminate in - errors will be logged. LogLevel is inclusive; enabling INFO logging - will also enable ERROR logging. - Default value is NONE. - Possible values are: NONE, ERROR, INFO, DEBUG. - mqtt_config: |- - - Activate or deactivate MQTT. - The structure is documented below. - mqtt_config.mqtt_enabled_state: '- The field allows MQTT_ENABLED or MQTT_DISABLED.' - name: |- - - - (Required) - A unique name for the resource, required by device registry. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - region: |- - - - (Optional) - The region in which the created registry should reside. - If it is not provided, the provider region is used. - state_notification_config: |- - - A PubSub topic to publish device state updates. - The structure is documented below. - state_notification_config.pubsub_topic_name: '- PubSub topic name to publish device state updates.' - update: '- Default is 20 minutes.' - importStatements: [] - google_cloudiot_registry_iam_policy: - subCategory: Cloud IoT Core - description: Collection of resources to manage IAM policy for Cloud IoT Core DeviceRegistry - name: google_cloudiot_registry_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "name": "${google_cloudiot_registry.test-registry.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_cloudiot_registry.test-registry.project}", - "region": "${google_cloudiot_registry.test-registry.region}" - } - references: - name: google_cloudiot_registry.test-registry.name - policy_data: data.google_iam_policy.admin.policy_data - project: google_cloudiot_registry.test-registry.project - region: google_cloudiot_registry.test-registry.region - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_cloudiot_registry_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the deviceregistry are preserved.' - google_cloudiot_registry_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the deviceregistry are preserved.' - google_cloudiot_registry_iam_policy: ': Authoritative. Sets the IAM policy for the deviceregistry and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - name: '- (Required) Used to find the parent resource to bind the IAM policy to' - policy_data: |- - - (Required only by google_cloudiot_registry_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - region: |- - - (Optional) The region in which the created registry should reside. - If it is not provided, the provider region is used. - Used to find the parent resource to bind the IAM policy to. If not specified, - the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no - region is specified, it is taken from the provider configuration. - role: |- - - (Required) The role that should be applied. Only one - google_cloudiot_registry_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] google_composer_environment: subCategory: Cloud Composer description: An environment for running orchestration tasks. @@ -21610,7 +25885,7 @@ resources: cidr_blocks.cidr_block: |- - (Required) - `cidr_block< must be specified in CIDR notation. + cidr_block must be specified in CIDR notation. cidr_blocks.display_name: |- - (Optional) @@ -21637,11 +25912,25 @@ resources: config.0.gke_cluster: |- - The Kubernetes Engine cluster used to run this environment. + config.data_retention_config: |- + - + (Optional, Cloud Composer 2.0.23 or newer only) + Configuration setting for airflow data rentention mechanism. Structure is + documented below. config.database_config: |- - (Optional, Cloud Composer 1 only) The configuration settings for Cloud SQL instance used internally by Apache Airflow software. + config.enable_private_builds_only: |- + - + (Optional, Beta, Cloud Composer 3 only) + If true, builds performed during operations that install Python packages have only private connectivity to Google services. + If false, the builds also have access to the internet. + config.enable_private_environment: |- + - + (Optional, Beta, Cloud Composer 3 only) + If true, a private Composer environment will be created. config.encryption_config: |- - (Optional) @@ -21699,7 +25988,6 @@ resources: The configuration settings for the Airflow web server App Engine instance. config.web_server_network_access_control: |- - - (Optional, Cloud Composer 1 only) The network-level access control policy for the Airflow web server. If unspecified, no network-level access restrictions are applied. config.workloads_config: |- @@ -21708,12 +25996,41 @@ resources: The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. create: '- Default is 60 minutes.' + dag_processor.cpu: |- + - + (Optional) + CPU request and limit for DAG processor. + dag_processor.float storage_gb: |- + (Optional) + Storage (GB) request and limit for DAG processor. + dag_processor.memory_gb: |- + - + (Optional) + Memory (GB) request and limit for DAG processor. + data_retention_config.task_logs_retention_config: |- + - + (Optional) + The configuration setting for Task Logs. Structure is + documented below. + data_retention_config.task_logs_retention_config.storage_mode: |- + - + (Optional) + The mode of storage for Airflow workers task logs. Values for storage mode are + CLOUD_LOGGING_ONLY to only store logs in cloud logging and + CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + database_config.Zone: |- + - + (Optional) + Preferred Cloud SQL database zone. database_config.machine_type: |- - - (Required) - Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, + (Optional) + Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. delete: '- Default is 6 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. encryption_config.kms_key_name: |- - (Required) @@ -21796,6 +26113,11 @@ resources: - (Required) Name of the environment + node_config.composer_internal_ipv4_cidr_block: |- + - + (Optional, Beta, Cloud Composer 3 only) + At least /20 IPv4 cidr range that will be used by Composer internal components. + Cannot be updated. node_config.disk_size_gb: |- - (Optional, Cloud Composer 1 only) @@ -21889,6 +26211,11 @@ resources: - (Optional) The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block + private_environment_config.connection_type: |- + - + (Optional, Cloud Composer 2 only) + Mode of internal communication within the Composer environment. Must be one + of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". private_environment_config.description: |- - (Optional) @@ -22010,6 +26337,21 @@ resources: - (Optional, Cloud Composer 1 with Airflow 2 only) The number of schedulers for Airflow. + software_config.web_server_plugins_mode: |- + - + (Optional, Beta, Cloud Composer 3 only) + Web server plugins configuration. Should be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + storage_config: |- + - + (Optional) + Configuration options for storage used by Composer environment. Structure is documented below. + storage_config.bucket: |- + - + (Required) + Name of an existing Cloud Storage bucket to be used by the environment. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. triggerer.count: |- - (Required) @@ -22064,13 +26406,17 @@ resources: (Optional) The minimum number of Airflow workers that the environment can run. The number of workers in the environment does not go above this number, even if a lower number of workers can handle the load. + workloads_config.dag_processor: |- + - + (Optional, Beta, Cloud Composer 3 only) + Configuration for resources used by DAG processor. workloads_config.scheduler: |- - (Optional) Configuration for resources used by Airflow schedulers. workloads_config.triggerer: |- - - (Optional, Beta) + (Optional) Configuration for resources used by Airflow triggerer. workloads_config.web_server: |- - @@ -22194,6 +26540,7 @@ resources: - (Optional) An optional description of this resource. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/addresses/{{name}}' ip_version: |- - @@ -22209,12 +26556,11 @@ resources: Possible values are: VM, NETLB. label_fingerprint: |- - - (Beta) The fingerprint used for optimistic locking of this resource. Used internally during updates. labels: |- - - (Optional, Beta) + (Optional) Labels to apply to this address. A list of key->value pairs. name: |- - @@ -22262,6 +26608,10 @@ resources: address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' users: |- - @@ -22566,8 +26916,6 @@ resources: - (Optional) Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. autoscaling_policy.scale_down_control: |- - (Optional, Beta) @@ -23123,6 +27471,19 @@ resources: "request_path": "/", "timeout_sec": 1 } + - name: default + manifest: |- + { + "iap": [ + { + "oauth2_client_id": "abc", + "oauth2_client_secret": "xyz" + } + ], + "load_balancing_scheme": "EXTERNAL", + "name": "tf-test-backend-service-external", + "protocol": "HTTP" + } - name: default manifest: |- { @@ -23851,7 +28212,7 @@ resources: load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. - Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. locality_lb_policies: |- - (Optional) @@ -23919,8 +28280,8 @@ resources: - (Optional) Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. + Applicable backend service types can be a global backend service with the + loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below. outlier_detection.base_ejection_time: |- - @@ -24019,8 +28380,10 @@ resources: (Optional) The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. security_policy: |- - (Optional) @@ -24352,9 +28715,13 @@ resources: (Output) The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. + disk_id: |- + - + The unique identifier for the resource. This identifier is defined by the server. + effective_labels: for all of the labels present on the resource. enable_confidential_compute: |- - - (Optional, Beta) + (Optional) Whether this disk is using confidential compute mode. Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true guest_os_features: |- @@ -24383,7 +28750,7 @@ resources: These images can be referred by family name here. interface: |- - - (Optional, Beta) + (Optional, Beta, Deprecated) Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. label_fingerprint: |- - @@ -24555,6 +28922,10 @@ resources: that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. type: |- - (Optional) @@ -24799,6 +29170,9 @@ resources: - (Optional) An optional description of this resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/global/externalVpnGateways/{{name}}' interface: |- - @@ -24825,6 +29199,8 @@ resources: - (Optional) Labels for the external VPN gateway resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - (Required) @@ -24844,6 +29220,10 @@ resources: Indicates the redundancy type of this external VPN gateway Possible values are: FOUR_IPS_REDUNDANCY, SINGLE_IP_INTERNALLY_REDUNDANT, TWO_IPS_REDUNDANCY. self_link: '- The URI of the created resource.' + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_compute_firewall: @@ -25557,7 +29937,7 @@ resources: "name": "l7-ilb-proxy-subnet", "network": "${google_compute_network.ilb_network.id}", "provider": "${google-beta}", - "purpose": "INTERNAL_HTTPS_LOAD_BALANCER", + "purpose": "REGIONAL_MANAGED_PROXY", "region": "europe-west1", "role": "ACTIVE" } @@ -25893,6 +30273,7 @@ resources: { "all_ports": true, "backend_service": "${google_compute_region_backend_service.backend.id}", + "ip_version": "IPV4", "load_balancing_scheme": "INTERNAL", "name": "website-forwarding-rule", "network": "${google_compute_network.default.name}", @@ -26166,7 +30547,7 @@ resources: "name": "website-net-proxy", "network": "${google_compute_network.default.id}", "provider": "${google-beta}", - "purpose": "INTERNAL_HTTPS_LOAD_BALANCER", + "purpose": "REGIONAL_MANAGED_PROXY", "region": "us-central1", "role": "ACTIVE" } @@ -26812,20 +31193,79 @@ resources: "name": "service-backend", "region": "us-central1" } + - name: default + manifest: |- + { + "all_ports": true, + "backend_service": "${google_compute_region_backend_service.backend.id}", + "ip_version": "IPV6", + "load_balancing_scheme": "INTERNAL", + "name": "ilb-ipv6-forwarding-rule", + "network": "${google_compute_network.default.name}", + "region": "us-central1", + "subnetwork": "${google_compute_subnetwork.default.name}" + } + references: + backend_service: google_compute_region_backend_service.backend.id + network: google_compute_network.default.name + subnetwork: google_compute_subnetwork.default.name + dependencies: + google_compute_health_check.hc: |- + { + "check_interval_sec": 1, + "name": "check-ilb-ipv6-backend", + "tcp_health_check": [ + { + "port": "80" + } + ], + "timeout_sec": 1 + } + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "enable_ula_internal_ipv6": true, + "name": "net-ipv6" + } + google_compute_region_backend_service.backend: |- + { + "health_checks": [ + "${google_compute_health_check.hc.id}" + ], + "name": "ilb-ipv6-backend", + "region": "us-central1" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/16", + "ipv6_access_type": "INTERNAL", + "name": "subnet-internal-ipv6", + "network": "${google_compute_network.default.id}", + "region": "us-central1", + "stack_type": "IPV4_IPV6" + } argumentDocs: '[IPAddress, IPProtocol]': |- - pair, and cannot share any values - defined in ports. + pair, and cannot have overlapping + portRanges. For internal forwarding rules within the same VPC network, two or more - forwarding rules cannot use the same [IPAddress, IPProtocol] - pair, and cannot share any values defined in ports. - The ports and port_range fields are mutually exclusive. - IPProtocol: is one of TCP, UDP, or SCTP. + forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and + cannot have overlapping portRanges. + @pattern: \d+(?:-\d+)? + IPProtocol: |- + be TCP, UDP, or SCTP, + and all-apis: '- All supported Google APIs.' all_ports: |- - (Optional) - This field can only be used: + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The allPorts field has the following limitations: + allPorts: |- + be set to + true. allow_global_access: |- - (Optional) @@ -26859,6 +31299,7 @@ resources: (Optional) An optional description of this resource. Provide this property when you create the resource. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}' ip_address: |- - @@ -26879,7 +31320,17 @@ resources: The valid IP protocols are different for different load balancing products as described in Load balancing features. + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. + ip_version: |- + - + (Optional) + The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + If not set, the IPv4 address will be used by default. + Possible values are: IPV4, IPV6. is_mirroring_collector: |- - (Optional) @@ -26950,15 +31401,17 @@ resources: port_range: |- - (Optional) - This field can only be used: + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The portRange field has the following limitations: ports: |- - and port_range fields are mutually exclusive. - For external forwarding rules, two or more forwarding rules cannot use the - same [IPAddress, IPProtocol] pair, and cannot have - overlapping portRanges. - For internal forwarding rules within the same VPC network, two or more - forwarding rules cannot use the same [IPAddress, IPProtocol] - pair, and cannot have overlapping portRanges. + - + (Optional) + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The ports field has the following limitations: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -26968,6 +31421,7 @@ resources: psc_connection_status: |- - The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED + recreate_closed_psc: '- (Optional) This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed' region: |- - (Optional) @@ -27022,6 +31476,10 @@ resources: is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' vpc-sc: '- APIs that support VPC Service Controls.' importStatements: [] @@ -27079,6 +31537,7 @@ resources: - (Optional) An optional description of this resource. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/global/addresses/{{name}}' ip_version: |- - @@ -27126,6 +31585,11 @@ resources: (Optional) The purpose of the resource. Possible values include: self_link: '- The URI of the created resource.' + terraform_labels: |- + - + (Beta) + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_compute_global_forwarding_rule: @@ -27991,6 +32455,200 @@ resources: } ] } + - name: google_compute_forwarding_rule + manifest: |- + { + "depends_on": [ + "${google_compute_subnetwork.proxy_subnet}" + ], + "ip_protocol": "TCP", + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "l7-gilb-forwarding-rule", + "network": "${google_compute_network.gilb_network.id}", + "port_range": "80", + "provider": "${google-beta}", + "subnetwork": "${google_compute_subnetwork.gilb_subnet.id}", + "target": "${google_compute_target_http_proxy.default.id}" + } + references: + network: google_compute_network.gilb_network.id + provider: google-beta + subnetwork: google_compute_subnetwork.gilb_subnet.id + target: google_compute_target_http_proxy.default.id + dependencies: + google_compute_backend_service.default: |- + { + "backend": [ + { + "balancing_mode": "UTILIZATION", + "capacity_scaler": 1, + "group": "${google_compute_instance_group_manager.mig.instance_group}" + } + ], + "health_checks": [ + "${google_compute_health_check.default.id}" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "l7-gilb-backend-subnet", + "protocol": "HTTP", + "provider": "${google-beta}", + "timeout_sec": 10 + } + google_compute_firewall.fw-gilb-to-backends: |- + { + "allow": [ + { + "ports": [ + "80", + "443", + "8080" + ], + "protocol": "tcp" + } + ], + "direction": "INGRESS", + "name": "l7-gilb-fw-allow-gilb-to-backends", + "network": "${google_compute_network.gilb_network.id}", + "provider": "${google-beta}", + "source_ranges": [ + "10.0.0.0/24" + ], + "target_tags": [ + "http-server" + ] + } + google_compute_firewall.fw-iap: |- + { + "allow": [ + { + "protocol": "tcp" + } + ], + "direction": "INGRESS", + "name": "l7-gilb-fw-allow-iap-hc", + "network": "${google_compute_network.gilb_network.id}", + "provider": "${google-beta}", + "source_ranges": [ + "130.211.0.0/22", + "35.191.0.0/16", + "35.235.240.0/20" + ] + } + google_compute_health_check.default: |- + { + "http_health_check": [ + { + "port_specification": "USE_SERVING_PORT" + } + ], + "name": "l7-gilb-hc", + "provider": "${google-beta}" + } + google_compute_instance.vm-test: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "debian-cloud/debian-10" + } + ] + } + ], + "machine_type": "e2-small", + "name": "l7-gilb-test-vm", + "network_interface": [ + { + "network": "${google_compute_network.gilb_network.id}", + "subnetwork": "${google_compute_subnetwork.gilb_subnet.id}" + } + ], + "provider": "${google-beta}", + "zone": "europe-west1-b" + } + google_compute_instance_group_manager.mig: |- + { + "base_instance_name": "vm", + "name": "l7-gilb-mig1", + "provider": "${google-beta}", + "target_size": 2, + "version": [ + { + "instance_template": "${google_compute_instance_template.instance_template.id}", + "name": "primary" + } + ], + "zone": "europe-west1-b" + } + google_compute_instance_template.instance_template: |- + { + "disk": [ + { + "auto_delete": true, + "boot": true, + "source_image": "debian-cloud/debian-10" + } + ], + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "machine_type": "e2-small", + "metadata": { + "startup-script": "#! /bin/bash\nset -euo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt-get update\napt-get install -y nginx-light jq\n\nNAME=$(curl -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/hostname\")\nIP=$(curl -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip\")\nMETADATA=$(curl -f -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True\" | jq 'del(.[\"startup-script\"])')\n\ncat \u003c\u003cEOF \u003e /var/www/html/index.html\n\u003cpre\u003e\nName: $NAME\nIP: $IP\nMetadata: $METADATA\n\u003c/pre\u003e\nEOF\n" + }, + "name": "l7-gilb-mig-template", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "${google_compute_network.gilb_network.id}", + "subnetwork": "${google_compute_subnetwork.gilb_subnet.id}" + } + ], + "provider": "${google-beta}", + "tags": [ + "http-server" + ] + } + google_compute_network.gilb_network: |- + { + "auto_create_subnetworks": false, + "name": "l7-gilb-network", + "provider": "${google-beta}" + } + google_compute_subnetwork.gilb_subnet: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "l7-gilb-subnet", + "network": "${google_compute_network.gilb_network.id}", + "provider": "${google-beta}", + "region": "europe-west1" + } + google_compute_subnetwork.proxy_subnet: |- + { + "ip_cidr_range": "10.0.0.0/24", + "name": "l7-gilb-proxy-subnet", + "network": "${google_compute_network.gilb_network.id}", + "provider": "${google-beta}", + "purpose": "GLOBAL_MANAGED_PROXY", + "region": "europe-west1", + "role": "ACTIVE" + } + google_compute_target_http_proxy.default: |- + { + "name": "l7-gilb-target-http-proxy", + "provider": "${google-beta}", + "url_map": "${google_compute_url_map.default.id}" + } + google_compute_url_map.default: |- + { + "default_service": "${google_compute_backend_service.default.id}", + "name": "l7-gilb-url-map", + "provider": "${google-beta}" + } - name: default manifest: |- { @@ -28000,6 +32658,12 @@ resources: "network": "${google_compute_network.network.id}", "project": "${google_compute_network.network.project}", "provider": "${google-beta}", + "service_directory_registrations": [ + { + "namespace": "sd-namespace", + "service_directory_region": "europe-west3" + } + ], "target": "all-apis" } references: @@ -28081,7 +32745,16 @@ resources: "region": "us-central1" } argumentDocs: - IPProtocol: is one of TCP, UDP, or SCTP. + '[IPAddress, IPProtocol]': |- + pair, and cannot have overlapping + portRanges. + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and + cannot have overlapping portRanges. + @pattern: \d+(?:-\d+)? + IPProtocol: |- + be TCP, UDP, or SCTP, + and all-apis: '- All supported Google APIs.' allow_psc_global_access: |- - @@ -28097,6 +32770,7 @@ resources: (Optional) An optional description of this resource. Provide this property when you create the resource. + effective_labels: for all of the labels present on the resource. filter_labels.name: |- - (Required) @@ -28148,7 +32822,7 @@ resources: For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. - Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. metadata_filters: |- - (Optional) @@ -28216,7 +32890,7 @@ resources: port_range: |- - (Optional) - This field can only be used: + The portRange field has the following limitations: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -28227,10 +32901,36 @@ resources: - The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED self_link: '- The URI of the created resource.' + service_directory_registrations: |- + - + (Optional) + Service Directory resources to register this forwarding rule with. + Currently, only supports a single Service Directory resource. + Structure is documented below. + service_directory_registrations.namespace: |- + - + (Optional) + Service Directory namespace to register the forwarding rule under. + service_directory_registrations.service_directory_region: |- + - + (Optional) + [Optional] Service Directory region to register this global forwarding rule under. + Default to "us-central1". Only used for PSC for Google APIs. All PSC for + Google APIs Forwarding Rules on the same network should use the same Service + Directory region. source_ip_ranges: |- - (Optional) If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). + subnetwork: |- + - + (Optional) + This field identifies the subnetwork that the load balanced IP should + belong to for this Forwarding Rule, used in internal load balancing and + network load balancing with IPv6. + If the network specified is in auto subnet mode, this field is optional. + However, a subnetwork must be specified if the network is in custom subnet + mode or when creating external forwarding rule with IPv6. target: |- - (Required) @@ -28239,6 +32939,10 @@ resources: forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' vpc-sc: '- APIs that support VPC Service Controls.' importStatements: [] @@ -29260,6 +33964,9 @@ resources: - (Optional) Size of the image when restored onto a persistent disk (in GB). + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. family: |- - (Optional) @@ -29278,7 +33985,7 @@ resources: - (Required) The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. id: '- an identifier for the resource with format projects/{{project}}/global/images/{{name}}' image_encryption_key: |- - @@ -29307,6 +34014,8 @@ resources: - (Optional) Labels to apply to this Image. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. licenses: |- - (Optional) @@ -29372,6 +34081,10 @@ resources: Cloud Storage bucket storage location of the image (regional or multi-regional). Reference link: https://cloud.google.com/compute/docs/reference/rest/v1/images + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_compute_image_iam_policy: @@ -29449,12 +34162,12 @@ resources: ] } ], - "machine_type": "e2-medium", + "machine_type": "n2-standard-2", "metadata": { "foo": "bar" }, "metadata_startup_script": "echo hi \u003e /test.txt", - "name": "test", + "name": "my-instance", "network_interface": [ { "access_config": [ @@ -29465,7 +34178,7 @@ resources: ], "scratch_disk": [ { - "interface": "SCSI" + "interface": "NVME" } ], "service_account": [ @@ -29487,8 +34200,8 @@ resources: dependencies: google_service_account.default: |- { - "account_id": "service_account_id", - "display_name": "Service Account" + "account_id": "my-custom-sa", + "display_name": "Custom SA for VM Instance" } argumentDocs: -ext: ', e.g. custom-2-15360-ext for 2 vCPU and 15 GB of memory.' @@ -29582,7 +34295,8 @@ resources: packets with non-matching source or destination IPs. This defaults to false. confidential_instance_config: (Optional) - Enable Confidential Mode on this VM. Structure is documented below - confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + confidential_instance_config.confidential_instance_type: '(Optional) Beta Defines the confidential computing technology the instance uses. SEV is an AMD feature. One of the following values: SEV, SEV_SNP. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM.' + confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. cpu_platform: '- The CPU platform used by this instance.' create: '- Default is 20 minutes.' current_status: '- The current status of the instance. This could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle.`,' @@ -29599,6 +34313,9 @@ resources: - The RFC 4648 base64 encoded SHA-256 hash of the [customer-supplied encryption key] (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption) that protects this resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. enable_display: |- - (Optional) Enable Virtual Displays on this instance. Note: allow_stopping_for_update must be set to true or your instance must have a desired_status of TERMINATED in order to update this field. @@ -29610,11 +34327,16 @@ resources: of zero objects you must use the following syntax: example=[] For more details about this behavior, see this section. + guest_accelerator.count: (Required) - The number of the guest accelerator cards exposed to this instance. + guest_accelerator.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. hostname: |- - (Optional) A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created. id: '- an identifier for the resource with format projects/{{project}}/zones/{{zone}}/instances/{{name}}' + initialize_params.enable_confidential_compute: |- + - (Optional) Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. initialize_params.image: |- - (Optional) The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, @@ -29628,6 +34350,22 @@ resources: initialize_params.labels: |- - (Optional) A set of key/value label pairs assigned to the disk. This field is only applicable for persistent disks. + initialize_params.provisioned_iops: |- + - (Optional) Indicates how many IOPS to provision for the disk. + This sets the number of I/O operations per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + you'll need to manually delete and recreate it. + initialize_params.provisioned_throughput: |- + - (Optional) Indicates how much throughput to provision for the disk. + This sets the number of throughput mb per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of throughput every 4 hours. To update your hyperdisk more + frequently, you'll need to manually delete and recreate it. initialize_params.resource_manager_tags: '- (Optional) A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. In Terraform, this value cannot be updated and changing it will recreate the resource.' initialize_params.size: |- - (Optional) The size of the image in gigabytes. If not specified, it @@ -29653,7 +34391,10 @@ resources: - One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. label_fingerprint: '- The unique fingerprint of the labels.' - labels: '- (Optional) A map of key/value label pairs to assign to the instance.' + labels: |- + - (Optional) A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. machine_type: '- (Required) The machine type to create.' metadata: |- - (Optional) Metadata key/value pairs to make available from @@ -29704,11 +34445,13 @@ resources: - (Optional) The name or self_link of the network to attach this interface to. Either network or subnetwork must be provided. If network isn't provided it will be inferred from the subnetwork. + network_interface.network_attachment: '- (Optional) Beta The URL of the network attachment that this interface should connect to in the following format: projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}.' network_interface.network_ip: |- - (Optional) The private IP address to assign to the instance. If empty, the address will be automatically assigned. network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET.' network_interface.queue_count: '- (Optional) The networking queue count that''s specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.' + network_interface.security_policy: '- (Optional) Beta A full or partial URL to a security policy to add to this instance. If this field is set to an empty string it will remove the associated security policy.' network_interface.stack_type: '- (Optional) The stack type for this network interface to identify whether the IPv6 feature is enabled or not. Values are IPV4_IPV6 or IPV4_ONLY. If not specified, IPV4_ONLY will be used.' network_interface.subnetwork: |- - (Optional) The name or self_link of the subnetwork to attach this @@ -29760,14 +34503,11 @@ resources: - (Optional) Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user). Defaults to true. - scheduling.count: (Required) - The number of the guest accelerator cards exposed to this instance. scheduling.instance_termination_action: '- (Optional) Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here' scheduling.local_ssd_recovery_timeout: |- - (Optional) (https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour. Structure is documented below. The local_ssd_recovery_timeout block supports: - scheduling.maintenance_interval: |- - - (Optional) Beta Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC. - The guest_accelerator block supports: + scheduling.maintenance_interval: '- (Optional) Beta Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.' scheduling.max_run_duration: |- - (Optional) Beta The duration of the instance. Instance will run and be terminated after then, the termination action could be defined in instance_termination_action. Only support DELETE instance_termination_action at this point. Structure is documented below. The max_run_duration block supports: @@ -29793,14 +34533,13 @@ resources: set to false. Defaults to false. scheduling.provisioning_model: |- - (Optional) Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here scheduling.seconds: |- - (Required) Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - scheduling.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. scratch_disk: |- - (Optional) Scratch disks to attach to the instance. This can be specified multiple times for multiple scratch disks. Structure is documented below. @@ -29835,6 +34574,9 @@ resources: specific_reservation.values: '- (Required) Corresponds to the label values of a reservation resource.' tags: '- (Optional) A list of network tags to attach to the instance.' tags_fingerprint: '- The unique fingerprint of the tags.' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. "true": . update: '- Default is 20 minutes.' zone: '- (Optional) The zone that the machine should be created in. If it is not provided, the provider zone is used.' @@ -30155,12 +34897,12 @@ resources: version.instance_template: google_compute_instance_template.appserver-canary.self_link_unique argumentDocs: all_instances_config: |- - - (Optional, Beta) + - (Optional) Properties to set on all instances in the group. After setting allInstancesConfig on the group, you must update the group's instances to apply the configuration. - all_instances_config.labels: '- (Optional, Beta), The label key-value pairs that you want to patch onto the instance.' - all_instances_config.metadata: '- (Optional, Beta), The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.' + all_instances_config.labels: '- (Optional), The label key-value pairs that you want to patch onto the instance.' + all_instances_config.metadata: '- (Optional), The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.' auto_healing_policies: |- - (Optional) The autohealing policies for this managed instance group. You can specify only one value. Structure is documented below. For more information, see the official documentation. @@ -30211,10 +34953,10 @@ resources: stateful_disk: '- (Optional) Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation.' stateful_disk.delete_rule: '- (Optional), A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.' stateful_disk.device_name: '- (Required), The device name of the disk to be attached.' - stateful_external_ip: '- (Optional, Beta) External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' + stateful_external_ip: '- (Optional) External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' stateful_external_ip.delete_rule: '- (Optional), A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group.' stateful_external_ip.interface_name: '- (Required), The network interface name of the external Ip. Possible value: nic0' - stateful_internal_ip: '- (Optional, Beta) Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' + stateful_internal_ip: '- (Optional) Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' stateful_internal_ip.delete_rule: '- (Optional), A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group.' stateful_internal_ip.interface_name: '- (Required), The network interface name of the internal Ip. Possible value: nic0' status: '- The status of this managed instance group.' @@ -30226,8 +34968,9 @@ resources: not affect existing instances. target_size: |- - (Optional) The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle.ignore_changes can be used to prevent Terraform from modifying the value. Defaults to 0. target_size.fixed: '- (Optional), The number of instances which are managed for this version. Conflicts with percent.' target_size.percent: |- - (Optional), The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. @@ -30266,6 +35009,69 @@ resources: - (Required) The zone that instances in this group should be created in. importStatements: [] + google_compute_instance_group_membership: + subCategory: Compute Engine + description: Represents the Instance membership to the Instance Group. + name: google_compute_instance_group_membership + title: "" + examples: + - name: default-ig-membership + manifest: |- + { + "instance": "${google_compute_instance.default-instance.self_link}", + "instance_group": "${google_compute_instance_group.default-instance-group.name}" + } + references: + instance: google_compute_instance.default-instance.self_link + instance_group: google_compute_instance_group.default-instance-group.name + dependencies: + google_compute_instance.default-instance: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "debian-cloud/debian-11" + } + ] + } + ], + "machine_type": "e2-medium", + "name": "instance", + "network_interface": [ + { + "network": "${google_compute_network.default-network.name}" + } + ] + } + google_compute_instance_group.default-instance-group: |- + { + "name": "instance-group" + } + google_compute_network.default-network: |- + { + "name": "network" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{project}}/{{zone}}/{{instance_group}}/{{instance}}' + instance: |- + - + (Required) + An instance being added to the InstanceGroup + instance_group: |- + - + (Required) + Represents an Instance Group resource name that the instance belongs to. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + zone: |- + - + (Optional) + A reference to the zone where the instance group resides. + importStatements: [] google_compute_instance_group_named_port: subCategory: Compute Engine description: Mange the named ports setting for a managed instance group without managing the group as whole. @@ -30297,6 +35103,7 @@ resources: } google_container_cluster.my_cluster: |- { + "deletion_protection": "true", "initial_node_count": 1, "ip_allocation_policy": [ { @@ -30334,6 +35141,7 @@ resources: } google_container_cluster.my_cluster: |- { + "deletion_protection": "true", "initial_node_count": 1, "ip_allocation_policy": [ { @@ -30433,6 +35241,53 @@ resources: the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. importStatements: [] + google_compute_instance_settings: + subCategory: Compute Engine + description: Represents an Instance Settings resource. + name: google_compute_instance_settings + title: "" + examples: + - name: gce_instance_settings + manifest: |- + { + "metadata": [ + { + "items": { + "foo": "baz" + } + } + ], + "provider": "${google-beta}", + "zone": "us-east7-b" + } + references: + provider: google-beta + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + fingerprint: |- + - + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + id: '- an identifier for the resource with format projects/{{project}}/zones/{{zone}}/instanceSettings' + metadata: |- + - + (Optional) + The metadata key/value pairs assigned to all the instances in the corresponding scope. + Structure is documented below. + metadata.items: |- + - + (Optional) + A metadata key/value items map. The total size of all keys and values must be less than 512KB + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + zone: |- + - + (Required) + A reference to the zone where the machine resides. + importStatements: [] google_compute_instance_template: subCategory: Compute Engine description: Manages a VM instance template resource within GCE. @@ -30630,7 +35485,8 @@ resources: - (Optional) Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. confidential_instance_config: (Optional) - Enable Confidential Mode on this VM. Structure is documented below - confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + confidential_instance_config.confidential_instance_type: '(Optional) Beta Defines the confidential computing technology the instance uses. SEV is an AMD feature. One of the following values: SEV, SEV_SNP. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM.' + confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled with AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. create: '- Default is 4 minutes.' custom-VCPUS-MEM_IN_MB: like custom-6-20480 for 6 vCPU and 20GB of RAM. delete: '- Default is 4 minutes.' @@ -30670,6 +35526,12 @@ resources: - (Optional) The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. + disk.provisioned_iops: |- + - (Optional) Indicates how many IOPS to provision for the disk. This + sets the number of I/O operations per second that the disk can handle. + Values must be between 10,000 and 120,000. For more details, see the + Extreme persistent disk documentation. + disk.resource_manager_tags: '- (Optional) A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.' disk.resource_policies: (Optional) -- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported. disk.source: |- - (Optional) The name (not self_link) @@ -30698,10 +35560,15 @@ resources: - (Optional) The type of GCE disk, can be either "SCRATCH" or "PERSISTENT". disk_encryption_key.kms_key_self_link: '- (Required) The self link of the encryption key that is stored in Google Cloud KMS' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. enable_display: |- - (Optional, Beta) Enable Virtual Displays on this instance. Note: allow_stopping_for_update must be set to true in order to update this field. guest_accelerator: '- (Optional) List of the type and count of accelerator cards attached to the instance. Structure documented below.' + guest_accelerator.count: (Required) - The number of the guest accelerator cards exposed to this instance. + guest_accelerator.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. id: '- an identifier for the resource with format projects/{{project}}/global/instanceTemplates/{{name}}' instance_description: |- - (Optional) A brief description to use for instances @@ -30754,7 +35621,7 @@ resources: - (Optional) The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks. - network_interface.network_interface: '- (Optional, Beta) The URL of the network attachment that this interface should connect to in the following format: projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}.' + network_interface.network_attachment: '- (Optional, Beta) The URL of the network attachment that this interface should connect to in the following format: projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}.' network_interface.network_ip: |- - (Optional) The private IP address to assign to the instance. If empty, the address will be automatically assigned. @@ -30769,8 +35636,7 @@ resources: - (Optional) The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used. network_performance_config: |- - (Optional, Beta - Configures network performance settings for the instance created from the + (Optional, Configures network performance settings for the instance created from the template. Structure is documented below. Note: machine_type must be a supported type, the image used must include the GVNIC @@ -30799,6 +35665,7 @@ resources: - (Optional) Specifies the label selector for the reservation to use.. Structure is documented below. reservation_affinity.type: '- (Required) The type of reservation from which this instance can consume resources.' + resource_manager_tags: '- (Optional) A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.' resource_policies: (Optional) -- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. scheduling: |- - (Optional) The scheduling strategy to use. More details about @@ -30807,14 +35674,11 @@ resources: - (Optional) Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. - scheduling.count: (Required) - The number of the guest accelerator cards exposed to this instance. scheduling.instance_termination_action: '- (Optional) Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here' scheduling.local_ssd_recovery_timeout: |- - (Optional) (https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour. Structure is documented below. The local_ssd_recovery_timeout block supports: - scheduling.maintenance_interval: |- - - (Optional) Beta Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC. - The guest_accelerator block supports: + scheduling.maintenance_interval: '- (Optional) Beta Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.' scheduling.max_run_duration: |- - (Optional) Beta The duration of the instance. Instance will run and be terminated after then, the termination action could be defined in instance_termination_action. Only support DELETE instance_termination_action at this point. Structure is documented below. The max_run_duration block supports: @@ -30838,19 +35702,22 @@ resources: here. scheduling.provisioning_model: |- - (Optional) Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here scheduling.seconds: |- - (Required) Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - scheduling.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. self_link: '- The URI of the created resource.' self_link_unique: |- - A special URI of the created resource that uniquely identifies this instance template with the following format: projects/{{project}}/global/instanceTemplates/{{name}}?uniqueId={{uniqueId}} Referencing an instance template via this attribute prevents Time of Check to Time of Use attacks when the instance template resides in a shared/untrusted environment. service_account: '- (Optional) Service account to attach to the instance. Structure is documented below.' + service_account.cloud-platform: |- + scope. + See Authenticate workloads using service accounts best practices + and Best practices for using service accounts. service_account.email: |- - (Optional) The service account e-mail address. If not given, the default Google Compute Engine service account is used. @@ -30882,6 +35749,9 @@ resources: specific_reservation.values: '- (Required) Corresponds to the label values of a reservation resource.' tags: '- (Optional) Tags to attach to the instance.' tags_fingerprint: '- The unique fingerprint of the tags.' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. importStatements: [] google_compute_interconnect_attachment: subCategory: Compute Engine @@ -31094,6 +35964,14 @@ resources: automatically connect the Interconnect to the network & region within which the Cloud Router is configured. self_link: '- The URI of the created resource.' + stack_type: |- + - + (Optional) + The stack type for this interconnect attachment to identify whether the IPv6 + feature is enabled or not. If not specified, IPV4_ONLY will be used. + This field can be both set at interconnect attachments creation and update + interconnect attachment operations. + Possible values are: IPV4_IPV6, IPV4_ONLY. state: |- - [Output Only] The current state of this attachment's functionality. @@ -31609,6 +36487,9 @@ resources: Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL. + numeric_id: |- + - + The unique identifier for the resource. This identifier is defined by the server. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -31624,6 +36505,197 @@ resources: self_link: '- The URI of the created resource.' update: '- Default is 20 minutes.' importStatements: [] + google_compute_network_attachment: + subCategory: Compute Engine + description: A network attachment is a resource that lets a producer Virtual Private Cloud (VPC) network initiate connections to a consumer VPC network through a Private Service Connect interface. + name: google_compute_network_attachment + title: "" + examples: + - name: default + manifest: |- + { + "connection_preference": "ACCEPT_MANUAL", + "description": "basic network attachment description", + "name": "basic-network-attachment", + "producer_accept_lists": [ + "${google_project.accepted_producer_project.project_id}" + ], + "producer_reject_lists": [ + "${google_project.rejected_producer_project.project_id}" + ], + "provider": "${google-beta}", + "region": "us-central1", + "subnetworks": [ + "${google_compute_subnetwork.default.self_link}" + ] + } + references: + provider: google-beta + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "basic-network", + "provider": "${google-beta}" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "basic-subnetwork", + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_project.accepted_producer_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "prj-accepted", + "org_id": "123456789", + "project_id": "prj-accepted", + "provider": "${google-beta}" + } + google_project.rejected_producer_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "prj-rejected", + "org_id": "123456789", + "project_id": "prj-rejected", + "provider": "${google-beta}" + } + - name: default + manifest: |- + { + "connection_preference": "ACCEPT_AUTOMATIC", + "description": "my basic network attachment", + "name": "basic-network-attachment", + "provider": "${google-beta}", + "region": "us-central1", + "subnetworks": [ + "${google_compute_subnetwork.default.id}" + ] + } + references: + provider: google-beta + dependencies: + google_compute_instance.default: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "debian-cloud/debian-11" + } + ] + } + ], + "machine_type": "e2-micro", + "name": "basic-instance", + "network_interface": [ + { + "network": "default" + }, + { + "network_attachment": "${google_compute_network_attachment.default.self_link}" + } + ], + "provider": "${google-beta}", + "zone": "us-central1-a" + } + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "basic-network", + "provider": "${google-beta}" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "basic-subnetwork", + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "region": "us-central1" + } + argumentDocs: + connection_endpoints: |- + - + An array of connections for all the producers connected to this network attachment. + Structure is documented below. + connection_endpoints.ip_address: |- + - + (Output) + The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless. + connection_endpoints.project_id_or_num: |- + - + (Output) + The project id or number of the interface to which the IP was assigned. + connection_endpoints.secondary_ip_cidr_ranges: |- + - + (Output) + Alias IP ranges from the same subnetwork. + connection_endpoints.status: |- + - + (Output) + The status of a connected endpoint to this network attachment. + connection_endpoints.subnetwork: |- + - + (Output) + The subnetwork used to assign the IP to the producer instance network interface. + connection_preference: |- + - + (Required) + The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules. + Possible values are: ACCEPT_AUTOMATIC, ACCEPT_MANUAL, INVALID. + create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of this resource. Provide this property when you create the resource. + fingerprint: |- + - + Fingerprint of this resource. A hash of the contents stored in this object. This + field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch. + id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/networkAttachments/{{name}}' + kind: |- + - + Type of the resource. + name: |- + - + (Required) + Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + network: |- + - + The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated. + Because it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks. + producer_accept_lists: |- + - + (Optional) + Projects that are allowed to connect to this network attachment. The project can be specified using its id or number. + producer_reject_lists: |- + - + (Optional) + Projects that are not allowed to connect to this network attachment. The project can be specified using its id or number. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Required) + URL of the region where the network attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body. + self_link: |- + - + Server-defined URL for the resource. + self_link_with_id: |- + - + Server-defined URL for this resource's resource id. + subnetworks: |- + - + (Required) + An array of URLs where each entry is the URL of a subnet provided by the service consumer to use for endpoints in the producers that connect to this network attachment. + importStatements: [] google_compute_network_edge_security_service: subCategory: Compute Engine description: Google Cloud Armor network edge security service resource. @@ -31636,7 +36708,7 @@ resources: "description": "My basic resource", "name": "my-edge-security-service", "provider": "${google-beta}", - "region": "asia-southeast1" + "region": "us-east1" } references: provider: google-beta @@ -31869,9 +36941,9 @@ resources: that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or CONNECTION balancing modes. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value is GCE_VM_IP_PORT. - Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -32029,12 +37101,11 @@ resources: name: google_compute_network_firewall_policy title: "" examples: - - name: primary + - name: policy manifest: |- { - "description": "Sample global network firewall policy", - "name": "policy", - "project": "my-project-name" + "description": "Terraform test", + "name": "tf-test-policy" } argumentDocs: create: '- Default is 20 minutes.' @@ -32058,9 +37129,8 @@ resources: - The unique identifier for the resource. This identifier is defined by the server. project: |- - - - (Optional) - The project for the resource + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. rule_tuple_count: |- - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. @@ -32501,6 +37571,7 @@ resources: } google_container_cluster.private_cluster: |- { + "deletion_protection": "true", "initial_node_count": 1, "ip_allocation_policy": [ { @@ -32558,9 +37629,9 @@ resources: manifest: |- { "description": "example google_compute_node_group for Terraform Google Provider", + "initial_size": 1, "name": "soletenant-group", "node_template": "${google_compute_node_template.soletenant-tmpl.id}", - "size": 1, "zone": "us-central1-f" } references: @@ -32572,6 +37643,28 @@ resources: "node_type": "n1-node-96-624", "region": "us-central1" } + - name: nodes + manifest: |- + { + "description": "example google_compute_node_group for Terraform Google Provider", + "initial_size": 1, + "maintenance_interval": "RECURRENT", + "name": "soletenant-group", + "node_template": "${google_compute_node_template.soletenant-tmpl.id}", + "provider": "${google-beta}", + "zone": "us-central1-a" + } + references: + node_template: google_compute_node_template.soletenant-tmpl.id + provider: google-beta + dependencies: + google_compute_node_template.soletenant-tmpl: |- + { + "name": "soletenant-tmpl", + "node_type": "c2-node-60-240", + "provider": "${google-beta}", + "region": "us-central1" + } - name: nodes manifest: |- { @@ -32607,6 +37700,7 @@ resources: manifest: |- { "description": "example google_compute_node_group for Terraform Google Provider", + "initial_size": 1, "name": "soletenant-group", "node_template": "${google_compute_node_template.soletenant-tmpl.id}", "share_settings": [ @@ -32620,7 +37714,6 @@ resources: "share_type": "SPECIFIC_PROJECTS" } ], - "size": 1, "zone": "us-central1-f" } references: @@ -32641,12 +37734,14 @@ resources: "project_id": "project-id" } argumentDocs: + AS_NEEDED: ', RECURRENT.' "OFF": ', ON, ONLY_SCALE_OUT.' autoscaling_policy: |- - (Optional) If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups. + One of initial_size or autoscaling_policy must be configured on resource creation. Structure is documented below. autoscaling_policy.max_nodes: |- - @@ -32675,7 +37770,11 @@ resources: initial_size: |- - (Optional) - The initial number of nodes in the node group. One of initial_size or size must be specified. + The initial number of nodes in the node group. One of initial_size or autoscaling_policy must be configured on resource creation. + maintenance_interval: |- + - + (Optional, Beta) + Specifies the frequency of planned maintenance events. Set to one of the following: maintenance_policy: |- - (Optional) @@ -32723,8 +37822,7 @@ resources: Possible values are: ORGANIZATION, SPECIFIC_PROJECTS, LOCAL. size: |- - - (Optional) - The total number of nodes in the node group. One of initial_size or size must be specified. + The total number of nodes in the node group. update: '- Default is 20 minutes.' zone: |- - @@ -33509,12 +38607,12 @@ resources: Structure is documented below. preserved_state.external_ip: |- - - (Optional, Beta) + (Optional) Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. Structure is documented below. preserved_state.internal_ip: |- - - (Optional, Beta) + (Optional) Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. Structure is documented below. preserved_state.metadata: |- @@ -33524,6 +38622,9 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + remove_instance_on_destroy: |- + - (Optional) When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. remove_instance_state_on_destroy: |- - (Optional) When true, deleting this config will immediately remove any specified state from the underlying instance. When false, deleting this config will not immediately remove any state from the underlying instance. @@ -33854,8 +38955,6 @@ resources: - (Optional) Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. autoscaling_policy.scale_down_control: |- - (Optional, Beta) @@ -34089,6 +39188,20 @@ resources: ], "timeout_sec": 1 } + - name: default + manifest: |- + { + "iap": [ + { + "oauth2_client_id": "abc", + "oauth2_client_secret": "xyz" + } + ], + "load_balancing_scheme": "EXTERNAL", + "name": "tf-test-region-service-external", + "protocol": "HTTP", + "region": "us-central1" + } - name: default manifest: |- { @@ -35402,6 +40515,7 @@ resources: (Output) The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. + effective_labels: for all of the labels present on the resource. guest_os_features: |- - (Optional) @@ -35416,7 +40530,7 @@ resources: id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/disks/{{name}}' interface: |- - - (Optional, Beta) + (Optional, Beta, Deprecated) Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. label_fingerprint: |- - @@ -35521,6 +40635,10 @@ resources: that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. type: |- - (Optional) @@ -36274,12 +41392,12 @@ resources: version.instance_template: google_compute_instance_template.appserver-canary.self_link_unique argumentDocs: all_instances_config: |- - - (Optional, Beta) + - (Optional) Properties to set on all instances in the group. After setting allInstancesConfig on the group, you must update the group's instances to apply the configuration. - all_instances_config.labels: '- (Optional, Beta), The label key-value pairs that you want to patch onto the instance.' - all_instances_config.metadata: '- (Optional, Beta), The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.' + all_instances_config.labels: '- (Optional), The label key-value pairs that you want to patch onto the instance.' + all_instances_config.metadata: '- (Optional), The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.' auto_healing_policies: |- - (Optional) The autohealing policies for this managed instance group. You can specify only one value. Structure is documented below. For more information, see the official documentation. @@ -36304,7 +41422,7 @@ resources: - (Optional) The distribution policy for this managed instance group. You can specify one or more values. For more information, see the official documentation. fingerprint: '- The fingerprint of the instance group manager.' - id: '- an identifier for the resource with format {{disk.name}}' + id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}}' instance_group: '- The full URL of the instance group created by the manager.' instance_lifecycle_policy.force_update_on_repair: '- (Optional, (https://terraform.io/docs/providers/google/guides/provider_versions.html)), Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group''s update policy type.' list_managed_instances_results: |- @@ -36335,10 +41453,10 @@ resources: stateful_disk: '- (Optional) Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.' stateful_disk.delete_rule: '- (Optional), A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.' stateful_disk.device_name: '- (Required), The device name of the disk to be attached.' - stateful_external_ip: '- (Optional, Beta) External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' + stateful_external_ip: '- (Optional) External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' stateful_external_ip.delete_rule: '- (Optional), A value that prescribes what should happen to the external ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the external ip when the VM is permanently deleted from the instance group.' stateful_external_ip.interface_name: '- (Required), The network interface name of the external Ip. Possible value: nic0.' - stateful_internal_ip: '- (Optional, Beta) Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' + stateful_internal_ip: '- (Optional) Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' stateful_internal_ip.delete_rule: '- (Optional), A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group.' stateful_internal_ip.interface_name: '- (Required), The network interface name of the internal Ip. Possible value: nic0.' status.is_stable: '- A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.' @@ -36349,8 +41467,9 @@ resources: not affect existing instances. target_size: |- - (Optional) The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle.ignore_changes can be used to prevent Terraform from modifying the value. Defaults to 0. target_size.fixed: '- (Optional), The number of instances which are managed for this version. Conflicts with percent.' target_size.percent: |- - (Optional), The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. @@ -36602,7 +41721,8 @@ resources: - (Optional) Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. confidential_instance_config: (Optional) - Enable Confidential Mode on this VM. Structure is documented below - confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. + confidential_instance_config.confidential_instance_type: '(Optional) Beta Defines the confidential computing technology the instance uses. SEV is an AMD feature. One of the following values: SEV, SEV_SNP. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM.' + confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled on AMD SEV. on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. create: '- Default is 4 minutes.' custom-VCPUS-MEM_IN_MB: like custom-6-20480 for 6 vCPU and 20GB of RAM. delete: '- Default is 4 minutes.' @@ -36642,6 +41762,12 @@ resources: - (Optional) The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. + disk.provisioned_iops: |- + - (Optional) Indicates how many IOPS to provision for the disk. This + sets the number of I/O operations per second that the disk can handle. + Values must be between 10,000 and 120,000. For more details, see the + Extreme persistent disk documentation. + disk.resource_manager_tags: '- (Optional) A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.' disk.resource_policies: (Optional) -- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported. disk.source: |- - (Optional) The name (not self_link) @@ -36670,10 +41796,15 @@ resources: - (Optional) The type of GCE disk, can be either "SCRATCH" or "PERSISTENT". disk_encryption_key.kms_key_self_link: '- (Required) The self link of the encryption key that is stored in Google Cloud KMS' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. enable_display: |- - (Optional, ) Enable Virtual Displays on this instance. Note: allow_stopping_for_update must be set to true in order to update this field. guest_accelerator: '- (Optional) List of the type and count of accelerator cards attached to the instance. Structure documented below.' + guest_accelerator.count: (Required) - The number of the guest accelerator cards exposed to this instance. + guest_accelerator.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceTemplates/{{name}}' instance_description: |- - (Optional) A brief description to use for instances @@ -36685,13 +41816,10 @@ resources: - (Optional) A set of key/value label pairs to assign to instances created from this template. machine_type: '- (Required) The machine type to create.' - max_run_duration.count: (Required) - The number of the guest accelerator cards exposed to this instance. max_run_duration.local_ssd_recovery_timeout: |- - (Optional) (https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour. Structure is documented below. The local_ssd_recovery_timeout block supports: - max_run_duration.maintenance_interval: |- - - (Optional) Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC. - The guest_accelerator block supports: + max_run_duration.maintenance_interval: '- (Optional) Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.' max_run_duration.nanos: |- - (Optional) Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 @@ -36701,7 +41829,6 @@ resources: - (Required) Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - max_run_duration.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. metadata: |- - (Optional) Metadata key/value pairs to make available from within instances created from this template. @@ -36783,6 +41910,7 @@ resources: - (Optional) Specifies the label selector for the reservation to use.. Structure is documented below. reservation_affinity.type: '- (Required) The type of reservation from which this instance can consume resources.' + resource_manager_tags: '- (Optional) A set of key/value resource manager tag pairs to bind to the instance. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.' resource_policies: (Optional) -- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. scheduling: |- - (Optional) The scheduling strategy to use. More details about @@ -36808,11 +41936,15 @@ resources: here. scheduling.provisioning_model: |- - (Optional) Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here self_link: '- The URI of the created resource.' service_account: '- (Optional) Service account to attach to the instance. Structure is documented below.' + service_account.cloud-platform: |- + scope. + See Authenticate workloads using service accounts best practices + and Best practices for using service accounts. service_account.email: |- - (Optional) The service account e-mail address. If not given, the default Google Compute Engine service account is used. @@ -36844,10 +41976,95 @@ resources: specific_reservation.values: '- (Required) Corresponds to the label values of a reservation resource.' tags: '- (Optional) Tags to attach to the instance.' tags_fingerprint: '- The unique fingerprint of the tags.' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. + importStatements: [] + google_compute_region_network_endpoint: + subCategory: Compute Engine + description: A Region network endpoint represents a IP address/FQDN and port combination that is part of a specific network endpoint group (NEG). + name: google_compute_region_network_endpoint + title: "" + examples: + - name: region-internet-ip-port-endpoint + manifest: |- + { + "ip_address": "8.8.8.8", + "port": 443, + "region": "us-central1", + "region_network_endpoint_group": "${google_compute_region_network_endpoint_group.group.name}" + } + references: + region_network_endpoint_group: google_compute_region_network_endpoint_group.group.name + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "network" + } + google_compute_region_network_endpoint_group.group: |- + { + "name": "ip-port-neg", + "network": "${google_compute_network.default.id}", + "network_endpoint_type": "INTERNET_IP_PORT", + "region": "us-central1" + } + - name: region-internet-fqdn-port-endpoint + manifest: |- + { + "fqdn": "backend.example.com", + "port": 443, + "region": "us-central1", + "region_network_endpoint_group": "${google_compute_region_network_endpoint_group.group.name}" + } + references: + region_network_endpoint_group: google_compute_region_network_endpoint_group.group.name + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "network" + } + google_compute_region_network_endpoint_group.group: |- + { + "name": "fqdn-port-neg", + "network": "${google_compute_network.default.id}", + "network_endpoint_type": "INTERNET_FQDN_PORT", + "region": "us-central1" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + fqdn: |- + - + (Optional) + Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + id: '- an identifier for the resource with format {{project}}/{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}' + ip_address: |- + - + (Optional) + IPv4 address external endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT. + port: |- + - + (Required) + Port number of network endpoint. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + Region where the containing network endpoint group is located. + region_network_endpoint_group: |- + - + (Required) + The network endpoint group this endpoint is part of. importStatements: [] google_compute_region_network_endpoint_group: subCategory: Compute Engine - description: A regional NEG that can support Serverless Products. + description: A regional NEG that can support Serverless Products and proxying traffic to external backends. name: google_compute_region_network_endpoint_group title: "" examples: @@ -37012,7 +42229,7 @@ resources: { "bucket": "${google_storage_bucket.appengine_neg.name}", "name": "hello-world.zip", - "source": "./test-fixtures/appengine/hello-world.zip" + "source": "./test-fixtures/hello-world.zip" } - name: psc_neg manifest: |- @@ -37097,11 +42314,41 @@ resources: "purpose": "PRIVATE_SERVICE_CONNECT", "region": "europe-west4" } + - name: region_network_endpoint_group_internet_ip_port + manifest: |- + { + "name": "ip-port-neg", + "network": "${google_compute_network.default.id}", + "network_endpoint_type": "INTERNET_IP_PORT", + "region": "us-central1" + } + references: + network: google_compute_network.default.id + dependencies: + google_compute_network.default: |- + { + "name": "network" + } + - name: region_network_endpoint_group_internet_fqdn_port + manifest: |- + { + "name": "ip-port-neg", + "network": "${google_compute_network.default.id}", + "network_endpoint_type": "INTERNET_FQDN_PORT", + "region": "us-central1" + } + references: + network: google_compute_network.default.id + dependencies: + google_compute_network.default: |- + { + "name": "network" + } argumentDocs: app_engine: |- - (Optional) - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. app_engine.service: |- @@ -37129,7 +42376,7 @@ resources: cloud_function: |- - (Optional) - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. cloud_function.function: |- @@ -37150,7 +42397,7 @@ resources: cloud_run: |- - (Optional) - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. cloud_run.service: |- @@ -37197,32 +42444,33 @@ resources: network: |- - (Optional) - This field is only used for PSC. + This field is only used for PSC and INTERNET NEGs. The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. network_endpoint_type: |- - (Optional) - Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value is SERVERLESS. - Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. psc_target_service: |- - (Optional) + This field is only used for PSC and INTERNET NEGs. The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. region: |- - (Required) - A reference to the region where the Serverless NEGs Reside. + A reference to the region where the regional NEGs reside. self_link: '- The URI of the created resource.' serverless_deployment: |- - (Optional, Beta) - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set. Structure is documented below. serverless_deployment.platform: |- @@ -37251,7 +42499,7 @@ resources: subnetwork: |- - (Optional) - This field is only used for PSC. + This field is only used for PSC NEGs. Optional URL of the subnetwork to which all network endpoints in the NEG belong. importStatements: [] google_compute_region_network_firewall_policy: @@ -37260,13 +42508,11 @@ resources: name: google_compute_region_network_firewall_policy title: "" examples: - - name: primary + - name: policy manifest: |- { - "description": "Sample regional network firewall policy", - "name": "policy", - "project": "my-project-name", - "region": "us-west1" + "description": "Terraform test", + "name": "tf-test-policy" } argumentDocs: create: '- Default is 20 minutes.' @@ -37287,13 +42533,12 @@ resources: (Required) User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. project: |- - - - (Optional) - The project for the resource + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. region: |- - (Optional) - The location of this resource. + The region of this resource. region_network_firewall_policy_id: |- - The unique identifier for the resource. This identifier is defined by the server. @@ -37765,12 +43010,12 @@ resources: Structure is documented below. preserved_state.external_ip: |- - - (Optional, Beta) + (Optional) Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. Structure is documented below. preserved_state.internal_ip: |- - - (Optional, Beta) + (Optional) Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. Structure is documented below. preserved_state.metadata: |- @@ -37788,6 +43033,9 @@ resources: - (Required) The region instance group manager this instance config is part of. + remove_instance_on_destroy: |- + - (Optional) When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. remove_instance_state_on_destroy: |- - (Optional) When true, deleting this config will immediately remove any specified state from the underlying instance. When false, deleting this config will not immediately remove any state from the underlying instance. @@ -37825,9 +43073,36 @@ resources: } references: provider: google-beta + - name: region-sec-policy-user-defined-fields + manifest: |- + { + "description": "with user defined fields", + "name": "my-sec-policy-user-defined-fields", + "provider": "${google-beta}", + "type": "CLOUD_ARMOR_NETWORK", + "user_defined_fields": [ + { + "base": "UDP", + "mask": "0x8F00", + "name": "SIG1_AT_0", + "offset": 8, + "size": 2 + }, + { + "base": "UDP", + "mask": "0xFFFFFFFF", + "name": "SIG2_AT_8", + "offset": 16, + "size": 4 + } + ] + } + references: + provider: google-beta argumentDocs: ADVANCED: ', ADVANCED_PREVIEW, STANDARD.' CLOUD_ARMOR: ', CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.' + IPV4: ', IPV6, TCP, UDP.' create: '- Default is 20 minutes.' ddos_protection_config: |- - @@ -37875,6 +43150,328 @@ resources: (Optional) The type indicates the intended use of the security policy. update: '- Default is 20 minutes.' + user_defined_fields: |- + - + (Optional) + Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. + A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. + Rules may then specify matching values for these fields. + Structure is documented below. + user_defined_fields.base: |- + - + (Required) + The base relative to which 'offset' is measured. Possible values are: + user_defined_fields.mask: |- + - + (Optional) + If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. + Encoded as a hexadecimal number (starting with "0x"). + The last byte of the field (in network byte order) corresponds to the least significant byte of the mask. + user_defined_fields.name: |- + - + (Optional) + The name of this field. Must be unique within the policy. + user_defined_fields.offset: |- + - + (Optional) + Offset of the first byte of the field (in network byte order) relative to 'base'. + user_defined_fields.size: |- + - + (Optional) + Size of the field in bytes. Valid values: 1-4. + importStatements: [] + google_compute_region_security_policy_rule: + subCategory: Compute Engine + description: A rule for the RegionSecurityPolicy. + name: google_compute_region_security_policy_rule + title: "" + examples: + - name: policy_rule + manifest: |- + { + "action": "allow", + "description": "new rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 100, + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.default.name}" + } + references: + provider: google-beta + security_policy: google_compute_region_security_policy.default.name + dependencies: + google_compute_region_security_policy.default: |- + { + "description": "basic region security policy", + "name": "policyruletest", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR" + } + - name: policy_rule_one + manifest: |- + { + "action": "allow", + "description": "new rule one", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 100, + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.default.name}" + } + references: + provider: google-beta + security_policy: google_compute_region_security_policy.default.name + dependencies: + google_compute_region_security_policy.default: |- + { + "description": "basic region security policy", + "name": "policywithmultiplerules", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR" + } + - name: policy_rule_two + manifest: |- + { + "action": "allow", + "description": "new rule two", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "192.168.0.0/16", + "10.0.0.0/8" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 101, + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.default.name}" + } + references: + provider: google-beta + security_policy: google_compute_region_security_policy.default.name + dependencies: + google_compute_region_security_policy.default: |- + { + "description": "basic region security policy", + "name": "policywithmultiplerules", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR" + } + - name: policy_rule_network_match + manifest: |- + { + "action": "allow", + "description": "custom rule for network match", + "network_match": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ], + "user_defined_fields": [ + { + "name": "SIG1_AT_0", + "values": [ + "0x8F00" + ] + } + ] + } + ], + "preview": true, + "priority": 100, + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.policynetworkmatch.name}" + } + references: + provider: google-beta + security_policy: google_compute_region_security_policy.policynetworkmatch.name + dependencies: + google_compute_network_edge_security_service.edge_sec_service: |- + { + "description": "linking policy to edge security service", + "name": "edgesecservice", + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.policyddosprotection.self_link}" + } + google_compute_region_security_policy.policyddosprotection: |- + { + "ddos_protection_config": [ + { + "ddos_protection": "ADVANCED_PREVIEW" + } + ], + "description": "policy for activating network DDoS protection for the desired region", + "name": "policyddosprotection", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR_NETWORK" + } + google_compute_region_security_policy.policynetworkmatch: |- + { + "depends_on": [ + "${google_compute_network_edge_security_service.edge_sec_service}" + ], + "description": "region security policy for network match", + "name": "policyfornetworkmatch", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR_NETWORK", + "user_defined_fields": [ + { + "base": "TCP", + "mask": "0x8F00", + "name": "SIG1_AT_0", + "offset": 8, + "size": 2 + } + ] + } + argumentDocs: + action: |- + - + (Required) + The Action to perform when the rule is matched. The following are the valid actions: + config.src_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of srcIpRanges allowed is 10. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of this resource. Provide this property when you create the resource. + id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}' + match: |- + - + (Optional) + A match condition that incoming traffic is evaluated against. + If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + match.config: |- + - + (Optional) + The configuration options available when specifying versionedExpr. + This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified. + Structure is documented below. + match.versioned_expr: |- + - + (Optional) + Preconfigured versioned expression. If this field is specified, config must also be specified. + Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. + Possible values are: SRC_IPS_V1. + network_match: |- + - + (Optional) + A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. + The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). + Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. + Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. + For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. + Example: + networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" + The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive + Structure is documented below. + network_match.dest_ip_ranges: |- + - + (Optional) + Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format. + network_match.dest_ports: |- + - + (Optional) + Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023"). + network_match.ip_protocols: |- + - + (Optional) + IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. "6"), range (e.g. "253-254"), or one of the following protocol names: "tcp", "udp", "icmp", "esp", "ah", "ipip", or "sctp". + network_match.src_asns: |- + - + (Optional) + BGP Autonomous System Number associated with the source IP address. + network_match.src_ip_ranges: |- + - + (Optional) + Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format. + network_match.src_ports: |- + - + (Optional) + Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023"). + network_match.src_region_codes: |- + - + (Optional) + Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address. + network_match.user_defined_fields: |- + - + (Optional) + User-defined fields. Each element names a defined field and lists the matching values for that field. + Structure is documented below. + preview: |- + - + (Optional) + If set to true, the specified action is not enforced. + priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Required) + The Region in which the created Region Security Policy rule should reside. + security_policy: |- + - + (Required) + The name of the security policy this rule belongs to. + update: '- Default is 20 minutes.' + user_defined_fields.name: |- + - + (Optional) + Name of the user-defined field, as given in the definition. + user_defined_fields.values: |- + - + (Optional) + Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with "0x") number (e.g. "64") or range (e.g. "0x400-0x7ff"). importStatements: [] google_compute_region_ssl_certificate: subCategory: Compute Engine @@ -38248,7 +43845,51 @@ resources: ], "region": "us-central1" } + - name: default + manifest: |- + { + "certificate_manager_certificates": [ + "//certificatemanager.googleapis.com/${google_certificate_manager_certificate.default.id}" + ], + "name": "target-http-proxy", + "url_map": "${google_compute_region_url_map.default.id}" + } + references: + url_map: google_compute_region_url_map.default.id + dependencies: + google_certificate_manager_certificate.default: |- + { + "location": "us-central1", + "name": "my-certificate", + "self_managed": [ + { + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" + } + ] + } + google_compute_region_backend_service.default: |- + { + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "backend-service", + "protocol": "HTTPS", + "region": "us-central1", + "timeout_sec": 30 + } + google_compute_region_url_map.default: |- + { + "default_service": "${google_compute_region_backend_service.default.id}", + "name": "url-map", + "region": "us-central1" + } argumentDocs: + certificate_manager_certificates: |- + - + (Optional) + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} create: '- Default is 20 minutes.' creation_timestamp: |- - @@ -38283,13 +43924,13 @@ resources: self_link: '- The URI of the created resource.' ssl_certificates: |- - - (Required) - A list of RegionSslCertificate resources that are used to authenticate - connections between users and the load balancer. Currently, exactly - one SSL certificate must be specified. + (Optional) + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. ssl_policy: |- - - (Optional, Beta) + (Optional) A reference to the Region SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured. @@ -39417,7 +45058,7 @@ resources: "ip_cidr_range": "10.0.0.0/24", "name": "l7-ilb-proxy-subnet", "network": "${google_compute_network.default.id}", - "purpose": "INTERNAL_HTTPS_LOAD_BALANCER", + "purpose": "REGIONAL_MANAGED_PROXY", "region": "europe-west1", "role": "ACTIVE" } @@ -39709,7 +45350,7 @@ resources: "ip_cidr_range": "10.0.0.0/24", "name": "l7-ilb-proxy-subnet", "network": "${google_compute_network.default.id}", - "purpose": "INTERNAL_HTTPS_LOAD_BALANCER", + "purpose": "REGIONAL_MANAGED_PROXY", "region": "europe-west1", "role": "ACTIVE" } @@ -41670,6 +47311,91 @@ resources: "network": "${google_compute_network.net.id}", "region": "us-central1" } + - name: nat_type + manifest: |- + { + "enable_dynamic_port_allocation": false, + "enable_endpoint_independent_mapping": false, + "min_ports_per_vm": 32, + "name": "my-router-nat", + "provider": "${google-beta}", + "region": "${google_compute_router.router.region}", + "router": "${google_compute_router.router.name}", + "rules": [ + { + "action": [ + { + "source_nat_active_ranges": [ + "${google_compute_subnetwork.subnet.self_link}" + ] + } + ], + "description": "rule for private nat", + "match": "nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"", + "rule_number": 100 + } + ], + "source_subnetwork_ip_ranges_to_nat": "LIST_OF_SUBNETWORKS", + "subnetwork": [ + { + "name": "${google_compute_subnetwork.subnet.id}", + "source_ip_ranges_to_nat": [ + "ALL_IP_RANGES" + ] + } + ], + "type": "PRIVATE" + } + references: + provider: google-beta + region: google_compute_router.router.region + router: google_compute_router.router.name + subnetwork.name: google_compute_subnetwork.subnet.id + dependencies: + google_compute_network.net: |- + { + "name": "my-network", + "provider": "${google-beta}" + } + google_compute_router.router: |- + { + "name": "my-router", + "network": "${google_compute_network.net.id}", + "provider": "${google-beta}", + "region": "${google_compute_subnetwork.subnet.region}" + } + google_compute_subnetwork.subnet: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "my-subnetwork", + "network": "${google_compute_network.net.id}", + "provider": "${google-beta}", + "purpose": "PRIVATE_NAT", + "region": "us-central1" + } + google_network_connectivity_hub.hub: |- + { + "description": "vpc hub for inter vpc nat", + "name": "my-hub", + "provider": "${google-beta}" + } + google_network_connectivity_spoke.spoke: |- + { + "description": "vpc spoke for inter vpc nat", + "hub": "${google_network_connectivity_hub.hub.id}", + "linked_vpc_network": [ + { + "exclude_export_ranges": [ + "198.51.100.0/24", + "10.10.0.0/16" + ], + "uri": "${google_compute_network.net.self_link}" + } + ], + "location": "global", + "name": "my-spoke", + "provider": "${google-beta}" + } argumentDocs: action.source_nat_active_ips: |- - @@ -41677,6 +47403,12 @@ resources: A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT. + action.source_nat_active_ranges: |- + - + (Optional, Beta) + A list of URLs of the subnetworks used as source ranges for this NAT Rule. + These subnetworks must have purpose set to PRIVATE_NAT. + This field is used for private NAT. action.source_nat_drain_ips: |- - (Optional) @@ -41684,6 +47416,12 @@ resources: These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT. + action.source_nat_drain_ranges: |- + - + (Optional, Beta) + A list of URLs of subnetworks representing source ranges to be drained. + This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. + This field is used for private NAT. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' drain_nat_ips: |- @@ -41703,8 +47441,8 @@ resources: enable_endpoint_independent_mapping: |- - (Optional) - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the official documentation. + Enable endpoint independent mapping. + For more information see the official documentation. icmp_idle_timeout_sec: |- - (Optional) @@ -41732,7 +47470,7 @@ resources: min_ports_per_vm: |- - (Optional) - Minimum number of ports allocated to a VM from this NAT. + Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. name: |- - (Required) @@ -41740,7 +47478,7 @@ resources: comply with RFC1035. nat_ip_allocate_option: |- - - (Required) + (Optional) How external IPs should be allocated for this NAT. Valid values are AUTO_ONLY for only allowing NAT IPs allocated by Google Cloud Platform, or MANUAL_ONLY for only user-allocated NAT IP addresses. @@ -41843,6 +47581,15 @@ resources: (Optional) Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. + type: |- + - + (Optional, Beta) + Indicates whether this NAT is used for public or private IP translation. + If unspecified, it defaults to PUBLIC. + If PUBLIC NAT used for public IP translation. + If PRIVATE NAT used for private IP translation. + Default value is PUBLIC. + Possible values are: PUBLIC, PRIVATE. udp_idle_timeout_sec: |- - (Optional) @@ -42019,9 +47766,10 @@ resources: "name": "my-router-spoke" } argumentDocs: - ALL_PEER_VPC_SUBNETS: ': Advertises peer subnets of the router''s VPC network.' - ALL_SUBNETS: ': Advertises all available subnets, including peer VPC subnets.' - ALL_VPC_SUBNETS: ': Advertises the router''s own VPC subnets.' + ALL_SUBNETS: |- + : Advertises all of the router's own VPC subnets. + This excludes any routes learned for subnets that use VPC Network + Peering. CUSTOM: |- and overrides the list defined for the router (in the "bgp" message). These groups are advertised in addition to any specified prefixes. @@ -42047,7 +47795,7 @@ resources: - (Optional) User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: + mode, which currently supports the following option: advertised_ip_ranges: |- - (Optional) @@ -42373,6 +48121,37 @@ resources: '{ban/rate_limit}_threshold.interval_sec': '- (Required) Interval over which the threshold is computed.' '{ban/rate_limit}_threshold.target': '- (Optional) Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.' '{ban/rate_limit}_threshold.type': '- (Required) Type of the redirect action.' + ALL: ': A single rate limit threshold is applied to all the requests matching this rule.' + CLOUD_ARMOR: |- + - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. + They filter requests before they hit the origin servers. + CLOUD_ARMOR_EDGE: |- + - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services + (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). + They filter requests before the request is served from Google's cache. + CLOUD_ARMOR_INTERNAL_SERVICE: |- + - Cloud Armor internal service policies can be configured to filter HTTP requests targeting services + managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. + CONTAINS: ': The operator matches if the field value contains the specified value.' + DISABLED: '- Don''t parse JSON payloads in POST bodies.' + ENDS_WITH: ': The operator matches if the field value ends with the specified value.' + EQUALS: ': The operator matches if the field value equals the specified value.' + EQUALS_ANY: ': The operator matches if the field value is any value.' + EXTERNAL_302: ': Redirect to an external address, configured in target.' + GOOGLE_RECAPTCHA: ': Redirect to Google reCAPTCHA.' + HTTP_COOKIE: ': The value of the HTTP cookie whose name is configured under enforce_on_key_name. The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.' + HTTP_HEADER: ': The value of the HTTP header whose name is configured under enforce_on_key_name. The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.' + HTTP_PATH: ': The URL path of the HTTP request. The key value is truncated to the first 128 bytes' + IP: ': The source IP address of the request is the key. Each IP has this limit enforced separately.' + NORMAL: '- Normal log level.' + PREMIUM: '- transparent rules.' + REGION_CODE: ': The country/region from which the request originates.' + SNI: ': Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.' + SRC_IPS_V1: ': Must specify the corresponding src_ip_ranges field in config.' + STANDARD: '- Parse JSON payloads in POST bodies.' + STARTS_WITH: ': The operator matches if the field value starts with the specified value.' + VERBOSE: '- Verbose log level.' + XFF_IP: ': The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key type defaults to ALL.' adaptive_protection_config: '- (Optional) Configuration for Google Cloud Armor Adaptive Protection. Structure is documented below.' adaptive_protection_config.auto_deploy_config: '- (Optional, Beta) Configuration for Automatically deploy Adaptive Protection suggested rules. Structure is documented below.' adaptive_protection_config.layer_7_ddos_defense_config: '- (Optional) Configuration for Google Cloud Armor Adaptive Protection Layer 7 DDoS Defense. Structure is documented below.' @@ -42384,17 +48163,20 @@ resources: json_parsing is set to STANDARD. Structure is documented below. advanced_options_config.json_parsing: '- Whether or not to JSON parse the payload body. Defaults to DISABLED.' advanced_options_config.log_level: '- Log level to use. Defaults to NORMAL.' + advanced_options_config.user_ip_request_headers: '- (Optional) An optional list of case-insensitive request header names to use for resolving the callers client IP address.' + allow: ': allow access to target.' auto_deploy_config.confidence_threshold: '- (Optional) Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.' auto_deploy_config.expiration_sec: '- (Optional) Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.' auto_deploy_config.impacted_baseline_threshold: '- (Optional) Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.' auto_deploy_config.load_threshold: '- (Optional) Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.' config.src_ip_ranges: |- - (Required) Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation - to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs + to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs (can be used to override the default behavior). + deny(): ': deny access to target, returns the HTTP response code specified (valid values are 403, 404, and 502).' description: '- (Optional) An optional description of this security policy. Max size is 2048.' - enforce_on_key_configs.enforce_on_key_name: '- (Optional) Rate limit key name applicable only for the following key types: HTTP_HEADER: Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE: Name of the HTTP cookie whose value is taken as the key value.' - enforce_on_key_configs.enforce_on_key_type: '- (Optional) Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to "ALL".' + enforce_on_key_configs.enforce_on_key_name: '- (Optional) Rate limit key name applicable only for the following key types:' + enforce_on_key_configs.enforce_on_key_type: '- (Optional) Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL.' enforce_on_key_configs.exceed_redirect_options: '- (Optional) Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. Structure is documented below.' expr.expression: |- - (Required) Textual representation of an expression in Common Expression Language syntax. @@ -42410,7 +48192,7 @@ resources: RFC 1341. When configuring a custom Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded. layer_7_ddos_defense_config.enable: '- (Optional) If set to true, enables CAAP for L7 DDoS detection.' - layer_7_ddos_defense_config.rule_visibility: '- (Optional) Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.' + layer_7_ddos_defense_config.rule_visibility: '- (Optional) Rule visibility can be one of the following:' match.config: |- - (Optional) The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. @@ -42433,29 +48215,31 @@ resources: project: |- - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used. + rate_based_ban: ': limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in rate_limit_options. Requires rate_limit_options to be set.' rate_limit_options.ban_duration_sec: |- - - (Optional) Can only be specified if the action for the rule is "rate_based_ban". + - (Optional) Can only be specified if the action for the rule is rate_based_ban. If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. rate_limit_options.ban_threshold: |- - - (Optional) Can only be specified if the action for the rule is "rate_based_ban". - If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - exceed this 'ban_threshold'. Structure is documented below. - rate_limit_options.conform_action: '- (Required) Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.' - rate_limit_options.enforce_on_key: '- (Optional) Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to "ALL".' - rate_limit_options.enforce_on_key_configs: '- (Optional, Beta) If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which ratelimit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must be set to an empty string. Structure is documented below.' - rate_limit_options.enforce_on_key_name: '- (Optional) Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.' + - (Optional) Can only be specified if the action for the rule is rate_based_ban. + If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + exceed this ban_threshold. Structure is documented below. + rate_limit_options.conform_action: '- (Required) Action to take for requests that are under the configured rate limit threshold. Valid option is allow only.' + rate_limit_options.enforce_on_key: '- (Optional) Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL.' + rate_limit_options.enforce_on_key_configs: '- (Optional, Beta) If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which rate limit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must be set to an empty string. Structure is documented below.' + rate_limit_options.enforce_on_key_name: '- (Optional) Rate limit key name applicable only for the following key types:' rate_limit_options.exceed_action: |- - (Required) When a request is denied, returns the HTTP response code specified. - Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + Valid options are deny() where valid values for status are 403, 404, 429, and 502. rate_limit_options.rate_limit_threshold: '- (Required) Threshold at which to begin ratelimiting. Structure is documented below.' recaptcha_options_config: '- (Optional) reCAPTCHA Configuration Options. Structure is documented below.' recaptcha_options_config.redirect_site_key: '- (Required) A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.' - redirect_options.target: '- (Optional) External redirection target when "EXTERNAL_302" is set in ''type''.' + redirect: ': redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirect_options.' + redirect_options.target: '- (Optional) External redirection target when EXTERNAL_302 is set in type.' redirect_options.type: '- (Required) Type of redirect action.' request_header.operator: '- (Required) You can specify an exact match or a partial match by using a field operator and a field value.' request_header.value: |- - (Optional) A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. - The field value must be given if the field operator is not "EQUALS_ANY", and cannot be given if the field operator is "EQUALS_ANY". + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. rule: |- - (Optional) The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a @@ -42477,12 +48261,12 @@ resources: Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. rule.rate_limit_options: |- - (Optional) - Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for other actions. Structure is documented below. + Must be specified if the action is rate_based_ban or throttle. Cannot be specified for other actions. Structure is documented below. rule.redirect_options: |- - (Optional) - Can be specified if the action is "redirect". Cannot be specified for other actions. Structure is documented below. + Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. self_link: '- The URI of the created resource.' - src_ip_ranges: field in config. + throttle: ': limit client traffic to the configured threshold. Configure parameters for this action in rate_limit_options. Requires rate_limit_options to be set for this.' type: '- The type indicates the intended use of the security policy. This field can be set only at resource creation time.' importStatements: [] google_compute_service_attachment: @@ -42834,7 +48618,6 @@ resources: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - For newly created service attachment, this boolean defaults to true. region: |- - (Optional) @@ -42972,6 +48755,9 @@ resources: disk_size_gb: |- - Size of the snapshot, specified in GB. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/global/snapshots/{{name}}' label_fingerprint: |- - @@ -42981,6 +48767,8 @@ resources: - (Optional) Labels to apply to this Snapshot. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. licenses: |- - A list of public visible licenses that apply to this snapshot. This @@ -43069,6 +48857,10 @@ resources: - (Optional) Cloud Storage bucket storage location of the snapshot (regional or multi-regional). + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' zone: |- - @@ -43421,7 +49213,7 @@ resources: "name": "l7lb-test-subnetwork", "network": "${google_compute_network.custom-test.id}", "provider": "${google-beta}", - "purpose": "INTERNAL_HTTPS_LOAD_BALANCER", + "purpose": "REGIONAL_MANAGED_PROXY", "region": "us-central1", "role": "ACTIVE" } @@ -43472,7 +49264,54 @@ resources: "enable_ula_internal_ipv6": true, "name": "internal-ipv6-test-network" } + - name: subnetwork-purpose-private-nat + manifest: |- + { + "ip_cidr_range": "192.168.1.0/24", + "name": "subnet-purpose-test-subnetwork", + "network": "${google_compute_network.custom-test.id}", + "provider": "${google-beta}", + "purpose": "PRIVATE_NAT", + "region": "us-west2" + } + references: + network: google_compute_network.custom-test.id + provider: google-beta + dependencies: + google_compute_network.custom-test: |- + { + "auto_create_subnetworks": false, + "name": "subnet-purpose-test-network", + "provider": "${google-beta}" + } + - name: subnetwork-cidr-overlap + manifest: |- + { + "allow_subnet_cidr_routes_overlap": true, + "ip_cidr_range": "192.168.1.0/24", + "name": "subnet-cidr-overlap", + "network": "${google_compute_network.net-cidr-overlap.id}", + "provider": "${google-beta}", + "region": "us-west2" + } + references: + network: google_compute_network.net-cidr-overlap.id + provider: google-beta + dependencies: + google_compute_network.net-cidr-overlap: |- + { + "auto_create_subnetworks": false, + "name": "net-cidr-overlap", + "provider": "${google-beta}" + } argumentDocs: + allow_subnet_cidr_routes_overlap: |- + - + (Optional, Beta) + Typically packets destined to IPs within the subnetwork range that do not match + existing resources are dropped and prevented from leaving the VPC. + Setting this field to true will allow these packets to match dynamic routes injected + via BGP even if their destinations match existing subnet ranges. create: '- Default is 20 minutes.' creation_timestamp: |- - @@ -43486,12 +49325,16 @@ resources: creation time. external_ipv6_prefix: |- - + (Optional) The range of external IPv6 addresses that are owned by this subnetwork. gateway_address: |- - The gateway address for default routes to reach destination addresses outside this subnetwork. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + internal_ipv6_prefix: |- + - + The internal IPv6 address range that is assigned to this subnetwork. ip_cidr_range: |- - (Required) @@ -43512,9 +49355,10 @@ resources: log_config: |- - (Optional) - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the purpose of this - subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet purpose field is set to subnetwork is + REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. Structure is documented below. log_config.aggregation_interval: |- - @@ -43582,13 +49426,13 @@ resources: purpose: |- - (Optional) - The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the purpose defaults to PRIVATE_RFC_1918. - The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. region: |- - (Optional) @@ -43597,10 +49441,10 @@ resources: - (Optional) The role of subnetwork. + Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. - An ACTIVE subnetwork is one that is currently being used. + An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. Possible values are: ACTIVE, BACKUP. secondary_ip_range: |- - @@ -44210,7 +50054,182 @@ resources: } ] } + - name: default + manifest: |- + { + "name": "test-mtls-proxy", + "provider": "${google-beta}", + "server_tls_policy": "${google_network_security_server_tls_policy.default.id}", + "ssl_certificates": [ + "${google_compute_ssl_certificate.default.id}" + ], + "url_map": "${google_compute_url_map.default.id}" + } + references: + provider: google-beta + server_tls_policy: google_network_security_server_tls_policy.default.id + url_map: google_compute_url_map.default.id + dependencies: + google_certificate_manager_trust_config.default: |- + { + "description": "sample description for the trust config", + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "my-trust-config", + "provider": "${google-beta}", + "trust_stores": [ + { + "intermediate_cas": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ], + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ] + } + ] + } + google_compute_backend_service.default: |- + { + "health_checks": [ + "${google_compute_http_health_check.default.id}" + ], + "name": "backend-service", + "port_name": "http", + "protocol": "HTTP", + "provider": "${google-beta}", + "timeout_sec": 10 + } + google_compute_http_health_check.default: |- + { + "check_interval_sec": 1, + "name": "http-health-check", + "provider": "${google-beta}", + "request_path": "/", + "timeout_sec": 1 + } + google_compute_ssl_certificate.default: |- + { + "certificate": "${file(\"path/to/certificate.crt\")}", + "name": "my-certificate", + "private_key": "${file(\"path/to/private.key\")}", + "provider": "${google-beta}" + } + google_compute_url_map.default: |- + { + "default_service": "${google_compute_backend_service.default.id}", + "description": "a description", + "host_rule": [ + { + "hosts": [ + "mysite.com" + ], + "path_matcher": "allpaths" + } + ], + "name": "url-map", + "path_matcher": [ + { + "default_service": "${google_compute_backend_service.default.id}", + "name": "allpaths", + "path_rule": [ + { + "paths": [ + "/*" + ], + "service": "${google_compute_backend_service.default.id}" + } + ] + } + ], + "provider": "${google-beta}" + } + google_network_security_server_tls_policy.default: |- + { + "allow_open": "false", + "description": "my description", + "location": "global", + "mtls_policy": [ + { + "client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT", + "client_validation_trust_config": "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}" + } + ], + "name": "my-tls-policy", + "provider": "${google-beta}" + } + - name: default + manifest: |- + { + "certificate_manager_certificates": [ + "//certificatemanager.googleapis.com/${google_certificate_manager_certificate.default.id}" + ], + "name": "target-http-proxy", + "url_map": "${google_compute_url_map.default.id}" + } + references: + url_map: google_compute_url_map.default.id + dependencies: + google_certificate_manager_certificate.default: |- + { + "name": "my-certificate", + "scope": "ALL_REGIONS", + "self_managed": [ + { + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" + } + ] + } + google_compute_backend_service.default: |- + { + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "backend-service", + "port_name": "http", + "protocol": "HTTP", + "timeout_sec": 10 + } + google_compute_url_map.default: |- + { + "default_service": "${google_compute_backend_service.default.id}", + "description": "a description", + "host_rule": [ + { + "hosts": [ + "mysite.com" + ], + "path_matcher": "allpaths" + } + ], + "name": "url-map", + "path_matcher": [ + { + "default_service": "${google_compute_backend_service.default.id}", + "name": "allpaths", + "path_rule": [ + { + "paths": [ + "/*" + ], + "service": "${google_compute_backend_service.default.id}" + } + ] + } + ] + } argumentDocs: + certificate_manager_certificates: |- + - + (Optional) + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} certificate_map: |- - (Optional) @@ -44267,11 +50286,24 @@ resources: Default value is NONE. Possible values are: NONE, ENABLE, DISABLE. self_link: '- The URI of the created resource.' + server_tls_policy: |- + - + (Optional) + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. ssl_certificates: |- - (Optional) - A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - connections between users and the load balancer. At least one resource must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates can not be defined together. ssl_policy: |- - (Optional) @@ -44354,6 +50386,94 @@ resources: "provider": "${google-beta}", "zone": "us-central1-a" } + - name: default + manifest: |- + { + "instance": "${google_compute_instance.target-vm.id}", + "name": "target-instance", + "provider": "${google-beta}", + "security_policy": "${google_compute_region_security_policy.regionsecuritypolicy.self_link}", + "zone": "southamerica-west1-a" + } + references: + instance: google_compute_instance.target-vm.id + provider: google-beta + security_policy: google_compute_region_security_policy.regionsecuritypolicy.self_link + dependencies: + google_compute_instance.target-vm: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "${data.google_compute_image.vmimage.self_link}" + } + ] + } + ], + "machine_type": "e2-medium", + "name": "target-vm", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "${google_compute_network.default.self_link}", + "subnetwork": "${google_compute_subnetwork.default.self_link}" + } + ], + "provider": "${google-beta}", + "zone": "southamerica-west1-a" + } + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "custom-default-network", + "provider": "${google-beta}", + "routing_mode": "REGIONAL" + } + google_compute_network_edge_security_service.edge_sec_service: |- + { + "name": "tf-test-edgesec", + "provider": "${google-beta}", + "region": "southamerica-west1", + "security_policy": "${google_compute_region_security_policy.policyddosprotection.self_link}" + } + google_compute_region_security_policy.policyddosprotection: |- + { + "ddos_protection_config": [ + { + "ddos_protection": "ADVANCED_PREVIEW" + } + ], + "description": "ddos protection security policy to set target instance", + "name": "tf-test-policyddos", + "provider": "${google-beta}", + "region": "southamerica-west1", + "type": "CLOUD_ARMOR_NETWORK" + } + google_compute_region_security_policy.regionsecuritypolicy: |- + { + "depends_on": [ + "${google_compute_network_edge_security_service.edge_sec_service}" + ], + "description": "basic security policy for target instance", + "name": "region-secpolicy", + "provider": "${google-beta}", + "region": "southamerica-west1", + "type": "CLOUD_ARMOR_NETWORK" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.1.2.0/24", + "name": "custom-default-subnet", + "network": "${google_compute_network.default.id}", + "private_ipv6_google_access": "DISABLE_GOOGLE_ACCESS", + "provider": "${google-beta}", + "purpose": "PRIVATE", + "region": "southamerica-west1", + "stack_type": "IPV4_ONLY" + } argumentDocs: create: '- Default is 20 minutes.' creation_timestamp: |- @@ -44398,7 +50518,12 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + security_policy: |- + - + (Optional, Beta) + The resource URL for the security policy associated with this target instance. self_link: '- The URI of the created resource.' + update: '- Default is 20 minutes.' zone: |- - (Optional) @@ -44459,6 +50584,7 @@ resources: region: |- - (Optional) Where the target pool resides. Defaults to project region. + security_policy: '- (Optional, Beta) The resource URL for the security policy associated with this target pool.' self_link: '- The URI of the created resource.' session_affinity: |- - (Optional) How to distribute load. Options are "NONE" (no @@ -46469,6 +52595,9 @@ resources: "${google_compute_forwarding_rule.fr_udp500}", "${google_compute_forwarding_rule.fr_udp4500}" ], + "labels": { + "foo": "bar" + }, "name": "tunnel-1", "peer_ip": "15.0.0.120", "shared_secret": "a secret message", @@ -46521,78 +52650,6 @@ resources: "name": "vpn-1", "network": "${google_compute_network.network1.id}" } - - name: tunnel1 - manifest: |- - { - "depends_on": [ - "${google_compute_forwarding_rule.fr_esp}", - "${google_compute_forwarding_rule.fr_udp500}", - "${google_compute_forwarding_rule.fr_udp4500}" - ], - "labels": { - "foo": "bar" - }, - "name": "tunnel-1", - "peer_ip": "15.0.0.120", - "provider": "${google-beta}", - "shared_secret": "a secret message", - "target_vpn_gateway": "${google_compute_vpn_gateway.target_gateway.id}" - } - references: - provider: google-beta - target_vpn_gateway: google_compute_vpn_gateway.target_gateway.id - dependencies: - google_compute_address.vpn_static_ip: |- - { - "name": "vpn-static-ip", - "provider": "${google-beta}" - } - google_compute_forwarding_rule.fr_esp: |- - { - "ip_address": "${google_compute_address.vpn_static_ip.address}", - "ip_protocol": "ESP", - "name": "fr-esp", - "provider": "${google-beta}", - "target": "${google_compute_vpn_gateway.target_gateway.id}" - } - google_compute_forwarding_rule.fr_udp500: |- - { - "ip_address": "${google_compute_address.vpn_static_ip.address}", - "ip_protocol": "UDP", - "name": "fr-udp500", - "port_range": "500", - "provider": "${google-beta}", - "target": "${google_compute_vpn_gateway.target_gateway.id}" - } - google_compute_forwarding_rule.fr_udp4500: |- - { - "ip_address": "${google_compute_address.vpn_static_ip.address}", - "ip_protocol": "UDP", - "name": "fr-udp4500", - "port_range": "4500", - "provider": "${google-beta}", - "target": "${google_compute_vpn_gateway.target_gateway.id}" - } - google_compute_network.network1: |- - { - "name": "network-1", - "provider": "${google-beta}" - } - google_compute_route.route1: |- - { - "dest_range": "15.0.0.0/24", - "name": "route1", - "network": "${google_compute_network.network1.name}", - "next_hop_vpn_tunnel": "${google_compute_vpn_tunnel.tunnel1.id}", - "priority": 1000, - "provider": "${google-beta}" - } - google_compute_vpn_gateway.target_gateway: |- - { - "name": "vpn-1", - "network": "${google_compute_network.network1.id}", - "provider": "${google-beta}" - } argumentDocs: create: '- Default is 20 minutes.' creation_timestamp: |- @@ -46606,6 +52663,9 @@ resources: detailed_status: |- - Detailed status message for the VPN tunnel. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}' ike_version: |- - @@ -46615,13 +52675,14 @@ resources: Acceptable IKE versions are 1 or 2. Default version is 2. label_fingerprint: |- - - (Beta) The fingerprint used for optimistic locking of this resource. Used internally during updates. labels: |- - - (Optional, Beta) + (Optional) Labels to apply to this VpnTunnel. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. local_traffic_selector: |- - (Optional) @@ -46691,6 +52752,10 @@ resources: (Optional) URL of the Target VPN gateway with which this VPN tunnel is associated. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. tunnel_id: |- - The unique identifier for the resource. This identifier is defined by the server. @@ -47050,12 +53115,21 @@ resources: }, "authorization": [ { + "admin_groups": [ + "group1@example.com", + "group2@example.com" + ], "admin_users": [ "user1@example.com", "user2@example.com" ] } ], + "binary_authorization": [ + { + "evaluation_mode": "PROJECT_SINGLETON_POLICY_ENFORCE" + } + ], "description": "Test cluster", "distribution": "aks", "fleet": [ @@ -47093,7 +53167,17 @@ resources: } ], "platform_version": "${data.google_container_attached_versions.versions.valid_versions[0]}", - "project": "${data.google_project.project.project_id}" + "project": "${data.google_project.project.project_id}", + "proxy_config": [ + { + "kubernetes_secret": [ + { + "name": "proxy-config", + "namespace": "default" + } + ] + } + ] } references: platform_version: data.google_container_attached_versions.versions.valid_versions[0] @@ -47123,6 +53207,14 @@ resources: platform_version: data.google_container_attached_versions.versions.valid_versions[0] project: data.google_project.project.project_id argumentDocs: + authorization.admin_groups: |- + - + (Optional) + Groups that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the groups. Up to ten admin groups can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles authorization.admin_users: |- - (Optional) @@ -47131,6 +53223,11 @@ resources: to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + binary_authorization.evaluation_mode: |- + - + (Optional) + Configure Binary Authorization evaluation mode. + Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. cluster_region: |- - Output only. The region where this cluster runs. @@ -47146,6 +53243,9 @@ resources: (Required) The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks". + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. errors: |- - A set of errors found in the cluster. @@ -47173,12 +53273,18 @@ resources: (Optional) Configuration related to the cluster RBAC settings. Structure is documented below. + fleet.binary_authorization: |- + - + (Optional) + Binary Authorization configuration. + Structure is documented below. fleet.deletion_policy: '- (Optional) Policy to determine what flags to send on delete.' fleet.description: |- - (Optional) A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes. + fleet.effective_annotations: for all of the annotations present on the resource. fleet.logging_config: |- - (Optional) @@ -47199,6 +53305,11 @@ resources: - (Required) The number of the Fleet host project where this cluster will be registered. + fleet.proxy_config: |- + - + (Optional) + Support for proxy configuration. + Structure is documented below. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' kubernetes_version: |- - @@ -47255,6 +53366,19 @@ resources: - (Required) The platform version for the cluster (e.g. 1.23.0-gke.1). + proxy_config.kubernetes_secret: |- + - + (Optional) + The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + Structure is documented below. + proxy_config.kubernetes_secret.name: |- + - + (Required) + Name of the kubernetes secret containing the proxy config. + proxy_config.kubernetes_secret.namespace: |- + - + (Required) + Namespace of the kubernetes secret containing the proxy config. reconciling: |- - If set, there are currently changes in flight to the cluster. @@ -47302,6 +53426,11 @@ resources: }, "authorization": [ { + "admin_groups": [ + { + "group": "group@domain.com" + } + ], "admin_users": [ { "username": "my@service-account.com" @@ -47390,19 +53519,239 @@ resources: ], "project": "my-project-name" } + - name: primary + manifest: |- + { + "annotations": { + "label-one": "value-one" + }, + "authorization": [ + { + "admin_users": [ + { + "username": "my@service-account.com" + } + ] + } + ], + "aws_region": "my-aws-region", + "control_plane": [ + { + "aws_services_authentication": [ + { + "role_arn": "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform", + "role_session_name": "my--1p-dev-session" + } + ], + "config_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "database_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "iam_instance_profile": "my--1p-dev-controlplane", + "instance_type": "t3.medium", + "main_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "gp3" + } + ], + "proxy_config": [ + { + "secret_arn": "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF", + "secret_version": "12345678-ABCD-EFGH-IJKL-987654321098" + } + ], + "root_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "gp3" + } + ], + "security_group_ids": [ + "sg-00000000000000000" + ], + "ssh_config": [ + { + "ec2_key_pair": "my--1p-dev-ssh" + } + ], + "subnet_ids": [ + "subnet-00000000000000000" + ], + "tags": { + "owner": "my@service-account.com" + }, + "version": "${data.google_container_aws_versions.versions.valid_versions[0]}" + } + ], + "description": "A sample aws cluster", + "fleet": [ + { + "project": "my-project-number" + } + ], + "location": "us-west1", + "name": "name", + "networking": [ + { + "pod_address_cidr_blocks": [ + "10.2.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.1.0.0/16" + ], + "vpc_id": "vpc-00000000000000000" + } + ], + "project": "my-project-name" + } + - name: primary + manifest: |- + { + "annotations": { + "label-one": "value-one" + }, + "authorization": [ + { + "admin_users": [ + { + "username": "my@service-account.com" + } + ] + } + ], + "aws_region": "my-aws-region", + "control_plane": [ + { + "aws_services_authentication": [ + { + "role_arn": "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform", + "role_session_name": "my--1p-dev-session" + } + ], + "config_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "database_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "iam_instance_profile": "my--1p-dev-controlplane", + "instance_placement": [ + { + "tenancy": "dedicated" + } + ], + "instance_type": "t3.medium", + "main_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "gp3" + } + ], + "proxy_config": [ + { + "secret_arn": "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF", + "secret_version": "12345678-ABCD-EFGH-IJKL-987654321098" + } + ], + "root_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "gp3" + } + ], + "security_group_ids": [ + "sg-00000000000000000" + ], + "ssh_config": [ + { + "ec2_key_pair": "my--1p-dev-ssh" + } + ], + "subnet_ids": [ + "subnet-00000000000000000" + ], + "tags": { + "owner": "my@service-account.com" + }, + "version": "${data.google_container_aws_versions.versions.valid_versions[0]}" + } + ], + "description": "A sample aws cluster", + "fleet": [ + { + "project": "my-project-number" + } + ], + "location": "us-west1", + "logging_config": [ + { + "component_config": [ + { + "enable_components": [ + "system_components", + "workloads" + ] + } + ] + } + ], + "name": "name", + "networking": [ + { + "pod_address_cidr_blocks": [ + "10.2.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.1.0.0/16" + ], + "vpc_id": "vpc-00000000000000000" + } + ], + "project": "my-project-name", + "provider": "${google-beta}" + } + references: + provider: google-beta argumentDocs: + admin_groups.group: |- + - + (Required) + The name of the group, e.g. my-group@domain.com. + admin_users.username: |- + - + (Required) + The name of the user, e.g. my-gcp-id@gmail.com. authorization: |- - (Required) Configuration related to the cluster RBAC settings. + authorization.admin_groups: |- + - + (Optional) + Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles authorization.admin_users: |- - (Required) Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - authorization.admin_users.username: |- - - - (Required) - The name of the user, e.g. my-gcp-id@gmail.com. aws_region: |- - (Required) @@ -47415,6 +53764,10 @@ resources: - (Optional) Optional. An identifier for the assumed role session. When unspecified, it defaults to multicloud-service-agent. + binary_authorization.evaluation_mode: |- + - + (Optional) + Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE config_encryption.kms_key_arn: |- - (Required) @@ -47488,6 +53841,9 @@ resources: (Required) The ARN of the AWS KMS key used to encrypt cluster secrets. delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. endpoint: |- - Output only. The endpoint of the cluster's API server. @@ -47537,7 +53893,7 @@ resources: main_volume.throughput: |- - (Optional) - Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. main_volume.volume_type: |- - (Optional) @@ -47554,6 +53910,10 @@ resources: - (Optional) Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. + networking.binary_authorization: |- + - + (Optional) + Configuration options for the Binary Authorization feature. networking.description: |- - (Optional) @@ -47608,7 +53968,7 @@ resources: root_volume.throughput: |- - (Optional) - Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. root_volume.volume_type: |- - (Optional) @@ -47697,6 +54057,11 @@ resources: } ], "location": "us-west1", + "management": [ + { + "auto_repair": true + } + ], "max_pods_constraint": [ { "max_pods_per_node": 110 @@ -47805,6 +54170,351 @@ resources: ], "project": "my-project-name" } + - name: primary + manifest: |- + { + "annotations": { + "label-one": "value-one" + }, + "autoscaling": [ + { + "max_node_count": 5, + "min_node_count": 1 + } + ], + "cluster": "${google_container_aws_cluster.primary.name}", + "config": [ + { + "config_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "iam_instance_profile": "my--1p-dev-nodepool", + "instance_type": "t3.medium", + "labels": { + "label-one": "value-one" + }, + "proxy_config": [ + { + "secret_arn": "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF", + "secret_version": "12345678-ABCD-EFGH-IJKL-987654321098" + } + ], + "root_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "gp3" + } + ], + "security_group_ids": [ + "sg-00000000000000000" + ], + "ssh_config": [ + { + "ec2_key_pair": "my--1p-dev-ssh" + } + ], + "tags": { + "tag-one": "value-one" + }, + "taints": [ + { + "effect": "prefer_no_schedule", + "key": "taint-key", + "value": "taint-value" + } + ] + } + ], + "location": "us-west1", + "max_pods_constraint": [ + { + "max_pods_per_node": 110 + } + ], + "name": "node-pool-name", + "project": "my-project-name", + "subnet_id": "subnet-00000000000000000", + "version": "${data.google_container_aws_versions.versions.valid_versions[0]}" + } + references: + cluster: google_container_aws_cluster.primary.name + dependencies: + google_container_aws_cluster.primary: |- + { + "annotations": { + "label-one": "value-one" + }, + "authorization": [ + { + "admin_users": [ + { + "username": "my@service-account.com" + } + ] + } + ], + "aws_region": "my-aws-region", + "control_plane": [ + { + "aws_services_authentication": [ + { + "role_arn": "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform", + "role_session_name": "my--1p-dev-session" + } + ], + "config_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "database_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "iam_instance_profile": "my--1p-dev-controlplane", + "instance_type": "t3.medium", + "main_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "GP3" + } + ], + "proxy_config": [ + { + "secret_arn": "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF", + "secret_version": "12345678-ABCD-EFGH-IJKL-987654321098" + } + ], + "root_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "GP3" + } + ], + "security_group_ids": [ + "sg-00000000000000000" + ], + "ssh_config": [ + { + "ec2_key_pair": "my--1p-dev-ssh" + } + ], + "subnet_ids": [ + "subnet-00000000000000000" + ], + "tags": { + "owner": "my@service-account.com" + }, + "version": "${data.google_container_aws_versions.versions.valid_versions[0]}" + } + ], + "description": "A sample aws cluster", + "fleet": [ + { + "project": "my-project-number" + } + ], + "location": "us-west1", + "name": "name", + "networking": [ + { + "pod_address_cidr_blocks": [ + "10.2.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.1.0.0/16" + ], + "vpc_id": "vpc-00000000000000000" + } + ], + "project": "my-project-name" + } + - name: primary + manifest: |- + { + "annotations": { + "label-one": "value-one" + }, + "autoscaling": [ + { + "max_node_count": 5, + "min_node_count": 1 + } + ], + "cluster": "${google_container_aws_cluster.primary.name}", + "config": [ + { + "config_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "iam_instance_profile": "my--1p-dev-nodepool", + "image_type": "ubuntu", + "instance_placement": [ + { + "tenancy": "dedicated" + } + ], + "instance_type": "t3.medium", + "labels": { + "label-one": "value-one" + }, + "proxy_config": [ + { + "secret_arn": "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF", + "secret_version": "12345678-ABCD-EFGH-IJKL-987654321098" + } + ], + "root_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "gp3" + } + ], + "security_group_ids": [ + "sg-00000000000000000" + ], + "ssh_config": [ + { + "ec2_key_pair": "my--1p-dev-ssh" + } + ], + "tags": { + "tag-one": "value-one" + }, + "taints": [ + { + "effect": "prefer_no_schedule", + "key": "taint-key", + "value": "taint-value" + } + ] + } + ], + "location": "us-west1", + "max_pods_constraint": [ + { + "max_pods_per_node": 110 + } + ], + "name": "node-pool-name", + "project": "my-project-name", + "provider": "${google-beta}", + "subnet_id": "subnet-00000000000000000", + "version": "${data.google_container_aws_versions.versions.valid_versions[0]}" + } + references: + cluster: google_container_aws_cluster.primary.name + provider: google-beta + dependencies: + google_container_aws_cluster.primary: |- + { + "annotations": { + "label-one": "value-one" + }, + "authorization": [ + { + "admin_users": [ + { + "username": "my@service-account.com" + } + ] + } + ], + "aws_region": "my-aws-region", + "control_plane": [ + { + "aws_services_authentication": [ + { + "role_arn": "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform", + "role_session_name": "my--1p-dev-session" + } + ], + "config_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "database_encryption": [ + { + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111" + } + ], + "iam_instance_profile": "my--1p-dev-controlplane", + "instance_type": "t3.medium", + "main_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "GP3" + } + ], + "proxy_config": [ + { + "secret_arn": "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF", + "secret_version": "12345678-ABCD-EFGH-IJKL-987654321098" + } + ], + "root_volume": [ + { + "iops": 3000, + "kms_key_arn": "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111", + "size_gib": 10, + "volume_type": "GP3" + } + ], + "security_group_ids": [ + "sg-00000000000000000" + ], + "ssh_config": [ + { + "ec2_key_pair": "my--1p-dev-ssh" + } + ], + "subnet_ids": [ + "subnet-00000000000000000" + ], + "tags": { + "owner": "my@service-account.com" + }, + "version": "${data.google_container_aws_versions.versions.valid_versions[0]}" + } + ], + "description": "A sample aws cluster", + "fleet": [ + { + "project": "my-project-number" + } + ], + "location": "us-west1", + "name": "name", + "networking": [ + { + "pod_address_cidr_blocks": [ + "10.2.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.1.0.0/16" + ], + "vpc_id": "vpc-00000000000000000" + } + ], + "project": "my-project-name", + "provider": "${google-beta}" + } argumentDocs: autoscaling: |- - @@ -47899,6 +54609,9 @@ resources: - Output only. The time at which this node pool was created. delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. etag: |- - Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. @@ -47911,6 +54624,10 @@ resources: - (Required) The location for the resource + management.auto_repair: |- + - + (Optional) + Optional. Whether or not the nodes will be automatically repaired. max_pods_constraint: |- - (Required) @@ -47919,6 +54636,10 @@ resources: - (Optional) Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. + max_pods_constraint.management: |- + - + (Optional) + The Management configuration for this node pool. max_pods_constraint.max_pods_per_node: |- - (Required) @@ -47927,6 +54648,10 @@ resources: - (Optional) The project for the resource + max_pods_constraint.update_settings: |- + - + (Optional) + Optional. Update settings control the speed and disruption of the node pool update. name: |- - (Required) @@ -47957,7 +54682,7 @@ resources: root_volume.throughput: |- - (Optional) - Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. + Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125. root_volume.volume_type: |- - (Optional) @@ -47993,6 +54718,18 @@ resources: - Output only. A globally unique identifier for the node pool. update: '- Default is 20 minutes.' + update_settings.surge_settings: |- + - + (Optional) + Optional. Settings for surge update. + update_settings.surge_settings.max_surge: |- + - + (Optional) + Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process. + update_settings.surge_settings.max_unavailable: |- + - + (Optional) + Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready. update_time: |- - Output only. The time at which this node pool was last updated. @@ -48061,6 +54798,11 @@ resources: { "authorization": [ { + "admin_groups": [ + { + "group": "group@domain.com" + } + ], "admin_users": [ { "username": "mmv2@google.com" @@ -48111,19 +54853,98 @@ resources: "project": "my-project-name", "tenant_id": "12345678-1234-1234-1234-123456789111" } + - name: primary + manifest: |- + { + "authorization": [ + { + "admin_users": [ + { + "username": "mmv2@google.com" + } + ] + } + ], + "azure_region": "westus2", + "client": "projects/my-project-number/locations/us-west1/azureClients/${google_container_azure_client.basic.name}", + "control_plane": [ + { + "ssh_config": [ + { + "authorized_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers" + } + ], + "subnet_id": "/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default", + "version": "${data.google_container_azure_versions.versions.valid_versions[0]}" + } + ], + "fleet": [ + { + "project": "my-project-number" + } + ], + "location": "us-west1", + "logging_config": [ + { + "component_config": [ + { + "enable_components": [ + "system_components", + "workloads" + ] + } + ] + } + ], + "name": "name", + "networking": [ + { + "pod_address_cidr_blocks": [ + "10.200.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.32.0.0/24" + ], + "virtual_network_id": "/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet" + } + ], + "project": "my-project-name", + "provider": "${google-beta}", + "resource_group_id": "/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster" + } + references: + provider: google-beta + dependencies: + google_container_azure_client.basic: |- + { + "application_id": "12345678-1234-1234-1234-123456789111", + "location": "us-west1", + "name": "client-name", + "project": "my-project-name", + "provider": "${google-beta}", + "tenant_id": "12345678-1234-1234-1234-123456789111" + } argumentDocs: + admin_groups.group: |- + - + (Required) + The name of the group, e.g. my-group@domain.com. + admin_users.username: |- + - + (Required) + The name of the user, e.g. my-gcp-id@gmail.com. authorization: |- - (Required) Configuration related to the cluster RBAC settings. + authorization.admin_groups: |- + - + (Optional) + Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles authorization.admin_users: |- - (Required) Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - authorization.admin_users.username: |- - - - (Required) - The name of the user, e.g. my-gcp-id@gmail.com. azure_region: |- - (Required) @@ -48189,6 +55010,9 @@ resources: (Required) The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: /subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults//keys/ Encryption will always take the latest version of the key and hence specific version is not supported. delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. endpoint: |- - Output only. The endpoint of the cluster's API server. @@ -48333,6 +55157,9 @@ resources: "cluster": "${google_container_azure_cluster.primary.name}", "config": [ { + "labels": { + "key_one": "label_one" + }, "proxy_config": [ { "resource_group_id": "/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster", @@ -48356,6 +55183,11 @@ resources: } ], "location": "us-west1", + "management": [ + { + "auto_repair": true + } + ], "max_pods_constraint": [ { "max_pods_per_node": 110 @@ -48447,6 +55279,10 @@ resources: - (Optional) (Beta only) The OS image type to use on node pool instances. + config.labels: |- + - + (Optional) + Optional. The initial labels assigned to nodes of this node pool. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. config.proxy_config: |- - (Optional) @@ -48472,6 +55308,9 @@ resources: - Output only. The time at which this node pool was created. delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. etag: |- - Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. @@ -48480,6 +55319,10 @@ resources: - (Required) The location for the resource + management.auto_repair: |- + - + (Optional) + Optional. Whether or not the nodes will be automatically repaired. max_pods_constraint: |- - (Required) @@ -48492,6 +55335,10 @@ resources: - (Optional) Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to 1. + max_pods_constraint.management: |- + - + (Optional) + The Management configuration for this node pool. max_pods_constraint.max_pods_per_node: |- - (Required) @@ -48626,6 +55473,10 @@ resources: '"TIME_SHARING"': ': Allow multiple containers to have time-shared access to a single GPU device.' '"UNSPECIFIED"': ': Default value. This should not be used.' '"gvisor"': ': Pods run within a gVisor sandbox.' + CGROUP_MODE_UNSPECIFIED: ': CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.' + CGROUP_MODE_V1: ': CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.' + CGROUP_MODE_V2: ': CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.' + additional_pod_ranges_config.pod_range_names: '- (Required) The names of the Pod ranges to add to the cluster.' addons_config: |- - (Optional) The configuration for addons supported by GKE. Structure is documented below. @@ -48639,7 +55490,7 @@ resources: Set enabled = true to enable. addons_config.gce_persistent_disk_csi_driver_config: |- - (Optional). - Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. addons_config.gcp_filestore_csi_driver_config: |- - (Optional) The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. @@ -48647,7 +55498,9 @@ resources: addons_config.gcs_fuse_csi_driver_config: |- - (Optional) The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. - It is disabled by default; set enabled = true to enable. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + See Enable the Cloud Storage FUSE CSI driver for more information. addons_config.gke_backup_agent_config: |- - (Optional). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable. @@ -48661,7 +55514,6 @@ resources: - (Optional) The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable. - addons_config.identity_service_config: '- (Optional, Beta). Structure is documented below.' addons_config.istio_config: |- - (Optional, Beta). Structure is documented below. @@ -48675,6 +55527,10 @@ resources: otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable. + advanced_datapath_observability_config.enable_metrics: '- (Required) Whether or not to enable advanced datapath metrics.' + advanced_datapath_observability_config.enable_relay: '- (Optional) Whether or not Relay is enabled.' + advanced_datapath_observability_config.relay_mode: '- (Optional) Mode used to make Relay available.' + advanced_machine_features.network_performance_config: '- (Optional, Beta) Network bandwidth tier configuration.' advanced_machine_features.threads_per_core: '- (Required) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.' allow_net_admin: |- - (Optional) Enable NET_ADMIN for the cluster. Defaults to @@ -48704,8 +55560,7 @@ resources: binary_authorization.enabled: '- (DEPRECATED) Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.' binary_authorization.evaluation_mode: |- - (Optional) Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - deprecated enable_binary_authorization parameter being set to true. + and PROJECT_SINGLETON_POLICY_ENFORCE. blue_green_settings.node_pool_soak_duration: '- (Optional) Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with ''s''. Example: "3.5s".' blue_green_settings.standard_rollout_policy: ': (Optional) Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.' cloudrun_config.disabled: '- (Optional) The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.' @@ -48741,7 +55596,7 @@ resources: - (Optional) The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - only work for routes-based clusters, where ip_allocation_policy is not defined. + default a new cluster to routes-based, where ip_allocation_policy is not defined. cluster_telemetry: |- - (Optional, Beta) Configuration for ClusterTelemetry feature, @@ -48750,7 +55605,9 @@ resources: - Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later. confidential_nodes: '- Configuration for Confidential Nodes feature. Structure is documented below documented below.' - confidential_nodes.enabled: (Required) - Enable Confidential Nodes for this cluster. + confidential_nodes.enabled: |- + (Required) - Enable Confidential GKE Nodes for this cluster, to + enforce encryption of data in-use. cost_management_config: |- - (Optional) Configuration for the Cost Allocation feature. @@ -48775,6 +55632,10 @@ resources: GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below default_snat_status.disabled: '- (Required) Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic' delete: '- Default is 40 minutes.' + deletion_protection: |- + - (Optional) Whether or not to allow Terraform to destroy + the cluster. Unless this field is set to false in Terraform state, a + terraform destroy or terraform apply that would delete the cluster will fail. description: '- (Optional) Description of the cluster.' dns_config: |- - (Optional) @@ -48787,10 +55648,9 @@ resources: Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable_binary_authorization: |- - - (DEPRECATED) Enable Binary Authorization for this cluster. - If enabled, all container images will be validated by Google Binary Authorization. - Deprecated in favor of binary_authorization. + enable_fqdn_network_policy: |- + - (Optional, Beta) + Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. enable_intranode_visibility: |- - (Optional) Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. @@ -48820,7 +55680,15 @@ resources: endpoint: '- The IP address of this cluster''s Kubernetes master.' ephemeral_storage_config.local_ssd_count: (Required) - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage. ephemeral_storage_local_ssd_config.local_ssd_count: (Required) - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage. + fast_socket.enabled: (Required) - Whether or not the NCCL Fast Socket is enabled filter.event_type: (Optional) - Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details. + fleet: |- + - (Optional) + Fleet configuration for the cluster. Structure is documented below. + fleet.0.membership: '- The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.' + fleet.0.membership_id: '- The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.' + fleet.0.membership_location: '- The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.' + fleet.project: '- (Optional) The name of the Fleet host project where this cluster will be registered.' gateway_api_config: |- - (Optional) Configuration for GKE Gateway API controller. Structure is documented below. @@ -48829,17 +55697,18 @@ resources: gpu_driver_installation_config.gpu_driver_version: |- (Required) - Mode for how the GPU driver is installed. Accepted values are: - gpu_driver_installation_config.gpu_partition_size: (Optional) - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide. - gpu_driver_installation_config.gpu_sharing_config: (Optional) - Configuration for GPU sharing. Structure is documented below. gpu_sharing_config.gpu_sharing_strategy: |- (Required) - The type of GPU sharing strategy to enable on the GPU node. Accepted values are: gpu_sharing_config.max_shared_clients_per_gpu: (Required) - The maximum number of containers that can share a GPU. guest_accelerator.count: (Required) - The number of the guest accelerator cards exposed to this instance. guest_accelerator.gpu_driver_installation_config: (Optional) - Configuration for auto installation of GPU driver. Structure is documented below. + guest_accelerator.gpu_partition_size: (Optional) - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide. + guest_accelerator.gpu_sharing_config: (Optional) - Configuration for GPU sharing. Structure is documented below. guest_accelerator.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. gvnic.enabled: (Required) - Whether or not the Google Virtual NIC (gVNIC) is enabled id: '- an identifier for the resource with format projects/{{project}}/locations/{{zone}}/clusters/{{name}}' + identity_service_config: '- (Optional). Structure is documented below.' identity_service_config.enabled: '- (Optional) Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.' initial_node_count: |- - (Optional) The number of nodes to create in this @@ -48850,9 +55719,12 @@ resources: remove_default_node_pool to true. ip_allocation_policy: |- - (Optional) Configuration of cluster IP allocation for - VPC-native clusters. Adding this block enables IP aliasing, - making the cluster VPC-native instead of routes-based. Structure is documented - below. + VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + Structure is documented below. + ip_allocation_policy.additional_pod_ranges_config: |- + - (Optional) The configuration for additional pod secondary ranges at + the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. ip_allocation_policy.cluster_ipv4_cidr_block: |- - (Optional) The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) @@ -48895,10 +55767,14 @@ resources: K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset. label_fingerprint: '- The fingerprint of the set of labels for this cluster.' + linux_node_config.cgroup_mode: |- + - (Optional) Possible cgroup modes that can be used. + Accepted values are: linux_node_config.sysctls: |- - - (Required) The Linux kernel parameters to be applied to the nodes + - (Optional) The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as - net.core.wmem_max, to a string value. + net.core.wmem_max, to a string value. Currently supported attributes can be found here. + Note that validations happen all server side. All attributes are optional. local_nvme_ssd_block_config.local_ssd_count: |- (Required) - Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node. -> Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later. @@ -48995,7 +55871,8 @@ resources: monitoring_config: |- - (Optional) Monitoring configuration for the cluster. Structure is documented below. - monitoring_config.enable_components: '- (Optional) The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)' + monitoring_config.advanced_datapath_observability_config: '- (Optional) Configuration for Advanced Datapath Monitoring. Structure is documented below.' + monitoring_config.enable_components: '- (Optional) The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET. In beta provider, WORKLOADS is supported on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.)' monitoring_config.managed_prometheus: '- (Optional) Configuration for Managed Service for Prometheus. Structure is documented below.' monitoring_service: |- - (Optional) The monitoring service that the cluster @@ -49012,6 +55889,7 @@ resources: - (Optional) The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network. + network_performance_config.total_egress_bandwidth_tier: (Required) - Specifies the total network bandwidth tier for the NodePool. network_policy: |- - (Optional) Configuration options for the NetworkPolicy @@ -49020,8 +55898,7 @@ resources: network_policy.provider: '- (Optional) The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.' networking_mode: |- - (Optional) Determines whether alias IPs or routes will be used for pod IPs in the cluster. - Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. node_affinity.key: (Required) - The default or custom node affinity label key name. node_affinity.operator: (Required) - Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN" node_affinity.values: (Required) - List of node affinity label values as strings. @@ -49031,6 +55908,7 @@ resources: google_container_node_pool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used with Terraform. Structure is documented below. + node_config.0.effective_taints: '- List of kubernetes taints applied to each node. Structure is documented above.' node_config.advanced_machine_features: |- - (Optional) Specifies options for controlling advanced machine features. Structure is documented below. @@ -49041,8 +55919,14 @@ resources: node_config.disk_type: |- - (Optional) Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' + node_config.enable_confidential_storage: '- (Optional) Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.' node_config.ephemeral_storage_config: '- (Optional, Beta) Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.' node_config.ephemeral_storage_local_ssd_config: '- (Optional) Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.' + node_config.fast_socket: |- + - (Optional) Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + Node Pool must enable gvnic. + GKE version 1.25.2-gke.1700 or later. + Structure is documented below. node_config.gcfs_config: |- - (Optional) Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. @@ -49071,11 +55955,7 @@ resources: node_config.labels: |- - (Optional) The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified. - node_config.linux_node_config: |- - - (Optional) - Linux node configuration, currently supported attributes can be found here. - Note that validations happen all server side. All attributes are optional. - Structure is documented below. + node_config.linux_node_config: '- (Optional) Parameters that can be configured on Linux nodes. Structure is documented below.' node_config.local_nvme_ssd_block_config: '- (Optional) Parameters for the local NVMe SSDs. Structure is documented below.' node_config.local_ssd_count: |- - (Optional) The amount of local SSD disks that will be @@ -49110,6 +55990,7 @@ resources: node_config.resource_labels: |- - (Optional) The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes. + node_config.resource_manager_tags: '- (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.' node_config.sandbox_config: |- - (Optional, Beta) GKE Sandbox configuration. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version = "1.12.7-gke.17" or later to use it. Structure is documented below. @@ -49126,14 +56007,13 @@ resources: - (Optional) The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls. node_config.taint: |- - - (Optional) A list of Kubernetes taints - to apply to nodes. GKE's API can only set this field on cluster creation. - However, GKE will add taints to your nodes if you enable certain features such - as GPUs. If this field is set, any diffs on this field will cause Terraform to - recreate the underlying resource. Taint values can be updated safely in - Kubernetes (eg. through kubectl), and it's recommended that you do not use - this field to manage taints. If you do, lifecycle.ignore_changes is - recommended. Structure is documented below. + - (Optional) A list of + Kubernetes taints + to apply to nodes. This field will only report drift on taint keys that are + already managed with Terraform, use effective_taints to view the list of + GKE-managed taints on the node pool from all sources. Importing this resource + will not record any taints as being Terraform-managed, and will cause drift with + any configured taints. Structure is documented below. node_config.workload_metadata_config: |- - (Optional) Metadata configuration to expose to workloads on the node pool. Structure is documented below. @@ -49150,11 +56030,11 @@ resources: to say "these are the only node pools associated with this cluster", use the google_container_node_pool resource instead of this property. node_pool_auto_config: |- - - (Optional, Beta) Node pool configs that apply to auto-provisioned node pools in + - (Optional) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below. - node_pool_auto_config.network_tags: (Optional, Beta) - The network tag config for the cluster's automatically provisioned node pools. - node_pool_auto_config.network_tags.tags: (Optional, Beta) - List of network tags applied to auto-provisioned node pools. + node_pool_auto_config.network_tags: (Optional) - The network tag config for the cluster's automatically provisioned node pools. + node_pool_auto_config.network_tags.tags: (Optional) - List of network tags applied to auto-provisioned node pools. node_pool_defaults: '- (Optional) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.' node_pool_defaults.node_config_defaults: (Optional) - Subset of NodeConfig message that has defaults. node_pool_defaults.node_config_defaults.gcfs_config: (Optional, Beta) The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. @@ -49211,7 +56091,7 @@ resources: enable_private_nodes is true. private_cluster_config.peering_name: '- The name of the peering between this cluster and the Google owned VPC.' private_cluster_config.private_endpoint: '- The internal IP address of this cluster''s master endpoint.' - private_cluster_config.private_endpoint_subnetwork: '- Subnetwork in cluster''s network where master''s endpoint will be provisioned.' + private_cluster_config.private_endpoint_subnetwork: '- (Optional) Subnetwork in cluster''s network where master''s endpoint will be provisioned.' private_cluster_config.public_endpoint: '- The external IP address of this cluster''s master endpoint.' private_ipv6_google_access: |- - (Optional) @@ -49279,7 +56159,7 @@ resources: - (Optional) Enable/Disable Security Posture API features for the cluster. Structure is documented below. security_posture_config.mode: '- (Optional) Sets the mode of the Kubernetes security posture API''s off-cluster features. Available options include DISABLED and BASIC.' - security_posture_config.vulnerability_mode: '- (Optional) Sets the mode of the Kubernetes security posture API''s workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC.' + security_posture_config.vulnerability_mode: '- (Optional) Sets the mode of the Kubernetes security posture API''s workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.' self_link: '- The server-defined URL for the resource.' service_external_ips_config: |- - (Optional) @@ -49316,6 +56196,10 @@ resources: Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below. vertical_pod_autoscaling.enabled: (Required) - Enables vertical pod autoscaling + workload_alts_config: |- + - (Optional, Beta) + Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below. + workload_alts_config.enable_alts: '- (Required) Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool must be non-empty).' workload_identity_config: |- - (Optional) Workload Identity allows Kubernetes service accounts to act as a user-managed @@ -49452,6 +56336,10 @@ resources: After this period, the blue pool will be cleaned up. blue_green_settings.standard_rollout_policy: '- (Required) Specifies the standard policy settings for blue-green upgrades.' cluster: '- (Required) The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster.' + confidential_nodes: '- (Optional) Configuration for Confidential Nodes feature. Structure is documented below.' + confidential_nodes.enabled: |- + (Required) - Enable Confidential GKE Nodes for this cluster, to + enforce encryption of data in-use. create: '- (Default 30 minutes) Used for adding node pools' delete: '- (Default 30 minutes) Used for removing node pools.' id: '- an identifier for the resource with format {{project}}/{{location}}/{{cluster}}/{{name}}' @@ -49469,8 +56357,8 @@ resources: management: |- - (Optional) Node management configuration, wherein auto-repair and auto-upgrade is configured. Structure is documented below. - management.auto_repair: '- (Optional) Whether the nodes will be automatically repaired.' - management.auto_upgrade: '- (Optional) Whether the nodes will be automatically upgraded.' + management.auto_repair: '- (Optional) Whether the nodes will be automatically repaired. Enabled by default.' + management.auto_upgrade: '- (Optional) Whether the nodes will be automatically upgraded. Enabled by default.' max_pods_per_node: |- - (Optional) The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node @@ -49516,7 +56404,7 @@ resources: - (Optional) If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned. - placement_policy.tpu_topology: '- (Optional, Beta) The TPU placement topology for pod slice node pool.' + placement_policy.tpu_topology: '- (Optional) The TPU placement topology for pod slice node pool.' placement_policy.type: |- - (Required) The type of the policy. Supports a single value: COMPACT. Specifying COMPACT placement policy type places node pool's nodes in a closer @@ -49524,6 +56412,10 @@ resources: project: |- - (Optional) The ID of the project in which to create the node pool. If blank, the provider-configured project will be used. + queued_provisioning: |- + - (Optional, Beta) Specifies node pool-level settings of queued provisioning. + Structure is documented below. + queued_provisioning.enabled: (Required) - Makes nodes obtainable through the ProvisioningRequest API exclusively. update: '- (Default 30 minutes) Used for updates to node pools' upgrade_settings: |- (Optional) Specify node upgrade settings to change how GKE upgrades nodes. @@ -50634,6 +57526,7 @@ resources: - (Required) User defined name of this taxonomy. + The taxonomy display name must be unique within an organization. It must: contain only unicode letters, numbers, underscores, dashes and spaces; not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. @@ -50751,7 +57644,7 @@ resources: } ], "depends_on": [ - "${google_kms_crypto_key_iam_binding.crypto_key_binding}" + "${google_kms_crypto_key_iam_member.crypto_key_member}" ], "name": "my-instance", "region": "us-central1", @@ -50765,12 +57658,10 @@ resources: "key_ring": "${google_kms_key_ring.key_ring.id}", "name": "my-instance" } - google_kms_crypto_key_iam_binding.crypto_key_binding: |- + google_kms_crypto_key_iam_member.crypto_key_member: |- { "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", - "members": [ - "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datafusion.iam.gserviceaccount.com" - ], + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datafusion.iam.gserviceaccount.com", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } google_kms_key_ring.key_ring: |- @@ -50862,6 +57753,7 @@ resources: - (Optional) Display name for an instance. + effective_labels: for all of the labels present on the resource. enable_rbac: |- - (Optional) @@ -50938,8 +57830,8 @@ resources: The region of the Data Fusion instance. service_account: |- - - (Beta) - Deprecated. Use tenant_project_id instead to extract the tenant project ID. + (Beta, Deprecated) + Service account which will be used to access resources in the customer project. service_endpoint: |- - Endpoint on which the Data Fusion UI and REST APIs are accessible. @@ -50952,6 +57844,10 @@ resources: tenant_project_id: |- - The name of the tenant project. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. type: |- - (Required) @@ -53309,6 +60205,122 @@ resources: } ] } + - name: basic + manifest: |- + { + "description": "Description", + "display_name": "Displayname", + "inspect_job": [ + { + "actions": [ + { + "save_findings": [ + { + "output_config": [ + { + "table": [ + { + "dataset_id": "dataset", + "project_id": "project" + } + ] + } + ] + } + ] + }, + { + "pub_sub": [ + { + "topic": "projects/project/topics/topic-name" + } + ] + } + ], + "inspect_template_name": "fake", + "storage_config": [ + { + "cloud_storage_options": [ + { + "file_set": [ + { + "url": "gs://mybucket/directory/" + } + ] + } + ] + } + ] + } + ], + "parent": "projects/my-project-name", + "triggers": [ + { + "schedule": [ + { + "recurrence_period_duration": "86400s" + } + ] + } + ] + } + - name: basic + manifest: |- + { + "description": "Description", + "display_name": "Displayname", + "inspect_job": [ + { + "actions": [ + { + "save_findings": [ + { + "output_config": [ + { + "table": [ + { + "dataset_id": "dataset", + "project_id": "project" + } + ] + } + ] + } + ] + } + ], + "inspect_template_name": "fake", + "storage_config": [ + { + "cloud_storage_options": [ + { + "file_set": [ + { + "url": "gs://mybucket/directory/" + } + ] + } + ], + "timespan_config": [ + { + "enable_auto_population_of_timespan_config": true + } + ] + } + ] + } + ], + "parent": "projects/my-project-name", + "triggers": [ + { + "schedule": [ + { + "recurrence_period_duration": "86400s" + } + ] + } + ] + } argumentDocs: actions.deidentify: |- - @@ -53720,7 +60732,7 @@ resources: inspect_job.actions: |- - (Optional) - A task to execute on the completion of a job. + Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. Structure is documented below. inspect_job.inspect_config: |- - @@ -53935,7 +60947,7 @@ resources: storage_config.timespan_config: |- - (Optional) - Information on where to inspect + Configuration of the timespan of the items to include in scanning Structure is documented below. stored_type.create_time: |- - @@ -53987,19 +60999,20 @@ resources: (Optional) When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will - be based on the time of the execution of the last run of the JobTrigger. + be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + used in the last run of the JobTrigger. timespan_config.end_time: |- - (Optional) - Exclude files or rows newer than this value. If set to zero, no upper time limit is applied. + Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied. timespan_config.start_time: |- - (Optional) - Exclude files or rows older than this value. + Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied. timespan_config.timestamp_field: |- - - (Required) - Information on where to inspect + (Optional) + Specification of the field containing the timestamp of scanned items. Structure is documented below. timestamp_field.name: |- - @@ -54137,7 +61150,7 @@ resources: { "bucket": "${google_storage_bucket.bucket.name}", "name": "tf-test-object", - "source": "./test-fixtures/dlp/words.txt" + "source": "./test-fixtures/words.txt" } - name: with_stored_info_type_id manifest: |- @@ -54275,6 +61288,338 @@ resources: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. importStatements: [] + google_data_pipeline_pipeline: + subCategory: DataPipeline + description: The main pipeline entity and all the necessary metadata for launching and managing linked jobs. + name: google_data_pipeline_pipeline + title: "" + examples: + - name: primary + manifest: |- + { + "display_name": "my-pipeline", + "name": "my-pipeline", + "region": "us-central1", + "schedule_info": [ + { + "schedule": "* */2 * * *" + } + ], + "state": "STATE_ACTIVE", + "type": "PIPELINE_TYPE_BATCH", + "workload": [ + { + "dataflow_launch_template_request": [ + { + "gcs_path": "gs://my-bucket/path", + "launch_parameters": [ + { + "environment": [ + { + "additional_user_labels": { + "context": "test" + }, + "bypass_temp_dir_validation": false, + "enable_streaming_engine": "false", + "machine_type": "E2", + "max_workers": 5, + "network": "default", + "num_workers": 5, + "service_account_email": "${google_service_account.service_account.email}", + "temp_location": "gs://my-bucket/tmp_dir", + "worker_region": "us-central1", + "worker_zone": "us-central1-a", + "zone": "us-centra1-a" + } + ], + "job_name": "my-job", + "parameters": { + "name": "wrench" + }, + "transform_name_mapping": { + "name": "wrench" + }, + "update": false + } + ], + "location": "us-central1", + "project_id": "my-project" + } + ] + } + ] + } + references: + workload.dataflow_launch_template_request.launch_parameters.environment.service_account_email: google_service_account.service_account.email + dependencies: + google_service_account.service_account: |- + { + "account_id": "my-account", + "display_name": "Service Account" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp when the pipeline was initially created. Set by the Data Pipelines service. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataflow_flex_template_request.launch_parameter: |- + - + (Required) + Parameter to launch a job from a Flex Template. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter + Structure is documented below. + dataflow_flex_template_request.location: |- + - + (Required) + The regional endpoint to which to direct the request. For example, us-central1, us-west1. + dataflow_flex_template_request.project_id: |- + - + (Required) + The ID of the Cloud Platform project that the job belongs to. + dataflow_flex_template_request.validate_only: |- + - + (Optional) + If true, the request is validated but not actually executed. Defaults to false. + dataflow_launch_template_request.gcs_path: |- + - + (Optional) + A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'. + dataflow_launch_template_request.launch_parameters: |- + - + (Optional) + The parameters of the template to launch. This should be part of the body of the POST request. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters + Structure is documented below. + dataflow_launch_template_request.location: |- + - + (Optional) + The regional endpoint to which to direct the request. + dataflow_launch_template_request.project_id: |- + - + (Required) + The ID of the Cloud Platform project that the job belongs to. + dataflow_launch_template_request.validate_only: |- + - + (Optional) + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_). + environment.additional_experiments: |- + - + (Optional) + Additional experiment flags for the job. + environment.additional_user_labels: |- + - + (Optional) + Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs. + 'Example: { "name": "wrench", "mass": "1kg", "count": "3" }.' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + environment.bypass_temp_dir_validation: |- + - + (Optional) + Whether to bypass the safety checks for the job's temporary directory. Use with caution. + environment.enable_streaming_engine: |- + - + (Optional) + Whether to enable Streaming Engine for the job. + environment.flexrs_goal: |- + - + (Optional) + Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal + Possible values are: FLEXRS_UNSPECIFIED, FLEXRS_SPEED_OPTIMIZED, FLEXRS_COST_OPTIMIZED. + environment.ip_configuration: |- + - + (Optional) + Configuration for VM IPs. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration + Possible values are: WORKER_IP_UNSPECIFIED, WORKER_IP_PUBLIC, WORKER_IP_PRIVATE. + environment.kms_key_name: |- + - + (Optional) + 'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/' + environment.machine_type: |- + - + (Optional) + The machine type to use for the job. Defaults to the value from the template if not specified. + environment.max_workers: |- + - + (Optional) + The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000. + environment.network: |- + - + (Optional) + Network to which VMs will be assigned. If empty or unspecified, the service will use the network "default". + environment.num_workers: |- + - + (Optional) + The initial number of Compute Engine instances for the job. + environment.service_account_email: |- + - + (Optional) + The email address of the service account to run the job as. + environment.subnetwork: |- + - + (Optional) + Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form "https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK" or "regions/REGION/subnetworks/SUBNETWORK". If the subnetwork is located in a Shared VPC network, you must use the complete URL. + environment.temp_location: |- + - + (Optional) + The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://. + environment.worker_region: |- + - + (Optional) + The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. "us-west1". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region. + environment.worker_zone: |- + - + (Optional) + The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. "us-west1-a". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence. + environment.zone: |- + - + (Optional) + The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/pipelines/{{name}}' + job_count: |- + - + Number of jobs. + last_update_time: |- + - + The timestamp when the pipeline was last modified. Set by the Data Pipelines service. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + launch_parameter.container_spec_gcs_path: |- + - + (Optional) + Cloud Storage path to a file with a JSON-serialized ContainerSpec as content. + launch_parameter.environment: |- + - + (Optional) + The runtime environment for the Flex Template job. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment + Structure is documented below. + launch_parameter.job_name: |- + - + (Required) + The job name to use for the created job. For an update job request, the job name should be the same as the existing running job. + launch_parameter.launch_options: |- + - + (Optional) + Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters. + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + launch_parameter.parameters: |- + - + (Optional) + 'The parameters for the Flex Template. Example: {"numWorkers":"5"}' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + launch_parameter.transform_name_mappings: |- + - + (Optional) + 'Use this to pass transform name mappings for streaming update jobs. Example: {"oldTransformName":"newTransformName",...}' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + launch_parameter.update: |- + - + (Optional) + Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job. + launch_parameters.environment: |- + - + (Optional) + The runtime environment for the job. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment + Structure is documented below. + launch_parameters.job_name: |- + - + (Required) + The job name to use for the created job. + launch_parameters.parameters: |- + - + (Optional) + The runtime parameters to pass to the job. + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + launch_parameters.transform_name_mapping: |- + - + (Optional) + Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline. + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + launch_parameters.update: |- + - + (Optional) + If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state. + name: |- + - + (Required) + "The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID." + "- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects." + "LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions." + "PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location." + pipeline_sources: |- + - + (Optional) + The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + A reference to the region + schedule_info: |- + - + (Optional) + Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec + Structure is documented below. + schedule_info.next_job_time: |- + - + (Output) + When the next Scheduler job is going to run. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + schedule_info.schedule: |- + - + (Optional) + Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler. + schedule_info.time_zone: |- + - + (Optional) + Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed. + scheduler_service_account_email: |- + - + (Optional) + Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used. + state: |- + - + (Required) + The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state + Possible values are: STATE_UNSPECIFIED, STATE_RESUMING, STATE_ACTIVE, STATE_STOPPING, STATE_ARCHIVED, STATE_PAUSED. + type: |- + - + (Required) + The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype + Possible values are: PIPELINE_TYPE_UNSPECIFIED, PIPELINE_TYPE_BATCH, PIPELINE_TYPE_STREAMING. + update: '- Default is 20 minutes.' + workload: |- + - + (Optional) + Workload information for creating new jobs. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload + Structure is documented below. + workload.dataflow_flex_template_request: |- + - + (Optional) + Template information and additional parameters needed to launch a Dataflow job using the flex launch API. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest + Structure is documented below. + workload.dataflow_launch_template_request: |- + - + (Optional) + Template information and additional parameters needed to launch a Dataflow job using the standard launch API. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest + Structure is documented below. + importStatements: [] google_database_migration_service_connection_profile: subCategory: DatabaseMigrationService description: A connection profile definition. @@ -54359,10 +61704,11 @@ resources: "data_disk_size_gb": "11", "data_disk_type": "PD_HDD", "database_version": "MYSQL_5_7", + "edition": "ENTERPRISE", "ip_config": [ { "enable_ipv4": true, - "require_ssl": "true" + "require_ssl": true } ], "root_password": "testpasscloudsql", @@ -54482,6 +61828,28 @@ resources: "name": "my-username", "password": "my-password" } + - name: oracleprofile + manifest: |- + { + "connection_profile_id": "my-profileid", + "display_name": "my-profileid_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "oracle": [ + { + "database_service": "dbprovider", + "host": "host", + "password": "password", + "port": 1521, + "static_service_ip_connectivity": [ + {} + ], + "username": "username" + } + ] + } - name: alloydbprofile manifest: |- { @@ -54513,7 +61881,7 @@ resources: ] } ], - "vpc_network": "${data.google_compute_network.default.id}" + "vpc_network": "${google_compute_network.default.id}" } ] } @@ -54529,19 +61897,23 @@ resources: "location": "us-central1" } references: - alloydb.settings.vpc_network: data.google_compute_network.default.id + alloydb.settings.vpc_network: google_compute_network.default.id dependencies: google_compute_global_address.private_ip_alloc: |- { "address_type": "INTERNAL", "name": "private-ip-alloc", - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.default: |- + { + "name": "vpc-network" + } google_service_networking_connection.vpc_connection: |- { - "network": "${data.google_compute_network.default.id}", + "network": "${google_compute_network.default.id}", "reserved_peering_ranges": [ "${google_compute_global_address.private_ip_alloc.name}" ], @@ -54616,6 +61988,7 @@ resources: - (Optional) The connection profile display name. + effective_labels: for all of the labels present on the resource. error: |- - Output only. The error details in case of state FAILED. @@ -54632,6 +62005,28 @@ resources: - (Output) Human readable message indicating details about the current status. + forward_ssh_connectivity.hostname: |- + - + (Required) + Required. Hostname for the SSH tunnel. + forward_ssh_connectivity.password: |- + - + (Optional) + Input only. SSH password. Only one of password and private_key can be configured. + Note: This property is sensitive and will not be displayed in the plan. + forward_ssh_connectivity.port: |- + - + (Required) + Port for the SSH tunnel, default value is 22. + forward_ssh_connectivity.private_key: |- + - + (Optional) + Input only. SSH private key. Only one of password and private_key can be configured. + Note: This property is sensitive and will not be displayed in the plan. + forward_ssh_connectivity.username: |- + - + (Required) + Required. Username for the SSH tunnel. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}' initial_user.password: |- - @@ -54715,6 +62110,57 @@ resources: name: |- - The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}. + oracle: |- + - + (Optional) + Specifies connection parameters required specifically for Oracle databases. + Structure is documented below. + oracle.database_service: |- + - + (Required) + Required. Database service for the Oracle connection. + oracle.forward_ssh_connectivity: |- + - + (Optional) + SSL configuration for the destination to connect to the source database. + Structure is documented below. + oracle.host: |- + - + (Required) + Required. The IP or hostname of the source Oracle database. + oracle.password: |- + - + (Required) + Required. Input only. The password for the user that Database Migration Service will be using to connect to the database. + This field is not returned on request, and the value is encrypted when stored in Database Migration Service. + Note: This property is sensitive and will not be displayed in the plan. + oracle.password_set: |- + - + (Output) + Output only. Indicates If this connection profile password is stored. + oracle.port: |- + - + (Required) + Required. The network port of the source Oracle database. + oracle.private_connectivity: |- + - + (Optional) + Configuration for using a private network to communicate with the source database + Structure is documented below. + oracle.ssl: |- + - + (Optional) + SSL configuration for the destination to connect to the source database. + Structure is documented below. + oracle.static_service_ip_connectivity: |- + - + (Optional) + This object has no nested fields. + Static IP address connectivity configured on service project. + oracle.username: |- + - + (Required) + Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. postgresql: |- - (Optional) @@ -54776,6 +62222,10 @@ resources: - (Output) Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application. + private_connectivity.private_connection: |- + - + (Required) + Required. The resource name (URI) of the private connection. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -54815,6 +62265,11 @@ resources: (Optional) The database engine type and version. Currently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion + settings.edition: |- + - + (Optional) + The edition of the given Cloud SQL instance. + Possible values are: ENTERPRISE, ENTERPRISE_PLUS. settings.initial_user: |- - (Required) @@ -54894,8 +62349,103 @@ resources: state: |- - The current connection profile state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 60 minutes.' importStatements: [] + google_database_migration_service_private_connection: + subCategory: DatabaseMigrationService + description: The PrivateConnection resource is used to establish private connectivity between Database Migration Service and a customer's network. + name: google_database_migration_service_private_connection + title: "" + examples: + - name: default + manifest: |- + { + "display_name": "dbms_pc", + "labels": { + "key": "value" + }, + "location": "us-central1", + "private_connection_id": "my-connection", + "vpc_peering_config": [ + { + "subnet": "10.0.0.0/29", + "vpc_name": "${data.google_compute_network.default.id}" + } + ] + } + references: + vpc_peering_config.vpc_name: data.google_compute_network.default.id + argumentDocs: + create: '- Default is 60 minutes.' + delete: '- Default is 60 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + error: |- + - + The PrivateConnection error in case of failure. + Structure is documented below. + error.details: |- + - + (Optional) + A list of messages that carry the error details. + error.message: |- + - + (Optional) + A message containing more information about the error that occurred. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' + location: |- + - + (Required) + The name of the location this private connection is located in. + name: |- + - + The resource's name. + private_connection_id: |- + - + (Required) + The private connectivity identifier. + state: |- + - + State of the PrivateConnection. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + vpc_peering_config: |- + - + (Required) + The VPC Peering configuration is used to create VPC peering + between databasemigrationservice and the consumer's VPC. + Structure is documented below. + vpc_peering_config.display_name: |- + - + (Optional) + Display name. + vpc_peering_config.labels: |- + - + (Optional) + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + vpc_peering_config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + vpc_peering_config.subnet: |- + - + (Required) + A free subnet for peering. (CIDR of /29) + vpc_peering_config.vpc_name: |- + - + (Required) + Fully qualified name of the VPC that Database Migration Service will peer to. + Format: projects/{project}/global/{networks}/{name} + importStatements: [] google_dataflow_flex_template_job: subCategory: Dataflow description: Creates a job in Dataflow based on a Flex Template. @@ -54942,14 +62492,15 @@ resources: container_spec_gcs_path: |- - (Required) The GCS path to the Dataflow job Flex Template. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. job_id: '- The unique ID of this job.' labels: |- - (Optional) User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. - NOTE: Google-provided Dataflow templates often provide default labels - that begin with goog-dataflow-provided. Unless explicitly set in config, these - labels will be ignored to prevent diffs on re-apply. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. name: '- (Required) A unique name for the resource, required by Dataflow.' on_delete: |- - (Optional) One of "drain" or "cancel". Specifies behavior of @@ -54967,6 +62518,9 @@ resources: treat DRAINING and CANCELLING as terminal states when deleting the resource, and will remove the resource from terraform state and move on. See above note. state: '- The current state of the resource, selected from the JobState enum' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. importStatements: [] google_dataflow_job: subCategory: Dataflow @@ -55021,6 +62575,9 @@ resources: } argumentDocs: additional_experiments: '- (Optional) List of experiments that should be used by the job. An example value is ["enable_stackdriver_agent_metrics"].' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. enable_streaming_engine: '- (Optional) Enable/disable the use of Streaming Engine for the job. Note that Streaming Engine is enabled by default for pipelines developed against the Beam SDK for Python v2.21.0 or later when using Python 3.' ip_configuration: '- (Optional) The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" or "WORKER_IP_PRIVATE".' job_id: '- The unique ID of this job.' @@ -55028,8 +62585,7 @@ resources: labels: |- - (Optional) User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. - NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. machine_type: '- (Optional) The machine type to use for the job.' max_workers: '- (Optional) The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.' name: '- (Required) A unique name for the resource, required by Dataflow.' @@ -55044,6 +62600,9 @@ resources: subnetwork: '- (Optional) The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK". If the subnetwork is located in a Shared VPC network, you must use the complete URL. For example "googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET_NAME"' temp_gcs_location: '- (Required) A writeable location on GCS for the Dataflow job to dump its temporary data.' template_gcs_path: '- (Required) The GCS path to the Dataflow job template.' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. transform_name_mapping: '- (Optional) Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job. This field is not used outside of update.' type: '- The type of this job, selected from the JobType enum' zone: '- (Optional) The zone in which the created job should run. If it is not provided, the provider zone is used.' @@ -55057,6 +62616,7 @@ resources: - name: dataform_respository manifest: |- { + "display_name": "dataform_repository", "git_remote_settings": [ { "authentication_token_secret_version": "${google_secret_manager_secret_version.secret_version.id}", @@ -55064,7 +62624,11 @@ resources: "url": "${google_sourcerepo_repository.git_repository.url}" } ], + "labels": { + "label_foo1": "label-bar1" + }, "name": "dataform_repository", + "npmrc_environment_variables_secret_version": "${google_secret_manager_secret_version.secret_version.id}", "provider": "${google-beta}", "workspace_compilation_overrides": [ { @@ -55077,6 +62641,7 @@ resources: references: git_remote_settings.authentication_token_secret_version: google_secret_manager_secret_version.secret_version.id git_remote_settings.url: google_sourcerepo_repository.git_repository.url + npmrc_environment_variables_secret_version: google_secret_manager_secret_version.secret_version.id provider: google-beta dependencies: google_secret_manager_secret.secret: |- @@ -55084,10 +62649,66 @@ resources: "provider": "${google-beta}", "replication": [ { - "automatic": true + "auto": [ + {} + ] + } + ], + "secret_id": "my-secret" + } + google_secret_manager_secret_version.secret_version: |- + { + "provider": "${google-beta}", + "secret": "${google_secret_manager_secret.secret.id}", + "secret_data": "secret-data" + } + google_sourcerepo_repository.git_repository: |- + { + "name": "my/repository", + "provider": "${google-beta}" + } + - name: dataform_respository + manifest: |- + { + "git_remote_settings": [ + { + "default_branch": "main", + "ssh_authentication_config": [ + { + "host_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU", + "user_private_key_secret_version": "${google_secret_manager_secret_version.secret_version.id}" } ], - "secret_id": "secret" + "url": "${google_sourcerepo_repository.git_repository.url}" + } + ], + "name": "dataform_repository", + "provider": "${google-beta}", + "service_account": "1234567890-compute@developer.gserviceaccount.com", + "workspace_compilation_overrides": [ + { + "default_database": "database", + "schema_suffix": "_suffix", + "table_prefix": "prefix_" + } + ] + } + references: + git_remote_settings.ssh_authentication_config.user_private_key_secret_version: google_secret_manager_secret_version.secret_version.id + git_remote_settings.url: google_sourcerepo_repository.git_repository.url + provider: google-beta + dependencies: + google_secret_manager_secret.secret: |- + { + "provider": "${google-beta}", + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "my-secret" } google_secret_manager_secret_version.secret_version: |- { @@ -55103,6 +62724,11 @@ resources: argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + Optional. The repository's user-friendly name. + effective_labels: for all of the labels present on the resource. git_remote_settings: |- - (Optional) @@ -55110,12 +62736,17 @@ resources: Structure is documented below. git_remote_settings.authentication_token_secret_version: |- - - (Required) - The name of the Secret Manager secret version to use as an authentication token for Git operations. Must be in the format projects//secrets//versions/*. + (Optional) + The name of the Secret Manager secret version to use as an authentication token for Git operations. This secret is for assigning with HTTPS only(for SSH use ssh_authentication_config). Must be in the format projects//secrets//versions/*. git_remote_settings.default_branch: |- - (Required) The Git remote's default branch name. + git_remote_settings.ssh_authentication_config: |- + - + (Optional) + Authentication fields for remote uris using SSH protocol. + Structure is documented below. git_remote_settings.token_status: |- - (Output) @@ -55125,10 +62756,19 @@ resources: (Required) The Git remote's URL. id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/repositories/{{name}}' + labels: |- + - + (Optional) + Optional. Repository user labels. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. name: |- - (Required) The repository's name. + npmrc_environment_variables_secret_version: |- + - + (Optional) + Optional. The name of the Secret Manager secret version to be used to interpolate variables into the .npmrc file for package installation operations. Must be in the format projects//secrets//versions/*. The file itself must be in a JSON format. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -55136,24 +62776,487 @@ resources: - (Optional) A reference to the region + service_account: |- + - + (Optional) + The service account to run workflow invocations under. + ssh_authentication_config.host_public_key: |- + - + (Required) + Content of a public SSH key to verify an identity of a remote Git host. + ssh_authentication_config.user_private_key_secret_version: |- + - + (Required) + The name of the Secret Manager secret version to use as a ssh private key for Git operations. Must be in the format projects//secrets//versions/*. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' workspace_compilation_overrides: |- - (Optional) - Optional. If set, fields of workspaceCompilationOverrides override the default compilation settings that are specified in dataform.json when creating workspace-scoped compilation results. + If set, fields of workspaceCompilationOverrides override the default compilation settings that are specified in dataform.json when creating workspace-scoped compilation results. Structure is documented below. workspace_compilation_overrides.default_database: |- - (Optional) - Optional. The default database (Google Cloud project ID). + The default database (Google Cloud project ID). workspace_compilation_overrides.schema_suffix: |- - (Optional) - Optional. The suffix that should be appended to all schema (BigQuery dataset ID) names. + The suffix that should be appended to all schema (BigQuery dataset ID) names. workspace_compilation_overrides.table_prefix: |- + - + (Optional) + The prefix that should be prepended to all table names. + importStatements: [] + google_dataform_repository_iam_policy: + subCategory: Dataform + description: Collection of resources to manage IAM policy for Dataform Repository + name: google_dataform_repository_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_dataform_repository.dataform_respository.project}", + "provider": "${google-beta}", + "region": "${google_dataform_repository.dataform_respository.region}", + "repository": "${google_dataform_repository.dataform_respository.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_dataform_repository.dataform_respository.project + provider: google-beta + region: google_dataform_repository.dataform_respository.region + repository: google_dataform_repository.dataform_respository.name + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_dataform_repository_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.' + google_dataform_repository_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.' + google_dataform_repository_iam_policy: ': Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_dataform_repository_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + region: |- + - (Optional) A reference to the region Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no + region is specified, it is taken from the provider configuration. + repository: '- (Required) Used to find the parent resource to bind the IAM policy to' + role: |- + - (Required) The role that should be applied. Only one + google_dataform_repository_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_dataform_repository_release_config: + subCategory: Dataform + description: A resource represents a Dataform release configuration + name: google_dataform_repository_release_config + title: "" + examples: + - name: release + manifest: |- + { + "code_compilation_config": [ + { + "assertion_schema": "example-assertion-dataset", + "database_suffix": "", + "default_database": "gcp-example-project", + "default_location": "us-central1", + "default_schema": "example-dataset", + "schema_suffix": "", + "table_prefix": "", + "vars": { + "var1": "value" + } + } + ], + "cron_schedule": "0 7 * * *", + "git_commitish": "main", + "name": "my_release", + "project": "${google_dataform_repository.repository.project}", + "provider": "${google-beta}", + "region": "${google_dataform_repository.repository.region}", + "repository": "${google_dataform_repository.repository.name}", + "time_zone": "America/New_York" + } + references: + project: google_dataform_repository.repository.project + provider: google-beta + region: google_dataform_repository.repository.region + repository: google_dataform_repository.repository.name + dependencies: + google_dataform_repository.repository: |- + { + "git_remote_settings": [ + { + "authentication_token_secret_version": "${google_secret_manager_secret_version.secret_version.id}", + "default_branch": "main", + "url": "${google_sourcerepo_repository.git_repository.url}" + } + ], + "name": "dataform_repository", + "provider": "${google-beta}", + "region": "us-central1", + "workspace_compilation_overrides": [ + { + "default_database": "database", + "schema_suffix": "_suffix", + "table_prefix": "prefix_" + } + ] + } + google_secret_manager_secret.secret: |- + { + "provider": "${google-beta}", + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "my_secret" + } + google_secret_manager_secret_version.secret_version: |- + { + "provider": "${google-beta}", + "secret": "${google_secret_manager_secret.secret.id}", + "secret_data": "secret-data" + } + google_sourcerepo_repository.git_repository: |- + { + "name": "my/repository", + "provider": "${google-beta}" + } + argumentDocs: + code_compilation_config: |- + - + (Optional) + Optional. If set, fields of codeCompilationConfig override the default compilation settings that are specified in dataform.json. + Structure is documented below. + code_compilation_config.assertion_schema: |- + - + (Optional) + Optional. The default schema (BigQuery dataset ID) for assertions. + code_compilation_config.database_suffix: |- + - + (Optional) + Optional. The suffix that should be appended to all database (Google Cloud project ID) names. + code_compilation_config.default_database: |- + - + (Optional) + Optional. The default database (Google Cloud project ID). + code_compilation_config.default_location: |- + - + (Optional) + Optional. The default BigQuery location to use. Defaults to "US". + See the BigQuery docs for a full list of locations: https://cloud.google.com/bigquery/docs/locations. + code_compilation_config.default_schema: |- + - + (Optional) + Optional. The default schema (BigQuery dataset ID). + code_compilation_config.schema_suffix: |- + - + (Optional) + Optional. The suffix that should be appended to all schema (BigQuery dataset ID) names. + code_compilation_config.table_prefix: |- - (Optional) Optional. The prefix that should be prepended to all table names. + code_compilation_config.vars: |- + - + (Optional) + Optional. User-defined variables that are made available to project code during compilation. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + create: '- Default is 20 minutes.' + cron_schedule: |- + - + (Optional) + Optional. Optional schedule (in cron format) for automatic creation of compilation results. + delete: '- Default is 20 minutes.' + error_status.code: |- + - + (Output) + The status code, which should be an enum value of google.rpc.Code. + error_status.message: |- + - + (Output) + A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. + git_commitish: |- + - + (Required) + Git commit/tag/branch name at which the repository should be compiled. Must exist in the remote repository. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}' + name: |- + - + (Required) + The release's name. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + recent_scheduled_release_records: |- + - + Records of the 10 most recent scheduled release attempts, ordered in in descending order of releaseTime. Updated whenever automatic creation of a compilation result is triggered by cronSchedule. + Structure is documented below. + recent_scheduled_release_records.compilation_result: |- + - + (Output) + The name of the created compilation result, if one was successfully created. Must be in the format projects//locations//repositories//compilationResults/. + recent_scheduled_release_records.error_status: |- + - + (Output) + The error status encountered upon this attempt to create the compilation result, if the attempt was unsuccessful. + Structure is documented below. + recent_scheduled_release_records.release_time: |- + - + (Output) + The timestamp of this release attempt. + region: |- + - + (Optional) + A reference to the region + repository: |- + - + (Optional) + A reference to the Dataform repository + time_zone: |- + - + (Optional) + Optional. Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). If left unspecified, the default is UTC. + update: '- Default is 20 minutes.' + importStatements: [] + google_dataform_repository_workflow_config: + subCategory: Dataform + description: A resource represents a Dataform workflow configuration + name: google_dataform_repository_workflow_config + title: "" + examples: + - name: workflow + manifest: |- + { + "cron_schedule": "0 7 * * *", + "invocation_config": [ + { + "fully_refresh_incremental_tables_enabled": false, + "included_tags": [ + "tag_1" + ], + "included_targets": [ + { + "database": "gcp-example-project", + "name": "target_1", + "schema": "example-dataset" + }, + { + "database": "gcp-example-project", + "name": "target_2", + "schema": "example-dataset" + } + ], + "service_account": "${google_service_account.dataform_sa.email}", + "transitive_dependencies_included": true, + "transitive_dependents_included": true + } + ], + "name": "my_workflow", + "project": "${google_dataform_repository.repository.project}", + "provider": "${google-beta}", + "region": "${google_dataform_repository.repository.region}", + "release_config": "${google_dataform_repository_release_config.release_config.id}", + "repository": "${google_dataform_repository.repository.name}", + "time_zone": "America/New_York" + } + references: + invocation_config.service_account: google_service_account.dataform_sa.email + project: google_dataform_repository.repository.project + provider: google-beta + region: google_dataform_repository.repository.region + release_config: google_dataform_repository_release_config.release_config.id + repository: google_dataform_repository.repository.name + dependencies: + google_dataform_repository.repository: |- + { + "git_remote_settings": [ + { + "authentication_token_secret_version": "${google_secret_manager_secret_version.secret_version.id}", + "default_branch": "main", + "url": "${google_sourcerepo_repository.git_repository.url}" + } + ], + "name": "dataform_repository", + "provider": "${google-beta}", + "region": "us-central1", + "workspace_compilation_overrides": [ + { + "default_database": "database", + "schema_suffix": "_suffix", + "table_prefix": "prefix_" + } + ] + } + google_dataform_repository_release_config.release_config: |- + { + "code_compilation_config": [ + { + "assertion_schema": "example-assertion-dataset", + "database_suffix": "", + "default_database": "gcp-example-project", + "default_location": "us-central1", + "default_schema": "example-dataset", + "schema_suffix": "", + "table_prefix": "", + "vars": { + "var1": "value" + } + } + ], + "cron_schedule": "0 7 * * *", + "git_commitish": "main", + "name": "my_release", + "project": "${google_dataform_repository.repository.project}", + "provider": "${google-beta}", + "region": "${google_dataform_repository.repository.region}", + "repository": "${google_dataform_repository.repository.name}", + "time_zone": "America/New_York" + } + google_secret_manager_secret.secret: |- + { + "provider": "${google-beta}", + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "my_secret" + } + google_secret_manager_secret_version.secret_version: |- + { + "provider": "${google-beta}", + "secret": "${google_secret_manager_secret.secret.id}", + "secret_data": "secret-data" + } + google_service_account.dataform_sa: |- + { + "account_id": "dataform-sa", + "display_name": "Dataform Service Account", + "provider": "${google-beta}" + } + google_sourcerepo_repository.git_repository: |- + { + "name": "my/repository", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + cron_schedule: |- + - + (Optional) + Optional. Optional schedule (in cron format) for automatic creation of compilation results. + delete: '- Default is 20 minutes.' + error_status.code: |- + - + (Output) + The status code, which should be an enum value of google.rpc.Code. + error_status.message: |- + - + (Output) + A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}' + included_targets.database: |- + - + (Optional) + The action's database (Google Cloud project ID). + included_targets.name: |- + - + (Optional) + The action's name, within database and schema. + included_targets.schema: |- + - + (Optional) + The action's schema (BigQuery dataset ID), within database. + invocation_config: |- + - + (Optional) + Optional. If left unset, a default InvocationConfig will be used. + Structure is documented below. + invocation_config.fully_refresh_incremental_tables_enabled: |- + - + (Optional) + Optional. When set to true, any incremental tables will be fully refreshed. + invocation_config.included_tags: |- + - + (Optional) + Optional. The set of tags to include. + invocation_config.included_targets: |- + - + (Optional) + Optional. The set of action identifiers to include. + Structure is documented below. + invocation_config.service_account: |- + - + (Optional) + Optional. The service account to run workflow invocations under. + invocation_config.transitive_dependencies_included: |- + - + (Optional) + Optional. When set to true, transitive dependencies of included actions will be executed. + invocation_config.transitive_dependents_included: |- + - + (Optional) + Optional. When set to true, transitive dependents of included actions will be executed. + name: |- + - + (Required) + The workflow's name. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + recent_scheduled_execution_records: |- + - + Records of the 10 most recent scheduled execution attempts, ordered in in descending order of executionTime. Updated whenever automatic creation of a workflow invocation is triggered by cronSchedule. + Structure is documented below. + recent_scheduled_execution_records.error_status: |- + - + (Output) + The error status encountered upon this attempt to create the workflow invocation, if the attempt was unsuccessful. + Structure is documented below. + recent_scheduled_execution_records.execution_time: |- + - + (Output) + The timestamp of this workflow attempt. + recent_scheduled_execution_records.workflow_invocation: |- + - + (Output) + The name of the created workflow invocation, if one was successfully created. In the format projects//locations//repositories//workflowInvocations/. + region: |- + - + (Optional) + A reference to the region + release_config: |- + - + (Required) + The name of the release config whose releaseCompilationResult should be executed. Must be in the format projects//locations//repositories//releaseConfigs/. + repository: |- + - + (Optional) + A reference to the Dataform repository + time_zone: |- + - + (Optional) + Optional. Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). If left unspecified, the default is UTC. + update: '- Default is 20 minutes.' importStatements: [] google_dataplex_asset: subCategory: Dataplex @@ -55173,6 +63276,10 @@ resources: "enabled": false } ], + "labels": { + "env": "foo", + "my-asset": "exists" + }, "lake": "${google_dataplex_lake.basic_lake.name}", "location": "us-west1", "name": "asset", @@ -55283,6 +63390,9 @@ resources: discovery_status: |- - Output only. Status of the discovery feature applied to data referenced by this asset. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}' json_options.disable_type_inference: |- - @@ -55328,6 +63438,10 @@ resources: - (Optional) The project for the resource + resource_spec.read_access_mode: |- + - + (Optional) + Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED resource_spec.type: |- - (Required) @@ -55341,6 +63455,9 @@ resources: state: |- - Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. uid: |- - Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name. @@ -55409,7 +63526,7 @@ resources: "data_profile_spec": [ {} ], - "data_scan_id": "tf-test-datascan", + "data_scan_id": "dataprofile-basic", "execution_spec": [ { "trigger": [ @@ -55434,19 +63551,45 @@ resources: ], "data_profile_spec": [ { - "row_filter": "word_count \u003e 10", - "sampling_percent": 80 - } - ], - "data_scan_id": "tf-test-datascan", - "description": "Example resource - Full Datascan Profile", - "display_name": "Full Datascan Profile", - "execution_spec": [ - { - "trigger": [ + "exclude_fields": [ { - "schedule": [ - { + "field_names": [ + "property_type" + ] + } + ], + "include_fields": [ + { + "field_names": [ + "word_count" + ] + } + ], + "post_scan_actions": [ + { + "bigquery_export": [ + { + "results_table": "//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export" + } + ] + } + ], + "row_filter": "word_count \u003e 10", + "sampling_percent": 80 + } + ], + "data_scan_id": "dataprofile-full", + "depends_on": [ + "${google_bigquery_dataset.source}" + ], + "description": "Example resource - Full Datascan Profile", + "display_name": "Full Datascan Profile", + "execution_spec": [ + { + "trigger": [ + { + "schedule": [ + { "cron": "TZ=America/New_York 1 1 * * *" } ] @@ -55460,6 +63603,15 @@ resources: "location": "us-central1", "project": "my-project-name" } + dependencies: + google_bigquery_dataset.source: |- + { + "dataset_id": "dataplex_dataset", + "delete_contents_on_destroy": true, + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } - name: basic_quality manifest: |- { @@ -55472,7 +63624,9 @@ resources: { "rules": [ { + "description": "rule 1 for validity dimension", "dimension": "VALIDITY", + "name": "rule1", "table_condition_expectation": [ { "sql_expression": "COUNT(*) \u003e 0" @@ -55482,7 +63636,7 @@ resources: ] } ], - "data_scan_id": "tf-test-datascan", + "data_scan_id": "dataquality-basic", "execution_spec": [ { "trigger": [ @@ -55595,7 +63749,7 @@ resources: "sampling_percent": 5 } ], - "data_scan_id": "tf-test-datascan", + "data_scan_id": "dataquality-full", "description": "Example resource - Full Datascan Quality", "display_name": "Full Datascan Quality", "execution_spec": [ @@ -55637,23 +63791,22 @@ resources: (Optional) The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be: (Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type "TABLE" for DataProfileScan/DataQualityScan. - data_profile_result: |- + data_profile_spec.exclude_fields: |- - - The result of the data profile scan. + (Optional) + The fields to exclude from data profile. + If specified, the fields will be excluded from data profile, regardless of include_fields value. Structure is documented below. - data_profile_result.profile: |- + data_profile_spec.include_fields: |- - - (Output) - The profile information per field. + (Optional) + The fields to include in data profile. + If not specified, all fields at the time of profile scan job execution are included, except for ones listed in exclude_fields. Structure is documented below. - data_profile_result.row_count: |- + data_profile_spec.post_scan_actions: |- - (Optional) - The count of rows scanned. - data_profile_result.scanned_data: |- - - - (Output) - The data scanned for this result. + Actions to take upon job completion. Structure is documented below. data_profile_spec.row_filter: |- - @@ -55663,32 +63816,12 @@ resources: - (Optional) The percentage of the records to be selected from the dataset for DataScan. - data_quality_result: |- - - - The result of the data quality scan. - Structure is documented below. - data_quality_result.dimensions: |- + Value can range between 0.0 and 100.0 with up to 3 significant decimal digits. + Sampling is not applied if sampling_percent is not specified, 0 or 100. + data_quality_spec.post_scan_actions: |- - (Optional) - A list of results at the dimension level. - Structure is documented below. - data_quality_result.passed: |- - - - (Output) - Overall data quality result -- true if all rules passed. - data_quality_result.row_count: |- - - - (Output) - The count of rows processed. - data_quality_result.rules: |- - - - (Output) - A list of all the rules in a job, and their results. - Structure is documented below. - data_quality_result.scanned_data: |- - - - (Output) - The data scanned for this result. + Actions to take upon job completion. Structure is documented below. data_quality_spec.row_filter: |- - @@ -55703,35 +63836,22 @@ resources: - (Optional) The percentage of the records to be selected from the dataset for DataScan. + Value can range between 0.0 and 100.0 with up to 3 significant decimal digits. + Sampling is not applied if sampling_percent is not specified, 0 or 100. data_scan_id: |- - (Required) DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter. delete: '- Default is 5 minutes.' - dimensions.passed: |- - - - (Optional) - Whether the dimension passed or failed. - double_profile.average: |- - - - (Optional) - Average of non-null values in the scanned data. NaN, if the field has a NaN. - double_profile.max: |- - - - (Optional) - Maximum of non-null values in the scanned data. NaN, if the field has a NaN. - double_profile.min: |- + effective_labels: |- - - (Optional) - Minimum of non-null values in the scanned data. NaN, if the field has a NaN. - double_profile.quartiles: |- - - - (Optional) - A quartile divides the number of data points into four parts, or quarters, of more-or-less equal size. Three main quartiles used are: The first quartile (Q1) splits off the lowest 25% of data from the highest 75%. It is also known as the lower or 25th empirical quartile, as 25% of the data is below this point. The second quartile (Q2) is the median of a data set. So, 50% of the data lies below this point. The third quartile (Q3) splits off the highest 25% of data from the lowest 75%. It is known as the upper or 75th empirical quartile, as 75% of the data lies below this point. Here, the quartiles is provided as an ordered list of quartile values for the scanned data, occurring in order Q1, median, Q3. - double_profile.standard_deviation: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + exclude_fields.field_names: |- - (Optional) - Standard deviation of non-null values in the scanned data. NaN, if the field has a NaN. + Expected input is a list of fully qualified names of fields as in the schema. + Only top-level field names for nested fields are supported. + For instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'. execution_spec: |- - (Required) @@ -55759,26 +63879,12 @@ resources: (Output) The time when the latest DataScanJob ended. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}' - integer_profile.average: |- - - - (Optional) - Average of non-null values in the scanned data. NaN, if the field has a NaN. - integer_profile.max: |- - - - (Optional) - Maximum of non-null values in the scanned data. NaN, if the field has a NaN. - integer_profile.min: |- - - - (Optional) - Minimum of non-null values in the scanned data. NaN, if the field has a NaN. - integer_profile.quartiles: |- - - - (Optional) - A quartile divides the number of data points into four parts, or quarters, of more-or-less equal size. Three main quartiles used are: The first quartile (Q1) splits off the lowest 25% of data from the highest 75%. It is also known as the lower or 25th empirical quartile, as 25% of the data is below this point. The second quartile (Q2) is the median of a data set. So, 50% of the data lies below this point. The third quartile (Q3) splits off the highest 25% of data from the lowest 75%. It is known as the upper or 75th empirical quartile, as 75% of the data lies below this point. Here, the quartiles is provided as an ordered list of quartile values for the scanned data, occurring in order Q1, median, Q3. - integer_profile.standard_deviation: |- + include_fields.field_names: |- - (Optional) - Standard deviation of non-null values in the scanned data. NaN, if the field has a NaN. + Expected input is a list of fully qualified names of fields as in the schema. + Only top-level field names for nested fields are supported. + For instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'. location: |- - (Required) @@ -55786,56 +63892,16 @@ resources: name: |- - The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region. - profile.distinct_ratio: |- + post_scan_actions.bigquery_export: |- - (Optional) - Ratio of rows with distinct values against total scanned rows. Not available for complex non-groupable field type RECORD and fields with REPEATABLE mode. - profile.double_profile: |- - - - (Output) - Double type field information. + If set, results will be exported to the provided BigQuery table. Structure is documented below. - profile.fields: |- + post_scan_actions.bigquery_export.results_table: |- - (Optional) - List of fields with structural and profile information for each field. - Structure is documented below. - profile.fields.mode: |- - - - (Optional) - The mode of the field. Possible values include: - profile.fields.name: |- - - - (Optional) - The name of the field. - profile.fields.profile: |- - - - (Optional) - Profile information for the corresponding field. - Structure is documented below. - profile.fields.type: |- - - - (Optional) - The field data type. - profile.integer_profile: |- - - - (Output) - Integer type field information. - Structure is documented below. - profile.null_ratio: |- - - - (Output) - Ratio of rows with null value against total scanned rows. - profile.string_profile: |- - - - (Output) - String type field information. - Structure is documented below. - profile.top_n_values: |- - - - (Optional) - The list of top N non-null values and number of times they occur in the scanned data. N is 10 or equal to the number of distinct values in the field, whichever is smaller. Not available for complex non-groupable field type RECORD and fields with REPEATABLE mode. - Structure is documented below. + The BigQuery table to export DataQualityScan results to. + Format://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID range_expectation.max_value: |- - (Optional) @@ -55862,101 +63928,35 @@ resources: - (Required) The SQL expression. - rule.column: |- + rules.column: |- - (Optional) The unnested column which this rule is evaluated against. - rule.dimension: |- - - - (Optional) - The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are ["COMPLETENESS", "ACCURACY", "CONSISTENCY", "VALIDITY", "UNIQUENESS", "INTEGRITY"] - rule.ignore_null: |- - - - (Optional) - Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules. - rule.non_null_expectation: |- - - - (Output) - ColumnMap rule which evaluates whether each column value is null. - rule.range_expectation: |- - - - (Output) - ColumnMap rule which evaluates whether each column value lies between a specified range. - Structure is documented below. - rule.regex_expectation: |- - - - (Output) - ColumnMap rule which evaluates whether each column value matches a specified regex. - Structure is documented below. - rule.row_condition_expectation: |- - - - (Output) - Table rule which evaluates whether each row passes the specified condition. - Structure is documented below. - rule.set_expectation: |- - - - (Output) - ColumnMap rule which evaluates whether each column value is contained by a specified set. - Structure is documented below. - rule.statistic_range_expectation: |- - - - (Output) - ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range. - Structure is documented below. - rule.table_condition_expectation: |- - - - (Output) - Table rule which evaluates whether the provided expression is true. - Structure is documented below. - rule.threshold: |- - - - (Optional) - The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0). - rule.uniqueness_expectation: |- - - - (Output) - ColumnAggregate rule which evaluates whether the column has duplicates. - rules.column: |- + rules.description: |- - (Optional) - The unnested column which this rule is evaluated against. + Description of the rule. + The maximum length is 1,024 characters. rules.dimension: |- - (Required) The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are ["COMPLETENESS", "ACCURACY", "CONSISTENCY", "VALIDITY", "UNIQUENESS", "INTEGRITY"] - rules.evaluated_count: |- - - - (Output) - The number of rows a rule was evaluated against. This field is only valid for ColumnMap type rules. - Evaluated count can be configured to either - rules.failing_rows_query: |- - - - (Output) - The query to find rows that did not pass this rule. Only applies to ColumnMap and RowCondition rules. rules.ignore_null: |- - (Optional) Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules. + rules.name: |- + - + (Optional) + A mutable name for the rule. + The name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-). + The maximum length is 63 characters. + Must start with a letter. + Must end with a number or a letter. rules.non_null_expectation: |- - (Optional) ColumnMap rule which evaluates whether each column value is null. - rules.null_count: |- - - - (Output) - The number of rows with null values in the specified column. - rules.pass_ratio: |- - - - (Output) - The ratio of passedCount / evaluatedCount. This field is only valid for ColumnMap type rules. - rules.passed: |- - - - (Output) - Whether the rule passed or failed. - rules.passed_count: |- - - - (Output) - The number of rows which passed a rule evaluation. This field is only valid for ColumnMap type rules. rules.range_expectation: |- - (Optional) @@ -55972,11 +63972,6 @@ resources: (Optional) Table rule which evaluates whether each row passes the specified condition. Structure is documented below. - rules.rule: |- - - - (Output) - The rule specified in the DataQualitySpec, as is. - Structure is documented below. rules.set_expectation: |- - (Optional) @@ -55999,24 +63994,7 @@ resources: rules.uniqueness_expectation: |- - (Optional) - ColumnAggregate rule which evaluates whether the column has duplicates. - scanned_data.incremental_field: |- - - - (Optional) - The range denoted by values of an incremental field - Structure is documented below. - scanned_data.incremental_field.end: |- - - - (Optional) - Value that marks the end of the range. - scanned_data.incremental_field.field: |- - - - (Optional) - The field that contains values which monotonically increases over time (e.g. a timestamp column). - scanned_data.incremental_field.start: |- - - - (Optional) - Value that marks the start of the range. + Row-level rule which evaluates whether each column value is unique. schedule.cron: |- - (Required) @@ -56039,6 +64017,7 @@ resources: - (Optional) User friendly display name. + schedule.effective_labels: for all of the labels present on the resource. schedule.labels: |- - (Optional) @@ -56078,30 +64057,14 @@ resources: (Optional) Whether column statistic needs to be strictly greater than ('>') the minimum, or if equality is allowed. Only relevant if a minValue has been defined. Default = false. - string_profile.average_length: |- - - - (Optional) - Average length of non-null values in the scanned data. - string_profile.max_length: |- - - - (Optional) - Maximum length of non-null values in the scanned data. - string_profile.min_length: |- - - - (Optional) - Minimum length of non-null values in the scanned data. table_condition_expectation.sql_expression: |- - (Required) The SQL expression. - top_n_values.count: |- - - - (Optional) - Count of the corresponding value in the scanned data. - top_n_values.value: |- + terraform_labels: |- - - (Optional) - String value of a top N non-null value. + The combination of labels configured directly on the resource + and default labels configured on the provider. trigger.on_demand: |- - (Optional) @@ -56198,6 +64161,9 @@ resources: - (Optional) Optional. User friendly display name. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{name}}' labels: |- - @@ -56232,6 +64198,9 @@ resources: state: |- - Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. uid: |- - Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name. @@ -56523,6 +64492,9 @@ resources: - The time when the task was created. delete: '- Default is 5 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. execution_spec: |- - (Required) @@ -56540,6 +64512,7 @@ resources: - (Optional) User friendly display name. + execution_spec.effective_labels: for all of the labels present on the resource. execution_spec.kms_key: |- - (Optional) @@ -56703,6 +64676,10 @@ resources: state: |- - Current state of the task. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. trigger_spec: |- - (Required) @@ -56890,6 +64867,9 @@ resources: - (Optional) Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, "CRON_TZ=America/New_York 1 * * * *", or "TZ=America/New_York 1 * * * *". + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}' json_options.disable_type_inference: |- - @@ -56938,6 +64918,9 @@ resources: state: |- - Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. type: |- - (Required) @@ -57338,9 +65321,13 @@ resources: argumentDocs: accelerator_count: '- (Required) The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.' accelerator_type: '- (Required) The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.' + accelerators: |- + (Optional) The Compute Engine accelerator (GPU) configuration for these instances. Can be specified + multiple times. autoscaling: |- (Optional) The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present. + auxiliary_node_groups.node_group: '- (Required) Node group configuration.' auxiliary_services_config.metastore_config: (Optional) The Hive Metastore configuration for this workload. auxiliary_services_config.spark_history_server_config: (Optional) The Spark History Server configuration for the workload. boot_disk_size_gb: |- @@ -57383,6 +65370,9 @@ resources: only be removed by setting policy_uri = "", rather than removing the whole block. Structure defined below. cluster_config.autoscaling_config.policy_uri: '- (Required) The autoscaling policy used by the cluster.' + cluster_config.auxiliary_node_groups: |- + (Optional) A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + Structure defined below. cluster_config.dataproc_metric_config: |- (Optional) The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. Structure defined below. @@ -57470,6 +65460,7 @@ resources: (Optional) The Google Compute Engine config settings for the additional instances in a cluster. Structure defined below. cluster_config.preemptible_worker_config.disk_config: (Optional) Disk Config + cluster_config.preemptible_worker_config.instance_flexibility_policy: (Optional) Instance flexibility Policy allowing a mixture of VM shapes and provisioning models. cluster_config.preemptible_worker_config.num_instances: |- - (Optional) Specifies the number of preemptible nodes to create. Defaults to 0. @@ -57522,6 +65513,7 @@ resources: for the master. If not specified, GCP will default to a predetermined computed value for each zone. See the guide for details about which CPU families are available (and defaulted) for each zone. + cluster_config.worker_config.min_num_instances: (Optional) The minimum number of primary worker instances to create. If min_num_instances is set, cluster creation will succeed if the number of primary workers created is at least equal to the min_num_instances number. cluster_config.worker_config.num_instances: |- - (Optional, Computed) Specifies the number of worker nodes to create. If not specified, GCP will default to a predetermined computed value (currently 2). @@ -57554,6 +65546,11 @@ resources: dataproc_metastore_service: (Required) Resource name of an existing Dataproc Metastore service. dataproc_metric_config.metrics: '- (Required) Metrics sources to enable.' delete: '- Default is 45 minutes.' + disk_config: (Optional) Disk Config + effective_labels: |- + - (Computed) The list of labels (key/value pairs) to be applied to + instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name + which is the name of the cluster. enable_kerberos: '- (Optional) Flag to indicate whether to Kerberize the cluster.' encryption_config.kms_key_name: |- - (Required) The Cloud KMS key name to use for PD disk encryption for @@ -57580,6 +65577,7 @@ resources: - (Optional, Computed) The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300). + instance_selection_list: '- (Optional) List of instance selection options that the group will use when creating new VMs.' kdc_db_key_uri: |- - (Optional) The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. @@ -57604,9 +65602,9 @@ resources: If not specified, the name of the Dataproc Cluster is used. kubernetes_cluster_config.kubernetes_software_config: (Required) The software configuration for this Dataproc cluster running on Kubernetes. labels: |- - - (Optional, Computed) The list of labels (key/value pairs) to be applied to - instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - which is the name of the cluster. + - (Optional) The list of labels (key/value pairs) configured on the resource through Terraform and to be applied to + instances in the cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. lifecycle_config.auto_delete_time: |- - (Optional) The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. @@ -57621,6 +65619,7 @@ resources: (Optional) The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located. machine_type: (Optional) The name of a Compute Engine machine type. + machine_types: '- (Optional) Full machine-type names, e.g. "n1-standard-16".' max_node_count: (Optional) The maximum number of nodes in the node pool. Must be >= minNodeCount, and must be > 0. metastore_config.dataproc_metastore_service: '- (Required) Resource name of an existing Dataproc Metastore service.' metric_overrides: '- (Optional) One or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect for the metric course.' @@ -57633,6 +65632,7 @@ resources: name: |- - (Required) The name of the cluster, unique within the project and zone. + node_group_config: '- (Optional) The node group instance group configuration.' node_group_uri: '- (Required) The URI of a sole-tenant node group resource that the cluster will be created on.' node_pool: (Required) The target GKE node pool. node_pool_config: |- @@ -57644,6 +65644,9 @@ resources: (Optional) GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget. Each role can be given to only one GkeNodePoolTarget. All node pools must have the same location settings. + num_instances: |- + - (Optional, Computed) Specifies the number of master nodes to create. + Please set a number greater than 0. Node Group must have at least 1 instance. num_local_ssds: |- - (Optional) The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0. @@ -57661,6 +65664,7 @@ resources: properties: |- (Optional) The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image. + rank: '- (Optional) Preference of this instance selection. A lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference.' realm: |- - (Optional) The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm. @@ -57674,6 +65678,9 @@ resources: - (Required) The Cloud Storage URI of a KMS encrypted file containing the root principal password. spot: (Optional) Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. tgt_lifetime_hours: '- (Optional) The lifetime of the ticket granting ticket, in hours.' truststore_password_uri: |- - (Optional) The Cloud Storage URI of a KMS encrypted file @@ -57833,6 +65840,9 @@ resources: delete: '- (Default 10 minutes) Used for deleting a job from a dataproc cluster.' driver_controls_files_uri: '- If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.' driver_output_resource_uri: '- A URI pointing to the location of the stdout of the job''s driver program.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. force_delete: |- - (Optional) By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the @@ -57855,7 +65865,10 @@ resources: - (Optional) The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri hive_config.script_variables: '- (Optional) Mapping of query variable names to values (equivalent to the Hive command: SET name="value";).' - labels: '- (Optional) The list of labels (key/value pairs) to add to the job.' + labels: |- + - (Optional) The list of labels (key/value pairs) to add to the job. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. pig_config.continue_on_failure: '- (Optional) Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.' pig_config.jar_file_uris: '- (Optional) HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.' pig_config.logging_config.driver_log_levels: '- (Required) The per-package log levels for the driver. This may include ''root'' package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' @@ -57924,6 +65937,9 @@ resources: status.0.state: '- A state message specifying the overall job state.' status.0.state_start_time: '- The time when this state was entered.' status.0.substate: '- Additional state information, which includes status reported by the agent.' + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. xxx_config: |- - (Required) Exactly one of the specific job types to run on the cluster should be specified. If you want to submit multiple jobs, this will @@ -58053,6 +66069,8 @@ resources: - (Optional) User-defined labels for the metastore federation. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. backend_metastores.location: |- - (Optional) @@ -58072,6 +66090,9 @@ resources: backend_metastores.rank: '- (Required) The identifier for this object. Format specified above.' create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. endpoint_uri: |- - The URI of the endpoint used to access the metastore federation. @@ -58091,6 +66112,10 @@ resources: state_message: |- - Additional information about the current state of the metastore federation, if available. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. uid: |- - The globally unique resource identifier of the metastore federation. @@ -58157,6 +66182,9 @@ resources: "version": "2.3.6" } ], + "labels": { + "env": "test" + }, "location": "us-central1", "maintenance_window": [ { @@ -58236,6 +66264,81 @@ resources: "private_ip_google_access": true, "region": "us-central1" } + - name: default + manifest: |- + { + "hive_metastore_config": [ + { + "version": "3.1.2" + } + ], + "location": "us-central1", + "network_config": [ + { + "consumers": [ + { + "subnetwork": "${google_compute_subnetwork.subnet.id}" + } + ], + "custom_routes_enabled": true + } + ], + "provider": "${google-beta}", + "service_id": "metastore-srv" + } + references: + network_config.consumers.subnetwork: google_compute_subnetwork.subnet.id + provider: google-beta + dependencies: + google_compute_network.net: |- + { + "auto_create_subnetworks": false, + "name": "my-network", + "provider": "${google-beta}" + } + google_compute_subnetwork.subnet: |- + { + "ip_cidr_range": "10.0.0.0/22", + "name": "my-subnetwork", + "network": "${google_compute_network.net.id}", + "private_ip_google_access": true, + "provider": "${google-beta}", + "region": "us-central1" + } + - name: dpms2 + manifest: |- + { + "database_type": "SPANNER", + "hive_metastore_config": [ + { + "version": "3.1.2" + } + ], + "location": "us-central1", + "scaling_config": [ + { + "instance_size": "EXTRA_SMALL" + } + ], + "service_id": "ms-dpms2" + } + - name: dpms2_scaling_factor + manifest: |- + { + "database_type": "SPANNER", + "hive_metastore_config": [ + { + "version": "3.1.2" + } + ], + "location": "us-central1", + "scaling_config": [ + { + "scaling_factor": "2" + } + ], + "service_id": "ms-dpms2sf" + } argumentDocs: artifact_gcs_uri: |- - @@ -58250,6 +66353,17 @@ resources: - (Required) The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version. + consumers.endpoint_uri: |- + - + (Output) + The URI of the endpoint used to access the metastore service. + consumers.subnetwork: |- + - + (Required) + The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. + It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. + There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form: + `projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id} create: '- Default is 60 minutes.' database_type: |- - @@ -58258,6 +66372,9 @@ resources: Default value is MYSQL. Possible values are: MYSQL, SPANNER. delete: '- Default is 60 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. encryption_config: |- - (Optional) @@ -58279,7 +66396,7 @@ resources: Structure is documented below. hive_metastore_config.auxiliary_versions: |- - - (Optional, Beta) + (Optional) A mapping of Hive metastore version to the auxiliary version configuration. When specified, a secondary Hive metastore service is created along with the primary service. All auxiliary versions must be less than the service's primary version. @@ -58293,7 +66410,7 @@ resources: The mappings override system defaults (some keys cannot be overridden) hive_metastore_config.endpoint_protocol: |- - - (Optional, Beta) + (Optional) The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. Default value is THRIFT. Possible values are: THRIFT, GRPC. @@ -58329,6 +66446,8 @@ resources: - (Optional) User-defined labels for the metastore service. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -58352,7 +66471,7 @@ resources: The hour of day (0-23) when the window starts. metadata_integration: |- - - (Optional, Beta) + (Optional) The setting that defines how metastore metadata should be integrated with external services and systems. Structure is documented below. metadata_integration.data_catalog_config: |- @@ -58382,17 +66501,10 @@ resources: (Required) The consumer-side network configuration for the Dataproc Metastore instance. Structure is documented below. - network_config.consumers.endpoint_uri: |- + network_config.custom_routes_enabled: |- - - (Output) - The URI of the endpoint used to access the metastore service. - network_config.consumers.subnetwork: |- - - - (Required) - The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. - It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. - There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form: - `projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id} + (Optional, Beta) + Enables custom routes to be imported and exported for the Dataproc Metastore service's peered VPC network. port: |- - (Optional) @@ -58406,6 +66518,20 @@ resources: The release channel of the service. If unspecified, defaults to STABLE. Default value is STABLE. Possible values are: CANARY, STABLE. + scaling_config: |- + - + (Optional) + Represents the scaling configuration of a metastore service. + Structure is documented below. + scaling_config.instance_size: |- + - + (Optional) + Metastore instance sizes. + Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + scaling_config.scaling_factor: |- + - + (Optional) + Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0. service_id: |- - (Required) @@ -58429,6 +66555,10 @@ resources: The output format of the Dataproc Metastore service's logs. Default value is JSON. Possible values are: LEGACY, JSON. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. tier: |- - (Optional) @@ -59367,12 +67497,17 @@ resources: - name: default manifest: |- { - "bigquery_profile": [ - {} - ], "connection_profile_id": "my-profile", "display_name": "Connection profile", "location": "us-central1", + "postgresql_profile": [ + { + "database": "${google_sql_database.db.name}", + "hostname": "${google_sql_database_instance.instance.public_ip_address}", + "password": "${google_sql_user.user.password}", + "username": "${google_sql_user.user.name}" + } + ], "private_connectivity": [ { "private_connection": "${google_datastream_private_connection.private_connection.id}" @@ -59380,6 +67515,10 @@ resources: ] } references: + postgresql_profile.database: google_sql_database.db.name + postgresql_profile.hostname: google_sql_database_instance.instance.public_ip_address + postgresql_profile.password: google_sql_user.user.password + postgresql_profile.username: google_sql_user.user.name private_connectivity.private_connection: google_datastream_private_connection.private_connection.id dependencies: google_compute_network.default: |- @@ -59401,6 +67540,55 @@ resources: } ] } + google_sql_database.db: |- + { + "instance": "${google_sql_database_instance.instance.name}", + "name": "db" + } + google_sql_database_instance.instance: |- + { + "database_version": "POSTGRES_14", + "deletion_protection": "true", + "name": "my-instance", + "region": "us-central1", + "settings": [ + { + "ip_configuration": [ + { + "authorized_networks": [ + { + "value": "34.71.242.81" + }, + { + "value": "34.72.28.29" + }, + { + "value": "34.67.6.157" + }, + { + "value": "34.67.234.134" + }, + { + "value": "34.72.239.218" + } + ] + } + ], + "tier": "db-f1-micro" + } + ] + } + google_sql_user.user: |- + { + "instance": "${google_sql_database_instance.instance.name}", + "name": "user", + "password": "${random_password.pwd.result}" + } + random_password.pwd: |- + { + "length": 16, + "special": false + } - name: default manifest: |- { @@ -59510,6 +67698,9 @@ resources: - (Required) Display name. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. forward_ssh_connectivity: |- - (Optional) @@ -59555,6 +67746,8 @@ resources: - (Optional) Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Required) @@ -59690,6 +67883,10 @@ resources: - (Output) Indicates whether the clientKey field is set. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_datastream_private_connection: @@ -59728,6 +67925,9 @@ resources: - (Required) Display name. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. error: |- - The PrivateConnection error in case of failure. @@ -59755,6 +67955,11 @@ resources: state: |- - State of the PrivateConnection. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' vpc_peering_config: |- - (Required) @@ -59765,6 +67970,8 @@ resources: - (Optional) Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. vpc_peering_config.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -59889,6 +68096,9 @@ resources: } ], "table": "includedTable" + }, + { + "table": "includedTable_2" } ] } @@ -60585,6 +68795,9 @@ resources: - (Required) Display name. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. exclude_objects.mysql_databases: |- - (Required) @@ -61015,6 +69228,8 @@ resources: - (Optional) Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. source_hierarchy_datasets.dataset_template.location: |- - (Required) @@ -61030,6 +69245,10 @@ resources: - (Required) The stream identifier. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_deployment_manager_deployment: @@ -61289,12 +69508,43 @@ resources: - name: full_agent manifest: |- { + "advanced_settings": [ + { + "audio_export_gcs_destination": [ + { + "uri": "${google_storage_bucket.bucket.url}/prefix-" + } + ], + "dtmf_settings": [ + { + "enabled": true, + "finish_digit": "#", + "max_digits": 1 + } + ] + } + ], "avatar_uri": "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png", "default_language_code": "en", "description": "Example description.", "display_name": "dialogflowcx-agent", "enable_spell_correction": true, "enable_stackdriver_logging": true, + "git_integration_settings": [ + { + "github_settings": [ + { + "access_token": "secret-token", + "branches": [ + "main" + ], + "display_name": "Github Repo", + "repository_uri": "https://api.github.com/repos/githubtraining/hellogitworld", + "tracking_branch": "main" + } + ] + } + ], "location": "global", "speech_to_text_settings": [ { @@ -61306,9 +69556,41 @@ resources: "de", "es" ], + "text_to_speech_settings": [ + { + "synthesize_speech_configs": "${jsonencode({\n en = {\n voice = {\n name = \"en-US-Neural2-A\"\n }\n }\n fr = {\n voice = {\n name = \"fr-CA-Neural2-A\",\n }\n }\n })}" + } + ], "time_zone": "America/New_York" } + dependencies: + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "dialogflowcx-bucket", + "uniform_bucket_level_access": true + } argumentDocs: + Agent.text_to_speech_settings: only applies if OutputAudioConfig.synthesize_speech_config is not specified. + advanced_settings: |- + - + (Optional) + Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + advanced_settings.audio_export_gcs_destination: |- + - + (Optional) + If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + advanced_settings.dtmf_settings: |- + - + (Optional) + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + audio_export_gcs_destination.uri: |- + - + (Optional) + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix avatar_uri: |- - (Optional) @@ -61328,6 +69610,18 @@ resources: - (Required) The human-readable name of the agent, unique within the location. + dtmf_settings.enabled: |- + - + (Optional) + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + dtmf_settings.finish_digit: |- + - + (Optional) + The digit that terminates a DTMF digit sequence. + dtmf_settings.max_digits: |- + - + (Optional) + Max length of DTMF digits. enable_spell_correction: |- - (Optional) @@ -61336,6 +69630,37 @@ resources: - (Optional) Determines whether this agent should log conversation queries. + git_integration_settings: |- + - + (Optional) + Git integration settings for this agent. + Structure is documented below. + git_integration_settings.github_settings: |- + - + (Optional) + Settings of integration with GitHub. + Structure is documented below. + git_integration_settings.github_settings.access_token: |- + - + (Optional) + The access token used to authenticate the access to the GitHub repository. + Note: This property is sensitive and will not be displayed in the plan. + git_integration_settings.github_settings.branches: |- + - + (Optional) + A list of branches configured to be used from Dialogflow. + git_integration_settings.github_settings.display_name: |- + - + (Optional) + The unique repository display name for the GitHub repository. + git_integration_settings.github_settings.repository_uri: |- + - + (Optional) + The GitHub repository URI related to the agent. + git_integration_settings.github_settings.tracking_branch: |- + - + (Optional) + The branch of the GitHub repository tracked for this agent. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/agents/{{name}}' location: |- - @@ -61370,6 +69695,16 @@ resources: - (Optional) The list of all languages supported by this agent (except for the default_language_code). + text_to_speech_settings: |- + - + (Optional) + Settings related to speech synthesizing. + Structure is documented below. + text_to_speech_settings.synthesize_speech_configs: |- + - + (Optional) + Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + These settings affect: time_zone: |- - (Required) @@ -61687,9 +70022,327 @@ resources: ], "time_zone": "America/New_York" } + - name: basic_flow + manifest: |- + { + "advanced_settings": [ + { + "audio_export_gcs_destination": [ + { + "uri": "${google_storage_bucket.bucket.url}/prefix-" + } + ], + "dtmf_settings": [ + { + "enabled": true, + "finish_digit": "#", + "max_digits": 1 + } + ] + } + ], + "description": "Test Flow", + "display_name": "MyFlow", + "event_handlers": [ + { + "event": "custom-event", + "trigger_fulfillment": [ + { + "messages": [ + { + "text": [ + { + "text": [ + "I didn't get that. Can you say it again?" + ] + } + ] + } + ], + "return_partial_responses": false + } + ] + }, + { + "event": "sys.no-match-default", + "trigger_fulfillment": [ + { + "messages": [ + { + "text": [ + { + "text": [ + "Sorry, could you say that again?" + ] + } + ] + } + ], + "return_partial_responses": false + } + ] + }, + { + "event": "sys.no-input-default", + "trigger_fulfillment": [ + { + "messages": [ + { + "text": [ + { + "text": [ + "One more time?" + ] + } + ] + } + ], + "return_partial_responses": false + } + ] + }, + { + "event": "another-event", + "trigger_fulfillment": [ + { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], + "messages": [ + { + "channel": "some-channel", + "text": [ + { + "text": [ + "Some text" + ] + } + ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "return_partial_responses": true, + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" + } + ] + } + ] + } + ], + "nlu_settings": [ + { + "classification_threshold": 0.3, + "model_type": "MODEL_TYPE_STANDARD" + } + ], + "parent": "${google_dialogflow_cx_agent.agent.id}", + "transition_routes": [ + { + "condition": "true", + "target_flow": "${google_dialogflow_cx_agent.agent.start_flow}", + "trigger_fulfillment": [ + { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], + "messages": [ + { + "channel": "some-channel", + "text": [ + { + "text": [ + "Some text" + ] + } + ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "return_partial_responses": true, + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" + } + ] + } + ] + } + ] + } + references: + parent: google_dialogflow_cx_agent.agent.id + transition_routes.target_flow: google_dialogflow_cx_agent.agent.start_flow + dependencies: + google_dialogflow_cx_agent.agent: |- + { + "avatar_uri": "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png", + "default_language_code": "en", + "description": "Example description.", + "display_name": "dialogflowcx-agent", + "enable_spell_correction": true, + "enable_stackdriver_logging": true, + "location": "global", + "speech_to_text_settings": [ + { + "enable_speech_adaptation": true + } + ], + "supported_language_codes": [ + "fr", + "de", + "es" + ], + "time_zone": "America/New_York" + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "dialogflowcx-bucket", + "uniform_bucket_level_access": true + } argumentDocs: MODEL_TRAINING_MODE_AUTOMATIC: ', MODEL_TRAINING_MODE_MANUAL.' MODEL_TYPE_STANDARD: ', MODEL_TYPE_ADVANCED.' + advanced_settings: |- + - + (Optional) + Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + advanced_settings.audio_export_gcs_destination: |- + - + (Optional) + If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + advanced_settings.dtmf_settings: |- + - + (Optional) + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + audio_export_gcs_destination.uri: |- + - + (Optional) + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + conditional_cases.cases: |- + - + (Optional) + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + conversation_success.metadata: |- + - + (Optional) + Custom metadata. Dialogflow doesn't impose any structure on this. create: '- Default is 40 minutes.' delete: '- Default is 20 minutes.' description: |- @@ -61700,6 +70353,18 @@ resources: - (Required) The human-readable name of the flow. + dtmf_settings.enabled: |- + - + (Optional) + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + dtmf_settings.finish_digit: |- + - + (Optional) + The digit that terminates a DTMF digit sequence. + dtmf_settings.max_digits: |- + - + (Optional) + Max length of DTMF digits. event_handlers: |- - (Optional) @@ -61732,6 +70397,9 @@ resources: The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. Structure is documented below. id: '- an identifier for the resource with format {{parent}}/flows/{{name}}' + is_default_start_flow: |- + - (Optional) Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. language_code: |- - (Optional) @@ -61741,19 +70409,50 @@ resources: Flow.transition_routes.trigger_fulfillment.messages Flow.transition_routes.trigger_fulfillment.conditional_cases If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. - messages.text: |- + live_agent_handoff.metadata: |- - (Optional) - The text response message. + Custom metadata. Dialogflow doesn't impose any structure on this. + messages.channel: |- + - + (Optional) + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + messages.conversation_success: |- + - + (Optional) + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + messages.live_agent_handoff: |- + - + (Optional) + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + messages.output_audio_text: |- + - + (Optional) + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. Structure is documented below. - messages.text.allow_playback_interruption: |- + messages.payload: |- - - (Output) - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - messages.text.text: |- + (Optional) + A custom, platform-specific payload. + messages.play_audio: |- - (Optional) - A collection of text responses. + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + messages.telephony_transfer_call: |- + - + (Optional) + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + messages.text: |- + - + (Optional) + The text response message. + Structure is documented below. name: |- - The unique identifier of the flow. @@ -61776,11 +70475,51 @@ resources: - (Optional) Indicates the type of NLU model. + output_audio_text.allow_playback_interruption: |- + - + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output_audio_text.ssml: |- + - + (Optional) + The SSML text to be synthesized. For more information, see SSML. + output_audio_text.text: |- + - + (Optional) + The raw text to be synthesized. parent: |- - (Optional) The agent to create a flow for. Format: projects//locations//agents/. + play_audio.allow_playback_interruption: |- + - + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + play_audio.audio_uri: |- + - + (Required) + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + set_parameter_actions.parameter: |- + - + (Optional) + Display name of the parameter. + set_parameter_actions.value: |- + - + (Optional) + The new JSON-encoded value of the parameter. A null value clears the parameter. + telephony_transfer_call.phone_number: |- + - + (Required) + Transfer the call to a phone number in E.164 format. + text.allow_playback_interruption: |- + - + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + text.text: |- + - + (Optional) + A collection of text responses. transition_route_groups: |- - (Optional) @@ -61828,6 +70567,11 @@ resources: (Optional) The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. Structure is documented below. + trigger_fulfillment.conditional_cases: |- + - + (Optional) + Conditional cases for this fulfillment. + Structure is documented below. trigger_fulfillment.messages: |- - (Optional) @@ -61837,6 +70581,11 @@ resources: - (Optional) Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + trigger_fulfillment.set_parameter_actions: |- + - + (Optional) + Set parameter values before executing the webhook. + Structure is documented below. trigger_fulfillment.tag: |- - (Optional) @@ -61922,12 +70671,20 @@ resources: - (Required) The human-readable name of the intent, unique within the agent. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format {{parent}}/intents/{{name}}' + is_default_negative_intent: |- + - (Optional) Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + is_default_welcome_intent: |- + - (Optional) Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. is_fallback: |- - (Optional) Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + To manage the fallback intent, set is_default_negative_intent = true labels: |- - (Optional) @@ -61986,6 +70743,10 @@ resources: The priority of this intent. Higher numbers represent higher priorities. If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. If the supplied value is negative, the intent is ignored in runtime detect intent requests. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. training_phrases: |- - (Optional) @@ -62021,11 +70782,28 @@ resources: - name: basic_page manifest: |- { + "advanced_settings": [ + { + "dtmf_settings": [ + { + "enabled": true, + "finish_digit": "#", + "max_digits": 1 + } + ] + } + ], "display_name": "MyPage", "entry_fulfillment": [ { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], "messages": [ { + "channel": "some-channel", "text": [ { "text": [ @@ -62033,6 +70811,151 @@ resources: ] } ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" + } + ] + } + ], + "event_handlers": [ + { + "event": "some-event", + "trigger_fulfillment": [ + { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], + "messages": [ + { + "channel": "some-channel", + "text": [ + { + "text": [ + "Some text" + ] + } + ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "return_partial_responses": true, + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" + } + ] } ] } @@ -62041,14 +70964,32 @@ resources: { "parameters": [ { + "advanced_settings": [ + { + "dtmf_settings": [ + { + "enabled": true, + "finish_digit": "#", + "max_digits": 1 + } + ] + } + ], + "default_value": "${jsonencode(\"2000-01-01\")}", "display_name": "param1", "entity_type": "projects/-/locations/-/agents/-/entityTypes/sys.date", "fill_behavior": [ { "initial_prompt_fulfillment": [ { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], "messages": [ { + "channel": "some-channel", "text": [ { "text": [ @@ -62056,8 +70997,163 @@ resources: ] } ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" + } + ] + } + ], + "reprompt_event_handlers": [ + { + "event": "sys.no-match-1", + "trigger_fulfillment": [ + { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], + "messages": [ + { + "channel": "some-channel", + "text": [ + { + "text": [ + "Please provide param1" + ] + } + ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "return_partial_responses": true, + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" + } + ], + "tag": "some-tag", + "webhook": "${google_dialogflow_cx_webhook.my_webhook.id}" } ] + }, + { + "event": "sys.no-match-2", + "target_flow": "${google_dialogflow_cx_agent.agent.start_flow}" + }, + { + "event": "sys.no-match-3", + "target_page": "${google_dialogflow_cx_page.my_page2.id}" } ] } @@ -62075,8 +71171,14 @@ resources: "target_page": "${google_dialogflow_cx_page.my_page2.id}", "trigger_fulfillment": [ { + "conditional_cases": [ + { + "cases": "${jsonencode([\n {\n condition = \"$sys.func.RAND() \u003c 0.5\",\n caseContent = [\n {\n message = { text = { text = [\"First case\"] } }\n },\n {\n additionalCases = {\n cases = [\n {\n condition = \"$sys.func.RAND() \u003c 0.2\"\n caseContent = [\n {\n message = { text = { text = [\"Nested case\"] } }\n }\n ]\n }\n ]\n }\n }\n ]\n },\n {\n caseContent = [\n {\n message = { text = { text = [\"Final case\"] } }\n }\n ]\n },\n ])}" + } + ], "messages": [ { + "channel": "some-channel", "text": [ { "text": [ @@ -62084,6 +71186,65 @@ resources: ] } ] + }, + { + "payload": " {\"some-key\": \"some-value\", \"other-key\": [\"other-value\"]}\n" + }, + { + "conversation_success": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "output_audio_text": [ + { + "text": "some output text" + } + ] + }, + { + "output_audio_text": [ + { + "ssml": " \u003cspeak\u003eSome example \u003csay-as interpret-as=\"characters\"\u003eSSML XML\u003c/say-as\u003e\u003c/speak\u003e\n" + } + ] + }, + { + "live_agent_handoff": [ + { + "metadata": " {\"some-metadata-key\": \"some-value\", \"other-metadata-key\": 1234}\n" + } + ] + }, + { + "play_audio": [ + { + "audio_uri": "http://example.com/some-audio-file.mp3" + } + ] + }, + { + "telephony_transfer_call": [ + { + "phone_number": "1-234-567-8901" + } + ] + } + ], + "set_parameter_actions": [ + { + "parameter": "some-param", + "value": "123.45" + }, + { + "parameter": "another-param", + "value": "${jsonencode(\"abc\")}" + }, + { + "parameter": "other-param", + "value": "${jsonencode([\"foo\"])}" } ] } @@ -62092,6 +71253,9 @@ resources: ] } references: + form.parameters.fill_behavior.reprompt_event_handlers.target_flow: google_dialogflow_cx_agent.agent.start_flow + form.parameters.fill_behavior.reprompt_event_handlers.target_page: google_dialogflow_cx_page.my_page2.id + form.parameters.fill_behavior.reprompt_event_handlers.trigger_fulfillment.webhook: google_dialogflow_cx_webhook.my_webhook.id parent: google_dialogflow_cx_agent.agent.start_flow transition_routes.target_page: google_dialogflow_cx_page.my_page2.id dependencies: @@ -62116,6 +71280,16 @@ resources: ], "time_zone": "America/New_York" } + google_dialogflow_cx_webhook.my_webhook: |- + { + "display_name": "MyWebhook", + "generic_web_service": [ + { + "uri": "https://example.com" + } + ], + "parent": "${google_dialogflow_cx_agent.agent.id}" + } - name: my_page2 manifest: |- { @@ -62146,7 +71320,48 @@ resources: ], "time_zone": "America/New_York" } + google_dialogflow_cx_webhook.my_webhook: |- + { + "display_name": "MyWebhook", + "generic_web_service": [ + { + "uri": "https://example.com" + } + ], + "parent": "${google_dialogflow_cx_agent.agent.id}" + } argumentDocs: + advanced_settings: |- + - + (Optional) + Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + advanced_settings.dtmf_settings: |- + - + (Optional) + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + advanced_settings.dtmf_settings.enabled: |- + - + (Optional) + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + advanced_settings.dtmf_settings.finish_digit: |- + - + (Optional) + The digit that terminates a DTMF digit sequence. + advanced_settings.dtmf_settings.max_digits: |- + - + (Optional) + Max length of DTMF digits. + conditional_cases.cases: |- + - + (Optional) + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + conversation_success.metadata: |- + - + (Optional) + Custom metadata. Dialogflow doesn't impose any structure on this. create: '- Default is 40 minutes.' delete: '- Default is 20 minutes.' display_name: |- @@ -62158,6 +71373,11 @@ resources: (Optional) The fulfillment to call when the session is entering the page. Structure is documented below. + entry_fulfillment.conditional_cases: |- + - + (Optional) + Conditional cases for this fulfillment. + Structure is documented below. entry_fulfillment.messages: |- - (Optional) @@ -62167,6 +71387,11 @@ resources: - (Optional) Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + entry_fulfillment.set_parameter_actions: |- + - + (Optional) + Set parameter values before executing the webhook. + Structure is documented below. entry_fulfillment.tag: |- - (Optional) @@ -62208,23 +71433,10 @@ resources: (Optional) The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. Structure is documented below. - fill_behavior.initial_prompt_fulfillment.messages: |- - - - (Optional) - The list of rich message responses to present to the user. - Structure is documented below. - fill_behavior.initial_prompt_fulfillment.return_partial_responses: |- - - - (Optional) - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - fill_behavior.initial_prompt_fulfillment.tag: |- - - - (Optional) - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - fill_behavior.initial_prompt_fulfillment.webhook: |- + fill_behavior.reprompt_event_handlers: |- - (Optional) - The webhook to call. Format: projects//locations//agents//webhooks/. + The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: form: |- - (Optional) @@ -62235,6 +71447,16 @@ resources: (Optional) Parameters to collect from the user. Structure is documented below. + form.parameters.advanced_settings: |- + - + (Optional) + Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + form.parameters.default_value: |- + - + (Optional) + The default value of an optional parameter. If the parameter is required, the default value will be ignored. form.parameters.display_name: |- - (Optional) @@ -62264,6 +71486,33 @@ resources: Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. Required parameters must be filled before form filling concludes. id: '- an identifier for the resource with format {{parent}}/pages/{{name}}' + initial_prompt_fulfillment.conditional_cases: |- + - + (Optional) + Conditional cases for this fulfillment. + Structure is documented below. + initial_prompt_fulfillment.messages: |- + - + (Optional) + The list of rich message responses to present to the user. + Structure is documented below. + initial_prompt_fulfillment.return_partial_responses: |- + - + (Optional) + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + initial_prompt_fulfillment.set_parameter_actions: |- + - + (Optional) + Set parameter values before executing the webhook. + Structure is documented below. + initial_prompt_fulfillment.tag: |- + - + (Optional) + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + initial_prompt_fulfillment.webhook: |- + - + (Optional) + The webhook to call. Format: projects//locations//agents//webhooks/. language_code: |- - (Optional) @@ -62279,28 +71528,122 @@ resources: Page.transition_routes.trigger_fulfillment.messages Page.transition_routes.trigger_fulfillment.conditional_cases If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + live_agent_handoff.metadata: |- + - + (Optional) + Custom metadata. Dialogflow doesn't impose any structure on this. + messages.channel: |- + - + (Optional) + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + messages.conversation_success: |- + - + (Optional) + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + messages.live_agent_handoff: |- + - + (Optional) + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + messages.output_audio_text: |- + - + (Optional) + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + messages.payload: |- + - + (Optional) + A custom, platform-specific payload. + messages.play_audio: |- + - + (Optional) + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + messages.telephony_transfer_call: |- + - + (Optional) + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. messages.text: |- - (Optional) The text response message. Structure is documented below. - messages.text.allow_playback_interruption: |- + name: |- + - + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + output_audio_text.allow_playback_interruption: |- - (Output) Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - messages.text.text: |- + output_audio_text.ssml: |- - (Optional) - A collection of text responses. - name: |- + The SSML text to be synthesized. For more information, see SSML. + output_audio_text.text: |- - - The unique identifier of the page. - Format: projects//locations//agents//flows//pages/. + (Optional) + The raw text to be synthesized. parent: |- - (Optional) The flow to create a page for. Format: projects//locations//agents//flows/. + play_audio.allow_playback_interruption: |- + - + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + play_audio.audio_uri: |- + - + (Required) + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + reprompt_event_handlers.event: |- + - + (Optional) + The name of the event to handle. + reprompt_event_handlers.name: |- + - + (Output) + The unique identifier of this event handler. + reprompt_event_handlers.target_flow: |- + - + (Optional) + The target flow to transition to. + Format: projects//locations//agents//flows/. + reprompt_event_handlers.target_page: |- + - + (Optional) + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + reprompt_event_handlers.trigger_fulfillment: |- + - + (Optional) + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + Structure is documented below. + set_parameter_actions.parameter: |- + - + (Optional) + Display name of the parameter. + set_parameter_actions.value: |- + - + (Optional) + The new JSON-encoded value of the parameter. A null value clears the parameter. + telephony_transfer_call.phone_number: |- + - + (Required) + Transfer the call to a phone number in E.164 format. + text.allow_playback_interruption: |- + - + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + text.text: |- + - + (Optional) + A collection of text responses. transition_route_groups: |- - (Optional) @@ -62347,7 +71690,12 @@ resources: transition_routes.trigger_fulfillment: |- - (Optional) - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + Structure is documented below. + trigger_fulfillment.conditional_cases: |- + - + (Optional) + Conditional cases for this fulfillment. Structure is documented below. trigger_fulfillment.messages: |- - @@ -62358,6 +71706,11 @@ resources: - (Optional) Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + trigger_fulfillment.set_parameter_actions: |- + - + (Optional) + Set parameter values before executing the webhook. + Structure is documented below. trigger_fulfillment.tag: |- - (Optional) @@ -62368,52 +71721,684 @@ resources: The webhook to call. Format: projects//locations//agents//webhooks/. update: '- Default is 40 minutes.' importStatements: [] - google_dialogflow_cx_version: + google_dialogflow_cx_security_settings: subCategory: Dialogflow CX - description: You can create multiple versions of your agent flows and deploy them to separate serving environments. - name: google_dialogflow_cx_version + description: Represents the settings related to security issues, such as data redaction and data retention. + name: google_dialogflow_cx_security_settings title: "" examples: - - name: version_1 + - name: basic_security_settings manifest: |- { - "description": "version 1.0.0", - "display_name": "1.0.0", - "parent": "${google_dialogflow_cx_agent.agent.start_flow}" + "display_name": "dialogflowcx-security-settings", + "location": "global", + "purge_data_types": [], + "retention_window_days": 7 + } + - name: basic_security_settings + manifest: |- + { + "audio_export_settings": [ + { + "audio_export_pattern": "export", + "audio_format": "OGG", + "enable_audio_redaction": true, + "gcs_bucket": "${google_storage_bucket.bucket.id}" + } + ], + "deidentify_template": "${google_data_loss_prevention_deidentify_template.deidentify.id}", + "display_name": "dialogflowcx-security-settings", + "insights_export_settings": [ + { + "enable_insights_export": true + } + ], + "inspect_template": "${google_data_loss_prevention_inspect_template.inspect.id}", + "location": "global", + "purge_data_types": [ + "DIALOGFLOW_HISTORY" + ], + "redaction_scope": "REDACT_DISK_STORAGE", + "redaction_strategy": "REDACT_WITH_SERVICE", + "retention_strategy": "REMOVE_AFTER_CONVERSATION" } references: - parent: google_dialogflow_cx_agent.agent.start_flow + audio_export_settings.gcs_bucket: google_storage_bucket.bucket.id + deidentify_template: google_data_loss_prevention_deidentify_template.deidentify.id + inspect_template: google_data_loss_prevention_inspect_template.inspect.id dependencies: - google_dialogflow_cx_agent.agent: |- + google_data_loss_prevention_deidentify_template.deidentify: |- { - "avatar_uri": "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png", - "default_language_code": "en", - "description": "Example description.", - "display_name": "dialogflowcx-agent", - "enable_spell_correction": true, - "enable_stackdriver_logging": true, - "location": "global", - "speech_to_text_settings": [ + "deidentify_config": [ { - "enable_speech_adaptation": true + "info_type_transformations": [ + { + "transformations": [ + { + "primitive_transformation": [ + { + "replace_config": [ + { + "new_value": [ + { + "string_value": "[REDACTED]" + } + ] + } + ] + } + ] + } + ] + } + ] } ], - "supported_language_codes": [ - "fr", - "de", - "es" + "display_name": "dialogflowcx-deidentify-template", + "parent": "projects/my-project-name/locations/global" + } + google_data_loss_prevention_inspect_template.inspect: |- + { + "display_name": "dialogflowcx-inspect-template", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } ], - "time_zone": "America/New_York" + "parent": "projects/my-project-name/locations/global" + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "dialogflowcx-bucket", + "uniform_bucket_level_access": true } argumentDocs: - MODEL_TRAINING_MODE_AUTOMATIC: and MODEL_TRAINING_MODE_MANUAL. - MODEL_TYPE_STANDARD: and MODEL_TYPE_ADVANCED. - create: '- Default is 40 minutes.' - create_time: |- + MULAW: ', MP3, OGG.' + REDACT_DISK_STORAGE: . + REDACT_WITH_SERVICE: . + REMOVE_AFTER_CONVERSATION: . + audio_export_settings: |- - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - delete: '- Default is 20 minutes.' - description: |- + (Optional) + Controls audio export settings for post-conversation analytics when ingesting audio to conversations. + If retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled. + If audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket. + This setting won't effect audio input for implicit sessions via Sessions.DetectIntent. + Structure is documented below. + audio_export_settings.audio_export_pattern: |- + - + (Optional) + Filename pattern for exported audio. + audio_export_settings.audio_format: |- + - + (Optional) + File format for exported audio file. Currently only in telephony recordings. + audio_export_settings.enable_audio_redaction: |- + - + (Optional) + Enable audio redaction if it is true. + audio_export_settings.gcs_bucket: |- + - + (Optional) + Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy. + create: '- Default is 40 minutes.' + deidentify_template: |- + - + (Optional) + DLP deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text. + Note: deidentifyTemplate must be located in the same region as the SecuritySettings. + Format: projects//locations//deidentifyTemplates/ OR organizations//locations//deidentifyTemplates/ + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + The human-readable name of the security settings, unique within the location. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/securitySettings/{{name}}' + insights_export_settings: |- + - + (Optional) + Controls conversation exporting settings to Insights after conversation is completed. + If retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here. + Structure is documented below. + insights_export_settings.enable_insights_export: |- + - + (Required) + If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers. + inspect_template: |- + - + (Optional) + DLP inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config. + Note: inspectTemplate must be located in the same region as the SecuritySettings. + Format: projects//locations//inspectTemplates/ OR organizations//locations//inspectTemplates/ + location: |- + - + (Required) + The location these settings are located in. Settings can only be applied to an agent in the same location. + See Available Regions for a list of supported locations. + name: |- + - + The unique identifier of the settings. + Format: projects//locations//securitySettings/. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + purge_data_types: |- + - + (Optional) + List of types of data to remove when retention settings triggers purge. + Each value may be one of: DIALOGFLOW_HISTORY. + redaction_scope: |- + - + (Optional) + Defines what types of data to redact. If not set, defaults to not redacting any kind of data. + redaction_strategy: |- + - + (Optional) + Defines how we redact data. If not set, defaults to not redacting. + retention_strategy: |- + - + (Optional) + Defines how long we retain persisted data that contains sensitive info. Only one of retention_window_days and retention_strategy may be set. + retention_window_days: |- + - + (Optional) + Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL. + Only one of retention_window_days and retention_strategy may be set. + update: '- Default is 40 minutes.' + importStatements: [] + google_dialogflow_cx_test_case: + subCategory: Dialogflow CX + description: You can use the built-in test feature to uncover bugs and prevent regressions. + name: google_dialogflow_cx_test_case + title: "" + examples: + - name: basic_test_case + manifest: |- + { + "display_name": "MyTestCase", + "notes": "demonstrates a simple training phrase response", + "parent": "${google_dialogflow_cx_agent.agent.id}", + "tags": [ + "#tag1" + ], + "test_case_conversation_turns": [ + { + "user_input": [ + { + "enable_sentiment_analysis": true, + "injected_parameters": "${jsonencode({ some_param = \"1\" })}", + "input": [ + { + "language_code": "en", + "text": [ + { + "text": "training phrase" + } + ] + } + ], + "is_webhook_enabled": true + } + ], + "virtual_agent_output": [ + { + "current_page": [ + { + "name": "${google_dialogflow_cx_page.page.id}" + } + ], + "session_parameters": "${jsonencode({ some_param = \"1\" })}", + "text_responses": [ + { + "text": [ + "Training phrase response" + ] + } + ], + "triggered_intent": [ + { + "name": "${google_dialogflow_cx_intent.intent.id}" + } + ] + } + ] + }, + { + "user_input": [ + { + "input": [ + { + "event": [ + { + "event": "some-event" + } + ] + } + ] + } + ], + "virtual_agent_output": [ + { + "current_page": [ + { + "name": "${google_dialogflow_cx_page.page.id}" + } + ], + "text_responses": [ + { + "text": [ + "Handling some event" + ] + } + ] + } + ] + }, + { + "user_input": [ + { + "input": [ + { + "dtmf": [ + { + "digits": "12", + "finish_digit": "3" + } + ] + } + ] + } + ], + "virtual_agent_output": [ + { + "text_responses": [ + { + "text": [ + "I didn't get that. Can you say it again?" + ] + } + ] + } + ] + } + ], + "test_config": [ + { + "page": "${google_dialogflow_cx_page.page.id}", + "tracking_parameters": [ + "some_param" + ] + } + ] + } + references: + parent: google_dialogflow_cx_agent.agent.id + test_case_conversation_turns.virtual_agent_output.current_page.name: google_dialogflow_cx_page.page.id + test_case_conversation_turns.virtual_agent_output.triggered_intent.name: google_dialogflow_cx_intent.intent.id + test_config.page: google_dialogflow_cx_page.page.id + dependencies: + google_dialogflow_cx_agent.agent: |- + { + "avatar_uri": "https://storage.cloud.google.com/dialogflow-test-host-image/cloud-logo.png", + "default_language_code": "en", + "description": "Example description.", + "display_name": "dialogflowcx-agent", + "enable_spell_correction": true, + "enable_stackdriver_logging": true, + "location": "global", + "speech_to_text_settings": [ + { + "enable_speech_adaptation": true + } + ], + "supported_language_codes": [ + "fr", + "de", + "es" + ], + "time_zone": "America/New_York" + } + google_dialogflow_cx_intent.intent: |- + { + "display_name": "MyIntent", + "parent": "${google_dialogflow_cx_agent.agent.id}", + "priority": 1, + "training_phrases": [ + { + "parts": [ + { + "text": "training phrase" + } + ], + "repeat_count": 1 + } + ] + } + google_dialogflow_cx_page.page: |- + { + "display_name": "MyPage", + "event_handlers": [ + { + "event": "some-event", + "trigger_fulfillment": [ + { + "messages": [ + { + "text": [ + { + "text": [ + "Handling some event" + ] + } + ] + } + ] + } + ] + } + ], + "parent": "${google_dialogflow_cx_agent.agent.start_flow}", + "transition_routes": [ + { + "intent": "${google_dialogflow_cx_intent.intent.id}", + "trigger_fulfillment": [ + { + "messages": [ + { + "text": [ + { + "text": [ + "Training phrase response" + ] + } + ] + } + ] + } + ] + } + ] + } + argumentDocs: + INTENT: ', PAGE, PARAMETERS, UTTERANCE, FLOW.' + PASSED: ', FAILED.' + conversation_turns.user_input: |- + - + (Optional) + The user input. + Structure is documented below. + conversation_turns.virtual_agent_output: |- + - + (Optional) + The virtual agent output. + Structure is documented below. + create: '- Default is 40 minutes.' + creation_time: |- + - + When the test was created. A timestamp in RFC3339 text format. + current_page.display_name: |- + - + (Output) + The human-readable name of the page, unique within the flow. + current_page.name: |- + - + (Optional) + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + delete: '- Default is 20 minutes.' + differences.description: |- + - + (Optional) + A human readable description of the diff, showing the actual output vs expected output. + differences.type: |- + - + (Optional) + The type of diff. + display_name: |- + - + (Required) + The human-readable name of the test case, unique within the agent. Limit of 200 characters. + dtmf.digits: |- + - + (Optional) + The dtmf digits. + dtmf.finish_digit: |- + - + (Optional) + The finish digit (if any). + event.event: |- + - + (Required) + Name of the event. + id: '- an identifier for the resource with format {{parent}}/testCases/{{name}}' + input.dtmf: |- + - + (Optional) + The DTMF event to be handled. + Structure is documented below. + input.event: |- + - + (Optional) + The event to be triggered. + Structure is documented below. + input.language_code: |- + - + (Optional) + The language of the input. See Language Support for a list of the currently supported language codes. + Note that queries in the same session do not necessarily need to specify the same language. + input.text: |- + - + (Optional) + The natural language text to be processed. + Structure is documented below. + last_test_result: |- + - + The latest test result. + Structure is documented below. + last_test_result.conversation_turns: |- + - + (Optional) + The conversation turns uttered during the test case replay in chronological order. + Structure is documented below. + last_test_result.environment: |- + - + (Optional) + Environment where the test was run. If not set, it indicates the draft environment. + last_test_result.name: |- + - + (Optional) + The resource name for the test case result. + Format: projects//locations//agents//testCases//results/. + last_test_result.test_result: |- + - + (Optional) + Whether the test case passed in the agent environment. + last_test_result.test_time: |- + - + (Optional) + The time that the test was run. A timestamp in RFC3339 text format. + name: |- + - + The unique identifier of the test case. + Format: projects//locations//agents//testCases/. + notes: |- + - + (Optional) + Additional freeform notes about the test case. Limit of 400 characters. + parent: |- + - + (Optional) + The agent to create the test case for. + Format: projects//locations//agents/. + status.code: |- + - + (Optional) + The status code, which should be an enum value of google.rpc.Code. + status.details: |- + - + (Optional) + A JSON encoded list of messages that carry the error details. + status.message: |- + - + (Optional) + A developer-facing error message. + tags: |- + - + (Optional) + Tags are short descriptions that users may apply to test cases for organizational and filtering purposes. + Each tag should start with "#" and has a limit of 30 characters + test_case_conversation_turns: |- + - + (Optional) + The conversation turns uttered when the test case was created, in chronological order. These include the canonical set of agent utterances that should occur when the agent is working properly. + Structure is documented below. + test_case_conversation_turns.user_input: |- + - + (Optional) + The user input. + Structure is documented below. + test_case_conversation_turns.virtual_agent_output: |- + - + (Optional) + The virtual agent output. + Structure is documented below. + test_config: |- + - + (Optional) + Config for the test case. + Structure is documented below. + test_config.flow: |- + - + (Optional) + Flow name to start the test case with. + Format: projects//locations//agents//flows/. + Only one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow. + test_config.page: |- + - + (Optional) + The page to start the test case with. + Format: projects//locations//agents//flows//pages/. + Only one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow. + test_config.tracking_parameters: |- + - + (Optional) + Session parameters to be compared when calculating differences. + text.text: |- + - + (Required) + The natural language text to be processed. Text length must not exceed 256 characters. + text_responses.text: |- + - + (Optional) + A collection of text responses. + triggered_intent.display_name: |- + - + (Output) + The human-readable name of the intent, unique within the agent. + triggered_intent.name: |- + - + (Optional) + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + update: '- Default is 40 minutes.' + user_input.enable_sentiment_analysis: |- + - + (Optional) + Whether sentiment analysis is enabled. + user_input.injected_parameters: |- + - + (Optional) + Parameters that need to be injected into the conversation during intent detection. + user_input.input: |- + - + (Optional) + User input. Supports text input, event input, dtmf input in the test case. + Structure is documented below. + user_input.is_webhook_enabled: |- + - + (Optional) + If webhooks should be allowed to trigger in response to the user utterance. Often if parameters are injected, webhooks should not be enabled. + virtual_agent_output.current_page: |- + - + (Optional) + The Page on which the utterance was spoken. + Structure is documented below. + virtual_agent_output.differences: |- + - + (Optional) + The list of differences between the original run and the replay for this output, if any. + Structure is documented below. + virtual_agent_output.session_parameters: |- + - + (Optional) + The session parameters available to the bot at this point. + virtual_agent_output.status: |- + - + (Optional) + Response error from the agent in the test result. If set, other output is empty. + Structure is documented below. + virtual_agent_output.text_responses: |- + - + (Optional) + The text responses from the agent for the turn. + Structure is documented below. + virtual_agent_output.triggered_intent: |- + - + (Optional) + The Intent that triggered the response. + Structure is documented below. + importStatements: [] + google_dialogflow_cx_version: + subCategory: Dialogflow CX + description: You can create multiple versions of your agent flows and deploy them to separate serving environments. + name: google_dialogflow_cx_version + title: "" + examples: + - name: version_1 + manifest: |- + { + "description": "version 1.0.0", + "display_name": "1.0.0", + "parent": "${google_dialogflow_cx_agent.agent.start_flow}" + } + references: + parent: google_dialogflow_cx_agent.agent.start_flow + dependencies: + google_dialogflow_cx_agent.agent: |- + { + "avatar_uri": "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png", + "default_language_code": "en", + "description": "Example description.", + "display_name": "dialogflowcx-agent", + "enable_spell_correction": true, + "enable_stackdriver_logging": true, + "location": "global", + "speech_to_text_settings": [ + { + "enable_speech_adaptation": true + } + ], + "supported_language_codes": [ + "fr", + "de", + "es" + ], + "time_zone": "America/New_York" + } + argumentDocs: + MODEL_TRAINING_MODE_AUTOMATIC: ', MODEL_TRAINING_MODE_MANUAL.' + MODEL_TYPE_STANDARD: ', MODEL_TYPE_ADVANCED.' + create: '- Default is 40 minutes.' + create_time: |- + - + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + description: |- - (Optional) The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected. @@ -62896,175 +72881,502 @@ resources: (Optional) Indicates whether webhooks are enabled for the intent. importStatements: [] - google_dns_managed_zone: - subCategory: Cloud DNS - description: A zone is a subtree of the DNS namespace under one administrative responsibility. - name: google_dns_managed_zone + google_discovery_engine_chat_engine: + subCategory: Discovery Engine + description: Vertex chat and Conversation Engine Chat type + name: google_discovery_engine_chat_engine title: "" examples: - - name: example-zone - manifest: |- - { - "description": "Example DNS zone", - "dns_name": "example-${random_id.rnd.hex}.com.", - "labels": { - "foo": "bar" - }, - "name": "example-zone" - } - dependencies: - random_id.rnd: |- - { - "byte_length": 4 - } - - name: private-zone + - name: primary manifest: |- { - "description": "Example private DNS zone", - "dns_name": "private.example.com.", - "labels": { - "foo": "bar" - }, - "name": "private-zone", - "private_visibility_config": [ + "chat_engine_config": [ { - "networks": [ - { - "network_url": "${google_compute_network.network-1.id}" - }, + "agent_creation_config": [ { - "network_url": "${google_compute_network.network-2.id}" + "business": "test business name", + "default_language_code": "en", + "time_zone": "America/Los_Angeles" } ] } ], - "visibility": "private" - } - references: - private_visibility_config.networks.network_url: google_compute_network.network-2.id - dependencies: - google_compute_network.network-1: |- - { - "auto_create_subnetworks": false, - "name": "network-1" - } - google_compute_network.network-2: |- - { - "auto_create_subnetworks": false, - "name": "network-2" - } - - name: private-zone - manifest: |- - { - "description": "Example private DNS zone", - "dns_name": "private.example.com.", - "forwarding_config": [ + "collection_id": "default_collection", + "common_config": [ { - "target_name_servers": [ - { - "ipv4_address": "172.16.1.10" - }, - { - "ipv4_address": "172.16.1.20" - } - ] + "company_name": "test-company" } ], - "labels": { - "foo": "bar" - }, - "name": "private-zone", - "private_visibility_config": [ - { - "networks": [ - { - "network_url": "${google_compute_network.network-1.id}" - }, - { - "network_url": "${google_compute_network.network-2.id}" - } - ] - } + "data_store_ids": [ + "${google_discovery_engine_data_store.test_data_store.data_store_id}", + "${google_discovery_engine_data_store.test_data_store_2.data_store_id}" ], - "visibility": "private" + "display_name": "Chat engine", + "engine_id": "chat-engine-id", + "industry_vertical": "GENERIC", + "location": "${google_discovery_engine_data_store.test_data_store.location}" } references: - private_visibility_config.networks.network_url: google_compute_network.network-2.id + location: google_discovery_engine_data_store.test_data_store.location dependencies: - google_compute_network.network-1: |- - { - "auto_create_subnetworks": false, - "name": "network-1" - } - google_compute_network.network-2: |- - { - "auto_create_subnetworks": false, - "name": "network-2" - } - - name: private-zone-gke - manifest: |- - { - "description": "Example private DNS zone", - "dns_name": "private.example.com.", - "labels": { - "foo": "bar" - }, - "name": "private-zone", - "private_visibility_config": [ + google_discovery_engine_data_store.test_data_store: |- { - "gke_clusters": [ - { - "gke_cluster_name": "${google_container_cluster.cluster-1.id}" - } - ], - "networks": [ - { - "network_url": "${google_compute_network.network-1.id}" - } + "content_config": "NO_CONTENT", + "data_store_id": "data-store", + "display_name": "Structured datastore", + "industry_vertical": "GENERIC", + "location": "global", + "solution_types": [ + "SOLUTION_TYPE_CHAT" ] } - ], - "visibility": "private" - } - references: - private_visibility_config.gke_clusters.gke_cluster_name: google_container_cluster.cluster-1.id - private_visibility_config.networks.network_url: google_compute_network.network-1.id - dependencies: - google_compute_network.network-1: |- - { - "auto_create_subnetworks": false, - "name": "network-1" - } - google_compute_subnetwork.subnetwork-1: |- + google_discovery_engine_data_store.test_data_store_2: |- { - "ip_cidr_range": "10.0.36.0/24", - "name": "${google_compute_network.network-1.name}", - "network": "${google_compute_network.network-1.name}", - "private_ip_google_access": true, - "region": "us-central1", - "secondary_ip_range": [ - { - "ip_cidr_range": "10.0.0.0/19", - "range_name": "pod" - }, - { - "ip_cidr_range": "10.0.32.0/22", - "range_name": "svc" - } + "content_config": "NO_CONTENT", + "data_store_id": "data-store-2", + "display_name": "Structured datastore 2", + "industry_vertical": "GENERIC", + "location": "${google_discovery_engine_data_store.test_data_store.location}", + "solution_types": [ + "SOLUTION_TYPE_CHAT" ] } - google_container_cluster.cluster-1: |- - { - "default_snat_status": [ - { - "disabled": true - } - ], - "initial_node_count": 1, - "ip_allocation_policy": [ - { - "cluster_secondary_range_name": "${google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name}", - "services_secondary_range_name": "${google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name}" + argumentDocs: + chat_engine_config: |- + - + (Required) + Configurations for a chat Engine. + Structure is documented below. + chat_engine_config.agent_creation_config: |- + - + (Required) + The configuration to generate the Dialogflow agent that is associated to this Engine. + Structure is documented below. + chat_engine_config.agent_creation_config.business: |- + - + (Optional) + Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search. + chat_engine_config.agent_creation_config.common_config: |- + - + (Optional) + Common config spec that specifies the metadata of the engine. + Structure is documented below. + chat_engine_config.agent_creation_config.default_language_code: |- + - + (Required) + The default language of the agent as a language tag. See Language Support for a list of the currently supported language codes. + chat_engine_config.agent_creation_config.industry_vertical: |- + - + (Optional) + The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. + Default value is GENERIC. + Possible values are: GENERIC. + chat_engine_config.agent_creation_config.location: |- + - + (Optional) + Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine. + chat_engine_config.agent_creation_config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + chat_engine_config.agent_creation_config.time_zone: |- + - + (Required) + The time zone of the agent from the time zone database, e.g., America/New_York, Europe/Paris. + chat_engine_metadata: |- + - + Additional information of the Chat Engine. + Structure is documented below. + chat_engine_metadata.dialogflow_agent: |- + - + (Output) + The resource name of a Dialogflow agent, that this Chat Engine refers to. + collection_id: |- + - + (Required) + The collection ID. + common_config.company_name: |- + - + (Optional) + The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features. + create: '- Default is 20 minutes.' + create_time: |- + - + Timestamp the Engine was created at. + data_store_ids: |- + - + (Required) + The data stores associated with this engine. Multiple DataStores in the same Collection can be associated here. All listed DataStores must be SOLUTION_TYPE_CHAT. Adding or removing data stores will force recreation. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters. + engine_id: |- + - + (Required) + The ID to use for chat engine. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/collections/{{collection_id}}/engines/{{engine_id}}' + location: |- + - + (Required) + Location. + name: |- + - + The unique full resource name of the chat engine. Values are of the format + projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}. + This field must be a UTF-8 encoded string with a length limit of 1024 + characters. + update: '- Default is 20 minutes.' + update_time: |- + - + Timestamp the Engine was last updated. + importStatements: [] + google_discovery_engine_data_store: + subCategory: Discovery Engine + description: Data store is a collection of websites and documents used to find answers for end-user's questions in Discovery Engine (a. + name: google_discovery_engine_data_store + title: "" + examples: + - name: basic + manifest: |- + { + "content_config": "NO_CONTENT", + "create_advanced_site_search": false, + "data_store_id": "data-store-id", + "display_name": "tf-test-structured-datastore", + "industry_vertical": "GENERIC", + "location": "global", + "solution_types": [ + "SOLUTION_TYPE_SEARCH" + ] + } + argumentDocs: + content_config: |- + - + (Required) + The content config of the data store. + Possible values are: NO_CONTENT, CONTENT_REQUIRED, PUBLIC_WEBSITE. + create: '- Default is 60 minutes.' + create_advanced_site_search: |- + - + (Optional) + If true, an advanced data store for site search will be created. If the + data store is not configured as site search (GENERIC vertical and + PUBLIC_WEBSITE contentConfig), this flag will be ignored. + create_time: |- + - + Timestamp when the DataStore was created. + data_store_id: |- + - + (Required) + The unique id of the data store. + default_schema_id: |- + - + The id of the default Schema associated with this data store. + delete: '- Default is 60 minutes.' + display_name: |- + - + (Required) + The display name of the data store. This field must be a UTF-8 encoded + string with a length limit of 128 characters. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}' + industry_vertical: |- + - + (Required) + The industry vertical that the data store registers. + Possible values are: GENERIC, MEDIA. + location: |- + - + (Required) + The geographic location where the data store should reside. The value can + only be one of "global", "us" and "eu". + name: |- + - + The unique full resource name of the data store. Values are of the format + projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}. + This field must be a UTF-8 encoded string with a length limit of 1024 + characters. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + solution_types: |- + - + (Optional) + The solutions that the data store enrolls. + Each value may be one of: SOLUTION_TYPE_RECOMMENDATION, SOLUTION_TYPE_SEARCH, SOLUTION_TYPE_CHAT. + update: '- Default is 60 minutes.' + importStatements: [] + google_discovery_engine_search_engine: + subCategory: Discovery Engine + description: Vertex AI Search and Conversation can be used to create a search engine or a chat application by connecting it with a datastore + name: google_discovery_engine_search_engine + title: "" + examples: + - name: basic + manifest: |- + { + "collection_id": "default_collection", + "data_store_ids": [ + "${google_discovery_engine_data_store.basic.data_store_id}" + ], + "display_name": "Example Display Name", + "engine_id": "example-engine-id", + "location": "${google_discovery_engine_data_store.basic.location}", + "search_engine_config": [ + {} + ] + } + references: + location: google_discovery_engine_data_store.basic.location + dependencies: + google_discovery_engine_data_store.basic: |- + { + "content_config": "NO_CONTENT", + "create_advanced_site_search": false, + "data_store_id": "example-datastore-id", + "display_name": "tf-test-structured-datastore", + "industry_vertical": "GENERIC", + "location": "global", + "solution_types": [ + "SOLUTION_TYPE_SEARCH" + ] + } + argumentDocs: + collection_id: |- + - + (Required) + The collection ID. + common_config.company_name: |- + - + (Optional) + The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.cd + create: '- Default is 20 minutes.' + create_time: |- + - + Timestamp the Engine was created at. + data_store_ids: |- + - + (Required) + The data stores associated with this engine. For SOLUTION_TYPE_SEARCH type of engines, they can only associate with at most one data store. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + Required. The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters. + engine_id: |- + - + (Required) + Unique ID to use for Search Engine App. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/collections/{{collection_id}}/engines/{{engine_id}}' + location: |- + - + (Required) + Location. + name: |- + - + The unique full resource name of the search engine. Values are of the format + projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}. + This field must be a UTF-8 encoded string with a length limit of 1024 + characters. + search_engine_config: |- + - + (Required) + Configurations for a Search Engine. + Structure is documented below. + search_engine_config.common_config: |- + - + (Optional) + Common config spec that specifies the metadata of the engine. + Structure is documented below. + search_engine_config.industry_vertical: |- + - + (Optional) + The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. + Default value is GENERIC. + Possible values are: GENERIC, MEDIA. + search_engine_config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + search_engine_config.search_add_ons: |- + - + (Optional) + The add-on that this search engine enables. + Each value may be one of: SEARCH_ADD_ON_LLM. + search_engine_config.search_tier: |- + - + (Optional) + The search feature tier of this engine. Defaults to SearchTier.SEARCH_TIER_STANDARD if not specified. + Default value is SEARCH_TIER_STANDARD. + Possible values are: SEARCH_TIER_STANDARD, SEARCH_TIER_ENTERPRISE. + update: '- Default is 20 minutes.' + update_time: |- + - + Timestamp the Engine was last updated. + importStatements: [] + google_dns_managed_zone: + subCategory: Cloud DNS + description: A zone is a subtree of the DNS namespace under one administrative responsibility. + name: google_dns_managed_zone + title: "" + examples: + - name: example-zone + manifest: |- + { + "description": "Example DNS zone", + "dns_name": "example-${random_id.rnd.hex}.com.", + "labels": { + "foo": "bar" + }, + "name": "example-zone" + } + dependencies: + random_id.rnd: |- + { + "byte_length": 4 + } + - name: private-zone + manifest: |- + { + "description": "Example private DNS zone", + "dns_name": "private.example.com.", + "labels": { + "foo": "bar" + }, + "name": "private-zone", + "private_visibility_config": [ + { + "networks": [ + { + "network_url": "${google_compute_network.network-1.id}" + }, + { + "network_url": "${google_compute_network.network-2.id}" + } + ] + } + ], + "visibility": "private" + } + references: + private_visibility_config.networks.network_url: google_compute_network.network-2.id + dependencies: + google_compute_network.network-1: |- + { + "auto_create_subnetworks": false, + "name": "network-1" + } + google_compute_network.network-2: |- + { + "auto_create_subnetworks": false, + "name": "network-2" + } + - name: private-zone + manifest: |- + { + "description": "Example private DNS zone", + "dns_name": "private.example.com.", + "forwarding_config": [ + { + "target_name_servers": [ + { + "ipv4_address": "172.16.1.10" + }, + { + "ipv4_address": "172.16.1.20" + } + ] + } + ], + "labels": { + "foo": "bar" + }, + "name": "private-zone", + "private_visibility_config": [ + { + "networks": [ + { + "network_url": "${google_compute_network.network-1.id}" + }, + { + "network_url": "${google_compute_network.network-2.id}" + } + ] + } + ], + "visibility": "private" + } + references: + private_visibility_config.networks.network_url: google_compute_network.network-2.id + dependencies: + google_compute_network.network-1: |- + { + "auto_create_subnetworks": false, + "name": "network-1" + } + google_compute_network.network-2: |- + { + "auto_create_subnetworks": false, + "name": "network-2" + } + - name: private-zone-gke + manifest: |- + { + "description": "Example private DNS zone", + "dns_name": "private.example.com.", + "labels": { + "foo": "bar" + }, + "name": "private-zone", + "private_visibility_config": [ + { + "gke_clusters": [ + { + "gke_cluster_name": "${google_container_cluster.cluster-1.id}" + } + ] + } + ], + "visibility": "private" + } + references: + private_visibility_config.gke_clusters.gke_cluster_name: google_container_cluster.cluster-1.id + dependencies: + google_compute_network.network-1: |- + { + "auto_create_subnetworks": false, + "name": "network-1" + } + google_compute_subnetwork.subnetwork-1: |- + { + "ip_cidr_range": "10.0.36.0/24", + "name": "${google_compute_network.network-1.name}", + "network": "${google_compute_network.network-1.name}", + "private_ip_google_access": true, + "region": "us-central1", + "secondary_ip_range": [ + { + "ip_cidr_range": "10.0.0.0/19", + "range_name": "pod" + }, + { + "ip_cidr_range": "10.0.32.0/22", + "range_name": "svc" + } + ] + } + google_container_cluster.cluster-1: |- + { + "default_snat_status": [ + { + "disabled": true + } + ], + "deletion_protection": "true", + "initial_node_count": 1, + "ip_allocation_policy": [ + { + "cluster_secondary_range_name": "${google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name}", + "services_secondary_range_name": "${google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name}" } ], "location": "us-central1-c", @@ -63252,6 +73564,7 @@ resources: (Optional) Specifies whether DNSSEC is enabled, and what mode it is in Possible values are: off, on, transfer. + effective_labels: for all of the labels present on the resource. force_destroy: '- (Optional) Set this true to delete all records in the zone.' forwarding_config: |- - @@ -63328,7 +73641,7 @@ resources: - (Optional) For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. + resources that the zone is visible from. At least one of gke_clusters or networks must be specified. Structure is documented below. private_visibility_config.gke_clusters: |- - @@ -63337,7 +73650,7 @@ resources: Structure is documented below. private_visibility_config.networks: |- - - (Required) + (Optional) The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you may experience issues with this resource while updating. If you've defined a networks block and add another networks block while keeping the old block, Terraform will see an incorrect diff @@ -63371,6 +73684,10 @@ resources: https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace_id} Ignored for public visibility zones. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' visibility: |- - @@ -63791,123 +74108,6 @@ resources: "dns_name": "prod.mydomain.com.", "name": "prod-zone" } - - name: a - manifest: |- - { - "managed_zone": "${google_dns_managed_zone.prod.name}", - "name": "backend.${google_dns_managed_zone.prod.dns_name}", - "routing_policy": [ - { - "primary_backup": [ - { - "backup_geo": [ - { - "location": "asia-east1", - "rrdatas": [ - "10.128.1.1" - ] - }, - { - "location": "us-west1", - "rrdatas": [ - "10.130.1.1" - ] - } - ], - "primary": [ - { - "internal_load_balancers": [ - { - "ip_address": "${google_compute_forwarding_rule.prod.ip_address}", - "ip_protocol": "tcp", - "load_balancer_type": "regionalL7ilb", - "network_url": "${google_compute_network.prod.id}", - "port": "80", - "project": "${google_compute_forwarding_rule.prod.project}", - "region": "${google_compute_forwarding_rule.prod.region}" - } - ] - } - ], - "trickle_ratio": 0.1 - } - ] - } - ], - "ttl": 300, - "type": "A" - } - references: - managed_zone: google_dns_managed_zone.prod.name - routing_policy.primary_backup.primary.internal_load_balancers.ip_address: google_compute_forwarding_rule.prod.ip_address - routing_policy.primary_backup.primary.internal_load_balancers.network_url: google_compute_network.prod.id - routing_policy.primary_backup.primary.internal_load_balancers.project: google_compute_forwarding_rule.prod.project - routing_policy.primary_backup.primary.internal_load_balancers.region: google_compute_forwarding_rule.prod.region - dependencies: - google_compute_forwarding_rule.prod: |- - { - "allow_global_access": true, - "depends_on": [ - "${google_compute_subnetwork.prod_proxy}" - ], - "ip_protocol": "TCP", - "load_balancing_scheme": "INTERNAL_MANAGED", - "name": "prod-ilb", - "network": "${google_compute_network.prod.name}", - "port_range": "80", - "region": "us-central1", - "target": "${google_compute_region_target_http_proxy.prod.id}" - } - google_compute_network.prod: |- - { - "name": "prod-network" - } - google_compute_region_backend_service.prod: |- - { - "health_checks": [ - "${google_compute_region_health_check.prod.id}" - ], - "load_balancing_scheme": "INTERNAL_MANAGED", - "name": "prod-backend", - "protocol": "HTTP", - "region": "us-central1" - } - google_compute_region_health_check.prod: |- - { - "http_health_check": [ - { - "port": 80 - } - ], - "name": "prod-http-health-check", - "region": "us-central1" - } - google_compute_region_target_http_proxy.prod: |- - { - "name": "prod-http-proxy", - "region": "us-central1", - "url_map": "${google_compute_region_url_map.prod.id}" - } - google_compute_region_url_map.prod: |- - { - "default_service": "${google_compute_region_backend_service.prod.id}", - "name": "prod-url-map", - "region": "us-central1" - } - google_compute_subnetwork.prod_proxy: |- - { - "ip_cidr_range": "10.100.0.0/24", - "name": "prod-proxy-subnet", - "network": "${google_compute_network.prod.id}", - "purpose": "INTERNAL_HTTPS_LOAD_BALANCER", - "region": "us-central1", - "role": "ACTIVE" - } - google_dns_managed_zone.prod: |- - { - "dns_name": "prod.mydomain.com.", - "name": "prod-zone" - } argumentDocs: geo.health_checked_targets: |- - (Optional) For A and AAAA types only. The list of targets to be health checked. These can be specified along with rrdatas within this item. @@ -63919,7 +74119,7 @@ resources: Structure is document below. health_checked_targets.internal_load_balancers.ip_address: '- (Required) The frontend IP address of the load balancer.' health_checked_targets.internal_load_balancers.ip_protocol: '- (Required) The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"]' - health_checked_targets.internal_load_balancers.load_balancer_type: '- (Required) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"]' + health_checked_targets.internal_load_balancers.load_balancer_type: '- (Required) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]' health_checked_targets.internal_load_balancers.network_url: '- (Required) The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}.' health_checked_targets.internal_load_balancers.port: '- (Required) The configured port of the load balancer.' health_checked_targets.internal_load_balancers.project: '- (Required) The ID of the project in which the load balancer belongs.' @@ -64028,6 +74228,7 @@ resources: "disabled": true } ], + "deletion_protection": "true", "initial_node_count": 1, "ip_allocation_policy": [ { @@ -64863,5054 +75064,9167 @@ resources: (Required) The unique identifier of the project. importStatements: [] - google_endpoints_service: - subCategory: Cloud Endpoints - description: Creates and rolls out a Google Endpoints service. - name: google_endpoints_service - title: "" - examples: - - name: openapi_service - manifest: |- - { - "openapi_config": "${file(\"openapi_spec.yml\")}", - "project": "project-id", - "service_name": "api-name.endpoints.project-id.cloud.goog" - } - - name: grpc_service - manifest: |- - { - "grpc_config": "${file(\"service_spec.yml\")}", - "project": "project-id", - "protoc_output_base64": "${filebase64(\"compiled_descriptor_file.pb\")}", - "service_name": "api-name.endpoints.project-id.cloud.goog" - } - argumentDocs: - address: ': The FQDN of the endpoint as described in the config.' - apis: ': A list of API objects; structure is documented below.' - config_id: ': The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.' - create: '- Default is 10 minutes.' - delete: '- Default is 10 minutes.' - dns_address: ': The address at which the service can be found - usually the same as the service name.' - endpoints: ': A list of Endpoint objects; structure is documented below.' - grpc_config: |- - : (Optional) The full text of the Service Config YAML file (Example located here). - If provided, must also provide protoc_output_base64. open_api config must not be provided. - methods: ': A list of Method objects; structure is documented below.' - name: ': The FQDN of the API as described in the provided config.' - openapi_config: |- - : (Optional) The full text of the OpenAPI YAML configuration as described here. - Either this, or both of grpc_config and protoc_output_base64 must be specified. - project: ': (Optional) The project ID that the service belongs to. If not provided, provider project is used.' - protoc_output_base64: ': (Optional) The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.' - request_type: ': The type URL for the request to this API.' - response_type: ': The type URL for the response from this API.' - service_name: ': (Required) The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.' - syntax: ': SYNTAX_PROTO2 or SYNTAX_PROTO3.' - update: '- Default is 10 minutes.' - version: ': A version string for this api. If specified, will have the form major-version.minor-version, e.g. 1.10.' - importStatements: [] - google_endpoints_service_consumers_iam_policy: - subCategory: Cloud Endpoints - description: Collection of resources to manage IAM policy for Cloud Endpoints ServiceConsumers - name: google_endpoints_service_consumers_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "consumer_project": "", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "service_name": "${google_endpoints_service.endpoints_service.service_name}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - service_name: google_endpoints_service.endpoints_service.service_name - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_endpoints_service_consumers_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the serviceconsumers are preserved.' - google_endpoints_service_consumers_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the serviceconsumers are preserved.' - google_endpoints_service_consumers_iam_policy: ': Authoritative. Sets the IAM policy for the serviceconsumers and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_endpoints_service_consumers_iam_policy) The policy data generated by - a google_iam_policy data source. - role: |- - - (Required) The role that should be applied. Only one - google_endpoints_service_consumers_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_endpoints_service_iam_policy: - subCategory: Cloud Endpoints - description: Collection of resources to manage IAM policy for Cloud Endpoints Service - name: google_endpoints_service_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "service_name": "${google_endpoints_service.endpoints_service.service_name}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - service_name: google_endpoints_service.endpoints_service.service_name - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_endpoints_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.' - google_endpoints_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.' - google_endpoints_service_iam_policy: ': Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_endpoints_service_iam_policy) The policy data generated by - a google_iam_policy data source. - role: |- - - (Required) The role that should be applied. Only one - google_endpoints_service_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_essential_contacts_contact: - subCategory: Essential Contacts - description: A contact that will receive notifications from Google Cloud. - name: google_essential_contacts_contact - title: "" - examples: - - name: contact - manifest: |- - { - "email": "foo@bar.com", - "language_tag": "en-GB", - "notification_category_subscriptions": [ - "ALL" - ], - "parent": "${data.google_project.project.id}" - } - references: - parent: data.google_project.project.id - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - email: |- - - - (Required) - The email address to send notifications to. This does not need to be a Google account. - id: '- an identifier for the resource with format {{name}}' - language_tag: |- - - - (Required) - The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages. - name: |- - - - The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id} - notification_category_subscriptions: |- - - - (Required) - The categories of notifications that the contact will receive communications for. - parent: |- - - - (Required) - The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id} - update: '- Default is 20 minutes.' - importStatements: [] - google_eventarc_channel: - subCategory: Eventarc - description: The Eventarc Channel resource - name: google_eventarc_channel + google_edgecontainer_cluster: + subCategory: Google Distributed Cloud Edge + description: Cluster contains information about a Google Distributed Cloud Edge Kubernetes cluster. + name: google_edgecontainer_cluster title: "" examples: - - name: primary + - name: default manifest: |- { - "crypto_key_name": "${data.google_kms_crypto_key.key1.id}", - "depends_on": [ - "${google_kms_crypto_key_iam_member.key1_member}" + "authorization": [ + { + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] + } ], - "location": "us-west1", - "name": "channel", - "project": "${data.google_project.test_project.project_id}", - "third_party_provider": "projects/${data.google_project.test_project.project_id}/locations/us-west1/providers/datadog" - } - dependencies: - google_kms_crypto_key_iam_member.key1_member: |- + "fleet": [ { - "crypto_key_id": "${data.google_kms_crypto_key.key1.id}", - "member": "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + "project": "projects/${data.google_project.project.number}" } - argumentDocs: - activation_token: |- - - - Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing. - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. The creation time. - crypto_key_name: |- - - - (Optional) - Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern projects/*/locations/*/keyRings/*/cryptoKeys/*. - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/channels/{{name}}' - location: |- - - - (Required) - The location for the resource - name: |- - - - (Required) - Required. The resource name of the channel. Must be unique within the location on the project. - project: |- - - - (Optional) - The project for the resource - pubsub_topic: |- - - - Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: projects/{project}/topics/{topic_id}. - state: |- - - - Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE - third_party_provider: |- - - - (Optional) - The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: projects/{project}/locations/{location}/providers/{provider_id}. - uid: |- - - - Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. - update: '- Default is 20 minutes.' - update_time: |- - - - Output only. The last-modified time. - importStatements: [] - google_eventarc_google_channel_config: - subCategory: Eventarc - description: The Eventarc GoogleChannelConfig resource - name: google_eventarc_google_channel_config - title: "" - examples: - - name: primary - manifest: |- - { - "crypto_key_name": "${data.google_kms_crypto_key.key1.id}", - "depends_on": [ - "${google_kms_crypto_key_iam_member.key1_member}" ], - "location": "us-west1", - "name": "channel", - "project": "${data.google_project.test_project.project_id}" - } - dependencies: - google_kms_crypto_key_iam_member.key1_member: |- + "labels": { + "my_key": "my_val", + "other_key": "other_val" + }, + "location": "us-central1", + "name": "basic-cluster", + "networking": [ { - "crypto_key_id": "${data.google_kms_crypto_key.key1.id}", - "member": "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" + ], + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] } - argumentDocs: - create: '- Default is 20 minutes.' - crypto_key_name: |- - - - (Optional) - Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern projects/*/locations/*/keyRings/*/cryptoKeys/*. - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/googleChannelConfig' - location: |- - - - (Required) - The location for the resource - name: |- - - - (Required) - Required. The resource name of the config. Must be in the format of, projects/{project}/locations/{location}/googleChannelConfig. - project: |- - - - (Optional) - The project for the resource - update: '- Default is 20 minutes.' - update_time: |- - - - Output only. The last-modified time. - importStatements: [] - google_eventarc_trigger: - subCategory: Eventarc - description: The Eventarc Trigger resource - name: google_eventarc_trigger - title: "" - examples: - - name: primary + ] + } + - name: default manifest: |- { - "destination": [ + "authorization": [ { - "cloud_run_service": [ + "admin_users": [ { - "region": "europe-west1", - "service": "${google_cloud_run_service.default.name}" + "username": "admin@hashicorptest.com" } ] } ], - "labels": { - "foo": "bar" - }, - "location": "europe-west1", - "matching_criteria": [ + "fleet": [ { - "attribute": "type", - "value": "google.cloud.pubsub.topic.v1.messagePublished" + "project": "projects/${data.google_project.project.number}" } ], - "name": "name" - } - references: - destination.cloud_run_service.service: google_cloud_run_service.default.name - dependencies: - google_cloud_run_service.default: |- + "location": "us-central1", + "maintenance_policy": [ { - "location": "europe-west1", - "metadata": [ - { - "namespace": "my-project-name" - } - ], - "name": "eventarc-service", - "template": [ + "window": [ { - "spec": [ + "recurring_window": [ { - "container_concurrency": 50, - "containers": [ + "recurrence": "FREQ=WEEKLY;BYDAY=SA", + "window": [ { - "image": "gcr.io/cloudrun/hello", - "ports": [ - { - "container_port": 8080 - } - ] + "end_time": "2023-01-01T17:00:00Z", + "start_time": "2023-01-01T08:00:00Z" } - ], - "timeout_seconds": 100 + ] } ] } + ] + } + ], + "name": "cluster-with-maintenance", + "networking": [ + { + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" ], - "traffic": [ + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] + } + ] + } + - name: default + manifest: |- + { + "authorization": [ + { + "admin_users": [ { - "latest_revision": true, - "percent": 100 + "username": "admin@hashicorptest.com" } ] } - google_pubsub_topic.foo: |- + ], + "control_plane": [ { - "name": "topic" + "local": [ + { + "machine_filter": "machine-name", + "node_count": 1, + "node_location": "us-central1-edge-example-edgesite", + "shared_deployment_policy": "ALLOWED" + } + ] + } + ], + "external_load_balancer_ipv4_address_pools": [ + "10.100.0.0-10.100.0.10" + ], + "fleet": [ + { + "project": "projects/${data.google_project.project.number}" + } + ], + "location": "us-central1", + "name": "local-control-plane-cluster", + "networking": [ + { + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" + ], + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] } + ] + } argumentDocs: - cloud_run_service.path: |- - - - (Optional) - Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: "/route", "route", "route/subroute". - cloud_run_service.region: |- - - - (Optional) - Required. The region the Cloud Run service is deployed in. - cloud_run_service.service: |- + authorization: |- - (Required) - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - conditions: |- - - - Output only. The reason(s) why a trigger is in FAILED state. - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. The creation time. - delete: '- Default is 20 minutes.' - destination: |- + RBAC policy that will be applied and managed by GEC. + Structure is documented below. + authorization.admin_users: |- - (Required) - Required. Destination specifies where the events should be sent to. - destination.cloud_function: |- + User that will be granted the cluster-admin role on the cluster, providing + full access to the cluster. Currently, this is a singular field, but will + be expanded to allow multiple admins in the future. + Structure is documented below. + authorization.admin_users.control_plane: |- - (Optional) - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - destination.cloud_run_service: |- + The configuration of the cluster control plane. + Structure is documented below. + authorization.admin_users.control_plane_encryption: |- - (Optional) - Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger. - destination.gke: |- + Remote control plane disk encryption options. This field is only used when + enabling CMEK support. + Structure is documented below. + authorization.admin_users.default_max_pods_per_node: |- - (Optional) - A GKE service capable of receiving events. The service should be running in the same project as the trigger. - destination.workflow: |- + The default maximum number of pods per node used if a maximum value is not + specified explicitly for a node pool in this cluster. If unspecified, the + Kubernetes default value will be used. + authorization.admin_users.external_load_balancer_ipv4_address_pools: |- - (Optional) - The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: projects/{project}/locations/{location}/workflows/{workflow} - etag: |- + Address pools for cluster data plane external load balancing. + authorization.admin_users.labels: |- - - Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding. - gke.cluster: |- + (Optional) + User-defined labels for the edgecloud cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + authorization.admin_users.maintenance_policy: |- - - (Required) - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - gke.location: |- - - - (Required) - Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters. - gke.namespace: |- - - - (Required) - Required. The namespace the GKE service is running in. - gke.path: |- + (Optional) + Cluster-wide maintenance policy configuration. + Structure is documented below. + authorization.admin_users.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + authorization.admin_users.release_channel: |- - (Optional) - Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: "/route", "route", "route/subroute". - gke.service: |- + The release channel a cluster is subscribed to. + Possible values are: RELEASE_CHANNEL_UNSPECIFIED, NONE, REGULAR. + authorization.admin_users.system_addons_config: |- - - (Required) - Required. Name of the GKE service. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/triggers/{{name}}' - location: |- + (Optional) + Config that customers are allowed to define for GDCE system add-ons. + Structure is documented below. + authorization.admin_users.target_version: |- - - (Required) - The location for the resource - matching_criteria: |- + (Optional) + The target cluster version. For example: "1.5.0". + authorization.admin_users.username: |- - (Required) - Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination. - matching_criteria.attribute: |- + An active Google username. + cluster_ca_certificate: |- - - (Required) - Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute. - matching_criteria.channel: |- + The PEM-encoded public certificate of the cluster's CA. + Note: This property is sensitive and will not be displayed in the plan. + control_plane.local: |- - (Optional) - Optional. The name of the channel associated with the trigger in projects/{project}/locations/{location}/channels/{channel} format. You must provide a channel to receive events from Eventarc SaaS partners. - matching_criteria.labels: |- + Local control plane configuration. + Structure is documented below. + control_plane.remote: |- - (Optional) - Optional. User labels attached to the triggers that can be used to group resources. - matching_criteria.operator: |- + Remote control plane configuration. + Structure is documented below. + control_plane_encryption.kms_key: |- - (Optional) - Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. - matching_criteria.project: |- + The Cloud KMS CryptoKey e.g. + projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} + to use for protecting control plane disks. If not specified, a + Google-managed key will be used instead. + control_plane_encryption.kms_key_active_version: |- - - (Optional) - The project for the resource - matching_criteria.service_account: |- + (Output) + The Cloud KMS CryptoKeyVersion currently in use for protecting control + plane disks. Only applicable if kms_key is set. + control_plane_encryption.kms_key_state: |- - - (Optional) - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have iam.serviceAccounts.actAs permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have roles/eventarc.eventReceiver IAM role. - matching_criteria.transport: |- + (Output) + Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then + nodes may go offline as they cannot access their local data. This can be + caused by a lack of permissions to use the key, or if the key is disabled + or deleted. + control_plane_encryption.kms_status: |- - - (Optional) - Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes. - matching_criteria.value: |- + (Output) + Error status returned by Cloud KMS when using this key. This field may be + populated only if kms_key_state is not KMS_KEY_STATE_KEY_AVAILABLE. + If populated, this field contains the error status reported by Cloud KMS. + Structure is documented below. + control_plane_version: |- - - (Required) - Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values. - name: |- + The control plane release version. + create: '- Default is 480 minutes.' + create_time: |- - - (Required) - Required. The resource name of the trigger. Must be unique within the location on the project. - transport.pubsub: |- + The time the cluster was created, in RFC3339 text format. + delete: '- Default is 480 minutes.' + effective_labels: |- - - (Optional) - The Pub/Sub topic and subscription used by Eventarc as delivery intermediary. - transport.pubsub.subscription: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + endpoint: |- - - Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}. - transport.pubsub.topic: |- + The IP address of the Kubernetes API server. + fleet: |- - - (Optional) - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - uid: |- + (Required) + Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. + Structure is documented below. + fleet.membership: |- - - Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. - update: '- Default is 20 minutes.' - update_time: |- + (Output) + The name of the managed Hub Membership resource associated to this cluster. + Membership names are formatted as + projects//locations/global/membership/. + fleet.project: |- - - Output only. The last-modified time. - importStatements: [] - google_filestore_backup: - subCategory: Filestore - description: A Google Cloud Filestore backup. - name: google_filestore_backup - title: "" - examples: - - name: backup - manifest: |- - { - "description": "This is a filestore backup for the test instance", - "labels": { - "files": "label1", - "other-label": "label2" - }, - "location": "us-central1", - "name": "tf-fs-bkup", - "source_file_share": "share1", - "source_instance": "${google_filestore_instance.instance.id}" - } - references: - source_instance: google_filestore_instance.instance.id - dependencies: - google_filestore_instance.instance: |- - { - "file_shares": [ - { - "capacity_gb": 1024, - "name": "share1" - } - ], - "location": "us-central1-b", - "name": "tf-fs-inst", - "networks": [ - { - "connect_mode": "DIRECT_PEERING", - "modes": [ - "MODE_IPV4" - ], - "network": "default" - } - ], - "tier": "BASIC_HDD" - } - argumentDocs: - capacity_gb: |- + (Required) + The name of the Fleet host project where this cluster will be registered. + Project names are formatted as + projects/. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/clusters/{{name}}' + kms_status.code: |- - - The amount of bytes needed to allocate a full copy of the snapshot content. - create: '- Default is 20 minutes.' - create_time: |- + (Output) + The status code, which should be an enum value of google.rpc.Code. + kms_status.message: |- - - The time when the snapshot was created in RFC3339 text format. - delete: '- Default is 20 minutes.' - description: |- + (Output) + A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. + local.machine_filter: |- - (Optional) - A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected. - download_bytes: |- + Only machines matching this filter will be allowed to host control + plane nodes. The filtering language accepts strings like "name=", + and is documented here: AIP-160. + local.node_count: |- - - Amount of bytes that will be downloaded if the backup is restored. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{name}}' - kms_key_name: |- + (Optional) + The number of nodes to serve as replicas of the Control Plane. + Only 1 and 3 are supported. + local.node_location: |- - - KMS key name used for data encryption. - labels: |- + (Optional) + Name of the Google Distributed Cloud Edge zones where this node pool + will be created. For example: us-central1-edge-customer-a. + local.shared_deployment_policy: |- - (Optional) - Resource labels to represent user-provided metadata. + Policy configuration about how user applications are deployed. + Possible values are: SHARED_DEPLOYMENT_POLICY_UNSPECIFIED, ALLOWED, DISALLOWED. location: |- - (Required) - The name of the location of the instance. This can be a region for ENTERPRISE tier instances. - name: |- + The location of the resource. + maintenance_events: |- - - (Required) - The resource name of the backup. The name must be unique within the specified instance. - The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - source_file_share: |- + All the maintenance events scheduled for the cluster, including the ones + ongoing, planned for the future and done in the past (up to 90 days). + Structure is documented below. + maintenance_events.create_time: |- - - (Required) - Name of the file share in the source Cloud Filestore instance that the backup is created from. - source_instance: |- + (Output) + The time when the maintenance event request was created. + maintenance_events.end_time: |- - - (Required) - The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup. - source_instance_tier: |- + (Output) + The time when the maintenance event ended, either successfully or not. If + the maintenance event is split into multiple maintenance windows, + end_time is only updated when the whole flow ends. + maintenance_events.operation: |- - - The service tier of the source Cloud Filestore instance that this backup is created from. - state: |- + (Output) + The operation for running the maintenance event. Specified in the format + projects//locations//operations/*. If the maintenance event is split + into multiple operations (e.g. due to maintenance windows), the latest + one is recorded. + maintenance_events.schedule: |- - - The backup state. - storage_bytes: |- + (Output) + The schedule of the maintenance event. + maintenance_events.start_time: |- - - The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. - update: '- Default is 20 minutes.' - importStatements: [] - google_filestore_instance: - subCategory: Filestore - description: A Google Cloud Filestore instance. - name: google_filestore_instance - title: "" - examples: - - name: instance - manifest: |- - { - "file_shares": [ - { - "capacity_gb": 1024, - "name": "share1" - } - ], - "location": "us-central1-b", - "name": "test-instance", - "networks": [ - { - "modes": [ - "MODE_IPV4" - ], - "network": "default" - } - ], - "tier": "BASIC_HDD" - } - - name: instance - manifest: |- - { - "file_shares": [ - { - "capacity_gb": 2560, - "name": "share1", - "nfs_export_options": [ - { - "access_mode": "READ_WRITE", - "ip_ranges": [ - "10.0.0.0/24" - ], - "squash_mode": "NO_ROOT_SQUASH" - }, - { - "access_mode": "READ_ONLY", - "anon_gid": 456, - "anon_uid": 123, - "ip_ranges": [ - "10.10.0.0/24" - ], - "squash_mode": "ROOT_SQUASH" - } - ] - } - ], - "location": "us-central1-b", - "name": "test-instance", - "networks": [ - { - "connect_mode": "DIRECT_PEERING", - "modes": [ - "MODE_IPV4" - ], - "network": "default" - } - ], - "tier": "BASIC_SSD" - } - - name: instance - manifest: |- - { - "file_shares": [ - { - "capacity_gb": 1024, - "name": "share1" - } - ], - "kms_key_name": "${google_kms_crypto_key.filestore_key.id}", - "location": "us-central1", - "name": "test-instance", - "networks": [ - { - "modes": [ - "MODE_IPV4" - ], - "network": "default" - } - ], - "tier": "ENTERPRISE" - } - references: - kms_key_name: google_kms_crypto_key.filestore_key.id - dependencies: - google_kms_crypto_key.filestore_key: |- - { - "key_ring": "${google_kms_key_ring.filestore_keyring.id}", - "name": "filestore-key" - } - google_kms_key_ring.filestore_keyring: |- - { - "location": "us-central1", - "name": "filestore-keyring" - } - argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- + (Output) + The time when the maintenance event started. + maintenance_events.state: |- - - Creation timestamp in RFC3339 text format. - delete: '- Default is 20 minutes.' - etag: |- + (Output) + Indicates the maintenance event state. + maintenance_events.target_version: |- - - Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - file_shares: |- + (Output) + The target version of the cluster. + maintenance_events.type: |- + - + (Output) + Indicates the maintenance event type. + maintenance_events.update_time: |- + - + (Output) + The time when the maintenance event message was updated. + maintenance_events.uuid: |- + - + (Output) + UUID of the maintenance event. + maintenance_policy.window: |- - (Required) - File system shares on the instance. For this version, only a - single file share is supported. + Specifies the maintenance window in which maintenance may be performed. Structure is documented below. - file_shares.capacity_gb: |- + maintenance_policy.window.recurring_window: |- - (Required) - File share capacity in GiB. This must be at least 1024 GiB - for the standard tier, or 2560 GiB for the premium tier. - file_shares.name: |- + Represents an arbitrary window of time that recurs. + Structure is documented below. + maintenance_policy.window.recurring_window.recurrence: |- - - (Required) - The name of the fileshare (16 characters or less) - file_shares.nfs_export_options: |- + (Optional) + An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how + this window recurs. They go on for the span of time between the start and + end time. + maintenance_policy.window.recurring_window.window: |- - (Optional) - Nfs Export Options. There is a limit of 10 export options per file share. + Represents an arbitrary window of time. Structure is documented below. - file_shares.source_backup: |- - - - (Output) - The resource name of the backup, in the format - projects/{projectId}/locations/{locationId}/backups/{backupId}, - that this file share has been restored from. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}}' name: |- - (Required) - The resource name of the instance. - networks: |- + The GDCE cluster name. + networking: |- - (Required) - VPC networks to which the instance is connected. For this version, - only a single network is supported. + Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. Structure is documented below. - networks.connect_mode: |- + networking.cluster_ipv4_cidr_blocks: |- - - (Optional) - The network connect mode of the Filestore instance. - If not provided, the connect mode defaults to - DIRECT_PEERING. - Default value is DIRECT_PEERING. - Possible values are: DIRECT_PEERING, PRIVATE_SERVICE_ACCESS. - networks.description: |- + (Required) + All pods in the cluster are assigned an RFC1918 IPv4 address from these + blocks. Only a single block is supported. This field cannot be changed + after creation. + networking.cluster_ipv6_cidr_blocks: |- - (Optional) - A description of the instance. - networks.ip_addresses: |- + If specified, dual stack mode is enabled and all pods in the cluster are + assigned an IPv6 address from these blocks alongside from an IPv4 + address. Only a single block is supported. This field cannot be changed + after creation. + networking.network_type: |- - (Output) - A list of IPv4 or IPv6 addresses. - networks.kms_key_name: |- - - - (Optional) - KMS key name used for data encryption. - networks.labels: |- + IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6. + networking.services_ipv4_cidr_blocks: |- - - (Optional) - Resource labels to represent user-provided metadata. - networks.location: |- + (Required) + All services in the cluster are assigned an RFC1918 IPv4 address from these + blocks. Only a single block is supported. This field cannot be changed + after creation. + networking.services_ipv6_cidr_blocks: |- - (Optional) - The name of the location of the instance. This can be a region for ENTERPRISE tier instances. - networks.modes: |- + If specified, dual stack mode is enabled and all services in the cluster are + assigned an IPv6 address from these blocks alongside from an IPv4 + address. Only a single block is supported. This field cannot be changed + after creation. + node_version: |- - - (Required) - IP versions for which the instance has - IP addresses assigned. - Each value may be one of: ADDRESS_MODE_UNSPECIFIED, MODE_IPV4, MODE_IPV6. - networks.network: |- + The lowest release version among all worker nodes. This field can be empty + if the cluster does not have any worker nodes. + port: |- - - (Required) - The name of the GCE VPC network to which the - instance is connected. - networks.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - networks.reserved_ip_range: |- + The port number of the Kubernetes API server. + remote.node_location: |- - (Optional) - A /29 CIDR block that identifies the range of IP - addresses reserved for this instance. - networks.zone: |- + Name of the Google Distributed Cloud Edge zones where this node pool + will be created. For example: us-central1-edge-customer-a. + status: |- - - (Optional, Deprecated) - The name of the Filestore zone of the instance. - nfs_export_options.access_mode: |- + Indicates the status of the cluster. + system_addons_config.ingress: |- - (Optional) - Either READ_ONLY, for allowing only read requests on the exported directory, - or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. - Default value is READ_WRITE. - Possible values are: READ_ONLY, READ_WRITE. - nfs_export_options.anon_gid: |- + Config for the Ingress add-on which allows customers to create an Ingress + object to manage external access to the servers in a cluster. The add-on + consists of istiod and istio-ingress. + Structure is documented below. + system_addons_config.ingress.disabled: |- - (Optional) - An integer representing the anonymous group id with a default value of 65534. - Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned - if this field is specified for other squashMode settings. - nfs_export_options.anon_uid: |- + Whether Ingress is disabled. + system_addons_config.ingress.ipv4_vip: |- - (Optional) - An integer representing the anonymous user id with a default value of 65534. - Anon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned - if this field is specified for other squashMode settings. - nfs_export_options.ip_ranges: |- + Ingress VIP. + terraform_labels: |- - - (Optional) - List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share. - Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. - The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions. - nfs_export_options.squash_mode: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 480 minutes.' + update_time: |- + - + The time the cluster was last updated, in RFC3339 text format. + window.end_time: |- - (Optional) - Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, - for not allowing root access. The default is NO_ROOT_SQUASH. - Default value is NO_ROOT_SQUASH. - Possible values are: NO_ROOT_SQUASH, ROOT_SQUASH. - tier: |- + The time that the window ends. The end time must take place after the + start time. + window.start_time: |- - - (Required) - The service tier of the instance. - Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE - update: '- Default is 20 minutes.' + (Optional) + The time that the window first starts. importStatements: [] - google_filestore_snapshot: - subCategory: Filestore - description: A Google Cloud Filestore snapshot. - name: google_filestore_snapshot + google_edgecontainer_node_pool: + subCategory: Google Distributed Cloud Edge + description: '"A set of Kubernetes nodes in a cluster with common configuration and specification.' + name: google_edgecontainer_node_pool title: "" examples: - - name: snapshot + - name: default manifest: |- { - "instance": "${google_filestore_instance.instance.name}", - "location": "us-east1", - "name": "test-snapshot" + "cluster": "${google_edgecontainer_cluster.cluster.name}", + "labels": { + "my_key": "my_val", + "other_key": "other_val" + }, + "location": "us-central1", + "name": "nodepool-1", + "node_count": 3, + "node_location": "us-central1-edge-example-edgesite" } references: - instance: google_filestore_instance.instance.name + cluster: google_edgecontainer_cluster.cluster.name dependencies: - google_filestore_instance.instance: |- + google_edgecontainer_cluster.cluster: |- { - "file_shares": [ + "authorization": [ { - "capacity_gb": 1024, - "name": "share1" + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] } ], - "location": "us-east1", - "name": "test-instance-for-snapshot", - "networks": [ + "fleet": [ { - "modes": [ - "MODE_IPV4" - ], - "network": "default" + "project": "projects/${data.google_project.project.number}" } ], - "tier": "ENTERPRISE" + "location": "us-central1", + "name": "default", + "networking": [ + { + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" + ], + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] + } + ] } - - name: snapshot + - name: default manifest: |- { - "description": "Snapshot of test-instance-for-snapshot", - "instance": "${google_filestore_instance.instance.name}", - "labels": { - "my_label": "value" - }, - "location": "us-west1", - "name": "test-snapshot" + "cluster": "${google_edgecontainer_cluster.cluster.name}", + "depends_on": [ + "${google_kms_crypto_key_iam_member.crypto_key}" + ], + "local_disk_encryption": [ + { + "kms_key": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "location": "us-central1", + "name": "nodepool-1", + "node_count": 3, + "node_location": "us-central1-edge-example-edgesite" } references: - instance: google_filestore_instance.instance.name + cluster: google_edgecontainer_cluster.cluster.name + local_disk_encryption.kms_key: google_kms_crypto_key.crypto_key.id dependencies: - google_filestore_instance.instance: |- + google_edgecontainer_cluster.cluster: |- { - "file_shares": [ + "authorization": [ { - "capacity_gb": 1024, - "name": "share1" + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] } ], - "location": "us-west1", - "name": "test-instance-for-snapshot", - "networks": [ + "fleet": [ { - "modes": [ - "MODE_IPV4" - ], - "network": "default" + "project": "projects/${data.google_project.project.number}" } ], - "tier": "ENTERPRISE" + "location": "us-central1", + "name": "default", + "networking": [ + { + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" + ], + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] + } + ] } - argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- - - - The time when the snapshot was created in RFC3339 text format. - delete: '- Default is 20 minutes.' - description: |- - - - (Optional) - A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. - filesystem_used_bytes: |- - - - The amount of bytes needed to allocate a full copy of the snapshot content. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots/{{name}}' - instance: |- + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "key" + } + google_kms_crypto_key_iam_member.crypto_key: |- + { + "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.key_ring: |- + { + "location": "us-central1", + "name": "keyring" + } + - name: default + manifest: |- + { + "cluster": "${google_edgecontainer_cluster.cluster.name}", + "location": "us-central1", + "name": "nodepool-1", + "node_count": 3, + "node_location": "us-central1-edge-example-edgesite" + } + references: + cluster: google_edgecontainer_cluster.cluster.name + dependencies: + google_edgecontainer_cluster.default: |- + { + "authorization": [ + { + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] + } + ], + "control_plane": [ + { + "local": [ + { + "machine_filter": "machine-name", + "node_count": 1, + "node_location": "us-central1-edge-example-edgesite", + "shared_deployment_policy": "ALLOWED" + } + ] + } + ], + "external_load_balancer_ipv4_address_pools": [ + "10.100.0.0-10.100.0.10" + ], + "fleet": [ + { + "project": "projects/${data.google_project.project.number}" + } + ], + "location": "us-central1", + "name": "", + "networking": [ + { + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" + ], + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] + } + ] + } + argumentDocs: + cluster: |- - (Required) - The resource name of the filestore instance. + The name of the target Distributed Cloud Edge Cluster. + create: '- Default is 480 minutes.' + create_time: |- + - + The time when the node pool was created. + delete: '- Default is 480 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools/{{name}}' labels: |- - (Optional) - Resource labels to represent user-provided metadata. + Labels associated with this resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + local_disk_encryption: |- + - + (Optional) + Local disk encryption options. This field is only used when enabling CMEK support. + Structure is documented below. + local_disk_encryption.kms_key: |- + - + (Optional) + The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks. + If not specified, a Google-managed key will be used instead. + local_disk_encryption.kms_key_active_version: |- + - + (Output) + The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set. + local_disk_encryption.kms_key_state: |- + - + (Output) + Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data. + This can be caused by a lack of permissions to use the key, or if the key is disabled or deleted. location: |- - (Required) - The name of the location of the instance. This can be a region for ENTERPRISE tier instances. + The location of the resource. + machine_filter: |- + - + (Optional) + Only machines matching this filter will be allowed to join the node pool. + The filtering language accepts strings like "name=", and is + documented in more detail in AIP-160. name: |- - (Required) - The resource name of the snapshot. The name must be unique within the specified instance. - The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. + The resource name of the node pool. + node_config: |- + - + (Optional) + Configuration for each node in the NodePool + Structure is documented below. + node_config.labels: |- + - + (Optional) + "The Kubernetes node labels" + node_count: |- + - + (Required) + The number of nodes in the pool. + node_location: |- + - + (Required) + Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: us-central1-edge-customer-a. + node_version: |- + - + The lowest release version among all worker nodes. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - state: |- + terraform_labels: |- - - The snapshot state. - update: '- Default is 20 minutes.' + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 480 minutes.' + update_time: |- + - + The time when the node pool was last updated. importStatements: [] - google_firebase_android_app: - subCategory: Firebase - description: A Google Cloud Firebase Android application instance - name: google_firebase_android_app + google_edgecontainer_vpn_connection: + subCategory: Google Distributed Cloud Edge + description: A VPN connection + name: google_edgecontainer_vpn_connection title: "" examples: - - name: basic + - name: default manifest: |- { - "display_name": "Display Name Basic", - "package_name": "", - "project": "my-project-name", - "provider": "${google-beta}", - "sha1_hashes": [ - "2145bdf698b8715039bd0e83f2069bed435ac21c" + "cluster": "projects/${data.google_project.project.number}/locations/us-east1/clusters/${google_edgecontainer_cluster.cluster.name}", + "depends_on": [ + "${google_edgecontainer_node_pool.node_pool}" ], - "sha256_hashes": [ - "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" - ] + "enable_high_availability": true, + "labels": { + "my_key": "my_val", + "other_key": "other_val" + }, + "location": "us-central1", + "name": "vpn-connection-1", + "vpc": "${google_compute_network.vpc.name}" } references: - provider: google-beta + vpc: google_compute_network.vpc.name + dependencies: + google_compute_network.vpc: |- + { + "name": "example-vpc" + } + google_edgecontainer_cluster.cluster: |- + { + "authorization": [ + { + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] + } + ], + "fleet": [ + { + "project": "projects/${data.google_project.project.number}" + } + ], + "location": "us-central1", + "name": "default", + "networking": [ + { + "cluster_ipv4_cidr_blocks": [ + "10.0.0.0/16" + ], + "services_ipv4_cidr_blocks": [ + "10.1.0.0/16" + ] + } + ] + } + google_edgecontainer_node_pool.node_pool: |- + { + "cluster": "${google_edgecontainer_cluster.cluster.name}", + "location": "us-central1", + "name": "nodepool-1", + "node_count": 3, + "node_location": "us-central1-edge-example-edgesite" + } argumentDocs: - app_id: |- + cloud_router.name: |- - - The globally unique, Firebase-assigned identifier of the AndroidApp. - This identifier should be treated as an opaque token, as the data format is not specified. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - deletion_policy: |- - - (Optional) (Optional) Set to ABANDON to allow the AndroidApp to be untracked from terraform state - rather than deleted upon terraform destroy. This is useful because the AndroidApp may be - serving traffic. Set to DELETE to delete the AndroidApp. Defaults to DELETE. - display_name: |- + (Output) + The associated Cloud Router name. + cloud_vpns.gateway: |- + - + (Output) + The created Cloud VPN gateway name. + cluster: |- - (Required) - The user-assigned display name of the AndroidApp. - etag: |- + The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}. + create: '- Default is 30 minutes.' + create_time: |- - - This checksum is computed by the server based on the value of other fields, and it may be sent - with update requests to ensure the client has an up-to-date value before proceeding. - id: '- an identifier for the resource with format projects/{{project}}/androidApps/{{app_id}}' + The time when the VPN connection was created. + delete: '- Default is 30 minutes.' + details: |- + - + A nested object resource + Structure is documented below. + details.cloud_router: |- + - + (Output) + The Cloud Router info. + Structure is documented below. + details.cloud_vpns: |- + - + (Output) + Each connection has multiple Cloud VPN gateways. + Structure is documented below. + details.error: |- + - + (Output) + The error message. This is only populated when state=ERROR. + details.state: |- + - + (Output) + The current connection state. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + enable_high_availability: |- + - + (Optional) + Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/vpnConnections/{{name}}' + labels: |- + - + (Optional) + Labels associated with this resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Google Cloud Platform location. name: |- - - The fully qualified resource name of the AndroidApp, for example: - projects/projectId/androidApps/appId - package_name: |- + (Required) + The resource name of VPN connection + nat_gateway_ip: |- - (Optional) - Immutable. The canonical package name of the Android app as would appear in the Google Play - Developer Console. + NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster. + This is empty if NAT is not used. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - sha1_hashes: |- + router: |- - (Optional) - The SHA1 certificate hashes for the AndroidApp. - sha256_hashes: |- + The VPN connection Cloud Router name. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + update_time: |- + - + The time when the VPN connection was last updated. + vpc: |- - (Optional) - The SHA256 certificate hashes for the AndroidApp. - update: '- Default is 20 minutes.' + The network ID of VPC to connect to. + vpc_project: |- + - + (Optional) + Project detail of the VPC network. Required if VPC is in a different project than the cluster project. + Structure is documented below. + vpc_project.project_id: |- + - + (Optional) + The project of the VPC to connect to. If not specified, it is the same as the cluster project. importStatements: [] - google_firebase_apple_app: - subCategory: Firebase - description: A Google Cloud Firebase Apple application instance - name: google_firebase_apple_app + google_edgenetwork_network: + subCategory: Distributed Cloud Edge Network + description: A Distributed Cloud Edge network, which provides L3 isolation within a zone. + name: google_edgenetwork_network title: "" examples: - - name: default - manifest: |- - { - "bundle_id": "apple.app.12345", - "display_name": "Display Name Basic", - "project": "my-project-name", - "provider": "${google-beta}" - } - references: - provider: google-beta - - name: full + - name: example_network manifest: |- { - "app_store_id": "12345", - "bundle_id": "apple.app.12345", - "display_name": "Display Name Full", - "project": "my-project-name", - "provider": "${google-beta}", - "team_id": "9987654321" + "description": "Example network.", + "labels": { + "environment": "dev" + }, + "location": "us-west1", + "mtu": 9000, + "network_id": "example-network", + "zone": "" } - references: - provider: google-beta argumentDocs: - app_id: |- + create: '- Default is 20 minutes.' + create_time: |- - - The globally unique, Firebase-assigned identifier of the App. - This identifier should be treated as an opaque token, as the data format is not specified. - app_store_id: |- + The time when the subnet was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: 2014-10-02T15:01:23Z and 2014-10-02T15:01:23.045123456Z. + delete: '- Default is 30 minutes.' + description: |- - (Optional) - The automatically generated Apple ID assigned to the Apple app by Apple in the Apple App Store. - bundle_id: |- + A free-text description of the resource. Max length 1024 characters. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}' + labels: |- - - (Required) - The canonical bundle ID of the Apple app as it would appear in the Apple AppStore. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - deletion_policy: |- - - (Optional) (Optional) Set to ABANDON to allow the Apple to be untracked from terraform state - rather than deleted upon terraform destroy. This is useful because the Apple may be - serving traffic. Set to DELETE to delete the Apple. Defaults to DELETE. - display_name: |- + (Optional) + Labels associated with this resource. + location: |- - (Required) - The user-assigned display name of the App. - id: '- an identifier for the resource with format projects/{{project}}/iosApps/{{app_id}}' + The Google Cloud region to which the target Distributed Cloud Edge zone belongs. + mtu: |- + - + (Optional) + IP (L3) MTU value of the network. Default value is 1500. Possible values are: 1500, 9000. name: |- - - The fully qualified resource name of the App, for example: - projects/projectId/iosApps/appId + The canonical name of this resource, with format + projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}} + network_id: |- + - + (Required) + A unique ID that identifies this network. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - team_id: |- + update_time: |- - - (Optional) - The Apple Developer Team ID associated with the App in the App Store. - update: '- Default is 20 minutes.' + The time when the subnet was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: 2014-10-02T15:01:23Z and 2014-10-02T15:01:23.045123456Z. + zone: |- + - + (Required) + The name of the target Distributed Cloud Edge zone. importStatements: [] - google_firebase_database_instance: - subCategory: Firebase Realtime Database - description: A Firebase Realtime Database instance. - name: google_firebase_database_instance + google_edgenetwork_subnet: + subCategory: Distributed Cloud Edge Network + description: A Distributed Cloud Edge subnet, which provides L2 isolation within a network. + name: google_edgenetwork_subnet title: "" examples: - - name: basic - manifest: |- - { - "instance_id": "active-db", - "project": "my-project-name", - "provider": "${google-beta}", - "region": "us-central1" - } - references: - provider: google-beta - - name: full - manifest: |- - { - "desired_state": "DISABLED", - "instance_id": "disabled-db", - "project": "my-project-name", - "provider": "${google-beta}", - "region": "europe-west1", - "type": "USER_DATABASE" - } - references: - provider: google-beta - - name: default + - name: example_subnet manifest: |- { - "depends_on": [ - "${google_project_service.firebase_database}" + "description": "Example subnet.", + "ipv4_cidr": [ + "4.4.4.1/24" ], - "instance_id": "rtdb-project-default-rtdb", - "project": "${google_firebase_project.default.project}", - "provider": "${google-beta}", - "region": "us-central1", - "type": "DEFAULT_DATABASE" + "labels": { + "environment": "dev" + }, + "location": "us-west1", + "network": "${google_edgenetwork_network.example_network.id}", + "subnet_id": "example-subnet", + "zone": "" } references: - project: google_firebase_project.default.project - provider: google-beta + network: google_edgenetwork_network.example_network.id dependencies: - google_firebase_project.default: |- - { - "project": "${google_project.default.project_id}", - "provider": "${google-beta}" - } - google_project.default: |- - { - "labels": { - "firebase": "enabled" - }, - "name": "rtdb-project", - "org_id": "123456789", - "project_id": "rtdb-project", - "provider": "${google-beta}" - } - google_project_service.firebase_database: |- + google_edgenetwork_network.example_network: |- { - "project": "${google_firebase_project.default.project}", - "provider": "${google-beta}", - "service": "firebasedatabase.googleapis.com" + "description": "Example network.", + "location": "us-west1", + "mtu": 9000, + "network_id": "example-network", + "zone": "" } - argumentDocs: - create: '- Default is 20 minutes.' - database_url: |- - - - The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances - or https://{instance-id}.{region}.firebasedatabase.app in other regions. - delete: '- Default is 20 minutes.' - desired_state: '- (Optional) The intended database state.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{instance_id}}' - instance_id: |- - - - (Required) - The globally unique identifier of the Firebase Realtime Database instance. - Instance IDs cannot be reused after deletion. - name: |- - - - The fully-qualified resource name of the Firebase Realtime Database, in the - format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID - PROJECT_NUMBER: The Firebase project's ProjectNumber - Learn more about using project identifiers in Google's AIP 2510 standard. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - region: |- - - - (Required) - A reference to the region where the Firebase Realtime database resides. - Check all available regions - state: |- - - - The current database state. Set desired_state to :DISABLED to disable the database and :ACTIVE to reenable the database - type: |- - - - (Optional) - The database type. - Each project can create one default Firebase Realtime Database, which cannot be deleted once created. - Creating user Databases is only available for projects on the Blaze plan. - Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. - Default value is USER_DATABASE. - Possible values are: DEFAULT_DATABASE, USER_DATABASE. - update: '- Default is 20 minutes.' - importStatements: [] - google_firebase_extensions_instance: - subCategory: Firebase Extensions - description: An Instance is an installation of an Extension into a user's project. - name: google_firebase_extensions_instance - title: "" - examples: - - name: resize_image + - name: example_subnet_with_vlan_id manifest: |- { - "config": [ - { - "allowed_event_types": [ - "firebase.extensions.storage-resize-images.v1.complete" - ], - "eventarc_channel": "projects/my-project-name/locations//channels/firebase", - "extension_ref": "firebase/storage-resize-images", - "extension_version": "0.1.37", - "params": { - "DELETE_ORIGINAL_FILE": false, - "DO_BACKFILL": false, - "FUNCTION_MEMORY": 1024, - "IMAGE_TYPE": false, - "IMG_BUCKET": "${google_storage_bucket.images.name}", - "IMG_SIZES": "200x200", - "IS_ANIMATED": true, - "LOCATION": "", - "MAKE_PUBLIC": false - }, - "system_params": { - "firebaseextensions.v1beta.function/maxInstances": 3000, - "firebaseextensions.v1beta.function/memory": 256, - "firebaseextensions.v1beta.function/minInstances": 0, - "firebaseextensions.v1beta.function/vpcConnectorEgressSettings": "VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED" - } - } + "description": "Example subnet with VLAN ID.", + "ipv6_cidr": [ + "4444:4444:4444:4444::1/64" ], - "instance_id": "storage-resize-images", - "project": "my-project-name", - "provider": "${google-beta}" + "labels": { + "environment": "dev" + }, + "location": "us-west1", + "network": "${google_edgenetwork_network.example_network.id}", + "subnet_id": "example-subnet-with-vlan-id", + "vlan_id": 44, + "zone": "" } references: - provider: google-beta + network: google_edgenetwork_network.example_network.id dependencies: - google_storage_bucket.images: |- + google_edgenetwork_network.example_network: |- { - "force_destroy": true, - "location": "US", - "name": "bucket-id", - "project": "my-project-name", - "provider": "${google-beta}", - "uniform_bucket_level_access": true + "description": "Example network.", + "location": "us-west1", + "mtu": 9000, + "network_id": "example-network", + "zone": "" } argumentDocs: - config: |- + create: '- Default is 20 minutes.' + create_time: |- - - (Required) - The current Config of the Extension Instance. - Structure is documented below. - config.allowed_event_types: |- + The time when the subnet was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: 2014-10-02T15:01:23Z and 2014-10-02T15:01:23.045123456Z. + delete: '- Default is 30 minutes.' + description: |- - (Optional) - List of extension events selected by consumer that extension is allowed to - emit, identified by their types. - config.create_time: |- - - - (Output) - The time at which the Extension Instance Config was created. - config.eventarc_channel: |- + A free-text description of the resource. Max length 1024 characters. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}' + ipv4_cidr: |- - (Optional) - Fully qualified Eventarc resource name that consumers should use for event triggers. - config.extension_ref: |- - - - (Required) - The ref of the Extension from the Registry (e.g. publisher-id/awesome-extension) - config.extension_version: |- + The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format. + ipv6_cidr: |- - (Optional) - The version of the Extension from the Registry (e.g. 1.0.3). If left blank, latest is assumed. - config.name: |- + The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format. + labels: |- - - (Output) - The unique identifier for this configuration. - config.params: |- + (Optional) + Labels associated with this resource. + location: |- - (Required) - Environment variables that may be configured for the Extension - config.populated_postinstall_content: |- + The Google Cloud region to which the target Distributed Cloud Edge zone belongs. + name: |- - - (Output) - Postinstall instructions to be shown for this Extension, with - template strings representing function and parameter values substituted - with actual values. These strings include: ${param:FOO}, - ${function:myFunc.url}, - ${function:myFunc.name}, and ${function:myFunc.location} - config.project: |- + The canonical name of this resource, with format + projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}} + network: |- + - + (Required) + The ID of the network to which this router belongs. + Must be of the form: projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}} + project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - config.system_params: |- - - - (Optional) - Params whose values are only available at deployment time. - Unlike other params, these will not be set as environment variables on - functions. - create: '- Default is 20 minutes.' - create_time: |- - - - The time at which the Extension Instance was created. - delete: '- Default is 20 minutes.' - error_status: |- + state: |- - - If this Instance has state: ERRORED, the error messages - will be found here. - Structure is documented below. - error_status.code: |- + Current stage of the resource to the device by config push. + subnet_id: |- - - (Optional) - The status code, which should be an enum value of google.rpc.Code. - error_status.details: |- + (Required) + A unique ID that identifies this subnet. + update_time: |- - - (Optional) - A list of messages that carry the error details. - error_status.message: |- + The time when the subnet was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: 2014-10-02T15:01:23Z and 2014-10-02T15:01:23.045123456Z. + vlan_id: |- - (Optional) - A developer-facing error message, which should be in English. - etag: |- - - - A weak etag that is computed by the server based on other configuration - values and may be sent on update and delete requests to ensure the - client has an up-to-date value before proceeding. - fatal_error.error_message: |- - - - (Optional) - The error message. This is set by the extension developer to give - more detail on why the extension is unusable and must be re-installed - or reconfigured. - id: '- an identifier for the resource with format projects/{{project}}/instances/{{instance_id}}' - instance_id: |- + VLAN ID for this subnetwork. If not specified, one is assigned automatically. + zone: |- - (Required) - The ID to use for the Extension Instance, which will become the final - component of the instance's name. - last_operation_name: |- + The name of the target Distributed Cloud Edge zone. + importStatements: [] + google_endpoints_service: + subCategory: Cloud Endpoints + description: Creates and rolls out a Google Endpoints service. + name: google_endpoints_service + title: "" + examples: + - name: openapi_service + manifest: |- + { + "openapi_config": "${file(\"openapi_spec.yml\")}", + "project": "project-id", + "service_name": "api-name.endpoints.project-id.cloud.goog" + } + - name: grpc_service + manifest: |- + { + "grpc_config": "${file(\"service_spec.yml\")}", + "project": "project-id", + "protoc_output_base64": "${filebase64(\"compiled_descriptor_file.pb\")}", + "service_name": "api-name.endpoints.project-id.cloud.goog" + } + argumentDocs: + address: ': The FQDN of the endpoint as described in the config.' + apis: ': A list of API objects; structure is documented below.' + config_id: ': The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.' + create: '- Default is 10 minutes.' + delete: '- Default is 10 minutes.' + dns_address: ': The address at which the service can be found - usually the same as the service name.' + endpoints: ': A list of Endpoint objects; structure is documented below.' + grpc_config: |- + : (Optional) The full text of the Service Config YAML file (Example located here). + If provided, must also provide protoc_output_base64. open_api config must not be provided. + methods: ': A list of Method objects; structure is documented below.' + name: ': The FQDN of the API as described in the provided config.' + openapi_config: |- + : (Optional) The full text of the OpenAPI YAML configuration as described here. + Either this, or both of grpc_config and protoc_output_base64 must be specified. + project: ': (Optional) The project ID that the service belongs to. If not provided, provider project is used.' + protoc_output_base64: ': (Optional) The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.' + request_type: ': The type URL for the request to this API.' + response_type: ': The type URL for the response from this API.' + service_name: ': (Required) The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.' + syntax: ': SYNTAX_PROTO2 or SYNTAX_PROTO3.' + update: '- Default is 10 minutes.' + version: ': A version string for this api. If specified, will have the form major-version.minor-version, e.g. 1.10.' + importStatements: [] + google_endpoints_service_consumers_iam_policy: + subCategory: Cloud Endpoints + description: Collection of resources to manage IAM policy for Cloud Endpoints ServiceConsumers + name: google_endpoints_service_consumers_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "consumer_project": "", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "service_name": "${google_endpoints_service.endpoints_service.service_name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + service_name: google_endpoints_service.endpoints_service.service_name + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_endpoints_service_consumers_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the serviceconsumers are preserved.' + google_endpoints_service_consumers_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the serviceconsumers are preserved.' + google_endpoints_service_consumers_iam_policy: ': Authoritative. Sets the IAM policy for the serviceconsumers and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_endpoints_service_consumers_iam_policy) The policy data generated by + a google_iam_policy data source. + role: |- + - (Required) The role that should be applied. Only one + google_endpoints_service_consumers_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_endpoints_service_iam_policy: + subCategory: Cloud Endpoints + description: Collection of resources to manage IAM policy for Cloud Endpoints Service + name: google_endpoints_service_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "service_name": "${google_endpoints_service.endpoints_service.service_name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + service_name: google_endpoints_service.endpoints_service.service_name + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_endpoints_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.' + google_endpoints_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.' + google_endpoints_service_iam_policy: ': Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_endpoints_service_iam_policy) The policy data generated by + a google_iam_policy data source. + role: |- + - (Required) The role that should be applied. Only one + google_endpoints_service_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_essential_contacts_contact: + subCategory: Essential Contacts + description: A contact that will receive notifications from Google Cloud. + name: google_essential_contacts_contact + title: "" + examples: + - name: contact + manifest: |- + { + "email": "foo@bar.com", + "language_tag": "en-GB", + "notification_category_subscriptions": [ + "ALL" + ], + "parent": "${data.google_project.project.id}" + } + references: + parent: data.google_project.project.id + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + email: |- - - The name of the last operation that acted on this Extension - Instance - last_operation_type: |- + (Required) + The email address to send notifications to. This does not need to be a Google account. + id: '- an identifier for the resource with format {{name}}' + language_tag: |- - - The type of the last operation that acted on the Extension Instance. + (Required) + The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages. name: |- - - The fully-qualified resource name of the Extension Instance. - processing_state.detail_message: |- + The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id} + notification_category_subscriptions: |- - - (Optional) - Details about the processing. e.g. This could include the type of - processing in progress or it could list errors or failures. - This information will be shown in the console on the detail page - for the extension instance. - processing_state.state: |- + (Required) + The categories of notifications that the contact will receive communications for. + parent: |- - - (Optional) - The processing state of the extension instance. - runtime_data: |- + (Required) + The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id} + update: '- Default is 20 minutes.' + importStatements: [] + google_eventarc_channel: + subCategory: Eventarc + description: The Eventarc Channel resource + name: google_eventarc_channel + title: "" + examples: + - name: primary + manifest: |- + { + "crypto_key_name": "${data.google_kms_crypto_key.key1.id}", + "depends_on": [ + "${google_kms_crypto_key_iam_member.key1_member}" + ], + "location": "us-west1", + "name": "channel", + "project": "${data.google_project.test_project.project_id}", + "third_party_provider": "projects/${data.google_project.test_project.project_id}/locations/us-west1/providers/datadog" + } + dependencies: + google_kms_crypto_key_iam_member.key1_member: |- + { + "crypto_key_id": "${data.google_kms_crypto_key.key1.id}", + "member": "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + argumentDocs: + activation_token: |- - - Data set by the extension instance at runtime. - Structure is documented below. - runtime_data.fatal_error: |- + Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing. + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - The fatal error state for the extension instance - Structure is documented below. - runtime_data.processing_state: |- + Output only. The creation time. + crypto_key_name: |- - (Optional) - The processing state for the extension instance - Structure is documented below. - runtime_data.state_update_time: |- + Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern projects/*/locations/*/keyRings/*/cryptoKeys/*. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/channels/{{name}}' + location: |- + - + (Required) + The location for the resource + name: |- + - + (Required) + Required. The resource name of the channel. Must be unique within the location on the project. + project: |- - (Optional) - The time of the last state update. - service_account_email: |- + The project for the resource + pubsub_topic: |- - - The email of the service account to be used at runtime by compute resources - created for the operation of the Extension instance. + Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: projects/{project}/topics/{topic_id}. state: |- - - The current state of the Extension Instance. - DEPLOYING: - The Extension Instance is waiting on an Operation to complete. Could - resolve to ACTIVE, PAUSED, ERRORED. - UNINSTALLING: - The Extension Instance is being removed from the project. Could resolve - to ERRORED, but more likely the instance will soon cease to exist. - ACTIVE: - The Extension Instance is installed and ready. - ERRORED: - The Extension Instance encountered an error while DEPLOYING or - UNINSTALLING. - PAUSED: - The Extension's resources have been removed from the project, but the - Config remains so the Instance can be restored. + Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE + third_party_provider: |- + - + (Optional) + The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: projects/{project}/locations/{location}/providers/{provider_id}. + uid: |- + - + Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. update: '- Default is 20 minutes.' update_time: |- - - The time at which the Extension Instance was updated. + Output only. The last-modified time. importStatements: [] - google_firebase_hosting_channel: - subCategory: Firebase Hosting - description: A - name: google_firebase_hosting_channel + google_eventarc_google_channel_config: + subCategory: Eventarc + description: The Eventarc GoogleChannelConfig resource + name: google_eventarc_google_channel_config title: "" examples: - - name: default - manifest: |- - { - "channel_id": "channel-basic", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" - } - references: - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id - dependencies: - google_firebase_hosting_site.default: |- - { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-with-channel" - } - - name: full + - name: primary manifest: |- { - "channel_id": "channel-full", - "labels": { - "some-key": "some-value" - }, - "provider": "${google-beta}", - "retained_release_count": 20, - "site_id": "${google_firebase_hosting_site.default.site_id}", - "ttl": "86400s" + "crypto_key_name": "${data.google_kms_crypto_key.key1.id}", + "depends_on": [ + "${google_kms_crypto_key_iam_member.key1_member}" + ], + "location": "us-west1", + "name": "channel", + "project": "${data.google_project.test_project.project_id}" } - references: - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id dependencies: - google_firebase_hosting_site.default: |- + google_kms_crypto_key_iam_member.key1_member: |- { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-with-channel" + "crypto_key_id": "${data.google_kms_crypto_key.key1.id}", + "member": "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } argumentDocs: - channel_id: |- - - - (Required) - Required. Immutable. A unique ID within the site that identifies the channel. create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - expire_time: |- + crypto_key_name: |- - (Optional) - The time at which the channel will be automatically deleted. If null, the channel - will not be automatically deleted. This field is present in the output whether it's - set directly or via the ttl field. - id: '- an identifier for the resource with format sites/{{site_id}}/channels/{{channel_id}}' - labels: |- + Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern projects/*/locations/*/keyRings/*/cryptoKeys/*. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/googleChannelConfig' + location: |- - - (Optional) - Text labels used for extra metadata and/or filtering + (Required) + The location for the resource name: |- - - - The fully-qualified resource name for the channel, in the format: - sites/SITE_ID/channels/CHANNEL_ID - retained_release_count: |- - - - (Optional) - The number of previous releases to retain on the channel for rollback or other - purposes. Must be a number between 1-100. Defaults to 10 for new channels. - site_id: |- - (Required) - Required. The ID of the site in which to create this channel. - ttl: |- + Required. The resource name of the config. Must be in the format of, projects/{project}/locations/{location}/googleChannelConfig. + project: |- - (Optional) - Input only. A time-to-live for this channel. Sets expire_time to the provided - duration past the time of the request. A duration in seconds with up to nine fractional - digits, terminated by 's'. Example: "86400s" (one day). + The project for the resource update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last-modified time. importStatements: [] - google_firebase_hosting_release: - subCategory: Firebase Hosting - description: A Release is a particular collection of configurations that is set to be public at a particular time. - name: google_firebase_hosting_release + google_eventarc_trigger: + subCategory: Eventarc + description: The Eventarc Trigger resource + name: google_eventarc_trigger title: "" examples: - - name: default + - name: primary manifest: |- { - "message": "Test release", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}", - "version_name": "${google_firebase_hosting_version.default.name}" - } - references: - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id - version_name: google_firebase_hosting_version.default.name - dependencies: - google_firebase_hosting_site.default: |- - { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-id" - } - google_firebase_hosting_version.default: |- + "destination": [ { - "config": [ + "cloud_run_service": [ { - "redirects": [ - { - "glob": "/google/**", - "location": "https://www.google.com", - "status_code": 302 - } - ] + "region": "europe-west1", + "service": "${google_cloud_run_service.default.name}" } - ], - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" + ] } - - name: default - manifest: |- - { - "channel_id": "${google_firebase_hosting_channel.default.channel_id}", - "message": "Test release in channel", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}", - "version_name": "${google_firebase_hosting_version.default.name}" + ], + "labels": { + "foo": "bar" + }, + "location": "europe-west1", + "matching_criteria": [ + { + "attribute": "type", + "value": "google.cloud.pubsub.topic.v1.messagePublished" + } + ], + "name": "name" } references: - channel_id: google_firebase_hosting_channel.default.channel_id - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id - version_name: google_firebase_hosting_version.default.name + destination.cloud_run_service.service: google_cloud_run_service.default.name dependencies: - google_firebase_hosting_channel.default: |- - { - "channel_id": "channel-id", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" - } - google_firebase_hosting_site.default: |- - { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-with-channel" - } - google_firebase_hosting_version.default: |- + google_cloud_run_service.default: |- { - "config": [ + "location": "europe-west1", + "metadata": [ { - "redirects": [ + "namespace": "my-project-name" + } + ], + "name": "eventarc-service", + "template": [ + { + "spec": [ { - "glob": "/google/**", - "location": "https://www.google.com", - "status_code": 302 + "container_concurrency": 50, + "containers": [ + { + "image": "gcr.io/cloudrun/hello", + "ports": [ + { + "container_port": 8080 + } + ] + } + ], + "timeout_seconds": 100 } ] } ], - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" + "traffic": [ + { + "latest_revision": true, + "percent": 100 + } + ] } - - name: default - manifest: |- - { - "message": "Take down site", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}", - "type": "SITE_DISABLE" - } - references: - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id - dependencies: - google_firebase_hosting_site.default: |- + google_pubsub_topic.foo: |- { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-id" + "name": "topic" } argumentDocs: - channel_id: |- + cloud_run_service.path: |- - (Optional) - The ID of the channel to which the release belongs. If not provided, the release will - belong to the default "live" channel - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format sites/{{site_id}}/channels/{{channel_id}}/releases/{{release_id}}' - message: |- + Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: "/route", "route", "route/subroute". + cloud_run_service.region: |- - (Optional) - The deploy description when the release was created. The value can be up to 512 characters. - name: |- - - - The unique identifier for the release, in either of the following formats: - sites/SITE_ID/releases/RELEASE_ID - sites/SITE_ID/channels/CHANNEL_ID/releases/RELEASE_ID - release_id: |- - - - The unique identifier for the Release. - site_id: |- + Required. The region the Cloud Run service is deployed in. + cloud_run_service.service: |- - (Required) - Required. The ID of the site to which the release belongs. - type: |- - - + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + conditions: |- + - + Output only. The reason(s) why a trigger is in FAILED state. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation time. + delete: '- Default is 20 minutes.' + destination: |- + - + (Required) + Required. Destination specifies where the events should be sent to. + destination.cloud_function: |- + - + The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value. + destination.cloud_run_service: |- + - (Optional) - The type of the release; indicates what happened to the content of the site. There is no need to specify - DEPLOY or ROLLBACK type if a version_name is provided. - DEPLOY: A version was uploaded to Firebase Hosting and released. Output only. - ROLLBACK: The release points back to a previously deployed version. Output only. - SITE_DISABLE: The release prevents the site from serving content. Firebase Hosting acts as if the site never existed - Possible values are: DEPLOY, ROLLBACK, SITE_DISABLE. - version_name: |- + Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger. + destination.gke: |- - (Optional) - The unique identifier for a version, in the format: sites/SITE_ID/versions/VERSION_ID. - The content of the version specified will be actively displayed on the appropriate URL. - The Version must belong to the same site as in the site_id. - This parameter must be empty if the type of the release is SITE_DISABLE. + A GKE service capable of receiving events. The service should be running in the same project as the trigger. + destination.http_endpoint: |- + - + (Optional) + An HTTP endpoint destination described by an URI. + destination.network_config: |- + - + (Optional) + Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type. + destination.workflow: |- + - + (Optional) + The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: projects/{project}/locations/{location}/workflows/{workflow} + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- + - + Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding. + gke.cluster: |- + - + (Required) + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + gke.location: |- + - + (Required) + Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters. + gke.namespace: |- + - + (Required) + Required. The namespace the GKE service is running in. + gke.path: |- + - + (Optional) + Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: "/route", "route", "route/subroute". + gke.service: |- + - + (Required) + Required. Name of the GKE service. + http_endpoint.uri: |- + - + (Required) + Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/triggers/{{name}}' + location: |- + - + (Required) + The location for the resource + matching_criteria: |- + - + (Required) + Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination. + matching_criteria.attribute: |- + - + (Required) + Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute. + matching_criteria.channel: |- + - + (Optional) + Optional. The name of the channel associated with the trigger in projects/{project}/locations/{location}/channels/{channel} format. You must provide a channel to receive events from Eventarc SaaS partners. + matching_criteria.event_data_content_type: |- + - + (Optional) + Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to application/json if the value is not defined. + matching_criteria.labels: |- + - + (Optional) + Optional. User labels attached to the triggers that can be used to group resources. + matching_criteria.operator: |- + - + (Optional) + Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. + matching_criteria.project: |- + - + (Optional) + The project for the resource + matching_criteria.service_account: |- + - + (Optional) + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have iam.serviceAccounts.actAs permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have roles/eventarc.eventReceiver IAM role. + matching_criteria.transport: |- + - + (Optional) + Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes. + matching_criteria.value: |- + - + (Required) + Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values. + name: |- + - + (Required) + Required. The resource name of the trigger. Must be unique within the location on the project. + network_config.network_attachment: |- + - + (Required) + Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME} + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. + transport.pubsub: |- + - + (Optional) + The Pub/Sub topic and subscription used by Eventarc as delivery intermediary. + transport.pubsub.subscription: |- + - + Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}. + transport.pubsub.topic: |- + - + (Optional) + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + uid: |- + - + Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last-modified time. importStatements: [] - google_firebase_hosting_site: - subCategory: Firebase Hosting - description: A - name: google_firebase_hosting_site + google_filestore_backup: + subCategory: Filestore + description: A Google Cloud Filestore backup. + name: google_filestore_backup title: "" examples: - - name: default - manifest: |- - { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-no-app" - } - references: - provider: google-beta - - name: full + - name: backup manifest: |- { - "app_id": "${google_firebase_web_app.default.app_id}", - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-with-app" + "description": "This is a filestore backup for the test instance", + "labels": { + "files": "label1", + "other-label": "label2" + }, + "location": "us-central1", + "name": "tf-fs-bkup", + "source_file_share": "share1", + "source_instance": "${google_filestore_instance.instance.id}" } references: - app_id: google_firebase_web_app.default.app_id - provider: google-beta + source_instance: google_filestore_instance.instance.id dependencies: - google_firebase_web_app.default: |- + google_filestore_instance.instance: |- { - "deletion_policy": "DELETE", - "display_name": "Test web app for Firebase Hosting", - "project": "my-project-name", - "provider": "${google-beta}" + "file_shares": [ + { + "capacity_gb": 1024, + "name": "share1" + } + ], + "location": "us-central1-b", + "name": "tf-fs-inst", + "networks": [ + { + "connect_mode": "DIRECT_PEERING", + "modes": [ + "MODE_IPV4" + ], + "network": "default" + } + ], + "tier": "BASIC_HDD" } argumentDocs: - app_id: |- + capacity_gb: |- - - (Optional) - Optional. The ID of a Web App - associated with the Hosting site. + The amount of bytes needed to allocate a full copy of the snapshot content. create: '- Default is 20 minutes.' - default_url: |- + create_time: |- - - The default URL for the site in the form of https://{name}.web.app + The time when the snapshot was created in RFC3339 text format. delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/sites/{{site_id}}' + description: |- + - + (Optional) + A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected. + download_bytes: |- + - + Amount of bytes that will be downloaded if the backup is restored. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{name}}' + kms_key_name: |- + - + KMS key name used for data encryption. + labels: |- + - + (Optional) + Resource labels to represent user-provided metadata. + location: |- + - + (Required) + The name of the location of the instance. This can be a region for ENTERPRISE tier instances. name: |- - - Output only. The fully-qualified resource name of the Hosting site, in the - format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the - Firebase project's - ProjectNumber (recommended) or its - ProjectId. - Learn more about using project identifiers in Google's - AIP 2510 standard. + (Required) + The resource name of the backup. The name must be unique within the specified instance. + The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - site_id: |- + source_file_share: |- - - (Optional) - Required. Immutable. A globally unique identifier for the Hosting site. This identifier is - used to construct the Firebase-provisioned subdomains for the site, so it must also be a valid - domain name label. + (Required) + Name of the file share in the source Cloud Filestore instance that the backup is created from. + source_instance: |- + - + (Required) + The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup. + source_instance_tier: |- + - + The service tier of the source Cloud Filestore instance that this backup is created from. + state: |- + - + The backup state. + storage_bytes: |- + - + The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] - google_firebase_hosting_version: - subCategory: Firebase Hosting - description: A - name: google_firebase_hosting_version + google_filestore_instance: + subCategory: Filestore + description: A Google Cloud Filestore instance. + name: google_filestore_instance title: "" examples: - - name: default + - name: instance manifest: |- { - "config": [ + "file_shares": [ { - "redirects": [ - { - "glob": "/google/**", - "location": "https://www.google.com", - "status_code": 302 - } - ] + "capacity_gb": 1024, + "name": "share1" } ], - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" - } - references: - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id - dependencies: - google_firebase_hosting_release.default: |- - { - "message": "Redirect to Google", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}", - "version_name": "${google_firebase_hosting_version.default.name}" - } - google_firebase_hosting_site.default: |- + "location": "us-central1-b", + "name": "test-instance", + "networks": [ { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-id" + "modes": [ + "MODE_IPV4" + ], + "network": "default" } - - name: default + ], + "tier": "BASIC_HDD" + } + - name: instance manifest: |- { - "config": [ + "file_shares": [ { - "rewrites": [ + "capacity_gb": 2560, + "name": "share1", + "nfs_export_options": [ { - "glob": "/hello/**", - "run": [ - { - "region": "${google_cloud_run_v2_service.default.location}", - "service_id": "${google_cloud_run_v2_service.default.name}" - } - ] - } - ] - } - ], - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" - } - references: - config.rewrites.run.region: google_cloud_run_v2_service.default.location - config.rewrites.run.service_id: google_cloud_run_v2_service.default.name - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id - dependencies: - google_cloud_run_v2_service.default: |- - { - "ingress": "INGRESS_TRAFFIC_ALL", - "location": "us-central1", - "name": "cloud-run-service-via-hosting", - "project": "my-project-name", - "provider": "${google-beta}", - "template": [ + "access_mode": "READ_WRITE", + "ip_ranges": [ + "10.0.0.0/24" + ], + "squash_mode": "NO_ROOT_SQUASH" + }, { - "containers": [ - { - "image": "us-docker.pkg.dev/cloudrun/container/hello" - } - ] + "access_mode": "READ_ONLY", + "anon_gid": 456, + "anon_uid": 123, + "ip_ranges": [ + "10.10.0.0/24" + ], + "squash_mode": "ROOT_SQUASH" } ] } - google_firebase_hosting_release.default: |- - { - "message": "Cloud Run Integration", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}", - "version_name": "${google_firebase_hosting_version.default.name}" - } - google_firebase_hosting_site.default: |- + ], + "location": "us-central1-b", + "name": "test-instance", + "networks": [ { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-id" + "connect_mode": "DIRECT_PEERING", + "modes": [ + "MODE_IPV4" + ], + "network": "default" } - - name: default + ], + "tier": "BASIC_SSD" + } + - name: instance manifest: |- { - "config": [ + "file_shares": [ { - "rewrites": [ - { - "function": "${google_cloudfunctions_function.function.name}", - "glob": "/hello/**" - } - ] + "capacity_gb": 1024, + "name": "share1" } ], - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}" + "kms_key_name": "${google_kms_crypto_key.filestore_key.id}", + "location": "us-central1", + "name": "test-instance", + "networks": [ + { + "modes": [ + "MODE_IPV4" + ], + "network": "default" + } + ], + "tier": "ENTERPRISE" } references: - config.rewrites.function: google_cloudfunctions_function.function.name - provider: google-beta - site_id: google_firebase_hosting_site.default.site_id + kms_key_name: google_kms_crypto_key.filestore_key.id dependencies: - google_cloudfunctions_function.function: |- - { - "available_memory_mb": 128, - "description": "A Cloud Function connected to Firebase Hosing", - "entry_point": "helloHttp", - "name": "cloud-function-via-hosting", - "project": "my-project-name", - "provider": "${google-beta}", - "runtime": "nodejs16", - "source_archive_bucket": "${google_storage_bucket.bucket.name}", - "source_archive_object": "${google_storage_bucket_object.object.name}", - "trigger_http": true - } - google_firebase_hosting_release.default: |- - { - "message": "Cloud Functions Integration", - "provider": "${google-beta}", - "site_id": "${google_firebase_hosting_site.default.site_id}", - "version_name": "${google_firebase_hosting_version.default.name}" - } - google_firebase_hosting_site.default: |- - { - "project": "my-project-name", - "provider": "${google-beta}", - "site_id": "site-id" - } - google_storage_bucket.bucket: |- + google_kms_crypto_key.filestore_key: |- { - "location": "US", - "name": "site-id-function-source", - "project": "my-project-name", - "provider": "${google-beta}", - "uniform_bucket_level_access": true + "key_ring": "${google_kms_key_ring.filestore_keyring.id}", + "name": "filestore-key" } - google_storage_bucket_object.object: |- + google_kms_key_ring.filestore_keyring: |- { - "bucket": "${google_storage_bucket.bucket.name}", - "name": "function-source.zip", - "provider": "${google-beta}", - "source": "function-source.zip" + "location": "us-central1", + "name": "filestore-keyring" } argumentDocs: - config: |- - - - (Optional) - The configuration for the behavior of the site. This configuration exists in the firebase.json file. - Structure is documented below. - config.redirects: |- - - - (Optional) - An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, - triggers Hosting to respond with a redirect to the specified destination path. - Structure is documented below. - config.rewrites: |- - - - (Optional) - An array of objects (called rewrite rules), where each rule specifies a URL pattern that, if matched to the - request URL path, triggers Hosting to respond as if the service were given the specified destination URL. - Structure is documented below. create: '- Default is 20 minutes.' + create_time: |- + - + Creation timestamp in RFC3339 text format. delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format sites/{{site_id}}/versions/{{version_id}}' - name: |- + effective_labels: |- - - The fully-qualified resource name for the version, in the format: - sites/SITE_ID/versions/VERSION_ID - redirects.glob: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- - - (Optional) - The user-supplied glob to match against the request URL path. - redirects.location: |- + Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + file_shares: |- - (Required) - The value to put in the HTTP location header of the response. - The location can contain capture group values from the pattern using a : prefix to identify - the segment and an optional * to capture the rest of the URL. For example: - redirects.regex: |- + File system shares on the instance. For this version, only a + single file share is supported. + Structure is documented below. + file_shares.capacity_gb: |- - - (Optional) - The user-supplied RE2 regular expression to match against the request URL path. - redirects.status_code: |- + (Required) + File share capacity in GiB. This must be at least 1024 GiB + for the standard tier, or 2560 GiB for the premium tier. + file_shares.name: |- - (Required) - The status HTTP code to return in the response. It must be a valid 3xx status code. - rewrites.function: |- + The name of the fileshare (16 characters or less) + file_shares.nfs_export_options: |- - (Optional) - The function to proxy requests to. Must match the exported function name exactly. - rewrites.glob: |- - - + Nfs Export Options. There is a limit of 10 export options per file share. + Structure is documented below. + file_shares.source_backup: |- + - (Optional) - The user-supplied glob to match against the request URL path. - rewrites.regex: |- + The resource name of the backup, in the format + projects/{projectId}/locations/{locationId}/backups/{backupId}, + that this file share has been restored from. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}}' + name: |- + - + (Required) + The resource name of the instance. + networks: |- + - + (Required) + VPC networks to which the instance is connected. For this version, + only a single network is supported. + Structure is documented below. + networks.connect_mode: |- - (Optional) - The user-supplied RE2 regular expression to match against the request URL path. - rewrites.run: |- + The network connect mode of the Filestore instance. + If not provided, the connect mode defaults to + DIRECT_PEERING. + Default value is DIRECT_PEERING. + Possible values are: DIRECT_PEERING, PRIVATE_SERVICE_ACCESS. + networks.description: |- - (Optional) - The request will be forwarded to Cloud Run. - Structure is documented below. - run.region: |- + A description of the instance. + networks.effective_labels: for all of the labels present on the resource. + networks.ip_addresses: |- + - + (Output) + A list of IPv4 or IPv6 addresses. + networks.kms_key_name: |- - (Optional) - Optional. User-provided region where the Cloud Run service is hosted. Defaults to us-central1 if not supplied. - run.service_id: |- + KMS key name used for data encryption. + networks.labels: |- + - + (Optional) + Resource labels to represent user-provided metadata. + networks.location: |- + - + (Optional) + The name of the location of the instance. This can be a region for ENTERPRISE tier instances. + networks.modes: |- - (Required) - User-defined ID of the Cloud Run service. - site_id: |- + IP versions for which the instance has + IP addresses assigned. + Each value may be one of: ADDRESS_MODE_UNSPECIFIED, MODE_IPV4, MODE_IPV6. + networks.network: |- - (Required) - Required. The ID of the site in which to create this Version. - version_id: |- + The name of the GCE VPC network to which the + instance is connected. + networks.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + networks.reserved_ip_range: |- - - The ID for the version as in sites/SITE_ID/versions/VERSION_ID + (Optional) + A /29 CIDR block that identifies the range of IP + addresses reserved for this instance. + networks.zone: |- + - + (Optional, Deprecated) + The name of the Filestore zone of the instance. + nfs_export_options.access_mode: |- + - + (Optional) + Either READ_ONLY, for allowing only read requests on the exported directory, + or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. + Default value is READ_WRITE. + Possible values are: READ_ONLY, READ_WRITE. + nfs_export_options.anon_gid: |- + - + (Optional) + An integer representing the anonymous group id with a default value of 65534. + Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned + if this field is specified for other squashMode settings. + nfs_export_options.anon_uid: |- + - + (Optional) + An integer representing the anonymous user id with a default value of 65534. + Anon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned + if this field is specified for other squashMode settings. + nfs_export_options.ip_ranges: |- + - + (Optional) + List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share. + Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. + The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions. + nfs_export_options.squash_mode: |- + - + (Optional) + Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, + for not allowing root access. The default is NO_ROOT_SQUASH. + Default value is NO_ROOT_SQUASH. + Possible values are: NO_ROOT_SQUASH, ROOT_SQUASH. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + tier: |- + - + (Required) + The service tier of the instance. + Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE + update: '- Default is 20 minutes.' importStatements: [] - google_firebase_project: - subCategory: Firebase - description: A Google Cloud Firebase instance. - name: google_firebase_project + google_filestore_snapshot: + subCategory: Filestore + description: A Google Cloud Filestore snapshot. + name: google_filestore_snapshot title: "" examples: - - name: default + - name: snapshot manifest: |- { - "project": "${google_project.default.project_id}", - "provider": "${google-beta}" + "instance": "${google_filestore_instance.instance.name}", + "location": "us-east1", + "name": "test-snapshot" } references: - project: google_project.default.project_id - provider: google-beta + instance: google_filestore_instance.instance.name dependencies: - google_project.default: |- + google_filestore_instance.instance: |- { - "labels": { - "firebase": "enabled" - }, - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project", - "provider": "${google-beta}" + "file_shares": [ + { + "capacity_gb": 1024, + "name": "share1" + } + ], + "location": "us-east1", + "name": "test-instance-for-snapshot", + "networks": [ + { + "modes": [ + "MODE_IPV4" + ], + "network": "default" + } + ], + "tier": "ENTERPRISE" + } + - name: snapshot + manifest: |- + { + "description": "Snapshot of test-instance-for-snapshot", + "instance": "${google_filestore_instance.instance.name}", + "labels": { + "my_label": "value" + }, + "location": "us-west1", + "name": "test-snapshot" + } + references: + instance: google_filestore_instance.instance.name + dependencies: + google_filestore_instance.instance: |- + { + "file_shares": [ + { + "capacity_gb": 1024, + "name": "share1" + } + ], + "location": "us-west1", + "name": "test-instance-for-snapshot", + "networks": [ + { + "modes": [ + "MODE_IPV4" + ], + "network": "default" + } + ], + "tier": "ENTERPRISE" } argumentDocs: create: '- Default is 20 minutes.' + create_time: |- + - + The time when the snapshot was created in RFC3339 text format. delete: '- Default is 20 minutes.' - display_name: |- + description: |- - - The GCP project display name - id: '- an identifier for the resource with format projects/{{project}}' + (Optional) + A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. + effective_labels: for all of the labels present on the resource. + filesystem_used_bytes: |- + - + The amount of bytes needed to allocate a full copy of the snapshot content. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots/{{name}}' + instance: |- + - + (Required) + The resource name of the filestore instance. + labels: |- + - + (Optional) + Resource labels to represent user-provided metadata. + location: |- + - + (Required) + The name of the location of the instance. This can be a region for ENTERPRISE tier instances. + name: |- + - + (Required) + The resource name of the snapshot. The name must be unique within the specified instance. + The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - project_number: |- + state: |- - - The number of the google project that firebase is enabled on. + The snapshot state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' importStatements: [] - google_firebase_project_location: + google_firebase_android_app: subCategory: Firebase - description: Sets the default Google Cloud Platform (GCP) resource location for the specified FirebaseProject. - name: google_firebase_project_location + description: A Google Cloud Firebase Android application instance + name: google_firebase_android_app title: "" examples: - name: basic manifest: |- { - "location_id": "us-central", - "project": "${google_firebase_project.default.project}", - "provider": "${google-beta}" + "display_name": "Display Name Basic", + "package_name": "android.package.app", + "project": "my-project-name", + "provider": "${google-beta}", + "sha1_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21c" + ], + "sha256_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" + ] } references: - project: google_firebase_project.default.project + provider: google-beta + - name: default + manifest: |- + { + "api_key_id": "${google_apikeys_key.android.uid}", + "display_name": "Display Name", + "package_name": "android.package.app", + "project": "my-project-name", + "provider": "${google-beta}", + "sha1_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21c" + ], + "sha256_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" + ] + } + references: + api_key_id: google_apikeys_key.android.uid provider: google-beta dependencies: - google_firebase_project.default: |- - { - "project": "${google_project.default.project_id}", - "provider": "${google-beta}" - } - google_project.default: |- + google_apikeys_key.android: |- { - "labels": { - "firebase": "enabled" - }, - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project", - "provider": "${google-beta}" + "display_name": "Display Name", + "name": "api-key", + "project": "my-project-name", + "provider": "${google-beta}", + "restrictions": [ + { + "android_key_restrictions": [ + { + "allowed_applications": [ + { + "package_name": "android.package.app", + "sha1_fingerprint": "2145bdf698b8715039bd0e83f2069bed435ac21c" + } + ] + } + ] + } + ] } argumentDocs: + api_key_id: |- + - + (Optional) + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the AndroidApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the AndroidApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + app_id: |- + - + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}' - location_id: |- + deletion_policy: |- + - (Optional) (Optional) Set to ABANDON to allow the AndroidApp to be untracked from terraform state + rather than deleted upon terraform destroy. This is useful because the AndroidApp may be + serving traffic. Set to DELETE to delete the AndroidApp. Defaults to DELETE. + display_name: |- - (Required) - The ID of the default GCP resource location for the Project. The location must be one of the available GCP - resource locations. + The user-assigned display name of the AndroidApp. + etag: |- + - + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + id: '- an identifier for the resource with format projects/{{project}}/androidApps/{{app_id}}' + name: |- + - + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId + package_name: |- + - + (Optional) + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + sha1_hashes: |- + - + (Optional) + The SHA1 certificate hashes for the AndroidApp. + sha256_hashes: |- + - + (Optional) + The SHA256 certificate hashes for the AndroidApp. + update: '- Default is 20 minutes.' importStatements: [] - google_firebase_storage_bucket: - subCategory: Cloud Storage for Firebase - description: An association between a Firebase project and a Google Cloud Storage bucket. - name: google_firebase_storage_bucket + google_firebase_app_check_app_attest_config: + subCategory: Firebase App Check + description: An app's App Attest configuration object. + name: google_firebase_app_check_app_attest_config title: "" examples: - name: default manifest: |- { - "bucket_id": "${google_storage_bucket.default.id}", + "app_id": "${google_firebase_apple_app.default.app_id}", + "depends_on": [ + "${time_sleep.wait_30s}" + ], + "lifecycle": [ + { + "precondition": [ + { + "condition": "${google_firebase_apple_app.default.team_id != \"\"}", + "error_message": "Provide a Team ID on the Apple App to use App Check" + } + ] + } + ], + "project": "my-project-name" + } + references: + app_id: google_firebase_apple_app.default.app_id + dependencies: + google_firebase_apple_app.default: |- + { + "bundle_id": "bundle.id.appattest", + "display_name": "Apple app", + "project": "my-project-name", + "team_id": "9987654321" + } + time_sleep.wait_30s: |- + { + "create_duration": "30s", + "depends_on": [ + "${google_firebase_apple_app.default}" + ] + } + - name: default + manifest: |- + { + "app_id": "${google_firebase_apple_app.default.app_id}", + "depends_on": [ + "${time_sleep.wait_30s}" + ], + "lifecycle": [ + { + "precondition": [ + { + "condition": "${google_firebase_apple_app.default.team_id != \"\"}", + "error_message": "Provide a Team ID on the Apple App to use App Check" + } + ] + } + ], "project": "my-project-name", - "provider": "${google-beta}" + "token_ttl": "7200s" } references: - bucket_id: google_storage_bucket.default.id - provider: google-beta + app_id: google_firebase_apple_app.default.app_id dependencies: - google_storage_bucket.default: |- + google_firebase_apple_app.default: |- { - "location": "US", - "name": "test_bucket", - "provider": "${google-beta}", - "uniform_bucket_level_access": true + "bundle_id": "bundle.id.appattest", + "display_name": "Apple app", + "project": "my-project-name", + "team_id": "9987654321" + } + time_sleep.wait_30s: |- + { + "create_duration": "30s", + "depends_on": [ + "${google_firebase_apple_app.default}" + ] } argumentDocs: - bucket_id: |- + app_id: |- - - (Optional) - Required. Immutable. The ID of the underlying Google Cloud Storage bucket + (Required) + The ID of an + Apple App. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/buckets/{{bucket_id}}' + id: '- an identifier for the resource with format projects/{{project}}/apps/{{app_id}}/appAttestConfig' name: |- - - Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID + The relative resource name of the App Attest configuration object project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + token_ttl: |- + - + (Optional) + Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. + If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + update: '- Default is 20 minutes.' importStatements: [] - google_firebase_web_app: - subCategory: Firebase - description: A Google Cloud Firebase web application instance - name: google_firebase_web_app + google_firebase_app_check_debug_token: + subCategory: Firebase App Check + description: A debug token is a secret used during the development or integration testing of an app. + name: google_firebase_app_check_debug_token title: "" examples: - - name: basic + - name: default manifest: |- { - "deletion_policy": "DELETE", + "app_id": "${google_firebase_web_app.default.app_id}", "depends_on": [ - "${google_firebase_project.default}" + "${time_sleep.wait_30s}" ], - "display_name": "Display Name Basic", - "project": "${google_project.default.project_id}", - "provider": "${google-beta}" + "display_name": "Debug Token", + "project": "my-project-name", + "token": "00000000-AAAA-BBBB-CCCC-000000000000" } references: - project: google_project.default.project_id - provider: google-beta + app_id: google_firebase_web_app.default.app_id dependencies: - google_firebase_project.default: |- - { - "project": "${google_project.default.project_id}", - "provider": "${google-beta}" - } - google_project.default: |- - { - "labels": { - "firebase": "enabled" - }, - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project", - "provider": "${google-beta}" - } - google_storage_bucket.default: |- + google_firebase_web_app.default: |- { - "location": "US", - "name": "fb-webapp-", - "provider": "${google-beta}" + "display_name": "Web App for debug token", + "project": "my-project-name" } - google_storage_bucket_object.default: |- + time_sleep.wait_30s: |- { - "bucket": "${google_storage_bucket.default.name}", - "content": "${jsonencode({\n appId = google_firebase_web_app.basic.app_id\n apiKey = data.google_firebase_web_app_config.basic.api_key\n authDomain = data.google_firebase_web_app_config.basic.auth_domain\n databaseURL = lookup(data.google_firebase_web_app_config.basic, \"database_url\", \"\")\n storageBucket = lookup(data.google_firebase_web_app_config.basic, \"storage_bucket\", \"\")\n messagingSenderId = lookup(data.google_firebase_web_app_config.basic, \"messaging_sender_id\", \"\")\n measurementId = lookup(data.google_firebase_web_app_config.basic, \"measurement_id\", \"\")\n })}", - "name": "firebase-config.json", - "provider": "${google-beta}" + "create_duration": "30s", + "depends_on": [ + "${google_firebase_web_app.default}" + ] } argumentDocs: app_id: |- - - The globally unique, Firebase-assigned identifier of the App. - This identifier should be treated as an opaque token, as the data format is not specified. - app_urls: |- - - - The URLs where the WebApp is hosted. + (Required) + The ID of a + Web App, + Apple App, + or Android App create: '- Default is 20 minutes.' + debug_token_id: |- + - + The last segment of the resource name of the debug token. delete: '- Default is 20 minutes.' - deletion_policy: |- - - (Optional) Set to ABANDON to allow the WebApp to be untracked from terraform state - rather than deleted upon terraform destroy. This is useful becaue the WebApp may be - serving traffic. Set to DELETE to delete the WebApp. Default to ABANDON display_name: |- - (Required) - The user-assigned display name of the App. - id: '- an identifier for the resource with format projects/{{project}}/webApps/{{app_id}}' - name: |- - - - The fully qualified resource name of the App, for example: - projects/projectId/webApps/appId + A human readable display name used to identify this debug token. + id: '- an identifier for the resource with format projects/{{project}}/apps/{{app_id}}/debugTokens/{{debug_token_id}}' project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + token: |- + - + (Required) + The secret token itself. Must be provided during creation, and must be a UUID4, + case insensitive. You may use a method of your choice such as random/random_uuid + to generate the token. + This field is immutable once set, and cannot be updated. You can, however, delete + this debug token to revoke it. + For security reasons, this field will never be populated in any response. + Note: This property is sensitive and will not be displayed in the plan. update: '- Default is 20 minutes.' importStatements: [] - google_firebaserules_release: - subCategory: Firebaserules - name: google_firebaserules_release + google_firebase_app_check_play_integrity_config: + subCategory: Firebase App Check + description: An app's Play Integrity configuration object. + name: google_firebase_app_check_play_integrity_config title: "" examples: - - name: primary + - name: default manifest: |- { + "app_id": "${google_firebase_android_app.default.app_id}", + "depends_on": [ + "${time_sleep.wait_30s}" + ], "lifecycle": [ { - "replace_triggered_by": [ - "${google_firebaserules_ruleset.firestore}" + "precondition": [ + { + "condition": "${length(google_firebase_android_app.default.sha256_hashes) \u003e 0}", + "error_message": "Provide a SHA-256 certificate on the Android App to use App Check" + } ] } ], - "name": "cloud.firestore", - "project": "my-project-name", - "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.firestore.name}" + "project": "my-project-name" } + references: + app_id: google_firebase_android_app.default.app_id dependencies: - google_firebaserules_ruleset.firestore: |- + google_firebase_android_app.default: |- { + "display_name": "Play Integrity app", + "package_name": "package.name.playintegrity", "project": "my-project-name", - "source": [ - { - "files": [ - { - "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", - "name": "firestore.rules" - } - ] - } + "sha1_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21c" + ], + "sha256_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" ] } - - name: primary + time_sleep.wait_30s: |- + { + "create_duration": "30s", + "depends_on": [ + "${google_firebase_android_app.default}" + ] + } + - name: default manifest: |- { + "app_id": "${google_firebase_android_app.default.app_id}", + "depends_on": [ + "${time_sleep.wait_30s}" + ], "lifecycle": [ { - "replace_triggered_by": [ - "${google_firebaserules_ruleset.storage}" + "precondition": [ + { + "condition": "${length(google_firebase_android_app.default.sha256_hashes) \u003e 0}", + "error_message": "Provide a SHA-256 certificate on the Android App to use App Check" + } ] } ], - "name": "firebase.storage/${google_storage_bucket.bucket.name}", "project": "my-project-name", - "provider": "${google-beta}", - "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.storage.name}" + "token_ttl": "7200s" } references: - provider: google-beta + app_id: google_firebase_android_app.default.app_id dependencies: - google_firebase_storage_bucket.bucket: |- + google_firebase_android_app.default: |- { - "bucket_id": "${google_storage_bucket.bucket.name}", + "display_name": "Play Integrity app", + "package_name": "package.name.playintegrity", "project": "my-project-name", - "provider": "${google-beta}" + "sha1_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21c" + ], + "sha256_hashes": [ + "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" + ] } - google_firebaserules_ruleset.storage: |- + time_sleep.wait_30s: |- { + "create_duration": "30s", "depends_on": [ - "${google_firebase_storage_bucket.bucket}" - ], - "project": "my-project-name", - "provider": "${google-beta}", - "source": [ - { - "files": [ - { - "content": "service firebase.storage {match /b/{bucket}/o {match /{allPaths=**} {allow read, write: if request.auth != null;}}}", - "name": "storage.rules" - } - ] - } + "${google_firebase_android_app.default}" ] } - google_storage_bucket.bucket: |- - { - "location": "us-west1", - "name": "bucket", - "project": "my-project-name", - "provider": "${google-beta}" - } argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- + app_id: |- - - Output only. Time the release was created. + (Required) + The ID of an + Android App. + create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - disabled: |- - - - Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release. - id: '- an identifier for the resource with format projects/{{project}}/releases/{{name}}' + id: '- an identifier for the resource with format projects/{{project}}/apps/{{app_id}}/playIntegrityConfig' name: |- - - (Required) - Format: projects/{project_id}/releases/{release_id}\Firestore Rules Releases will always have the name 'cloud.firestore' + The relative resource name of the Play Integrity configuration object project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + token_ttl: |- - (Optional) - The project for the resource - ruleset_name: |- - - - (Required) - Name of the Ruleset referred to by this Release. The Ruleset must exist for the Release to be created. + Specifies the duration for which App Check tokens exchanged from Play Integrity artifacts will be valid. + If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". update: '- Default is 20 minutes.' - update_time: |- - - - Output only. Time the release was updated. importStatements: [] - google_firebaserules_ruleset: - subCategory: Firebaserules - name: google_firebaserules_ruleset + google_firebase_app_check_recaptcha_enterprise_config: + subCategory: Firebase App Check + description: An app's reCAPTCHA Enterprise configuration object. + name: google_firebase_app_check_recaptcha_enterprise_config title: "" examples: - - name: primary + - name: default manifest: |- { + "app_id": "${google_firebase_web_app.default.app_id}", + "depends_on": [ + "${time_sleep.wait_30s}" + ], "project": "my-project-name", - "source": [ + "site_key": "6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw", + "token_ttl": "7200s" + } + references: + app_id: google_firebase_web_app.default.app_id + dependencies: + google_firebase_web_app.default: |- { - "files": [ - { - "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", - "fingerprint": "", - "name": "firestore.rules" - } - ], - "language": "" + "display_name": "Web App for reCAPTCHA Enterprise", + "project": "my-project-name" } - ] - } - - name: primary - manifest: |- - { - "project": "my-project-name", - "source": [ + time_sleep.wait_30s: |- { - "files": [ - { - "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", - "name": "firestore.rules" - } + "create_duration": "30s", + "depends_on": [ + "${google_firebase_web_app.default}" ] } - ] - } argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. Time the Ruleset was created. - delete: '- Default is 20 minutes.' - files.content: |- - - - (Required) - Textual Content. - files.fingerprint: |- - - - (Optional) - Fingerprint (e.g. github sha) associated with the File. - files.name: |- + app_id: |- - (Required) - File name. - files.project: |- - - - (Optional) - The project for the resource - id: '- an identifier for the resource with format projects/{{project}}/rulesets/{{name}}' - metadata: |- - - - Output only. The metadata for this ruleset. + The ID of an + Web App. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/apps/{{app_id}}/recaptchaEnterpriseConfig' name: |- - - Output only. Name of the Ruleset. The ruleset_id is auto generated by the service. Format: projects/{project_id}/rulesets/{ruleset_id} - source: |- - - - (Required) - Source for the Ruleset. - source.files: |- + The relative resource name of the reCAPTCHA Enterprise configuration object + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + site_key: |- - (Required) - File set constituting the Source bundle. - source.language: |- + The score-based site key created in reCAPTCHA Enterprise used to invoke reCAPTCHA and generate the reCAPTCHA tokens for your application. + Important: This is not the siteSecret (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key. + token_ttl: |- - (Optional) - Language of the Source bundle. If unspecified, the language will default to FIREBASE_RULES. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS + Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise artifacts will be valid. + If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + update: '- Default is 20 minutes.' importStatements: [] - google_firestore_database: - subCategory: Firestore - description: A Cloud Firestore Database. - name: google_firestore_database + google_firebase_app_check_recaptcha_v3_config: + subCategory: Firebase App Check + description: An app's reCAPTCHA V3 configuration object. + name: google_firebase_app_check_recaptcha_v3_config title: "" examples: - - name: database + - name: default manifest: |- { + "app_id": "${google_firebase_web_app.default.app_id}", "depends_on": [ - "${google_project_service.firestore}" + "${time_sleep.wait_30s}" ], - "location_id": "nam5", - "name": "(default)", - "project": "${google_project.project.project_id}", - "type": "FIRESTORE_NATIVE" + "project": "my-project-name", + "site_secret": "6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX", + "token_ttl": "7200s" } references: - project: google_project.project.project_id + app_id: google_firebase_web_app.default.app_id dependencies: - google_project.project: |- - { - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project" - } - google_project_service.firestore: |- + google_firebase_web_app.default: |- { - "depends_on": [ - "${time_sleep.wait_60_seconds}" - ], - "project": "${google_project.project.project_id}", - "service": "firestore.googleapis.com" + "display_name": "Web App for reCAPTCHA V3", + "project": "my-project-name" } - time_sleep.wait_60_seconds: |- + time_sleep.wait_30s: |- { - "create_duration": "60s", + "create_duration": "30s", "depends_on": [ - "${google_project.project}" + "${google_firebase_web_app.default}" ] } - - name: database + argumentDocs: + app_id: |- + - + (Required) + The ID of an + Web App. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/apps/{{app_id}}/recaptchaV3Config' + name: |- + - + The relative resource name of the reCAPTCHA V3 configuration object + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + site_secret: |- + - + (Required) + The site secret used to identify your service for reCAPTCHA v3 verification. + For security reasons, this field will never be populated in any response. + Note: This property is sensitive and will not be displayed in the plan. + site_secret_set: |- + - + Whether the siteSecret was previously set. Since we will never return the siteSecret field, this field is the only way to find out whether it was previously set. + token_ttl: |- + - + (Optional) + Specifies the duration for which App Check tokens exchanged from reCAPTCHA V3 artifacts will be valid. + If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + update: '- Default is 20 minutes.' + importStatements: [] + google_firebase_app_check_service_config: + subCategory: Firebase App Check + description: The enforcement configuration for a service supported by App Check. + name: google_firebase_app_check_service_config + title: "" + examples: + - name: default manifest: |- { - "app_engine_integration_mode": "DISABLED", - "concurrency_mode": "OPTIMISTIC", "depends_on": [ - "${google_project_service.firestore}" + "${google_project_service.appcheck}" ], - "location_id": "nam5", - "name": "my-database", - "project": "${google_project.project.project_id}", - "type": "FIRESTORE_NATIVE" + "project": "my-project-name", + "service_id": "firestore.googleapis.com" } - references: - project: google_project.project.project_id dependencies: - google_project.project: |- - { - "billing_account": "000000-0000000-0000000-000000", - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project" - } - google_project_service.firestore: |- - { - "depends_on": [ - "${time_sleep.wait_60_seconds}" - ], - "project": "${google_project.project.project_id}", - "service": "firestore.googleapis.com" - } - time_sleep.wait_60_seconds: |- + google_project_service.appcheck: |- { - "create_duration": "60s", - "depends_on": [ - "${google_project.project}" - ] + "disable_on_destroy": false, + "project": "my-project-name", + "service": "firebaseappcheck.googleapis.com" } - - name: datastore_mode_database + - name: default manifest: |- { "depends_on": [ - "${google_project_service.firestore}" + "${google_project_service.appcheck}" ], - "location_id": "nam5", - "name": "(default)", - "project": "${google_project.project.project_id}", - "type": "DATASTORE_MODE" + "enforcement_mode": "ENFORCED", + "project": "my-project-name", + "service_id": "firebasestorage.googleapis.com" } - references: - project: google_project.project.project_id dependencies: - google_project.project: |- - { - "name": "tf-test", - "org_id": "123456789", - "project_id": "tf-test" - } - google_project_service.firestore: |- - { - "depends_on": [ - "${time_sleep.wait_60_seconds}" - ], - "project": "${google_project.project.project_id}", - "service": "firestore.googleapis.com" - } - time_sleep.wait_60_seconds: |- + google_project_service.appcheck: |- { - "create_duration": "60s", - "depends_on": [ - "${google_project.project}" - ] + "disable_on_destroy": false, + "project": "my-project-name", + "service": "firebaseappcheck.googleapis.com" } - - name: database + - name: default manifest: |- { - "app_engine_integration_mode": "DISABLED", - "concurrency_mode": "OPTIMISTIC", "depends_on": [ - "${google_project_service.firestore}" + "${google_project_service.appcheck}" ], - "location_id": "nam5", - "name": "datastore-mode-database", - "project": "${google_project.project.project_id}", - "type": "DATASTORE_MODE" + "enforcement_mode": "UNENFORCED", + "project": "my-project-name", + "service_id": "firebasedatabase.googleapis.com" } - references: - project: google_project.project.project_id dependencies: - google_project.project: |- - { - "billing_account": "000000-0000000-0000000-000000", - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project" - } - google_project_service.firestore: |- - { - "depends_on": [ - "${time_sleep.wait_60_seconds}" - ], - "project": "${google_project.project.project_id}", - "service": "firestore.googleapis.com" - } - time_sleep.wait_60_seconds: |- + google_project_service.appcheck: |- { - "create_duration": "60s", - "depends_on": [ - "${google_project.project}" - ] + "disable_on_destroy": false, + "project": "my-project-name", + "service": "firebaseappcheck.googleapis.com" } argumentDocs: - app_engine_integration_mode: |- - - - (Optional) - The App Engine integration mode to use for this database. - Possible values are: ENABLED, DISABLED. - concurrency_mode: |- - - - (Optional) - The concurrency control mode to use for this database. - Possible values are: OPTIMISTIC, PESSIMISTIC, OPTIMISTIC_WITH_ENTITY_GROUPS. create: '- Default is 20 minutes.' - create_time: |- - - - The timestamp at which this database was created. delete: '- Default is 20 minutes.' - etag: |- - - - This checksum is computed by the server based on the value of other fields, - and may be sent on update and delete requests to ensure the client has an - up-to-date value before proceeding. - id: '- an identifier for the resource with format projects/{{project}}/databases/{{name}}' - key_prefix: |- - - - Output only. The keyPrefix for this database. - This keyPrefix is used, in combination with the project id ("~") to construct the application id - that is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes. - This value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo). - location_id: |- - - - (Required) - The location of the database. Available databases are listed at - https://cloud.google.com/firestore/docs/locations. + enforcement_mode: |- + - + (Optional) + The App Check enforcement mode for a service supported by App Check. Valid values are + (Unset) + Firebase App Check is not enforced for the service, nor are App Check metrics collected. + Though the service is not protected by App Check in this mode, other applicable protections, + such as user authorization, are still enforced. An unconfigured service is in this mode by default. + This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the + enforcement to OFF for this service. + UNENFORCED + Firebase App Check is not enforced for the service. App Check metrics are collected to help you + decide when to turn on enforcement for the service. Though the service is not protected by App Check + in this mode, other applicable protections, such as user authorization, are still enforced. + ENFORCED + Firebase App Check is enforced for the service. The service will reject any request that attempts to + access your project's resources if it does not have valid App Check token attached, with some exceptions + depending on the service; for example, some services will still allow requests bearing the developer's + privileged service account credentials without an App Check token. App Check metrics continue to be + collected to help you detect issues with your App Check integration and monitor the composition of your + callers. While the service is protected by App Check, other applicable protections, such as user + authorization, continue to be enforced at the same time. + Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated + to an App Check capable version of your app, their apps will no longer be able to use your Firebase + services that are enforcing App Check. App Check metrics can help you decide whether to enforce App + Check on your Firebase services. + If your app has not launched yet, you should enable enforcement immediately, since there are no outdated + clients in use. + Possible values are: UNENFORCED, ENFORCED. + id: '- an identifier for the resource with format projects/{{project}}/services/{{service_id}}' name: |- - - (Required) - The ID to use for the database, which will become the final - component of the database's resource name. This value should be 4-63 - characters. Valid characters are /[a-z][0-9]-/ with first character - a letter and the last a letter or a number. Must not be - UUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/. - "(default)" database id is also valid. + The fully-qualified resource name of the service enforcement configuration. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - type: |- + service_id: |- - (Required) - The type of the database. - See https://cloud.google.com/datastore/docs/firestore-or-datastore - for information about how to choose. - Possible values are: FIRESTORE_NATIVE, DATASTORE_MODE. + The identifier of the service to configure enforcement. Currently, the following service IDs are supported: + firebasestorage.googleapis.com (Cloud Storage for Firebase) + firebasedatabase.googleapis.com (Firebase Realtime Database) + firestore.googleapis.com (Cloud Firestore) + identitytoolkit.googleapis.com (Authentication) update: '- Default is 20 minutes.' importStatements: [] - google_firestore_document: - subCategory: Firestore - description: In Cloud Firestore, the unit of storage is the document. - name: google_firestore_document + google_firebase_apple_app: + subCategory: Firebase + description: A Google Cloud Firebase Apple application instance + name: google_firebase_apple_app title: "" examples: - - name: mydoc - manifest: |- - { - "collection": "somenewcollection", - "document_id": "my-doc-id", - "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}", - "project": "my-project-name" - } - - name: mydoc - manifest: |- - { - "collection": "somenewcollection", - "document_id": "my-doc-id", - "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}", - "project": "my-project-name" - } - - name: sub_document + - name: default manifest: |- { - "collection": "${google_firestore_document.mydoc.path}/subdocs", - "document_id": "bitcoinkey", - "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"ayo\":{\"stringValue\":\"val2\"}}}}}", - "project": "my-project-name" + "bundle_id": "apple.app.12345", + "display_name": "Display Name Basic", + "project": "my-project-name", + "provider": "${google-beta}" } - - name: sub_sub_document + references: + provider: google-beta + - name: full manifest: |- { - "collection": "${google_firestore_document.sub_document.path}/subsubdocs", - "document_id": "asecret", - "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"secret\":{\"stringValue\":\"hithere\"}}}}}", - "project": "my-project-name" + "api_key_id": "${google_apikeys_key.apple.uid}", + "app_store_id": "12345", + "bundle_id": "apple.app.12345", + "display_name": "Display Name Full", + "project": "my-project-name", + "provider": "${google-beta}", + "team_id": "9987654321" } + references: + api_key_id: google_apikeys_key.apple.uid + provider: google-beta + dependencies: + google_apikeys_key.apple: |- + { + "display_name": "Display Name Full", + "name": "api-key", + "project": "my-project-name", + "provider": "${google-beta}", + "restrictions": [ + { + "ios_key_restrictions": [ + { + "allowed_bundle_ids": [ + "apple.app.12345" + ] + } + ] + } + ] + } argumentDocs: - collection: |- + api_key_id: |- - - (Required) - The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages. - create: '- Default is 20 minutes.' - create_time: |- + (Optional) + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the AppleApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the AppleApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + app_id: |- - - Creation timestamp in RFC3339 format. - database: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + app_store_id: |- - (Optional) - The Firestore database id. Defaults to "(default)". - delete: '- Default is 20 minutes.' - document_id: |- + The automatically generated Apple ID assigned to the Apple app by Apple in the Apple App Store. + bundle_id: |- - (Required) - The client-assigned document ID to use for this document during creation. - fields: |- + The canonical bundle ID of the Apple app as it would appear in the Apple AppStore. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + deletion_policy: |- + - (Optional) (Optional) Set to ABANDON to allow the Apple to be untracked from terraform state + rather than deleted upon terraform destroy. This is useful because the Apple may be + serving traffic. Set to DELETE to delete the Apple. Defaults to DELETE. + display_name: |- - (Required) - The document's fields formated as a json string. - id: '- an identifier for the resource with format {{name}}' + The user-assigned display name of the App. + id: '- an identifier for the resource with format projects/{{project}}/iosApps/{{app_id}}' name: |- - - A server defined name for this index. Format: - projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}} - path: |- - - - A relative path to the collection this document exists within + The fully qualified resource name of the App, for example: + projects/projectId/iosApps/appId project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' - update_time: |- + team_id: |- - - Last update timestamp in RFC3339 format. + (Optional) + The Apple Developer Team ID associated with the App in the App Store. + update: '- Default is 20 minutes.' importStatements: [] - google_firestore_field: - subCategory: Firestore - description: Represents a single field in the database. - name: google_firestore_field + google_firebase_database_instance: + subCategory: Firebase Realtime Database + description: A Firebase Realtime Database instance. + name: google_firebase_database_instance title: "" examples: - name: basic manifest: |- { - "collection": "chatrooms_", - "database": "(default)", - "field": "basic", - "index_config": [ - { - "indexes": [ - { - "order": "ASCENDING", - "query_scope": "COLLECTION_GROUP" - }, - { - "array_config": "CONTAINS" - } - ] - } - ], + "instance_id": "active-db", "project": "my-project-name", - "ttl_config": [ - {} - ] + "provider": "${google-beta}", + "region": "us-central1" } - - name: timestamp + references: + provider: google-beta + - name: full manifest: |- { - "collection": "chatrooms_", - "field": "timestamp", - "index_config": [ - {} - ], + "desired_state": "DISABLED", + "instance_id": "disabled-db", "project": "my-project-name", - "ttl_config": [ - {} - ] + "provider": "${google-beta}", + "region": "europe-west1", + "type": "USER_DATABASE" } - - name: match_override + references: + provider: google-beta + - name: default manifest: |- { - "collection": "chatrooms_", - "field": "field_with_same_configuration_as_ancestor", - "index_config": [ - { - "indexes": [ - { - "order": "ASCENDING" - }, - { - "order": "DESCENDING" - }, - { - "array_config": "CONTAINS" - } - ] - } + "depends_on": [ + "${google_project_service.firebase_database}" ], - "project": "my-project-name" + "instance_id": "rtdb-project-default-rtdb", + "project": "${google_firebase_project.default.project}", + "provider": "${google-beta}", + "region": "us-central1", + "type": "DEFAULT_DATABASE" } + references: + project: google_firebase_project.default.project + provider: google-beta + dependencies: + google_firebase_project.default: |- + { + "project": "${google_project.default.project_id}", + "provider": "${google-beta}" + } + google_project.default: |- + { + "labels": { + "firebase": "enabled" + }, + "name": "rtdb-project", + "org_id": "123456789", + "project_id": "rtdb-project", + "provider": "${google-beta}" + } + google_project_service.firebase_database: |- + { + "project": "${google_firebase_project.default.project}", + "provider": "${google-beta}", + "service": "firebasedatabase.googleapis.com" + } argumentDocs: - collection: |- - - - (Required) - The id of the collection group to configure. create: '- Default is 20 minutes.' - database: |- + database_url: |- - - (Optional) - The Firestore database id. Defaults to "(default)". + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. delete: '- Default is 20 minutes.' - field: |- + desired_state: '- (Optional) The intended database state.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{instance_id}}' + instance_id: |- - (Required) - The id of the field to configure. - id: '- an identifier for the resource with format {{name}}' - index_config: |- - - - (Optional) - The single field index configuration for this field. - Creating an index configuration for this field will override any inherited configuration with the - indexes specified. Configuring the index configuration with an empty block disables all indexes on - the field. - Structure is documented below. - index_config.indexes: |- - - - (Optional) - The indexes to configure on the field. Order or array contains must be specified. - Structure is documented below. - index_config.indexes.array_config: |- - - - (Optional) - Indicates that this field supports operations on arrayValues. Only one of order and arrayConfig can - be specified. - Possible values are: CONTAINS. - index_config.indexes.order: |- - - - (Optional) - Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=, !=. - Only one of order and arrayConfig can be specified. - Possible values are: ASCENDING, DESCENDING. - index_config.indexes.query_scope: |- - - - (Optional) - The scope at which a query is run. Collection scoped queries require you specify - the collection at query time. Collection group scope allows queries across all - collections with the same id. - Default value is COLLECTION. - Possible values are: COLLECTION, COLLECTION_GROUP. + The globally unique identifier of the Firebase Realtime Database instance. + Instance IDs cannot be reused after deletion. name: |- - - The name of this field. Format: - projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}} + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ProjectNumber + Learn more about using project identifiers in Google's AIP 2510 standard. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - ttl_config: |- + region: |- - - (Optional) - If set, this field is configured for TTL deletion. - Structure is documented below. - ttl_config.state: |- + (Required) + A reference to the region where the Firebase Realtime database resides. + Check all available regions + state: |- - - (Output) - The state of the TTL configuration. + The current database state. Set desired_state to :DISABLED to disable the database and :ACTIVE to reenable the database + type: |- + - + (Optional) + The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. + Default value is USER_DATABASE. + Possible values are: DEFAULT_DATABASE, USER_DATABASE. update: '- Default is 20 minutes.' importStatements: [] - google_firestore_index: - subCategory: Firestore - description: Cloud Firestore indexes enable simple and complex queries against documents in a database. - name: google_firestore_index + google_firebase_extensions_instance: + subCategory: Firebase Extensions + description: An Instance is an installation of an Extension into a user's project. + name: google_firebase_extensions_instance title: "" examples: - - name: my-index + - name: resize_image manifest: |- { - "collection": "chatrooms", - "fields": [ - { - "field_path": "name", - "order": "ASCENDING" - }, + "config": [ { - "field_path": "description", - "order": "DESCENDING" + "allowed_event_types": [ + "firebase.extensions.storage-resize-images.v1.onCompletion" + ], + "eventarc_channel": "projects/my-project-name/locations//channels/firebase", + "extension_ref": "firebase/storage-resize-images", + "extension_version": "0.2.2", + "params": { + "DELETE_ORIGINAL_FILE": false, + "DO_BACKFILL": false, + "FUNCTION_MEMORY": 1024, + "IMAGE_TYPE": false, + "IMG_BUCKET": "${google_storage_bucket.images.name}", + "IMG_SIZES": "200x200", + "IS_ANIMATED": true, + "MAKE_PUBLIC": false + }, + "system_params": { + "firebaseextensions.v1beta.function/location": "", + "firebaseextensions.v1beta.function/maxInstances": 3000, + "firebaseextensions.v1beta.function/minInstances": 0, + "firebaseextensions.v1beta.function/vpcConnectorEgressSettings": "VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED" + } } ], - "project": "my-project-name" + "instance_id": "storage-resize-images", + "project": "my-project-name", + "provider": "${google-beta}" } + references: + provider: google-beta + dependencies: + google_storage_bucket.images: |- + { + "force_destroy": true, + "location": "US", + "name": "bucket-id", + "project": "my-project-name", + "provider": "${google-beta}", + "uniform_bucket_level_access": true + } argumentDocs: - collection: |- + config: |- - (Required) - The collection being indexed. + The current Config of the Extension Instance. + Structure is documented below. + config.allowed_event_types: |- + - + (Optional) + List of extension events selected by consumer that extension is allowed to + emit, identified by their types. + config.create_time: |- + - + (Output) + The time at which the Extension Instance Config was created. + config.eventarc_channel: |- + - + (Optional) + Fully qualified Eventarc resource name that consumers should use for event triggers. + config.extension_ref: |- + - + (Required) + The ref of the Extension from the Registry (e.g. publisher-id/awesome-extension) + config.extension_version: |- + - + (Optional) + The version of the Extension from the Registry (e.g. 1.0.3). If left blank, latest is assumed. + config.name: |- + - + (Output) + The unique identifier for this configuration. + config.params: |- + - + (Required) + Environment variables that may be configured for the Extension + config.populated_postinstall_content: |- + - + (Output) + Postinstall instructions to be shown for this Extension, with + template strings representing function and parameter values substituted + with actual values. These strings include: ${param:FOO}, + ${function:myFunc.url}, + ${function:myFunc.name}, and ${function:myFunc.location} + config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + config.system_params: |- + - + (Optional) + Params whose values are only available at deployment time. + Unlike other params, these will not be set as environment variables on + functions. See a full list of system parameters at + https://firebase.google.com/docs/extensions/publishers/parameters#system_parameters create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the Extension Instance was created. delete: '- Default is 20 minutes.' - fields: |- + error_status: |- - - (Required) - The fields supported by this index. The last field entry is always for - the field path __name__. If, on creation, __name__ was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the __name__ will be - ordered "ASCENDING" (unless explicitly specified otherwise). + If this Instance has state: ERRORED, the error messages + will be found here. Structure is documented below. - fields.array_config: |- + error_status.code: |- - (Optional) - Indicates that this field supports operations on arrayValues. Only one of order and arrayConfig can - be specified. - Possible values are: CONTAINS. - fields.database: |- + The status code, which should be an enum value of google.rpc.Code. + error_status.details: |- - (Optional) - The Firestore database id. Defaults to "(default)". - fields.field_path: |- + A list of messages that carry the error details. + error_status.message: |- - (Optional) - Name of the field. - fields.order: |- + A developer-facing error message, which should be in English. + etag: |- - - (Optional) - Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of order and arrayConfig can be specified. - Possible values are: ASCENDING, DESCENDING. - fields.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - fields.query_scope: |- + A weak etag that is computed by the server based on other configuration + values and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + fatal_error.error_message: |- - (Optional) - The scope at which a query is run. - Default value is COLLECTION. - Possible values are: COLLECTION, COLLECTION_GROUP. - id: '- an identifier for the resource with format {{name}}' + The error message. This is set by the extension developer to give + more detail on why the extension is unusable and must be re-installed + or reconfigured. + id: '- an identifier for the resource with format projects/{{project}}/instances/{{instance_id}}' + instance_id: |- + - + (Required) + The ID to use for the Extension Instance, which will become the final + component of the instance's name. + last_operation_name: |- + - + The name of the last operation that acted on this Extension + Instance + last_operation_type: |- + - + The type of the last operation that acted on the Extension Instance. name: |- - - A server defined name for this index. Format: - projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}} + The fully-qualified resource name of the Extension Instance. + processing_state.detail_message: |- + - + (Optional) + Details about the processing. e.g. This could include the type of + processing in progress or it could list errors or failures. + This information will be shown in the console on the detail page + for the extension instance. + processing_state.state: |- + - + (Optional) + The processing state of the extension instance. + runtime_data: |- + - + Data set by the extension instance at runtime. + Structure is documented below. + runtime_data.fatal_error: |- + - + (Optional) + The fatal error state for the extension instance + Structure is documented below. + runtime_data.processing_state: |- + - + (Optional) + The processing state for the extension instance + Structure is documented below. + runtime_data.state_update_time: |- + - + (Optional) + The time of the last state update. + service_account_email: |- + - + The email of the service account to be used at runtime by compute resources + created for the operation of the Extension instance. + state: |- + - + The current state of the Extension Instance. + DEPLOYING: + The Extension Instance is waiting on an Operation to complete. Could + resolve to ACTIVE, PAUSED, ERRORED. + UNINSTALLING: + The Extension Instance is being removed from the project. Could resolve + to ERRORED, but more likely the instance will soon cease to exist. + ACTIVE: + The Extension Instance is installed and ready. + ERRORED: + The Extension Instance encountered an error while DEPLOYING or + UNINSTALLING. + PAUSED: + The Extension's resources have been removed from the project, but the + Config remains so the Instance can be restored. + update: '- Default is 20 minutes.' + update_time: |- + - + The time at which the Extension Instance was updated. importStatements: [] - google_folder: - subCategory: Cloud Platform - description: Allows management of a Google Cloud Platform folder. - name: google_folder + google_firebase_hosting_channel: + subCategory: Firebase Hosting + description: A + name: google_firebase_hosting_channel title: "" examples: - - name: department1 + - name: default manifest: |- { - "display_name": "Department 1", - "parent": "organizations/1234567" + "channel_id": "channel-basic", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" } - - name: team-abc + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-with-channel" + } + - name: full manifest: |- { - "display_name": "Team ABC", - "parent": "${google_folder.department1.name}" + "channel_id": "channel-full", + "labels": { + "some-key": "some-value" + }, + "provider": "${google-beta}", + "retained_release_count": 20, + "site_id": "${google_firebase_hosting_site.default.site_id}", + "ttl": "86400s" } references: - parent: google_folder.department1.name + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-with-channel" + } argumentDocs: - create_time: |- - - Timestamp when the Folder was created. Assigned by the server. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - display_name: |- - - (Required) The folder’s display name. - A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. - lifecycle_state: '- The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.' - name: '- The resource name of the Folder. Its format is folders/{folder_id}.' - parent: |- - - (Required) The resource name of the parent Folder or Organization. - Must be of the form folders/{folder_id} or organizations/{org_id}. + channel_id: |- + - + (Required) + Required. Immutable. A unique ID within the site that identifies the channel. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + expire_time: |- + - + (Optional) + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the ttl field. + id: '- an identifier for the resource with format sites/{{site_id}}/channels/{{channel_id}}' + labels: |- + - + (Optional) + Text labels used for extra metadata and/or filtering + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + name: |- + - + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID + retained_release_count: |- + - + (Optional) + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + site_id: |- + - + (Required) + Required. The ID of the site in which to create this channel. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + ttl: |- + - + (Optional) + Input only. A time-to-live for this channel. Sets expire_time to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + update: '- Default is 20 minutes.' importStatements: [] - google_folder_access_approval_settings: - subCategory: Access Approval - description: Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. - name: google_folder_access_approval_settings + google_firebase_hosting_custom_domain: + subCategory: Firebase Hosting + description: Manages Custom Domains for Firebase Hosting. + name: google_firebase_hosting_custom_domain title: "" examples: - - name: folder_access_approval + - name: default manifest: |- { - "enrolled_services": [ - { - "cloud_product": "all" - } - ], - "folder_id": "${google_folder.my_folder.folder_id}", - "notification_emails": [ - "testuser@example.com", - "example.user@example.com" - ] + "custom_domain": "custom.domain.com", + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" } references: - folder_id: google_folder.my_folder.folder_id + provider: google-beta + - name: default + manifest: |- + { + "cert_preference": "GROUPED", + "custom_domain": "source.domain.com", + "project": "my-project-name", + "provider": "${google-beta}", + "redirect_target": "destination.domain.com", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "wait_dns_verification": false + } + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id dependencies: - google_folder.my_folder: |- + google_firebase_hosting_site.default: |- { - "display_name": "my-folder", - "parent": "organizations/123456789" + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id-full" } - - name: folder_access_approval + - name: default manifest: |- { - "active_key_version": "${data.google_kms_crypto_key_version.crypto_key_version.name}", - "depends_on": [ - "${google_kms_crypto_key_iam_member.iam}" - ], - "enrolled_services": [ - { - "cloud_product": "all" - } - ], - "folder_id": "${google_folder.my_folder.folder_id}" + "custom_domain": "run.custom.domain.com", + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "wait_dns_verification": false } references: - active_key_version: data.google_kms_crypto_key_version.crypto_key_version.name - folder_id: google_folder.my_folder.folder_id + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id dependencies: - google_folder.my_folder: |- - { - "display_name": "my-folder", - "parent": "organizations/123456789" - } - google_kms_crypto_key.crypto_key: |- + google_cloud_run_v2_service.default: |- { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "crypto-key", - "purpose": "ASYMMETRIC_SIGN", - "version_template": [ + "ingress": "INGRESS_TRAFFIC_ALL", + "location": "us-central1", + "name": "cloud-run-service-via-hosting", + "project": "my-project-name", + "provider": "${google-beta}", + "template": [ { - "algorithm": "EC_SIGN_P384_SHA384" + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello" + } + ] } ] } - google_kms_crypto_key_iam_member.iam: |- + google_firebase_hosting_release.default: |- { - "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", - "member": "serviceAccount:${data.google_access_approval_folder_service_account.service_account.account_email}", - "role": "roles/cloudkms.signerVerifier" + "message": "Cloud Run Integration", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" } - google_kms_key_ring.key_ring: |- + google_firebase_hosting_site.default: |- { - "location": "global", - "name": "key-ring", - "project": "${google_project.my_project.project_id}" + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" } - google_project.my_project: |- + google_firebase_hosting_version.default: |- { - "folder_id": "${google_folder.my_folder.name}", - "name": "My Project", - "project_id": "your-project-id" + "config": [ + { + "rewrites": [ + { + "glob": "/hello/**", + "run": [ + { + "region": "${google_cloud_run_v2_service.default.location}", + "service_id": "${google_cloud_run_v2_service.default.name}" + } + ] + } + ] + } + ], + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" } argumentDocs: - ancestor_has_active_key_version: |- + 0 issue "pki.goog": . + cert: |- - - If the field is true, that indicates that an ancestor of this Folder has set active_key_version. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - enrolled_ancestor: |- + The SSL certificate Hosting has for this CustomDomain's domain name. + For new CustomDomains, this often represents Hosting's intent to create + a certificate, rather than an actual cert. Check the state field for + more. + Structure is documented below. + cert.state: |- - - If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder. - enrolled_services: |- + (Optional) + The state of the certificate. Only the CERT_ACTIVE and + CERT_EXPIRING_SOON states provide SSL coverage for a domain name. If the + state is PROPAGATING and Hosting had an active cert for the domain name + before, that formerly-active cert provides SSL coverage for the domain name + until the current cert propagates. + cert.type: |- - - (Required) - A list of Google Cloud Services for which the given resource has Access Approval enrolled. - Access requests for the resource given by name against any of these services contained here will be required - to have explicit approval. Enrollment can only be done on an all or nothing basis. - A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. + (Optional) + The certificate's type. + cert.verification: |- + - + (Optional) + A set of ACME challenges you can add to your DNS records or existing, + non-Hosting hosting provider to allow Hosting to create an SSL certificate + for your domain name before you point traffic toward hosting. You can use + thse challenges as part of a zero downtime transition from your old + provider to Hosting. Structure is documented below. - enrolled_services.active_key_version: |- + cert_preference: |- - (Optional) - The asymmetric crypto key version to use for signing approval requests. - Empty active_key_version indicates that a Google-managed key should be used for signing. - This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. - enrolled_services.cloud_product: |- + A field that lets you specify which SSL certificate type Hosting creates + for your domain name. Spark plan CustomDomains only have access to the + GROUPED cert type, while Blaze plan can select any option. + Possible values are: GROUPED, PROJECT_GROUPED, DEDICATED. + create: '- Default is 20 minutes.' + create_time: |- + - + The CustomDomain's create time. + custom_domain: |- - (Required) - The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): - enrolled_services.enrollment_level: |- + The ID of the CustomDomain, which is the domain name you'd like to use with Firebase Hosting. + delete: '- Default is 20 minutes.' + delete_time: |- - - (Optional) - The enrollment level of the service. - Default value is BLOCK_ALL. - Possible values are: BLOCK_ALL. - enrolled_services.notification_emails: |- + The time the CustomDomain was deleted; null for CustomDomains that + haven't been deleted. Deleted CustomDomains persist for approximately 30 + days, after which time Hosting removes them completely. + desired.domain_name: |- - (Optional) - A list of email addresses to which notifications relating to approval requests should be sent. - Notifications relating to a resource will be sent to all emails in the settings of ancestor - resources of that resource. A maximum of 50 email addresses are allowed. - folder_id: |- - - - (Required) - ID of the folder of the access approval settings. - id: '- an identifier for the resource with format folders/{{folder_id}}/accessApprovalSettings' - invalid_key_version: |- + The domain name the record set pertains to. + desired.records: |- - - If the field is true, that indicates that there is some configuration issue with the active_key_version - configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the - correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, - as key versions are inherited top-down. - name: |- - - - The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings" - update: '- Default is 20 minutes.' - importStatements: [] - google_folder_iam_policy: - subCategory: Cloud Platform - description: Collection of resources to manage IAM policy for a folder. - name: google_folder_iam_policy - title: "" - examples: - - name: folder - manifest: |- - { - "folder": "folders/1234567", - "policy_data": "${data.google_iam_policy.admin.policy_data}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - - name: folder - manifest: |- - { - "folder": "folders/1234567", - "policy_data": "${data.google_iam_policy.admin.policy_data}" - } - argumentDocs: - audit_log_config: '- (Required only by google_folder_iam_audit_config) The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.' - audit_log_config.exempted_members: '- (Optional) Identities that do not cause logging for this type of permission. The format is the same as that for members.' - audit_log_config.log_type: '- (Required) Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.' - condition: |- - - (Optional) An IAM Condition for a given binding. + (Optional) + Records on the domain Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the folder''s IAM policy.' - folder: '- (Required) The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.' - google_folder_iam_audit_config: ': Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.' - google_folder_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.' - google_folder_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.' - google_folder_iam_policy: ': Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.' - member/members: |- - - (Required except for google_folder_iam_audit_config) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_folder_iam_policy) The google_iam_policy data source that represents - the IAM policy that will be applied to the folder. The policy will be - merged with any existing policy applied to the folder. - role: |- - - (Required except for google_folder_iam_audit_config) The role that should be applied. Only one - google_folder_iam_binding can be used per role. Note that custom roles must be of the format - organizations/{{org_id}}/roles/{{role_id}}. - service: '- (Required only by google_folder_iam_audit_config) Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google_folder_iam_audit_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.' - importStatements: [] - google_folder_organization_policy: - subCategory: Cloud Platform - description: Allows management of Organization policies for a Google Folder. - name: google_folder_organization_policy - title: "" - examples: - - name: serial_port_policy - manifest: |- - { - "boolean_policy": [ - { - "enforced": true - } - ], - "constraint": "compute.disableSerialPortAccess", - "folder": "folders/123456789" - } - - name: services_policy - manifest: |- - { - "constraint": "serviceuser.services", - "folder": "folders/123456789", - "list_policy": [ - { - "allow": [ - { - "all": true - } - ] - } - ] - } - - name: services_policy - manifest: |- - { - "constraint": "serviceuser.services", - "folder": "folders/123456789", - "list_policy": [ - { - "deny": [ - { - "values": [ - "cloudresourcemanager.googleapis.com" - ] - } - ], - "suggested_value": "compute.googleapis.com" - } - ] - } - - name: services_policy - manifest: |- - { - "constraint": "serviceuser.services", - "folder": "folders/123456789", - "restore_policy": [ - { - "default": true - } - ] - } - argumentDocs: - allow.all: '- (Optional) The policy allows or denies all values.' - allow.values: '- (Optional) The policy can define specific values that are allowed or denied.' - boolean_policy: '- (Optional) A boolean policy is a constraint that is either enforced or not. Structure is documented below.' - boolean_policy.enforced: '- (Required) If true, then the Policy is enforced. If false, then any configuration is acceptable.' - constraint: '- (Required) The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.' - etag: '- (Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.' - folder: '- (Required) The resource name of the folder to set the policy for. Its format is folders/{folder_id}.' - list_policy: |- - - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It - can also be used to allow or deny all values. Structure is documented below. - list_policy.allow: or deny - (Optional) One or the other must be set. - list_policy.inherit_from_parent: |- - - (Optional) If set to true, the values from the effective Policy of the parent resource - are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy. - list_policy.suggested_value: '- (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.' - restore_policy: '- (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below.' - restore_policy.default: '- (Required) May only be set to true. If set, then the default Policy is restored.' - update_time: '- (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".' - version: '- (Optional) Version of the Policy. Default version is 0.' - importStatements: [] - google_game_services_game_server_cluster: - subCategory: Game Servers - description: A game server cluster resource. - name: google_game_services_game_server_cluster - title: "" - examples: - - name: default - manifest: |- - { - "cluster_id": "", - "connection_info": [ - { - "gke_cluster_reference": [ - { - "cluster": "locations/us-west1/clusters/" - } - ], - "namespace": "default" - } - ], - "realm_id": "${google_game_services_realm.default.realm_id}" - } - references: - realm_id: google_game_services_realm.default.realm_id - dependencies: - google_game_services_realm.default: |- - { - "description": "Test Game Realm", - "realm_id": "realm", - "time_zone": "PST8PDT" - } - argumentDocs: - '{cluster_id}': |- - If project and location are not specified, the project and location of the - GameServerCluster resource are used to generate the full name of the - GKE cluster. - cluster_id: |- - - - (Required) - Required. The resource name of the game server cluster - connection_info: |- + discovered.domain_name: |- - - (Required) - Game server cluster connection information. This information is used to - manage game server clusters. - Structure is documented below. - connection_info.gke_cluster_reference: |- + (Optional) + The domain name the record set pertains to. + discovered.records: |- - - (Required) - Reference of the GKE cluster where the game servers are installed. + (Optional) + Records on the domain Structure is documented below. - connection_info.namespace: |- - - - (Required) - Namespace designated on the game server cluster where the game server - instances will be created. The namespace existence will be validated - during creation. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - gke_cluster_reference.cluster: |- - - - (Required) - The full or partial name of a GKE cluster, using one of the following - forms: - gke_cluster_reference.description: |- + dns.check_time: |- - - (Optional) - Human readable description of the cluster. - gke_cluster_reference.labels: |- + (Output) + The last time Hosting checked your CustomDomain's DNS records. + dns.desired: |- - (Optional) - The labels associated with this game server cluster. Each label is a - key-value pair. - gke_cluster_reference.location: |- + The set of DNS records Hosting needs to serve secure content on the domain. + Structure is documented below. + dns.discovered: |- - (Optional) - Location of the Cluster. - gke_cluster_reference.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters/{{cluster_id}}' - name: |- + The set of DNS records Hosting discovered when inspecting a domain + Structure is documented below. + etag: |- - - The resource id of the game server cluster, eg: - projects/{project_id}/locations/{location}/realms/{realm_id}/gameServerClusters/{cluster_id}. - For example, - projects/my-project/locations/{location}/realms/zanzibar/gameServerClusters/my-onprem-cluster. - realm_id: |- + A string that represents the current state of the CustomDomain and + allows you to confirm its initial state in requests that would modify it. + expire_time: |- - - (Required) - The realm id of the game server realm. - update: '- Default is 20 minutes.' - importStatements: [] - google_game_services_game_server_config: - subCategory: Game Servers - description: A game server config resource. - name: google_game_services_game_server_config - title: "" - examples: - - name: default - manifest: |- - { - "config_id": "tf-test-config", - "deployment_id": "${google_game_services_game_server_deployment.default.deployment_id}", - "description": "a config description", - "fleet_configs": [ - { - "fleet_spec": "${jsonencode({ \"replicas\" : 1, \"scheduling\" : \"Packed\", \"template\" : { \"metadata\" : { \"name\" : \"tf-test-game-server-template\" }, \"spec\" : { \"ports\": [{\"name\": \"default\", \"portPolicy\": \"Dynamic\", \"containerPort\": 7654, \"protocol\": \"UDP\"}], \"template\" : { \"spec\" : { \"containers\" : [{ \"name\" : \"simple-udp-server\", \"image\" : \"gcr.io/agones-images/udp-server:0.14\" }] } } } } })}", - "name": "something-unique" - } - ], - "scaling_configs": [ - { - "fleet_autoscaler_spec": "${jsonencode({\"policy\": {\"type\": \"Webhook\",\"webhook\": {\"service\": {\"name\": \"autoscaler-webhook-service\",\"namespace\": \"default\",\"path\": \"scale\"}}}})}", - "name": "scaling-config-name", - "schedules": [ - { - "cron_job_duration": "3.500s", - "cron_spec": "0 0 * * 0" - } - ], - "selectors": [ - { - "labels": { - "one": "two" - } - } - ] - } - ] - } - references: - deployment_id: google_game_services_game_server_deployment.default.deployment_id - dependencies: - google_game_services_game_server_deployment.default: |- - { - "deployment_id": "tf-test-deployment", - "description": "a deployment description" - } - argumentDocs: - config_id: |- + The minimum time before a soft-deleted CustomDomain is completely removed + from Hosting; null for CustomDomains that haven't been deleted. + host_state: |- + - + The host state of your domain name. Host state is determined by checking each + IP address associated with your domain name to see if it's serving + Hosting content. + HOST_UNHOSTED: + Your CustomDomain's domain name isn't associated with any IP addresses. + HOST_UNREACHABLE: + Your CustomDomain's domain name can't be reached. Hosting services' DNS + queries to find your domain name's IP addresses resulted in errors. See + your CustomDomain's issues field for more details. + HOST_MISMATCH: + Your CustomDomain's domain name has IP addresses that don't ultimately + resolve to Hosting. + HOST_CONFLICT: + Your CustomDomain's domain name has IP addresses that resolve to both + Hosting and other services. To ensure consistent results, remove A and + AAAA records related to non-Hosting services. + HOST_ACTIVE: + All requests against your CustomDomain's domain name are served by + Hosting. If the CustomDomain's OwnershipState is also ACTIVE, Hosting + serves your Hosting Site's content on the domain name. + http.desired: |- + - + (Optional) + A text string to serve at the path. + http.discovered: |- + - + (Optional) + Whether Hosting was able to find the required file contents on the + specified path during its last check. + http.last_check_time: |- - - (Required) - A unique id for the deployment config. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - deployment_id: |- + (Output) + The last time Hosting systems checked for the file contents. + http.path: |- - - (Required) - A unique id for the deployment. - fleet_configs: |- + (Optional) + The path to the file. + id: '- an identifier for the resource with format projects/{{project}}/sites/{{site_id}}/customDomains/{{custom_domain}}' + issues: |- - - (Required) - The fleet config contains list of fleet specs. In the Single Cloud, there - will be only one. + A set of errors Hosting systems encountered when trying to establish + Hosting's ability to serve secure content for your domain name. Resolve + these issues to ensure your CustomDomain behaves properly. Structure is documented below. - fleet_configs.description: |- + issues.code: |- - (Optional) - The description of the game server config. - fleet_configs.fleet_spec: |- - - - (Required) - The fleet spec, which is sent to Agones to configure fleet. - The spec can be passed as inline json but it is recommended to use a file reference - instead. File references can contain the json or yaml format of the fleet spec. Eg: - fleet_configs.labels: |- + The status code, which should be an enum value of google.rpc.Code + issues.details: |- - (Optional) - The labels associated with this game server config. Each label is a - key-value pair. - fleet_configs.location: |- + A list of messages that carry the error details. + issues.message: |- - (Optional) - Location of the Deployment. - fleet_configs.name: |- + Error message + name: |- - - (Required) - The name of the FleetConfig. - fleet_configs.project: |- + The fully-qualified name of the CustomDomain. + ownership_state: |- + - + The ownership state of your domain name. Ownership is determined at a + Firebase project level, and established by adding TXT records to your + domain name's DNS records. + Ownership cascades to subdomains. Granting a project ownership of foo.com + also grants that project ownership over bar.foo.com, unless you add + specific TXT records to bar.foo.com that grant a different project + ownership. + If your CustomDomain is in an OwnershipState other than + OWNERSHIP_ACTIVE for more than 30 days and it hasn't been updated in at + least 30 days, Hosting's ownership systems delete the CustomDomain. + OWNERSHIP_MISSING: + Your CustomDomain's domain name has no Hosting-related ownership records; + no Firebase project has permission to act on the domain name's behalf. + OWNERSHIP_UNREACHABLE: + Your CustomDomain's domain name can't be reached. Hosting services' DNS + queries to find your domain name's ownership records resulted in errors. + See your CustomDomain's issues field for more details. + OWNERSHIP_MISMATCH: + Your CustomDomain's domain name is owned by another Firebase project. + Remove the conflicting TXT records and replace them with project-specific + records for your current Firebase project. + OWNERSHIP_CONFLICT: + Your CustomDomain's domain name has conflicting TXT records that + indicate ownership by both your current Firebase project and another + project. Remove the other project's ownership records to grant the current + project ownership. + OWNERSHIP_PENDING: + Your CustomDomain's DNS records are configured correctly. Hosting will + transfer ownership of your domain to this CustomDomain within 24 hours. + OWNERSHIP_ACTIVE: + Your CustomDomain's domain name has TXT records that grant its project + permission to act on its behalf. + project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - fleet_configs.scaling_configs: |- + reconciling: |- + - + if true, indicates that Hosting's systems are attmepting to + make the CustomDomain's state match your preferred state. This is most + frequently true when initially provisioning a CustomDomain or when creating + a new SSL certificate to match an updated cert_preference + records.domain_name: |- - (Optional) - Optional. This contains the autoscaling settings. - Structure is documented below. - https://agones.dev/site/docs/reference/fleet/: . - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs/{{config_id}}' - name: |- + The domain name the record pertains to, e.g. foo.bar.com.. + records.rdata: |- - - The resource name of the game server config, in the form: - projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}. - scaling_configs.fleet_autoscaler_spec: |- + (Optional) + The data of the record. The meaning of the value depends on record type: + records.required_action: |- - - (Required) - Fleet autoscaler spec, which is sent to Agones. - Example spec can be found : - https://agones.dev/site/docs/reference/fleetautoscaler/ - scaling_configs.name: |- + (Optional) + Indicates the a required action for this record. + records.type: |- - - (Required) - The name of the ScalingConfig - scaling_configs.schedules: |- + (Optional) + The record's type, which determines what data the record contains. + redirect_target: |- - (Optional) - The schedules to which this scaling config applies. + A domain name that this CustomDomain should direct traffic towards. If + specified, Hosting will respond to requests against this CustomDomain + with an HTTP 301 code, and route traffic to the specified redirect_target + instead. + required_dns_updates: |- + - + A set of updates you should make to the domain name's DNS records to + let Hosting serve secure content on its behalf. Structure is documented below. - scaling_configs.selectors: |- + required_dns_updates.check_time: |- + - + (Output) + The last time Hosting checked your CustomDomain's DNS records. + required_dns_updates.desired: |- - (Optional) - Labels used to identify the clusters to which this scaling config - applies. A cluster is subject to this scaling config if its labels match - any of the selector entries. + The set of DNS records Hosting needs to serve secure content on the domain. Structure is documented below. - schedules.cron_job_duration: |- + required_dns_updates.discovered: |- - (Optional) - The duration for the cron job event. The duration of the event is effective - after the cron job's start time. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - schedules.cron_spec: |- + The set of DNS records Hosting discovered when inspecting a domain + Structure is documented below. + site_id: |- - - (Optional) - The cron definition of the scheduled event. See - https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as - defined by the realm. - schedules.end_time: |- + (Required) + The ID of the site in which to create this custom domain association. + update: '- Default is 20 minutes.' + update_time: |- - - (Optional) - The end time of the event. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - schedules.start_time: |- + The last time the CustomDomain was updated. + verification.dns: |- - (Optional) - The start time of the event. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - selectors.labels: |- + A TXT record to add to your DNS records that confirms your intent to + let Hosting create an SSL cert for your domain name. + Structure is documented below. + verification.http: |- - (Optional) - Set of labels to group by. + A file to add to your existing, non-Hosting hosting service that confirms + your intent to let Hosting create an SSL cert for your domain name. + Structure is documented below. + wait_dns_verification: |- + - (Optional) If true, Terraform will wait for DNS records to be fully resolved on the CustomDomain. + If false, Terraform will not wait for DNS records on the CustomDomain. Any issues in + the CustomDomain will be returned and stored in the Terraform state. importStatements: [] - google_game_services_game_server_deployment: - subCategory: Game Servers - description: A game server deployment resource. - name: google_game_services_game_server_deployment + google_firebase_hosting_release: + subCategory: Firebase Hosting + description: A Release is a particular collection of configurations that is set to be public at a particular time. + name: google_firebase_hosting_release title: "" examples: - name: default manifest: |- { - "deployment_id": "tf-test-deployment", - "description": "a deployment description" + "message": "Test release", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" } - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - deployment_id: |- - - - (Required) - A unique id for the deployment. - description: |- - - - (Optional) - Human readable description of the game server deployment. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}' - labels: |- - - - (Optional) - The labels associated with this game server deployment. Each label is a - key-value pair. - location: |- - - - (Optional) - Location of the Deployment. - name: |- - - - The resource id of the game server deployment, eg: - projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}. - For example, - projects/my-project/locations/{location}/gameServerDeployments/my-deployment. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' - importStatements: [] - google_game_services_game_server_deployment_rollout: - subCategory: Game Servers - description: This represents the rollout state. - name: google_game_services_game_server_deployment_rollout - title: "" - examples: + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + version_name: google_firebase_hosting_version.default.name + dependencies: + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" + } + google_firebase_hosting_version.default: |- + { + "config": [ + { + "redirects": [ + { + "glob": "/google/**", + "location": "https://www.google.com", + "status_code": 302 + } + ] + } + ], + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" + } - name: default manifest: |- { - "default_game_server_config": "${google_game_services_game_server_config.default.name}", - "deployment_id": "${google_game_services_game_server_deployment.default.deployment_id}" + "channel_id": "${google_firebase_hosting_channel.default.channel_id}", + "message": "Test release in channel", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" } references: - default_game_server_config: google_game_services_game_server_config.default.name - deployment_id: google_game_services_game_server_deployment.default.deployment_id + channel_id: google_firebase_hosting_channel.default.channel_id + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + version_name: google_firebase_hosting_version.default.name dependencies: - google_game_services_game_server_config.default: |- + google_firebase_hosting_channel.default: |- + { + "channel_id": "channel-id", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" + } + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-with-channel" + } + google_firebase_hosting_version.default: |- { - "config_id": "tf-test-config", - "deployment_id": "${google_game_services_game_server_deployment.default.deployment_id}", - "description": "a config description", - "fleet_configs": [ + "config": [ { - "fleet_spec": "${jsonencode({ \"replicas\" : 1, \"scheduling\" : \"Packed\", \"template\" : { \"metadata\" : { \"name\" : \"tf-test-game-server-template\" }, \"spec\" : { \"ports\": [{\"name\": \"default\", \"portPolicy\": \"Dynamic\", \"containerPort\": 7654, \"protocol\": \"UDP\"}], \"template\" : { \"spec\" : { \"containers\" : [{ \"name\" : \"simple-udp-server\", \"image\" : \"gcr.io/agones-images/udp-server:0.14\" }] } } } } })}", - "name": "some-non-guid" + "redirects": [ + { + "glob": "/google/**", + "location": "https://www.google.com", + "status_code": 302 + } + ] } - ] + ], + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" } - google_game_services_game_server_deployment.default: |- + - name: default + manifest: |- + { + "message": "Take down site", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "type": "SITE_DISABLE" + } + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_firebase_hosting_site.default: |- { - "deployment_id": "tf-test-deployment", - "description": "a deployment description" + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" } argumentDocs: - create: '- Default is 20 minutes.' - default_game_server_config: |- + channel_id: |- - - (Required) - This field points to the game server config that is - applied by default to all realms and clusters. For example, - projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config. + (Optional) + The ID of the channel to which the release belongs. If not provided, the release will + belong to the default "live" channel + create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - deployment_id: |- - - - (Required) - The deployment to rollout the new config to. Only 1 rollout must be associated with each deployment. - game_server_config_overrides: |- + id: '- an identifier for the resource with format sites/{{site_id}}/channels/{{channel_id}}/releases/{{release_id}}' + message: |- - (Optional) - The game_server_config_overrides contains the per game server config - overrides. The overrides are processed in the order they are listed. As - soon as a match is found for a cluster, the rest of the list is not - processed. - Structure is documented below. - game_server_config_overrides.config_version: |- + The deploy description when the release was created. The value can be up to 512 characters. + name: |- - - (Optional) - Version of the configuration. - game_server_config_overrides.realms_selector: |- + The unique identifier for the release, in either of the following formats: + sites/SITE_ID/releases/RELEASE_ID + sites/SITE_ID/channels/CHANNEL_ID/releases/RELEASE_ID + release_id: |- - - (Optional) - Selection by realms. - Structure is documented below. - id: '- an identifier for the resource with format projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout' - name: |- + The unique identifier for the Release. + site_id: |- - - The resource id of the game server deployment - eg: projects/my-project/locations/global/gameServerDeployments/my-deployment/rollout. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - realms_selector.realms: |- + (Required) + Required. The ID of the site to which the release belongs. + type: |- - (Optional) - List of realms to match against. - update: '- Default is 20 minutes.' + The type of the release; indicates what happened to the content of the site. There is no need to specify + DEPLOY or ROLLBACK type if a version_name is provided. + DEPLOY: A version was uploaded to Firebase Hosting and released. Output only. + ROLLBACK: The release points back to a previously deployed version. Output only. + SITE_DISABLE: The release prevents the site from serving content. Firebase Hosting acts as if the site never existed + Possible values are: DEPLOY, ROLLBACK, SITE_DISABLE. + version_name: |- + - + (Optional) + The unique identifier for a version, in the format: sites/SITE_ID/versions/VERSION_ID. + The content of the version specified will be actively displayed on the appropriate URL. + The Version must belong to the same site as in the site_id. + This parameter must be empty if the type of the release is SITE_DISABLE. importStatements: [] - google_game_services_realm: - subCategory: Game Servers - description: A Realm resource. - name: google_game_services_realm + google_firebase_hosting_site: + subCategory: Firebase Hosting + description: A + name: google_firebase_hosting_site title: "" examples: - name: default manifest: |- { - "description": "one of the nine", - "location": "global", - "realm_id": "tf-test-realm", - "time_zone": "EST" + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-no-app" + } + references: + provider: google-beta + - name: full + manifest: |- + { + "app_id": "${google_firebase_web_app.default.app_id}", + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-with-app" } + references: + app_id: google_firebase_web_app.default.app_id + provider: google-beta + dependencies: + google_firebase_web_app.default: |- + { + "display_name": "Test web app for Firebase Hosting", + "project": "my-project-name", + "provider": "${google-beta}" + } argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - description: |- - - - (Optional) - Human readable description of the realm. - etag: |- - - - ETag of the resource. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/realms/{{realm_id}}' - labels: |- + app_id: |- - (Optional) - The labels associated with this realm. Each label is a key-value pair. - location: |- + Optional. The ID of a Web App + associated with the Hosting site. + create: '- Default is 20 minutes.' + default_url: |- - - (Optional) - Location of the Realm. + The default URL for the site in the form of https://{name}.web.app + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/sites/{{site_id}}' name: |- - - The resource id of the realm, of the form: - projects/{project_id}/locations/{location}/realms/{realm_id}. For - example, projects/my-project/locations/{location}/realms/my-realm. + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ProjectNumber (recommended) or its + ProjectId. + Learn more about using project identifiers in Google's + AIP 2510 standard. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - realm_id: |- - - - (Required) - GCP region of the Realm. - time_zone: |- + site_id: |- - - (Required) - Required. Time zone where all realm-specific policies are evaluated. The value of - this field must be from the IANA time zone database: - https://www.iana.org/time-zones. + (Optional) + Required. Immutable. A globally unique identifier for the Hosting site. This identifier is + used to construct the Firebase-provisioned subdomains for the site, so it must also be a valid + domain name label. update: '- Default is 20 minutes.' importStatements: [] - google_gke_backup_backup_plan: - subCategory: Backup for GKE - description: Represents a Backup Plan instance. - name: google_gke_backup_backup_plan + google_firebase_hosting_version: + subCategory: Firebase Hosting + description: A + name: google_firebase_hosting_version title: "" examples: - - name: basic + - name: default manifest: |- { - "backup_config": [ + "config": [ { - "all_namespaces": true, - "include_secrets": true, - "include_volume_data": true + "redirects": [ + { + "glob": "/google/**", + "location": "https://www.google.com", + "status_code": 302 + } + ] } ], - "cluster": "${google_container_cluster.primary.id}", - "location": "us-central1", - "name": "basic-plan" + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" } references: - cluster: google_container_cluster.primary.id + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id dependencies: - google_container_cluster.primary: |- - { - "addons_config": [ - { - "gke_backup_agent_config": [ - { - "enabled": true - } - ] - } - ], - "initial_node_count": 1, - "location": "us-central1", - "name": "basic-cluster", - "workload_identity_config": [ - { - "workload_pool": "my-project-name.svc.id.goog" - } - ] - } - - name: autopilot - manifest: |- - { - "backup_config": [ + google_firebase_hosting_release.default: |- { - "all_namespaces": true, - "include_secrets": true, - "include_volume_data": true + "message": "Redirect to Google", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" } - ], - "cluster": "${google_container_cluster.primary.id}", - "location": "us-central1", - "name": "autopilot-plan" - } - references: - cluster: google_container_cluster.primary.id - dependencies: - google_container_cluster.primary: |- + google_firebase_hosting_site.default: |- { - "addons_config": [ - { - "gke_backup_agent_config": [ - { - "enabled": true - } - ] - } - ], - "enable_autopilot": true, - "ip_allocation_policy": [ - {} - ], - "location": "us-central1", - "name": "autopilot-cluster", - "release_channel": [ - { - "channel": "RAPID" - } - ] + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" } - - name: cmek + - name: default manifest: |- { - "backup_config": [ + "config": [ { - "encryption_key": [ - { - "gcp_kms_encryption_key": "${google_kms_crypto_key.crypto_key.id}" - } - ], - "include_secrets": true, - "include_volume_data": true, - "selected_namespaces": [ + "rewrites": [ { - "namespaces": [ - "default", - "test" + "glob": "/hello/**", + "run": [ + { + "region": "${google_cloud_run_v2_service.default.location}", + "service_id": "${google_cloud_run_v2_service.default.name}" + } ] } ] } ], - "cluster": "${google_container_cluster.primary.id}", - "location": "us-central1", - "name": "cmek-plan" + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" } references: - backup_config.encryption_key.gcp_kms_encryption_key: google_kms_crypto_key.crypto_key.id - cluster: google_container_cluster.primary.id + config.rewrites.run.region: google_cloud_run_v2_service.default.location + config.rewrites.run.service_id: google_cloud_run_v2_service.default.name + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id dependencies: - google_container_cluster.primary: |- + google_cloud_run_v2_service.default: |- { - "addons_config": [ + "ingress": "INGRESS_TRAFFIC_ALL", + "location": "us-central1", + "name": "cloud-run-service-via-hosting", + "project": "my-project-name", + "provider": "${google-beta}", + "template": [ { - "gke_backup_agent_config": [ + "containers": [ { - "enabled": true + "image": "us-docker.pkg.dev/cloudrun/container/hello" } ] } - ], - "initial_node_count": 1, - "location": "us-central1", - "name": "cmek-cluster", - "workload_identity_config": [ - { - "workload_pool": "my-project-name.svc.id.goog" - } ] } - google_kms_crypto_key.crypto_key: |- + google_firebase_hosting_release.default: |- { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "backup-key" + "message": "Cloud Run Integration", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" } - google_kms_key_ring.key_ring: |- + google_firebase_hosting_site.default: |- { - "location": "us-central1", - "name": "backup-key" + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" } - - name: full + - name: default manifest: |- { - "backup_config": [ + "config": [ { - "include_secrets": true, - "include_volume_data": true, - "selected_applications": [ + "rewrites": [ { - "namespaced_names": [ - { - "name": "app1", - "namespace": "ns1" - }, - { - "name": "app2", - "namespace": "ns2" - } - ] + "function": "${google_cloudfunctions_function.function.name}", + "glob": "/hello/**" } ] } ], - "backup_schedule": [ + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" + } + references: + config.rewrites.function: google_cloudfunctions_function.function.name + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_cloudfunctions_function.function: |- { - "cron_schedule": "0 9 * * 1" + "available_memory_mb": 128, + "description": "A Cloud Function connected to Firebase Hosing", + "entry_point": "helloHttp", + "name": "cloud-function-via-hosting", + "project": "my-project-name", + "provider": "${google-beta}", + "runtime": "nodejs16", + "source_archive_bucket": "${google_storage_bucket.bucket.name}", + "source_archive_object": "${google_storage_bucket_object.object.name}", + "trigger_http": true } - ], - "cluster": "${google_container_cluster.primary.id}", - "location": "us-central1", - "name": "full-plan", - "retention_policy": [ + google_firebase_hosting_release.default: |- { - "backup_delete_lock_days": 30, - "backup_retain_days": 180 + "message": "Cloud Functions Integration", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" } - ] - } - references: - cluster: google_container_cluster.primary.id - dependencies: - google_container_cluster.primary: |- + google_firebase_hosting_site.default: |- { - "addons_config": [ - { - "gke_backup_agent_config": [ - { - "enabled": true - } - ] - } - ], - "initial_node_count": 1, - "location": "us-central1", - "name": "full-cluster", - "workload_identity_config": [ - { - "workload_pool": "my-project-name.svc.id.goog" - } - ] + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "site-id-function-source", + "project": "my-project-name", + "provider": "${google-beta}", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.object: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "name": "function-source.zip", + "provider": "${google-beta}", + "source": "function-source.zip" } argumentDocs: - backup_config: |- - - - (Optional) - Defines the configuration of Backups created via this BackupPlan. - Structure is documented below. - backup_config.all_namespaces: |- - - - (Optional) - If True, include all namespaced resources. - backup_config.encryption_key: |- - - - (Optional) - This defines a customer managed encryption key that will be used to encrypt the "config" - portion (the Kubernetes resources) of Backups created via this plan. - Structure is documented below. - backup_config.include_secrets: |- - - - (Optional) - This flag specifies whether Kubernetes Secret resources should be included - when they fall into the scope of Backups. - backup_config.include_volume_data: |- - - - (Optional) - This flag specifies whether volume data should be backed up when PVCs are - included in the scope of a Backup. - backup_config.selected_applications: |- + config: |- - (Optional) - A list of namespaced Kubernetes Resources. + The configuration for the behavior of the site. This configuration exists in the firebase.json file. Structure is documented below. - backup_config.selected_namespaces: |- + config.redirects: |- - (Optional) - If set, include just the resources in the listed namespaces. + An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to respond with a redirect to the specified destination path. Structure is documented below. - backup_schedule: |- + config.rewrites: |- - (Optional) - Defines a schedule for automatic Backup creation via this BackupPlan. + An array of objects (called rewrite rules), where each rule specifies a URL pattern that, if matched to the + request URL path, triggers Hosting to respond as if the service were given the specified destination URL. Structure is documented below. - backup_schedule.cron_schedule: |- - - - (Optional) - A standard cron string that defines a repeating schedule for - creating Backups via this BackupPlan. - If this is defined, then backupRetainDays must also be defined. - backup_schedule.paused: |- - - - (Optional) - This flag denotes whether automatic Backup creation is paused for this BackupPlan. - cluster: |- - - - (Required) - The source cluster from which Backups will be created via this BackupPlan. create: '- Default is 20 minutes.' - deactivated: |- - - - (Optional) - This flag indicates whether this BackupPlan has been deactivated. - Setting this field to True locks the BackupPlan such that no further updates will be allowed - (except deletes), including the deactivated field itself. It also prevents any new Backups - from being created via this BackupPlan (including scheduled Backups). delete: '- Default is 20 minutes.' - description: |- + id: '- an identifier for the resource with format sites/{{site_id}}/versions/{{version_id}}' + name: |- + - + The fully-qualified resource name for the version, in the format: + sites/SITE_ID/versions/VERSION_ID + redirects.glob: |- - (Optional) - User specified descriptive string for this BackupPlan. - encryption_key.gcp_kms_encryption_key: |- + The user-supplied glob to match against the request URL path. + redirects.location: |- - (Required) - Google Cloud KMS encryption key. Format: projects//locations//keyRings//cryptoKeys/ - etag: |- - - - etag is used for optimistic concurrency control as a way to help prevent simultaneous - updates of a backup plan from overwriting each other. It is strongly suggested that - systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates - in order to avoid race conditions: An etag is returned in the response to backupPlans.get, - and systems are expected to put that etag in the request to backupPlans.patch or - backupPlans.delete to ensure that their change will be applied to the same version of the resource. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlans/{{name}}' - labels: |- + The value to put in the HTTP location header of the response. + The location can contain capture group values from the pattern using a : prefix to identify + the segment and an optional * to capture the rest of the URL. For example: + redirects.regex: |- - (Optional) - Description: A set of custom labels supplied by the user. - A list of key->value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - location: |- - - - (Required) - The region of the Backup Plan. - name: |- + The user-supplied RE2 regular expression to match against the request URL path. + redirects.status_code: |- - (Required) - The full name of the BackupPlan Resource. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - protected_pod_count: |- - - - The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan. - retention_policy: |- + The status HTTP code to return in the response. It must be a valid 3xx status code. + rewrites.function: |- - (Optional) - RetentionPolicy governs lifecycle of Backups created under this plan. - Structure is documented below. - retention_policy.backup_delete_lock_days: |- + The function to proxy requests to. Must match the exported function name exactly. + rewrites.glob: |- - (Optional) - Minimum age for a Backup created via this BackupPlan (in days). - Must be an integer value between 0-90 (inclusive). - A Backup created under this BackupPlan will not be deletable - until it reaches Backup's (create time + backup_delete_lock_days). - Updating this field of a BackupPlan does not affect existing Backups. - Backups created after a successful update will inherit this new value. - retention_policy.backup_retain_days: |- + The user-supplied glob to match against the request URL path. + rewrites.regex: |- - (Optional) - The default maximum age of a Backup created via this BackupPlan. - This field MUST be an integer value >= 0 and <= 365. If specified, - a Backup created under this BackupPlan will be automatically deleted - after its age reaches (createTime + backupRetainDays). - If not specified, Backups created under this BackupPlan will NOT be - subject to automatic deletion. Updating this field does NOT affect - existing Backups under it. Backups created AFTER a successful update - will automatically pick up the new value. - NOTE: backupRetainDays must be >= backupDeleteLockDays. - If cronSchedule is defined, then this must be <= 360 * the creation interval.] - retention_policy.locked: |- + The user-supplied RE2 regular expression to match against the request URL path. + rewrites.run: |- - (Optional) - This flag denotes whether the retention policy of this BackupPlan is locked. - If set to True, no further update is allowed on this policy, including - the locked field itself. - selected_applications.namespaced_names: |- - - - (Required) - A list of namespaced Kubernetes resources. + The request will be forwarded to Cloud Run. Structure is documented below. - selected_applications.namespaced_names.name: |- + run.region: |- - - (Required) - The name of a Kubernetes Resource. - selected_applications.namespaced_names.namespace: |- + (Optional) + Optional. User-provided region where the Cloud Run service is hosted. Defaults to us-central1 if not supplied. + run.service_id: |- - (Required) - The namespace of a Kubernetes Resource. - selected_namespaces.namespaces: |- + User-defined ID of the Cloud Run service. + site_id: |- - (Required) - A list of Kubernetes Namespaces. - state: |- - - - The State of the BackupPlan. - state_reason: |- - - - Detailed description of why BackupPlan is in its current state. - uid: |- + Required. The ID of the site in which to create this Version. + version_id: |- - - Server generated, unique identifier of UUID format. - update: '- Default is 20 minutes.' + The ID for the version as in sites/SITE_ID/versions/VERSION_ID importStatements: [] - google_gke_backup_backup_plan_iam_policy: - subCategory: Backup for GKE - description: Collection of resources to manage IAM policy for Backup for GKE BackupPlan - name: google_gke_backup_backup_plan_iam_policy + google_firebase_project: + subCategory: Firebase + description: A Google Cloud Firebase instance. + name: google_firebase_project title: "" examples: - - name: policy + - name: default manifest: |- { - "location": "${google_gke_backup_backup_plan.basic.location}", - "name": "${google_gke_backup_backup_plan.basic.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_gke_backup_backup_plan.basic.project}" + "project": "${google_project.default.project_id}", + "provider": "${google-beta}" } references: - location: google_gke_backup_backup_plan.basic.location - name: google_gke_backup_backup_plan.basic.name - policy_data: data.google_iam_policy.admin.policy_data - project: google_gke_backup_backup_plan.basic.project + project: google_project.default.project_id + provider: google-beta + dependencies: + google_project.default: |- + { + "labels": { + "firebase": "enabled" + }, + "name": "my-project", + "org_id": "123456789", + "project_id": "my-project", + "provider": "${google-beta}" + } argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_gke_backup_backup_plan_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.' - google_gke_backup_backup_plan_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.' - google_gke_backup_backup_plan_iam_policy: ': Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.' - location: |- - - (Required) The region of the Backup Plan. - Used to find the parent resource to bind the IAM policy to - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - name: '- (Required) Used to find the parent resource to bind the IAM policy to' - policy_data: |- - - (Required only by google_gke_backup_backup_plan_iam_policy) The policy data generated by - a google_iam_policy data source. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + The GCP project display name + id: '- an identifier for the resource with format projects/{{project}}' project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_gke_backup_backup_plan_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + If it is not provided, the provider project is used. + project_number: |- + - + The number of the google project that firebase is enabled on. importStatements: [] - google_gke_hub_feature: - subCategory: GKEHub - description: Feature represents the settings and status of any Hub Feature. - name: google_gke_hub_feature + google_firebase_storage_bucket: + subCategory: Cloud Storage for Firebase + description: An association between a Firebase project and a Google Cloud Storage bucket. + name: google_firebase_storage_bucket title: "" examples: - - name: feature + - name: default manifest: |- { - "location": "global", - "name": "multiclusteringress", - "spec": [ - { - "multiclusteringress": [ - { - "config_membership": "${google_gke_hub_membership.membership.id}" - } - ] - } - ] + "bucket_id": "${google_storage_bucket.default.id}", + "project": "my-project-name", + "provider": "${google-beta}" } references: - spec.multiclusteringress.config_membership: google_gke_hub_membership.membership.id + bucket_id: google_storage_bucket.default.id + provider: google-beta dependencies: - google_container_cluster.cluster: |- + google_storage_bucket.default: |- { - "initial_node_count": 1, - "location": "us-central1-a", - "name": "my-cluster" + "location": "US", + "name": "test_bucket", + "provider": "${google-beta}", + "uniform_bucket_level_access": true } - google_gke_hub_membership.membership: |- - { - "description": "Membership", - "endpoint": [ - { - "gke_cluster": [ - { - "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" - } - ] - } - ], - "membership_id": "my-membership" - } - - name: feature - manifest: |- - { - "labels": { - "foo": "bar" - }, - "location": "global", - "name": "multiclusterservicediscovery" - } - - name: feature + argumentDocs: + bucket_id: |- + - + (Optional) + Required. Immutable. The ID of the underlying Google Cloud Storage bucket + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/buckets/{{bucket_id}}' + name: |- + - + Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + importStatements: [] + google_firebase_web_app: + subCategory: Firebase + description: A Google Cloud Firebase web application instance + name: google_firebase_web_app + title: "" + examples: + - name: basic manifest: |- { - "location": "global", - "name": "servicemesh" + "display_name": "Display Name Basic", + "project": "my-project-name", + "provider": "${google-beta}" } - - name: feature - manifest: |- - { - "location": "global", - "name": "fleetobservability", - "spec": [ + references: + provider: google-beta + dependencies: + google_storage_bucket.default: |- { - "fleetobservability": [ - { - "logging_config": [ - { - "default_config": [ - { - "mode": "COPY" - } - ] - } - ] - } - ] + "location": "US", + "name": "fb-webapp-", + "provider": "${google-beta}" } - ] - } - - name: feature - manifest: |- - { - "location": "global", - "name": "fleetobservability", - "spec": [ + google_storage_bucket_object.default: |- { - "fleetobservability": [ - { - "logging_config": [ - { - "fleet_scope_logs_config": [ - { - "mode": "MOVE" - } - ] - } - ] - } - ] + "bucket": "${google_storage_bucket.default.name}", + "content": "${jsonencode({\n appId = google_firebase_web_app.basic.app_id\n apiKey = data.google_firebase_web_app_config.basic.api_key\n authDomain = data.google_firebase_web_app_config.basic.auth_domain\n databaseURL = lookup(data.google_firebase_web_app_config.basic, \"database_url\", \"\")\n storageBucket = lookup(data.google_firebase_web_app_config.basic, \"storage_bucket\", \"\")\n messagingSenderId = lookup(data.google_firebase_web_app_config.basic, \"messaging_sender_id\", \"\")\n measurementId = lookup(data.google_firebase_web_app_config.basic, \"measurement_id\", \"\")\n })}", + "name": "firebase-config.json", + "provider": "${google-beta}" } - ] - } - - name: feature + - name: default manifest: |- { - "location": "global", - "name": "fleetobservability", - "spec": [ + "api_key_id": "${google_apikeys_key.web.uid}", + "deletion_policy": "DELETE", + "display_name": "Display Name", + "project": "my-project-name", + "provider": "${google-beta}" + } + references: + api_key_id: google_apikeys_key.web.uid + provider: google-beta + dependencies: + google_apikeys_key.web: |- { - "fleetobservability": [ + "display_name": "Display Name", + "name": "api-key", + "project": "my-project-name", + "provider": "${google-beta}", + "restrictions": [ { - "logging_config": [ + "browser_key_restrictions": [ { - "default_config": [ - { - "mode": "COPY" - } - ], - "fleet_scope_logs_config": [ - { - "mode": "MOVE" - } + "allowed_referrers": [ + "*" ] } ] } ] } - ] - } argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. When the Feature resource was created. - default_config.mode: |- - - - (Optional) - Specified if fleet logging feature is enabled. - Possible values are: MODE_UNSPECIFIED, COPY, MOVE. - delete: '- Default is 20 minutes.' - delete_time: |- - - - Output only. When the Feature resource was deleted. - fleet_scope_logs_config.mode: |- - - - (Optional) - Specified if fleet logging feature is enabled. - Possible values are: MODE_UNSPECIFIED, COPY, MOVE. - fleetobservability.logging_config: |- - - - (Optional) - Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet. - Structure is documented below. - fleetobservability.logging_config.default_config: |- - - - (Optional) - Specified if applying the default routing config to logs not specified in other configs. - Structure is documented below. - fleetobservability.logging_config.fleet_scope_logs_config: |- + api_key_id: |- - (Optional) - Specified if applying the routing config to all logs for all fleet scopes. - Structure is documented below. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{name}}' - labels: |- + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the WebApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the WebApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + app_id: |- - - (Optional) - GCP labels for this Feature. - location: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + app_urls: |- - - (Required) - The location for the resource - multiclusteringress.config_membership: |- + The URLs where the WebApp is hosted. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + deletion_policy: |- + - (Optional) Set to ABANDON to allow the WebApp to be untracked from terraform state + rather than deleted upon terraform destroy. This is useful becaue the WebApp may be + serving traffic. Set to DELETE to delete the WebApp. Default to DELETE + display_name: |- - (Required) - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: projects/foo-proj/locations/global/memberships/bar + The user-assigned display name of the App. + id: '- an identifier for the resource with format projects/{{project}}/webApps/{{app_id}}' name: |- - - (Optional) - The full, unique name of this Feature resource + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - resource_state: |- - - - State of the Feature resource itself. - Structure is documented below. - resource_state.has_resources: |- - - - (Output) - Whether this Feature has outstanding resources that need to be cleaned up before it can be disabled. - resource_state.state: |- - - - (Output) - The current state of the Feature resource in the Hub API. - spec: |- - - - (Optional) - Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused. - Structure is documented below. - spec.fleetobservability: |- - - - (Optional) - Fleet Observability feature spec. - Structure is documented below. - spec.multiclusteringress: |- - - - (Optional) - Multicluster Ingress-specific spec. - Structure is documented below. - state: |- - - - Output only. The Hub-wide Feature state - Structure is documented below. - state.state: |- - - - (Output) - Output only. The "running state" of the Feature in this Hub. - Structure is documented below. - state.state.code: |- - - - (Output) - The high-level, machine-readable status of this Feature. - state.state.description: |- - - - (Output) - A human-readable description of the current status. - state.state.update_time: |- - - - (Output) - The time this status and any related Feature-specific details were updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" update: '- Default is 20 minutes.' - update_time: |- - - - Output only. When the Feature resource was last updated. - importStatements: [] - google_gke_hub_feature_iam_policy: - subCategory: GKEHub - description: Collection of resources to manage IAM policy for GKEHub Feature - name: google_gke_hub_feature_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "location": "${google_gke_hub_feature.feature.location}", - "name": "${google_gke_hub_feature.feature.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_gke_hub_feature.feature.project}" - } - references: - location: google_gke_hub_feature.feature.location - name: google_gke_hub_feature.feature.name - policy_data: data.google_iam_policy.admin.policy_data - project: google_gke_hub_feature.feature.project - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_gke_hub_feature_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.' - google_gke_hub_feature_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.' - google_gke_hub_feature_iam_policy: ': Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.' - location: '- (Required) The location for the resource Used to find the parent resource to bind the IAM policy to' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - name: '- (Required) Used to find the parent resource to bind the IAM policy to' - policy_data: |- - - (Required only by google_gke_hub_feature_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_gke_hub_feature_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_gke_hub_feature_membership: - subCategory: GKEHub - description: Contains information about a GKEHub Feature Memberships. - name: google_gke_hub_feature_membership + google_firebaserules_release: + subCategory: Firebaserules + name: google_firebaserules_release title: "" examples: - - name: feature_member + - name: primary manifest: |- { - "configmanagement": [ + "lifecycle": [ { - "config_sync": [ - { - "git": [ - { - "sync_repo": "https://github.com/hashicorp/terraform" - } - ] - } - ], - "version": "1.6.2" + "replace_triggered_by": [ + "${google_firebaserules_ruleset.firestore}" + ] } ], - "feature": "${google_gke_hub_feature.feature.name}", - "location": "global", - "membership": "${google_gke_hub_membership.membership.membership_id}", - "provider": "${google-beta}" + "name": "cloud.firestore", + "project": "my-project-name", + "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.firestore.name}" } - references: - feature: google_gke_hub_feature.feature.name - membership: google_gke_hub_membership.membership.membership_id - provider: google-beta dependencies: - google_container_cluster.cluster: |- - { - "initial_node_count": 1, - "location": "us-central1-a", - "name": "my-cluster", - "provider": "${google-beta}" - } - google_gke_hub_feature.feature: |- - { - "labels": { - "foo": "bar" - }, - "location": "global", - "name": "configmanagement", - "provider": "${google-beta}" - } - google_gke_hub_membership.membership: |- + google_firebaserules_ruleset.firestore: |- { - "endpoint": [ + "project": "my-project-name", + "source": [ { - "gke_cluster": [ + "files": [ { - "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", + "name": "firestore.rules" } ] } - ], - "membership_id": "my-membership", - "provider": "${google-beta}" + ] } - - name: feature_member + - name: primary manifest: |- { - "configmanagement": [ + "lifecycle": [ { - "config_sync": [ - { - "oci": [ - { - "gcp_service_account_email": "sa@project-id.iam.gserviceaccount.com", - "policy_dir": "config-connector", - "secret_type": "gcpserviceaccount", - "sync_repo": "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest", - "sync_wait_secs": "20" - } - ] - } - ], - "version": "1.15.1" + "replace_triggered_by": [ + "${google_firebaserules_ruleset.storage}" + ] } ], - "feature": "${google_gke_hub_feature.feature.name}", - "location": "global", - "membership": "${google_gke_hub_membership.membership.membership_id}", - "provider": "${google-beta}" + "name": "firebase.storage/${google_storage_bucket.bucket.name}", + "project": "my-project-name", + "provider": "${google-beta}", + "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.storage.name}" } references: - feature: google_gke_hub_feature.feature.name - membership: google_gke_hub_membership.membership.membership_id provider: google-beta dependencies: - google_container_cluster.cluster: |- - { - "initial_node_count": 1, - "location": "us-central1-a", - "name": "my-cluster", - "provider": "${google-beta}" - } - google_gke_hub_feature.feature: |- + google_firebase_storage_bucket.bucket: |- { - "labels": { - "foo": "bar" - }, - "location": "global", - "name": "configmanagement", + "bucket_id": "${google_storage_bucket.bucket.name}", + "project": "my-project-name", "provider": "${google-beta}" } - google_gke_hub_membership.membership: |- + google_firebaserules_ruleset.storage: |- { - "endpoint": [ + "depends_on": [ + "${google_firebase_storage_bucket.bucket}" + ], + "project": "my-project-name", + "provider": "${google-beta}", + "source": [ { - "gke_cluster": [ + "files": [ { - "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + "content": "service firebase.storage {match /b/{bucket}/o {match /{allPaths=**} {allow read, write: if request.auth != null;}}}", + "name": "storage.rules" } ] } - ], - "membership_id": "my-membership", + ] + } + google_storage_bucket.bucket: |- + { + "location": "us-west1", + "name": "bucket", + "project": "my-project-name", "provider": "${google-beta}" } - - name: feature_member + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Time the release was created. + delete: '- Default is 20 minutes.' + disabled: |- + - + Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release. + id: '- an identifier for the resource with format projects/{{project}}/releases/{{name}}' + name: |- + - + (Required) + Format: projects/{project_id}/releases/{release_id}\Firestore Rules Releases will always have the name 'cloud.firestore' + project: |- + - + (Optional) + The project for the resource + ruleset_name: |- + - + (Required) + Name of the Ruleset referred to by this Release. The Ruleset must exist for the Release to be created. + update_time: |- + - + Output only. Time the release was updated. + importStatements: [] + google_firebaserules_ruleset: + subCategory: Firebaserules + name: google_firebaserules_ruleset + title: "" + examples: + - name: primary manifest: |- { - "feature": "${google_gke_hub_feature.feature.name}", - "location": "global", - "membership": "${google_gke_hub_membership.membership.membership_id}", - "mesh": [ + "project": "my-project-name", + "source": [ { - "management": "MANAGEMENT_AUTOMATIC" + "files": [ + { + "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", + "fingerprint": "", + "name": "firestore.rules" + } + ], + "language": "" } - ], - "provider": "${google-beta}" + ] } - references: - feature: google_gke_hub_feature.feature.name - membership: google_gke_hub_membership.membership.membership_id - provider: google-beta - dependencies: - google_container_cluster.cluster: |- - { - "initial_node_count": 1, - "location": "us-central1-a", - "name": "my-cluster", - "provider": "${google-beta}" - } - google_gke_hub_feature.feature: |- - { - "location": "global", - "name": "servicemesh", - "provider": "${google-beta}" - } - google_gke_hub_membership.membership: |- + - name: primary + manifest: |- + { + "project": "my-project-name", + "source": [ { - "endpoint": [ + "files": [ { - "gke_cluster": [ - { - "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" - } - ] + "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", + "name": "firestore.rules" } - ], - "membership_id": "my-membership", - "provider": "${google-beta}" + ] } + ] + } argumentDocs: - binauthz.enabled: |- - - - (Optional) - Whether binauthz is enabled in this cluster. - config_sync.git: |- + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) Structure is documented below. - config_sync.oci: |- + Output only. Time the Ruleset was created. + delete: '- Default is 20 minutes.' + files.content: |- - - (Optional) Supported from ACM versions 1.12.0 onwards. Structure is documented below. - config_sync.prevent_drift: |- + (Required) + Textual Content. + files.fingerprint: |- - (Optional) - Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts. - config_sync.source_format: |- + Fingerprint (e.g. github sha) associated with the File. + files.name: |- - - (Optional) - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. - configmanagement: |- + (Required) + File name. + files.project: |- - (Optional) - Config Management-specific spec. Structure is documented below. - configmanagement.binauthz: |- + The project for the resource + id: '- an identifier for the resource with format projects/{{project}}/rulesets/{{name}}' + metadata: |- - - (Optional) - Binauthz configuration for the cluster. Structure is documented below. - configmanagement.config_sync: |- + Output only. The metadata for this ruleset. + name: |- - - (Optional) - Config Sync configuration for the cluster. Structure is documented below. - configmanagement.hierarchy_controller: |- + Output only. Name of the Ruleset. The ruleset_id is auto generated by the service. Format: projects/{project_id}/rulesets/{ruleset_id} + source: |- - - (Optional) - Hierarchy Controller configuration for the cluster. Structure is documented below. - configmanagement.policy_controller: |- + (Required) + Source for the Ruleset. + source.files: |- - - (Optional) - Policy Controller configuration for the cluster. Structure is documented below. - configmanagement.version: |- + (Required) + File set constituting the Source bundle. + source.language: |- - (Optional) - Version of ACM installed. + Language of the Source bundle. If unspecified, the language will default to FIREBASE_RULES. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS + importStatements: [] + google_firestore_backup_schedule: + subCategory: Firestore + description: A backup schedule for a Cloud Firestore Database. + name: google_firestore_backup_schedule + title: "" + examples: + - name: daily-backup + manifest: |- + { + "daily_recurrence": [ + {} + ], + "database": "${google_firestore_database.database.name}", + "project": "my-project-name", + "retention": "604800s" + } + references: + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } + - name: weekly-backup + manifest: |- + { + "database": "${google_firestore_database.database.name}", + "project": "my-project-name", + "retention": "8467200s", + "weekly_recurrence": [ + { + "day": "SUNDAY" + } + ] + } + references: + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } + argumentDocs: create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - feature: |- - - - (Optional) - The name of the feature - git.gcp_service_account_email: |- - - - (Optional) - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - git.https_proxy: |- - - - (Optional) - URL for the HTTPS proxy to be used when communicating with the Git repo. - git.policy_dir: |- - - - (Optional) - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. - git.secret_type: |- - - - (Optional) - Type of secret configured for access to the Git repo. - git.sync_branch: |- - - - (Optional) - The branch of the repository to sync from. Default: master. - git.sync_repo: |- - - - (Optional) - The URL of the Git repository to use as the source of truth. - git.sync_rev: |- - - - (Optional) - Git revision (tag or hash) to check out. Default HEAD. - git.sync_wait_secs: |- - - - (Optional) - Period in seconds between consecutive syncs. Default: 15. - hierarchy_controller.enable_hierarchical_resource_quota: |- - - - (Optional) - Whether hierarchical resource quota is enabled in this cluster. - hierarchy_controller.enable_pod_tree_labels: |- - - - (Optional) - Whether pod tree labels are enabled in this cluster. - hierarchy_controller.enabled: |- + daily_recurrence: |- - (Optional) - Whether Hierarchy Controller is enabled in this cluster. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}' - location: |- + For a schedule that runs daily at a specified time. + database: |- - (Optional) - The location of the feature - membership: |- + The Firestore database id. Defaults to "(default)". + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/databases/{{database}}/backupSchedules/{{name}}' + name: |- - - (Optional) - The name of the membership - mesh: |- + The unique backup schedule identifier across all locations and databases for the given project. Format: + projects/{{project}}/databases/{{database}}/backupSchedules/{{backupSchedule}} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + retention: |- - - (Optional) - Service mesh specific spec. Structure is documented below. - mesh.management: |- + (Required) + At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + For a daily backup recurrence, set this to a value up to 7 days. If you set a weekly backup recurrence, set this to a value up to 14 weeks. + update: '- Default is 20 minutes.' + weekly_recurrence: |- - (Optional) - Whether to automatically manage Service Mesh. Can either be MANAGEMENT_AUTOMATIC or MANAGEMENT_MANUAL. - oci.gcp_service_account_email: |- + For a schedule that runs weekly on a specific day and time. + Structure is documented below. + weekly_recurrence.day: |- - (Optional) - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. - oci.policy_dir: |- + The day of week to run. + Possible values are: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + importStatements: [] + google_firestore_database: + subCategory: Firestore + description: A Cloud Firestore Database. + name: google_firestore_database + title: "" + examples: + - name: database + manifest: |- + { + "location_id": "nam5", + "name": "(default)", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } + - name: database + manifest: |- + { + "app_engine_integration_mode": "DISABLED", + "concurrency_mode": "OPTIMISTIC", + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "point_in_time_recovery_enablement": "POINT_IN_TIME_RECOVERY_ENABLED", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } + - name: datastore_mode_database + manifest: |- + { + "location_id": "nam5", + "name": "(default)", + "project": "my-project-name", + "type": "DATASTORE_MODE" + } + - name: datastore_mode_database + manifest: |- + { + "app_engine_integration_mode": "DISABLED", + "concurrency_mode": "OPTIMISTIC", + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "point_in_time_recovery_enablement": "POINT_IN_TIME_RECOVERY_ENABLED", + "project": "my-project-name", + "type": "DATASTORE_MODE" + } + argumentDocs: + app_engine_integration_mode: |- - (Optional) - The absolute path of the directory that contains the local resources. Default: the root directory of the image. - oci.secret_type: |- + The App Engine integration mode to use for this database. + Possible values are: ENABLED, DISABLED. + concurrency_mode: |- - (Optional) - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. - oci.sync_repo: |- + The concurrency control mode to use for this database. + Possible values are: OPTIMISTIC, PESSIMISTIC, OPTIMISTIC_WITH_ENTITY_GROUPS. + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - oci.sync_wait_secs: |- + Output only. The timestamp at which this database was created. + delete: '- Default is 20 minutes.' + delete_protection_state: |- - (Optional) - Period in seconds(int64 format) between consecutive syncs. Default: 15. - policy_controller.audit_interval_seconds: |- + State of delete protection for the database. + When delete protection is enabled, this database cannot be deleted. + The default value is DELETE_PROTECTION_STATE_UNSPECIFIED, which is currently equivalent to DELETE_PROTECTION_DISABLED. + Note: Additionally, to delete this database using terraform destroy, deletion_policy must be set to DELETE. + Possible values are: DELETE_PROTECTION_STATE_UNSPECIFIED, DELETE_PROTECTION_ENABLED, DELETE_PROTECTION_DISABLED. + deletion_policy: |- + - (Optional) Deletion behavior for this database. + If the deletion policy is ABANDON, the database will be removed from Terraform state but not deleted from Google Cloud upon destruction. + If the deletion policy is DELETE, the database will both be removed from Terraform state and deleted from Google Cloud upon destruction. + The default value is ABANDON. + See also delete_protection. + earliest_version_time: |- + - + Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod. + This value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + etag: |- - - (Optional) - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. - policy_controller.enabled: |- + Output only. This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an + up-to-date value before proceeding. + id: '- an identifier for the resource with format projects/{{project}}/databases/{{name}}' + key_prefix: |- - - (Optional) - Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. - policy_controller.exemptable_namespaces: |- + Output only. The keyPrefix for this database. + This keyPrefix is used, in combination with the project id ("~") to construct the application id + that is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes. + This value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo). + location_id: |- - - (Optional) - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. - policy_controller.log_denies_enabled: |- + (Required) + The location of the database. Available locations are listed at + https://cloud.google.com/firestore/docs/locations. + name: |- - - (Optional) - Logs all denies and dry run failures. - policy_controller.monitoring: |- + (Required) + The ID to use for the database, which will become the final + component of the database's resource name. This value should be 4-63 + characters. Valid characters are /[a-z][0-9]-/ with first character + a letter and the last a letter or a number. Must not be + UUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/. + "(default)" database id is also valid. + point_in_time_recovery_enablement: |- - (Optional) - Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"] - policy_controller.mutation_enabled: |- + Whether to enable the PITR feature on this database. + If POINT_IN_TIME_RECOVERY_ENABLED is selected, reads are supported on selected versions of the data from within the past 7 days. + versionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour + and reads against 1-minute snapshots beyond 1 hour and within 7 days. + If POINT_IN_TIME_RECOVERY_DISABLED is selected, reads are supported on any version of the data from within the past 1 hour. + Default value is POINT_IN_TIME_RECOVERY_DISABLED. + Possible values are: POINT_IN_TIME_RECOVERY_ENABLED, POINT_IN_TIME_RECOVERY_DISABLED. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: |- - - (Optional) - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster. - policy_controller.referential_rules_enabled: |- + (Required) + The type of the database. + See https://cloud.google.com/datastore/docs/firestore-or-datastore + for information about how to choose. + Possible values are: FIRESTORE_NATIVE, DATASTORE_MODE. + uid: |- - - (Optional) - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. - policy_controller.template_library_installed: |- + Output only. The system-generated UUID4 for this Database. + update: '- Default is 20 minutes.' + update_time: |- - - (Optional) - Installs the default template library along with Policy Controller. - project: |- + Output only. The timestamp at which this database was most recently updated. + version_retention_period: |- - - (Optional) - The project of the feature - update: '- Default is 20 minutes.' + Output only. The period during which past versions of data are retained in the database. + Any read or query can specify a readTime within this window, and will read the state of the database at that time. + If the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". importStatements: [] - google_gke_hub_membership: - subCategory: GKEHub - description: Membership contains information about a member cluster. - name: google_gke_hub_membership + google_firestore_document: + subCategory: Firestore + description: In Cloud Firestore, the unit of storage is the document. + name: google_firestore_document title: "" examples: - - name: membership + - name: mydoc manifest: |- { - "endpoint": [ + "collection": "somenewcollection", + "database": "${google_firestore_database.database.name}", + "document_id": "my-doc-id", + "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}", + "project": "${google_project.project.project_id}" + } + references: + database: google_firestore_database.database.name + project: google_project.project.project_id + dependencies: + google_firestore_database.database: |- { - "gke_cluster": [ - { - "resource_link": "//container.googleapis.com/${google_container_cluster.primary.id}" - } + "depends_on": [ + "${google_project_service.firestore}" + ], + "location_id": "nam5", + "name": "(default)", + "project": "${google_project.project.project_id}", + "type": "FIRESTORE_NATIVE" + } + google_project.project: |- + { + "name": "project-id", + "org_id": "123456789", + "project_id": "project-id" + } + google_project_service.firestore: |- + { + "depends_on": [ + "${time_sleep.wait_60_seconds}" + ], + "project": "${google_project.project.project_id}", + "service": "firestore.googleapis.com" + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project.project}" ] } - ], - "membership_id": "basic" + - name: mydoc + manifest: |- + { + "collection": "somenewcollection", + "database": "${google_firestore_database.database.name}", + "document_id": "my-doc-id", + "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}", + "project": "${google_project.project.project_id}" } + references: + database: google_firestore_database.database.name + project: google_project.project.project_id dependencies: - google_container_cluster.primary: |- + google_firestore_database.database: |- { - "initial_node_count": 1, - "location": "us-central1-a", - "name": "basiccluster" + "depends_on": [ + "${google_project_service.firestore}" + ], + "location_id": "nam5", + "name": "(default)", + "project": "${google_project.project.project_id}", + "type": "FIRESTORE_NATIVE" } - - name: membership + google_project.project: |- + { + "name": "project-id", + "org_id": "123456789", + "project_id": "project-id" + } + google_project_service.firestore: |- + { + "depends_on": [ + "${time_sleep.wait_60_seconds}" + ], + "project": "${google_project.project.project_id}", + "service": "firestore.googleapis.com" + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project.project}" + ] + } + - name: sub_document manifest: |- { - "authority": [ + "collection": "${google_firestore_document.mydoc.path}/subdocs", + "database": "${google_firestore_database.database.name}", + "document_id": "bitcoinkey", + "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"ayo\":{\"stringValue\":\"val2\"}}}}}", + "project": "${google_project.project.project_id}" + } + references: + database: google_firestore_database.database.name + project: google_project.project.project_id + dependencies: + google_firestore_database.database: |- { - "issuer": "https://container.googleapis.com/v1/${google_container_cluster.primary.id}" + "depends_on": [ + "${google_project_service.firestore}" + ], + "location_id": "nam5", + "name": "(default)", + "project": "${google_project.project.project_id}", + "type": "FIRESTORE_NATIVE" } - ], - "endpoint": [ + google_project.project: |- { - "gke_cluster": [ - { - "resource_link": "${google_container_cluster.primary.id}" - } + "name": "project-id", + "org_id": "123456789", + "project_id": "project-id" + } + google_project_service.firestore: |- + { + "depends_on": [ + "${time_sleep.wait_60_seconds}" + ], + "project": "${google_project.project.project_id}", + "service": "firestore.googleapis.com" + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project.project}" ] } - ], - "membership_id": "basic" + - name: sub_sub_document + manifest: |- + { + "collection": "${google_firestore_document.sub_document.path}/subsubdocs", + "database": "${google_firestore_database.database.name}", + "document_id": "asecret", + "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"secret\":{\"stringValue\":\"hithere\"}}}}}", + "project": "${google_project.project.project_id}" } references: - endpoint.gke_cluster.resource_link: google_container_cluster.primary.id + database: google_firestore_database.database.name + project: google_project.project.project_id dependencies: - google_container_cluster.primary: |- + google_firestore_database.database: |- { - "initial_node_count": 1, - "location": "us-central1-a", - "name": "basiccluster", - "workload_identity_config": [ - { - "workload_pool": "my-project-name.svc.id.goog" - } + "depends_on": [ + "${google_project_service.firestore}" + ], + "location_id": "nam5", + "name": "(default)", + "project": "${google_project.project.project_id}", + "type": "FIRESTORE_NATIVE" + } + google_project.project: |- + { + "name": "project-id", + "org_id": "123456789", + "project_id": "project-id" + } + google_project_service.firestore: |- + { + "depends_on": [ + "${time_sleep.wait_60_seconds}" + ], + "project": "${google_project.project.project_id}", + "service": "firestore.googleapis.com" + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project.project}" ] } argumentDocs: - authority: |- - - - (Optional) - Authority encodes how Google will recognize identities from this Membership. - See the workload identity documentation for more details: - https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity - Structure is documented below. - authority.issuer: |- + collection: |- - (Required) - A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones). If the cluster is provisioned with Terraform, this is "https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}". + The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages. create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - description: |- - - - (Optional, Beta) - The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API. - endpoint: |- + create_time: |- - - (Optional) - If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. - Structure is documented below. - endpoint.gke_cluster: |- + Creation timestamp in RFC3339 format. + database: |- - (Optional) - If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. - Structure is documented below. - endpoint.gke_cluster.resource_link: |- + The Firestore database id. Defaults to "(default)". + delete: '- Default is 20 minutes.' + document_id: |- - (Required) - Self-link of the GCP resource for the GKE cluster. - For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. - It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, - this can be "//container.googleapis.com/${google_container_cluster.my-cluster.id}" or - google_container_cluster.my-cluster.id. - id: '- an identifier for the resource with format projects/{{project}}/locations/global/memberships/{{membership_id}}' - labels: |- - - - (Optional) - Labels to apply to this membership. - membership_id: |- + The client-assigned document ID to use for this document during creation. + fields: |- - (Required) - The client-provided identifier of the membership. + The document's fields formated as a json string. + id: '- an identifier for the resource with format {{name}}' name: |- - - The unique identifier of the membership. + A server defined name for this index. Format: + projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}} + path: |- + - + A relative path to the collection this document exists within project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. update: '- Default is 20 minutes.' + update_time: |- + - + Last update timestamp in RFC3339 format. importStatements: [] - google_gke_hub_membership_iam_policy: - subCategory: GKEHub - description: Collection of resources to manage IAM policy for GKEHub Membership - name: google_gke_hub_membership_iam_policy + google_firestore_field: + subCategory: Firestore + description: Represents a single field in the database. + name: google_firestore_field title: "" examples: - - name: policy + - name: basic manifest: |- { - "membership_id": "${google_gke_hub_membership.membership.membership_id}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_gke_hub_membership.membership.project}" + "collection": "chatrooms_", + "database": "${google_firestore_database.database.name}", + "field": "basic", + "index_config": [ + { + "indexes": [ + { + "order": "ASCENDING", + "query_scope": "COLLECTION_GROUP" + }, + { + "array_config": "CONTAINS" + } + ] + } + ], + "project": "my-project-name" } references: - membership_id: google_gke_hub_membership.membership.membership_id - policy_data: data.google_iam_policy.admin.policy_data - project: google_gke_hub_membership.membership.project - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_gke_hub_membership_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.' - google_gke_hub_membership_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.' - google_gke_hub_membership_iam_policy: ': Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_gke_hub_membership_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_gke_hub_membership_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_gkeonprem_bare_metal_admin_cluster: - subCategory: Anthos On-Prem - description: A Google Bare Metal Admin Cluster. - name: google_gkeonprem_bare_metal_admin_cluster - title: "" - examples: - - name: admin-cluster-basic - manifest: |- - { - "bare_metal_version": "1.13.4", - "control_plane": [ - { - "control_plane_node_pool_config": [ - { - "node_pool_config": [ - { - "labels": {}, - "node_configs": [ - { - "labels": {}, - "node_ip": "10.200.0.2" - }, - { - "labels": {}, - "node_ip": "10.200.0.3" - }, - { - "labels": {}, - "node_ip": "10.200.0.4" - } - ], - "operating_system": "LINUX" - } - ] - } - ] - } - ], - "load_balancer": [ - { - "port_config": [ - { - "control_plane_load_balancer_port": 443 - } - ], - "vip_config": [ - { - "control_plane_vip": "10.200.0.5" - } - ] - } - ], - "location": "us-west1", - "name": "my-cluster", - "network_config": [ - { - "island_mode_cidr": [ - { - "pod_address_cidr_blocks": [ - "10.240.0.0/13" - ], - "service_address_cidr_blocks": [ - "172.26.0.0/16" - ] - } - ] - } - ], - "node_access_config": [ - { - "login_user": "root" - } - ], - "node_config": [ + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- { - "max_pods_per_node": 250 + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" } + - name: timestamp + manifest: |- + { + "collection": "chatrooms", + "database": "${google_firestore_database.database.name}", + "field": "timestamp", + "index_config": [ + {} ], - "provider": "${google-beta}", - "storage": [ - { - "lvp_node_mounts_config": [ - { - "path": "/mnt/localpv-disk", - "storage_class": "local-disks" - } - ], - "lvp_share_config": [ - { - "lvp_config": [ - { - "path": "/mnt/localpv-share", - "storage_class": "local-shared" - } - ], - "shared_path_pv_count": 5 - } - ] - } + "project": "my-project-name", + "ttl_config": [ + {} ] } references: - provider: google-beta - - name: admin-cluster-basic - manifest: |- - { - "annotations": {}, - "bare_metal_version": "1.13.4", - "cluster_operations": [ - { - "enable_application_logs": true - } - ], - "control_plane": [ + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- { - "api_server_args": [ - { - "argument": "test argument", - "value": "test value" - } - ], - "control_plane_node_pool_config": [ - { - "node_pool_config": [ - { - "labels": {}, - "node_configs": [ - { - "labels": {}, - "node_ip": "10.200.0.2" - }, - { - "labels": {}, - "node_ip": "10.200.0.3" - }, - { - "labels": {}, - "node_ip": "10.200.0.4" - } - ], - "operating_system": "LINUX", - "taints": [ - { - "effect": "NO_EXECUTE", - "key": "test-key", - "value": "test-value" - } - ] - } - ] - } - ] + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" } - ], - "description": "test description", - "load_balancer": [ + - name: match_override + manifest: |- + { + "collection": "chatrooms_", + "database": "${google_firestore_database.database.name}", + "field": "field_with_same_configuration_as_ancestor", + "index_config": [ { - "manual_lb_config": [ - { - "enabled": true - } - ], - "port_config": [ - { - "control_plane_load_balancer_port": 443 - } - ], - "vip_config": [ + "indexes": [ { - "control_plane_vip": "10.200.0.5" - } - ] - } - ], - "location": "us-west1", - "maintenance_config": [ - { - "maintenance_address_cidr_blocks": [ - "10.0.0.1/32", - "10.0.0.2/32" - ] - } - ], - "name": "my-cluster", - "network_config": [ - { - "island_mode_cidr": [ + "order": "ASCENDING" + }, { - "pod_address_cidr_blocks": [ - "10.240.0.0/13" - ], - "service_address_cidr_blocks": [ - "172.26.0.0/16" - ] - } - ] - } - ], - "node_access_config": [ - { - "login_user": "root" - } - ], - "node_config": [ - { - "max_pods_per_node": 250 - } - ], - "provider": "${google-beta}", - "proxy": [ - { - "no_proxy": [ - "127.0.0.1" - ], - "uri": "test proxy uri" - } - ], - "security_config": [ - { - "authorization": [ + "order": "DESCENDING" + }, { - "admin_users": [ - { - "username": "admin@hashicorptest.com" - } - ] + "array_config": "CONTAINS" } ] } ], - "storage": [ - { - "lvp_node_mounts_config": [ - { - "path": "/mnt/localpv-disk", - "storage_class": "local-disks" - } - ], - "lvp_share_config": [ - { - "lvp_config": [ - { - "path": "/mnt/localpv-share", - "storage_class": "local-shared" - } - ], - "shared_path_pv_count": 5 - } - ] - } - ] + "project": "my-project-name" } references: - provider: google-beta + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } argumentDocs: - annotations: |- - - - (Optional) - Annotations on the Bare Metal Admin Cluster. - This field has the same restrictions as Kubernetes annotations. - The total size of all keys and values combined is limited to 256k. - Key can have 2 segments: prefix (optional) and name (required), - separated by a slash (/). - Prefix must be a DNS subdomain. - Name must be 63 characters or less, begin and end with alphanumerics, - with dashes (-), underscores (_), dots (.), and alphanumerics between. - api_server_args.argument: |- + collection: |- - (Required) - The argument name as it appears on the API Server command line please make sure to remove the leading dashes. - api_server_args.value: |- + The id of the collection group to configure. + create: '- Default is 20 minutes.' + database: |- + - + (Optional) + The Firestore database id. Defaults to "(default)". + delete: '- Default is 20 minutes.' + field: |- - (Required) - The value of the arg as it will be passed to the API Server command line. - bare_metal_version: |- + The id of the field to configure. + id: '- an identifier for the resource with format {{name}}' + index_config: |- - (Optional) - A human readable description of this Bare Metal Admin Cluster. - cluster_operations: |- + The single field index configuration for this field. + Creating an index configuration for this field will override any inherited configuration with the + indexes specified. Configuring the index configuration with an empty block disables all indexes on + the field. + Structure is documented below. + index_config.indexes: |- - (Optional) - Specifies the Admin Cluster's observability infrastructure. + The indexes to configure on the field. Order or array contains must be specified. Structure is documented below. - cluster_operations.enable_application_logs: |- + index_config.indexes.array_config: |- - (Optional) - Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics). - conditions.last_transition_time: |- - - - (Output) - Last time the condition transit from one status to another. - conditions.message: |- + Indicates that this field supports operations on arrayValues. Only one of order and arrayConfig can + be specified. + Possible values are: CONTAINS. + index_config.indexes.order: |- - (Optional) - Human-readable message indicating details about last transition. - conditions.reason: |- + Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=, !=. + Only one of order and arrayConfig can be specified. + Possible values are: ASCENDING, DESCENDING. + index_config.indexes.query_scope: |- - (Optional) - Machine-readable message indicating details about last transition. - conditions.state: |- - - - (Output) - The lifecycle state of the condition. - conditions.type: |- + The scope at which a query is run. Collection scoped queries require you specify + the collection at query time. Collection group scope allows queries across all + collections with the same id. + Default value is COLLECTION. + Possible values are: COLLECTION, COLLECTION_GROUP. + name: |- - - (Optional) - Type of the condition. - (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) - control_plane: |- + The name of this field. Format: + projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + ttl_config: |- - (Optional) - Specifies the control plane configuration. + The TTL configuration for this Field. If set to an empty block (i.e. ttl_config {}), a TTL policy is configured based on the field. If unset, a TTL policy is not configured (or will be disabled upon updating the resource). Structure is documented below. - control_plane.api_server_args: |- + ttl_config.state: |- - - (Optional) - Customizes the default API server args. Only a subset of - customized flags are supported. Please refer to the API server - documentation below to know the exact format: - https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ - Structure is documented below. - control_plane.control_plane_node_pool_config: |- + (Output) + The state of TTL (time-to-live) configuration for documents that have this Field set. + update: '- Default is 20 minutes.' + importStatements: [] + google_firestore_index: + subCategory: Firestore + description: Cloud Firestore indexes enable simple and complex queries against documents in a database. + name: google_firestore_index + title: "" + examples: + - name: my-index + manifest: |- + { + "collection": "${google_firestore_document.document.collection}", + "database": "${google_firestore_database.database.name}", + "fields": [ + { + "field_path": "name", + "order": "ASCENDING" + }, + { + "field_path": "description", + "order": "DESCENDING" + } + ], + "project": "${google_project.project.project_id}" + } + references: + collection: google_firestore_document.document.collection + database: google_firestore_database.database.name + project: google_project.project.project_id + dependencies: + google_firestore_database.database: |- + { + "depends_on": [ + "${google_project_service.firestore}" + ], + "location_id": "nam5", + "name": "(default)", + "project": "${google_project.project.project_id}", + "type": "FIRESTORE_NATIVE" + } + google_firestore_document.document: |- + { + "collection": "somenewcollection", + "database": "${google_firestore_database.database.name}", + "document_id": "", + "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}", + "project": "${google_project.project.project_id}" + } + google_project.project: |- + { + "name": "project-id", + "org_id": "123456789", + "project_id": "project-id" + } + google_project_service.firestore: |- + { + "depends_on": [ + "${time_sleep.wait_60_seconds}" + ], + "project": "${google_project.project.project_id}", + "service": "firestore.googleapis.com" + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project.project}" + ] + } + - name: my-index + manifest: |- + { + "api_scope": "DATASTORE_MODE_API", + "collection": "chatrooms", + "database": "(default)", + "fields": [ + { + "field_path": "name", + "order": "ASCENDING" + }, + { + "field_path": "description", + "order": "DESCENDING" + } + ], + "project": "my-project-name", + "query_scope": "COLLECTION_RECURSIVE" + } + argumentDocs: + collection: |- - (Required) - Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster. - Structure is documented below. - control_plane_node_pool_config.node_pool_config: |- + The collection being indexed. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + fields: |- - (Required) - The generic configuration for a node pool running the control plane. + The fields supported by this index. The last field entry is always for + the field path __name__. If, on creation, __name__ was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the __name__ will be + ordered "ASCENDING" (unless explicitly specified otherwise). Structure is documented below. - control_plane_node_pool_config.node_pool_config.labels: |- + fields.api_scope: |- - (Optional) - The map of Kubernetes labels (key/value pairs) to be applied to - each node. These will added in addition to any default label(s) - that Kubernetes may apply to the node. In case of conflict in - label keys, the applied set may differ depending on the Kubernetes - version -- it's best to assume the behavior is undefined and - conflicts should be avoided. For more information, including usage - and the valid values, see: - http://kubernetes.io/v1.1/docs/user-guide/labels.html - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - control_plane_node_pool_config.node_pool_config.node_configs: |- + The API scope at which a query is run. + Default value is ANY_API. + Possible values are: ANY_API, DATASTORE_MODE_API. + fields.array_config: |- - (Optional) - The list of machine addresses in the Bare Metal Node Pool. - Structure is documented below. - control_plane_node_pool_config.node_pool_config.operating_system: |- + Indicates that this field supports operations on arrayValues. Only one of order and arrayConfig can + be specified. + Possible values are: CONTAINS. + fields.database: |- - (Optional) - Specifies the nodes operating system (default: LINUX). - control_plane_node_pool_config.node_pool_config.taints: |- + The Firestore database id. Defaults to "(default)". + fields.field_path: |- - (Optional) - The initial taints assigned to nodes of this node pool. - Structure is documented below. - create: '- Default is 60 minutes.' - create_time: |- - - - The time the cluster was created, in RFC3339 text format. - delete: '- Default is 60 minutes.' - delete_time: |- - - - The time the cluster was deleted, in RFC3339 text format. - description: |- + Name of the field. + fields.order: |- - (Optional) - A human readable description of this Bare Metal Admin Cluster. - endpoint: |- + Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of order and arrayConfig can be specified. + Possible values are: ASCENDING, DESCENDING. + fields.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + fields.query_scope: |- - - The IP address name of Bare Metal Admin Cluster's API server. - etag: |- + (Optional) + The scope at which a query is run. + Default value is COLLECTION. + Possible values are: COLLECTION, COLLECTION_GROUP, COLLECTION_RECURSIVE. + id: '- an identifier for the resource with format {{name}}' + name: |- - - This checksum is computed by the server based on the value of other - fields, and may be sent on update and delete requests to ensure the - client has an up-to-date value before proceeding. - Allows clients to perform consistent read-modify-writes + A server defined name for this index. Format: + projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}} + importStatements: [] + google_folder: + subCategory: Cloud Platform + description: Allows management of a Google Cloud Platform folder. + name: google_folder + title: "" + examples: + - name: department1 + manifest: |- + { + "display_name": "Department 1", + "parent": "organizations/1234567" + } + - name: team-abc + manifest: |- + { + "display_name": "Team ABC", + "parent": "${google_folder.department1.name}" + } + references: + parent: google_folder.department1.name + argumentDocs: + create_time: |- + - Timestamp when the Folder was created. Assigned by the server. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + display_name: |- + - (Required) The folder’s display name. + A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. + folder_id: '- The folder id from the name "folders/{folder_id}"' + lifecycle_state: '- The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.' + name: '- The resource name of the Folder. Its format is folders/{folder_id}.' + parent: |- + - (Required) The resource name of the parent Folder or Organization. + Must be of the form folders/{folder_id} or organizations/{org_id}. + importStatements: [] + google_folder_access_approval_settings: + subCategory: Access Approval + description: Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. + name: google_folder_access_approval_settings + title: "" + examples: + - name: folder_access_approval + manifest: |- + { + "enrolled_services": [ + { + "cloud_product": "all" + } + ], + "folder_id": "${google_folder.my_folder.folder_id}", + "notification_emails": [ + "testuser@example.com", + "example.user@example.com" + ] + } + references: + folder_id: google_folder.my_folder.folder_id + dependencies: + google_folder.my_folder: |- + { + "display_name": "my-folder", + "parent": "organizations/123456789" + } + - name: folder_access_approval + manifest: |- + { + "active_key_version": "${data.google_kms_crypto_key_version.crypto_key_version.name}", + "depends_on": [ + "${google_kms_crypto_key_iam_member.iam}" + ], + "enrolled_services": [ + { + "cloud_product": "all" + } + ], + "folder_id": "${google_folder.my_folder.folder_id}" + } + references: + active_key_version: data.google_kms_crypto_key_version.crypto_key_version.name + folder_id: google_folder.my_folder.folder_id + dependencies: + google_folder.my_folder: |- + { + "display_name": "my-folder", + "parent": "organizations/123456789" + } + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "crypto-key", + "purpose": "ASYMMETRIC_SIGN", + "version_template": [ + { + "algorithm": "EC_SIGN_P384_SHA384" + } + ] + } + google_kms_crypto_key_iam_member.iam: |- + { + "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "member": "serviceAccount:${data.google_access_approval_folder_service_account.service_account.account_email}", + "role": "roles/cloudkms.signerVerifier" + } + google_kms_key_ring.key_ring: |- + { + "location": "global", + "name": "key-ring", + "project": "${google_project.my_project.project_id}" + } + google_project.my_project: |- + { + "folder_id": "${google_folder.my_folder.name}", + "name": "My Project", + "project_id": "your-project-id" + } + argumentDocs: + ancestor_has_active_key_version: |- + - + If the field is true, that indicates that an ancestor of this Folder has set active_key_version. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + enrolled_ancestor: |- + - + If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder. + enrolled_services: |- + - + (Required) + A list of Google Cloud Services for which the given resource has Access Approval enrolled. + Access requests for the resource given by name against any of these services contained here will be required + to have explicit approval. Enrollment can only be done on an all or nothing basis. + A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. + Structure is documented below. + enrolled_services.active_key_version: |- + - + (Optional) + The asymmetric crypto key version to use for signing approval requests. + Empty active_key_version indicates that a Google-managed key should be used for signing. + This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. + enrolled_services.cloud_product: |- + - + (Required) + The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): + enrolled_services.enrollment_level: |- + - + (Optional) + The enrollment level of the service. + Default value is BLOCK_ALL. + Possible values are: BLOCK_ALL. + enrolled_services.notification_emails: |- + - + (Optional) + A list of email addresses to which notifications relating to approval requests should be sent. + Notifications relating to a resource will be sent to all emails in the settings of ancestor + resources of that resource. A maximum of 50 email addresses are allowed. + folder_id: |- + - + (Required) + ID of the folder of the access approval settings. + id: '- an identifier for the resource with format folders/{{folder_id}}/accessApprovalSettings' + invalid_key_version: |- + - + If the field is true, that indicates that there is some configuration issue with the active_key_version + configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the + correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, + as key versions are inherited top-down. + name: |- + - + The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings" + update: '- Default is 20 minutes.' + importStatements: [] + google_folder_iam_policy: + subCategory: Cloud Platform + description: Collection of resources to manage IAM policy for a folder. + name: google_folder_iam_policy + title: "" + examples: + - name: folder + manifest: |- + { + "folder": "folders/1234567", + "policy_data": "${data.google_iam_policy.admin.policy_data}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + - name: folder + manifest: |- + { + "folder": "folders/1234567", + "policy_data": "${data.google_iam_policy.admin.policy_data}" + } + argumentDocs: + audit_log_config: '- (Required only by google_folder_iam_audit_config) The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.' + audit_log_config.exempted_members: '- (Optional) Identities that do not cause logging for this type of permission. The format is the same as that for members.' + audit_log_config.log_type: '- (Required) Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.' + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the folder''s IAM policy.' + folder: '- (Required) The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.' + google_folder_iam_audit_config: ': Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.' + google_folder_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.' + google_folder_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.' + google_folder_iam_policy: ': Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.' + member/members: |- + - (Required except for google_folder_iam_audit_config) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_folder_iam_policy) The google_iam_policy data source that represents + the IAM policy that will be applied to the folder. The policy will be + merged with any existing policy applied to the folder. + role: |- + - (Required except for google_folder_iam_audit_config) The role that should be applied. Only one + google_folder_iam_binding can be used per role. Note that custom roles must be of the format + organizations/{{org_id}}/roles/{{role_id}}. + service: '- (Required only by google_folder_iam_audit_config) Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google_folder_iam_audit_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.' + importStatements: [] + google_folder_organization_policy: + subCategory: Cloud Platform + description: Allows management of Organization policies for a Google Folder. + name: google_folder_organization_policy + title: "" + examples: + - name: serial_port_policy + manifest: |- + { + "boolean_policy": [ + { + "enforced": true + } + ], + "constraint": "compute.disableSerialPortAccess", + "folder": "folders/123456789" + } + - name: services_policy + manifest: |- + { + "constraint": "serviceuser.services", + "folder": "folders/123456789", + "list_policy": [ + { + "allow": [ + { + "all": true + } + ] + } + ] + } + - name: services_policy + manifest: |- + { + "constraint": "serviceuser.services", + "folder": "folders/123456789", + "list_policy": [ + { + "deny": [ + { + "values": [ + "cloudresourcemanager.googleapis.com" + ] + } + ], + "suggested_value": "compute.googleapis.com" + } + ] + } + - name: services_policy + manifest: |- + { + "constraint": "serviceuser.services", + "folder": "folders/123456789", + "restore_policy": [ + { + "default": true + } + ] + } + argumentDocs: + allow.all: '- (Optional) The policy allows or denies all values.' + allow.values: '- (Optional) The policy can define specific values that are allowed or denied.' + boolean_policy: '- (Optional) A boolean policy is a constraint that is either enforced or not. Structure is documented below.' + boolean_policy.enforced: '- (Required) If true, then the Policy is enforced. If false, then any configuration is acceptable.' + constraint: '- (Required) The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.' + etag: '- (Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.' + folder: '- (Required) The resource name of the folder to set the policy for. Its format is folders/{folder_id}.' + list_policy: |- + - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It + can also be used to allow or deny all values. Structure is documented below. + list_policy.allow: or deny - (Optional) One or the other must be set. + list_policy.inherit_from_parent: |- + - (Optional) If set to true, the values from the effective Policy of the parent resource + are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy. + list_policy.suggested_value: '- (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.' + restore_policy: '- (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below.' + restore_policy.default: '- (Required) May only be set to true. If set, then the default Policy is restored.' + update_time: '- (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".' + version: '- (Optional) Version of the Policy. Default version is 0.' + importStatements: [] + google_gke_backup_backup_plan: + subCategory: Backup for GKE + description: Represents a Backup Plan instance. + name: google_gke_backup_backup_plan + title: "" + examples: + - name: basic + manifest: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "basic-plan" + } + references: + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1", + "name": "basic-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + - name: autopilot + manifest: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "autopilot-plan" + } + references: + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "true", + "enable_autopilot": true, + "ip_allocation_policy": [ + {} + ], + "location": "us-central1", + "name": "autopilot-cluster", + "network": "default", + "release_channel": [ + { + "channel": "RAPID" + } + ], + "subnetwork": "default" + } + - name: cmek + manifest: |- + { + "backup_config": [ + { + "encryption_key": [ + { + "gcp_kms_encryption_key": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "include_secrets": true, + "include_volume_data": true, + "selected_namespaces": [ + { + "namespaces": [ + "default", + "test" + ] + } + ] + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "cmek-plan" + } + references: + backup_config.encryption_key.gcp_kms_encryption_key: google_kms_crypto_key.crypto_key.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1", + "name": "cmek-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "backup-key" + } + google_kms_key_ring.key_ring: |- + { + "location": "us-central1", + "name": "backup-key" + } + - name: full + manifest: |- + { + "backup_config": [ + { + "include_secrets": true, + "include_volume_data": true, + "selected_applications": [ + { + "namespaced_names": [ + { + "name": "app1", + "namespace": "ns1" + }, + { + "name": "app2", + "namespace": "ns2" + } + ] + } + ] + } + ], + "backup_schedule": [ + { + "cron_schedule": "0 9 * * 1" + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "full-plan", + "retention_policy": [ + { + "backup_delete_lock_days": 30, + "backup_retain_days": 180 + } + ] + } + references: + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1", + "name": "full-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + argumentDocs: + backup_config: |- + - + (Optional) + Defines the configuration of Backups created via this BackupPlan. + Structure is documented below. + backup_config.all_namespaces: |- + - + (Optional) + If True, include all namespaced resources. + backup_config.encryption_key: |- + - + (Optional) + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. + Structure is documented below. + backup_config.include_secrets: |- + - + (Optional) + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + backup_config.include_volume_data: |- + - + (Optional) + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + backup_config.selected_applications: |- + - + (Optional) + A list of namespaced Kubernetes Resources. + Structure is documented below. + backup_config.selected_namespaces: |- + - + (Optional) + If set, include just the resources in the listed namespaces. + Structure is documented below. + backup_schedule: |- + - + (Optional) + Defines a schedule for automatic Backup creation via this BackupPlan. + Structure is documented below. + backup_schedule.cron_schedule: |- + - + (Optional) + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + backup_schedule.paused: |- + - + (Optional) + This flag denotes whether automatic Backup creation is paused for this BackupPlan. + cluster: |- + - + (Required) + The source cluster from which Backups will be created via this BackupPlan. + create: '- Default is 20 minutes.' + deactivated: |- + - + (Optional) + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + User specified descriptive string for this BackupPlan. + effective_labels: for all of the labels present on the resource. + encryption_key.gcp_kms_encryption_key: |- + - + (Required) + Google Cloud KMS encryption key. Format: projects//locations//keyRings//cryptoKeys/ + etag: |- + - + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlans/{{name}}' + labels: |- + - + (Optional) + Description: A set of custom labels supplied by the user. + A list of key->value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + location: |- + - + (Required) + The region of the Backup Plan. + name: |- + - + (Required) + The full name of the BackupPlan Resource. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + protected_pod_count: |- + - + The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan. + retention_policy: |- + - + (Optional) + RetentionPolicy governs lifecycle of Backups created under this plan. + Structure is documented below. + retention_policy.backup_delete_lock_days: |- + - + (Optional) + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + retention_policy.backup_retain_days: |- + - + (Optional) + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.] + retention_policy.locked: |- + - + (Optional) + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + selected_applications.namespaced_names: |- + - + (Required) + A list of namespaced Kubernetes resources. + Structure is documented below. + selected_applications.namespaced_names.name: |- + - + (Required) + The name of a Kubernetes Resource. + selected_applications.namespaced_names.namespace: |- + - + (Required) + The namespace of a Kubernetes Resource. + selected_namespaces.namespaces: |- + - + (Required) + A list of Kubernetes Namespaces. + state: |- + - + The State of the BackupPlan. + state_reason: |- + - + Detailed description of why BackupPlan is in its current state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Server generated, unique identifier of UUID format. + update: '- Default is 20 minutes.' + importStatements: [] + google_gke_backup_backup_plan_iam_policy: + subCategory: Backup for GKE + description: Collection of resources to manage IAM policy for Backup for GKE BackupPlan + name: google_gke_backup_backup_plan_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_gke_backup_backup_plan.basic.location}", + "name": "${google_gke_backup_backup_plan.basic.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_gke_backup_backup_plan.basic.project}" + } + references: + location: google_gke_backup_backup_plan.basic.location + name: google_gke_backup_backup_plan.basic.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_gke_backup_backup_plan.basic.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_gke_backup_backup_plan_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.' + google_gke_backup_backup_plan_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.' + google_gke_backup_backup_plan_iam_policy: ': Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.' + location: |- + - (Required) The region of the Backup Plan. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_gke_backup_backup_plan_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_gke_backup_backup_plan_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_gke_backup_restore_plan: + subCategory: Backup for GKE + description: Represents a Restore Plan instance. + name: google_gke_backup_restore_plan + title: "" + examples: + - name: all_ns + manifest: |- + { + "backup_plan": "${google_gke_backup_backup_plan.basic.id}", + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "restore-all-ns", + "restore_config": [ + { + "all_namespaces": true, + "cluster_resource_conflict_policy": "USE_EXISTING_VERSION", + "cluster_resource_restore_scope": [ + { + "all_group_kinds": true + } + ], + "namespaced_resource_restore_mode": "FAIL_ON_CONFLICT", + "volume_data_restore_policy": "RESTORE_VOLUME_DATA_FROM_BACKUP" + } + ] + } + references: + backup_plan: google_gke_backup_backup_plan.basic.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "", + "initial_node_count": 1, + "location": "us-central1", + "name": "restore-all-ns-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_gke_backup_backup_plan.basic: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "restore-all-ns" + } + - name: rollback_ns + manifest: |- + { + "backup_plan": "${google_gke_backup_backup_plan.basic.id}", + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rollback-ns-rp", + "restore_config": [ + { + "cluster_resource_conflict_policy": "USE_EXISTING_VERSION", + "cluster_resource_restore_scope": [ + { + "selected_group_kinds": [ + { + "resource_group": "apiextension.k8s.io", + "resource_kind": "CustomResourceDefinition" + }, + { + "resource_group": "storage.k8s.io", + "resource_kind": "StorageClass" + } + ] + } + ], + "namespaced_resource_restore_mode": "DELETE_AND_RESTORE", + "selected_namespaces": [ + { + "namespaces": [ + "my-ns" + ] + } + ], + "volume_data_restore_policy": "RESTORE_VOLUME_DATA_FROM_BACKUP" + } + ] + } + references: + backup_plan: google_gke_backup_backup_plan.basic.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "", + "initial_node_count": 1, + "location": "us-central1", + "name": "rollback-ns-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_gke_backup_backup_plan.basic: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rollback-ns" + } + - name: rollback_app + manifest: |- + { + "backup_plan": "${google_gke_backup_backup_plan.basic.id}", + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rollback-app-rp", + "restore_config": [ + { + "cluster_resource_restore_scope": [ + { + "no_group_kinds": true + } + ], + "namespaced_resource_restore_mode": "DELETE_AND_RESTORE", + "selected_applications": [ + { + "namespaced_names": [ + { + "name": "my-app", + "namespace": "my-ns" + } + ] + } + ], + "volume_data_restore_policy": "REUSE_VOLUME_HANDLE_FROM_BACKUP" + } + ] + } + references: + backup_plan: google_gke_backup_backup_plan.basic.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "", + "initial_node_count": 1, + "location": "us-central1", + "name": "rollback-app-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_gke_backup_backup_plan.basic: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rollback-app" + } + - name: all_cluster_resources + manifest: |- + { + "backup_plan": "${google_gke_backup_backup_plan.basic.id}", + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "all-groupkinds-rp", + "restore_config": [ + { + "cluster_resource_conflict_policy": "USE_EXISTING_VERSION", + "cluster_resource_restore_scope": [ + { + "all_group_kinds": true + } + ], + "namespaced_resource_restore_mode": "FAIL_ON_CONFLICT", + "no_namespaces": true + } + ] + } + references: + backup_plan: google_gke_backup_backup_plan.basic.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "", + "initial_node_count": 1, + "location": "us-central1", + "name": "all-groupkinds-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_gke_backup_backup_plan.basic: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "all-groupkinds" + } + - name: rename_ns + manifest: |- + { + "backup_plan": "${google_gke_backup_backup_plan.basic.id}", + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rename-ns-rp", + "restore_config": [ + { + "cluster_resource_restore_scope": [ + { + "no_group_kinds": true + } + ], + "namespaced_resource_restore_mode": "FAIL_ON_CONFLICT", + "selected_namespaces": [ + { + "namespaces": [ + "ns1" + ] + } + ], + "transformation_rules": [ + { + "description": "rename namespace from ns1 to ns2", + "field_actions": [ + { + "op": "REPLACE", + "path": "/metadata/name", + "value": "ns2" + } + ], + "resource_filter": [ + { + "group_kinds": [ + { + "resource_kind": "Namespace" + } + ], + "json_path": ".metadata[?(@.name == 'ns1')]" + } + ] + }, + { + "description": "move all resources from ns1 to ns2", + "field_actions": [ + { + "op": "REPLACE", + "path": "/metadata/namespace", + "value": "ns2" + } + ], + "resource_filter": [ + { + "namespaces": [ + "ns1" + ] + } + ] + } + ], + "volume_data_restore_policy": "REUSE_VOLUME_HANDLE_FROM_BACKUP" + } + ] + } + references: + backup_plan: google_gke_backup_backup_plan.basic.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "", + "initial_node_count": 1, + "location": "us-central1", + "name": "rename-ns-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_gke_backup_backup_plan.basic: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rename-ns" + } + - name: transform_rule + manifest: |- + { + "backup_plan": "${google_gke_backup_backup_plan.basic.id}", + "cluster": "${google_container_cluster.primary.id}", + "description": "copy nginx env variables", + "labels": { + "app": "nginx" + }, + "location": "us-central1", + "name": "transform-rule-rp", + "restore_config": [ + { + "cluster_resource_conflict_policy": "USE_EXISTING_VERSION", + "cluster_resource_restore_scope": [ + { + "excluded_group_kinds": [ + { + "resource_group": "apiextension.k8s.io", + "resource_kind": "CustomResourceDefinition" + } + ] + } + ], + "excluded_namespaces": [ + { + "namespaces": [ + "my-ns" + ] + } + ], + "namespaced_resource_restore_mode": "DELETE_AND_RESTORE", + "transformation_rules": [ + { + "description": "Copy environment variables from the nginx container to the install init container.", + "field_actions": [ + { + "from_path": "/spec/containers/0/env", + "op": "COPY", + "path": "/spec/initContainers/0/env" + } + ], + "resource_filter": [ + { + "group_kinds": [ + { + "resource_group": "", + "resource_kind": "Pod" + } + ], + "json_path": ".metadata[?(@.name == 'nginx')]" + } + ] + } + ], + "volume_data_restore_policy": "RESTORE_VOLUME_DATA_FROM_BACKUP" + } + ] + } + references: + backup_plan: google_gke_backup_backup_plan.basic.id + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "", + "initial_node_count": 1, + "location": "us-central1", + "name": "transform-rule-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + google_gke_backup_backup_plan.basic: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "transform-rule" + } + argumentDocs: + backup_plan: |- + - + (Required) + A reference to the BackupPlan from which Backups may be used + as the source for Restores created via this RestorePlan. + cluster: |- + - + (Required) + The source cluster from which Restores will be created via this RestorePlan. + cluster_resource_restore_scope.all_group_kinds: |- + - + (Optional) + If True, all valid cluster-scoped resources will be restored. + Mutually exclusive to any other field in clusterResourceRestoreScope. + cluster_resource_restore_scope.excluded_group_kinds: |- + - + (Optional) + A list of cluster-scoped resource group kinds to NOT restore from the backup. + If specified, all valid cluster-scoped resources will be restored except + for those specified in the list. + Mutually exclusive to any other field in clusterResourceRestoreScope. + Structure is documented below. + cluster_resource_restore_scope.no_group_kinds: |- + - + (Optional) + If True, no cluster-scoped resources will be restored. + Mutually exclusive to any other field in clusterResourceRestoreScope. + cluster_resource_restore_scope.selected_group_kinds: |- + - + (Optional) + A list of cluster-scoped resource group kinds to restore from the backup. + If specified, only the selected resources will be restored. + Mutually exclusive to any other field in the clusterResourceRestoreScope. + Structure is documented below. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + excluded_group_kinds.resource_group: |- + - + (Optional) + API Group string of a Kubernetes resource, e.g. + "apiextensions.k8s.io", "storage.k8s.io", etc. + Use empty string for core group. + excluded_group_kinds.resource_kind: |- + - + (Optional) + Kind of a Kubernetes resource, e.g. + "CustomResourceDefinition", "StorageClass", etc. + excluded_namespaces.namespaces: |- + - + (Required) + A list of Kubernetes Namespaces. + field_actions.description: |- + - + (Optional) + User specified descriptive string for this RestorePlan. + field_actions.effective_labels: for all of the labels present on the resource. + field_actions.from_path: |- + - + (Optional) + A string containing a JSON Pointer value that references the + location in the target document to move the value from. + field_actions.labels: |- + - + (Optional) + Description: A set of custom labels supplied by the user. + A list of key->value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + field_actions.op: |- + - + (Required) + Specifies the operation to perform. + Possible values are: REMOVE, MOVE, COPY, ADD, TEST, REPLACE. + field_actions.path: |- + - + (Optional) + A string containing a JSON-Pointer value that references a + location within the target document where the operation is performed. + field_actions.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + field_actions.value: |- + - + (Optional) + A string that specifies the desired value in string format + to use for transformation. + group_kinds.resource_group: |- + - + (Optional) + API Group string of a Kubernetes resource, e.g. + "apiextensions.k8s.io", "storage.k8s.io", etc. + Use empty string for core group. + group_kinds.resource_kind: |- + - + (Optional) + Kind of a Kubernetes resource, e.g. + "CustomResourceDefinition", "StorageClass", etc. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/restorePlans/{{name}}' + location: |- + - + (Required) + The region of the Restore Plan. + name: |- + - + (Required) + The full name of the BackupPlan Resource. + resource_filter.group_kinds: |- + - + (Optional) + (Filtering parameter) Any resource subject to transformation must + belong to one of the listed "types". If this field is not provided, + no type filtering will be performed + (all resources of all types matching previous filtering parameters + will be candidates for transformation). + Structure is documented below. + resource_filter.json_path: |- + - + (Optional) + This is a JSONPath expression that matches specific fields of + candidate resources and it operates as a filtering parameter + (resources that are not matched with this expression will not + be candidates for transformation). + resource_filter.namespaces: |- + - + (Optional) + (Filtering parameter) Any resource subject to transformation must + be contained within one of the listed Kubernetes Namespace in the + Backup. If this field is not provided, no namespace filtering will + be performed (all resources in all Namespaces, including all + cluster-scoped resources, will be candidates for transformation). + To mix cluster-scoped and namespaced resources in the same rule, + use an empty string ("") as one of the target namespaces. + restore_config: |- + - + (Required) + Defines the configuration of Restores created via this RestorePlan. + Structure is documented below. + restore_config.all_namespaces: |- + - + (Optional) + If True, restore all namespaced resources in the Backup. + Setting this field to False will result in an error. + restore_config.cluster_resource_conflict_policy: |- + - + (Optional) + Defines the behavior for handling the situation where cluster-scoped resources + being restored already exist in the target cluster. + This MUST be set to a value other than CLUSTER_RESOURCE_CONFLICT_POLICY_UNSPECIFIED + if clusterResourceRestoreScope is anyting other than noGroupKinds. + See https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#clusterresourceconflictpolicy + for more information on each policy option. + Possible values are: USE_EXISTING_VERSION, USE_BACKUP_VERSION. + restore_config.cluster_resource_restore_scope: |- + - + (Optional) + Identifies the cluster-scoped resources to restore from the Backup. + Structure is documented below. + restore_config.excluded_namespaces: |- + - + (Optional) + A list of selected namespaces excluded from restoration. + All namespaces except those in this list will be restored. + Structure is documented below. + restore_config.namespaced_resource_restore_mode: |- + - + (Optional) + Defines the behavior for handling the situation where sets of namespaced resources + being restored already exist in the target cluster. + This MUST be set to a value other than NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED + if the namespacedResourceRestoreScope is anything other than noNamespaces. + See https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#namespacedresourcerestoremode + for more information on each mode. + Possible values are: DELETE_AND_RESTORE, FAIL_ON_CONFLICT. + restore_config.no_namespaces: |- + - + (Optional) + Do not restore any namespaced resources if set to "True". + Specifying this field to "False" is not allowed. + restore_config.selected_applications: |- + - + (Optional) + A list of selected ProtectedApplications to restore. + The listed ProtectedApplications and all the resources + to which they refer will be restored. + Structure is documented below. + restore_config.selected_namespaces: |- + - + (Optional) + A list of selected namespaces to restore from the Backup. + The listed Namespaces and all resources contained in them will be restored. + Structure is documented below. + restore_config.transformation_rules: |- + - + (Optional) + A list of transformation rules to be applied against Kubernetes + resources as they are selected for restoration from a Backup. + Rules are executed in order defined - this order matters, + as changes made by a rule may impact the filtering logic of subsequent + rules. An empty list means no transformation will occur. + Structure is documented below. + restore_config.volume_data_restore_policy: |- + - + (Optional) + Specifies the mechanism to be used to restore volume data. + This should be set to a value other than NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED + if the namespacedResourceRestoreScope is anything other than noNamespaces. + If not specified, it will be treated as NO_VOLUME_DATA_RESTORATION. + See https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy + for more information on each policy option. + Possible values are: RESTORE_VOLUME_DATA_FROM_BACKUP, REUSE_VOLUME_HANDLE_FROM_BACKUP, NO_VOLUME_DATA_RESTORATION. + selected_applications.namespaced_names: |- + - + (Required) + A list of namespaced Kubernetes resources. + Structure is documented below. + selected_applications.namespaced_names.name: |- + - + (Required) + The name of a Kubernetes Resource. + selected_applications.namespaced_names.namespace: |- + - + (Required) + The namespace of a Kubernetes Resource. + selected_group_kinds.resource_group: |- + - + (Optional) + API Group string of a Kubernetes resource, e.g. + "apiextensions.k8s.io", "storage.k8s.io", etc. + Use empty string for core group. + selected_group_kinds.resource_kind: |- + - + (Optional) + Kind of a Kubernetes resource, e.g. + "CustomResourceDefinition", "StorageClass", etc. + selected_namespaces.namespaces: |- + - + (Required) + A list of Kubernetes Namespaces. + state: |- + - + The State of the RestorePlan. + state_reason: |- + - + Detailed description of why RestorePlan is in its current state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + transformation_rules.description: |- + - + (Optional) + The description is a user specified string description + of the transformation rule. + transformation_rules.field_actions: |- + - + (Required) + A list of transformation rule actions to take against candidate + resources. Actions are executed in order defined - this order + matters, as they could potentially interfere with each other and + the first operation could affect the outcome of the second operation. + Structure is documented below. + transformation_rules.resource_filter: |- + - + (Optional) + This field is used to specify a set of fields that should be used to + determine which resources in backup should be acted upon by the + supplied transformation rule actions, and this will ensure that only + specific resources are affected by transformation rule actions. + Structure is documented below. + uid: |- + - + Server generated, unique identifier of UUID format. + update: '- Default is 20 minutes.' + importStatements: [] + google_gke_backup_restore_plan_iam_policy: + subCategory: Backup for GKE + description: Collection of resources to manage IAM policy for Backup for GKE RestorePlan + name: google_gke_backup_restore_plan_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_gke_backup_restore_plan.all_ns.location}", + "name": "${google_gke_backup_restore_plan.all_ns.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_gke_backup_restore_plan.all_ns.project}" + } + references: + location: google_gke_backup_restore_plan.all_ns.location + name: google_gke_backup_restore_plan.all_ns.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_gke_backup_restore_plan.all_ns.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_gke_backup_restore_plan_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.' + google_gke_backup_restore_plan_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.' + google_gke_backup_restore_plan_iam_policy: ': Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.' + location: |- + - (Required) The region of the Restore Plan. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_gke_backup_restore_plan_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_gke_backup_restore_plan_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_gke_hub_feature: + subCategory: GKEHub + description: Feature represents the settings and status of any Hub Feature. + name: google_gke_hub_feature + title: "" + examples: + - name: feature + manifest: |- + { + "location": "global", + "name": "multiclusteringress", + "spec": [ + { + "multiclusteringress": [ + { + "config_membership": "${google_gke_hub_membership.membership.id}" + } + ] + } + ] + } + references: + spec.multiclusteringress.config_membership: google_gke_hub_membership.membership.id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_membership.membership: |- + { + "description": "Membership", + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } + - name: feature + manifest: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "multiclusterservicediscovery" + } + - name: feature + manifest: |- + { + "location": "global", + "name": "servicemesh" + } + - name: feature + manifest: |- + { + "location": "global", + "name": "fleetobservability", + "spec": [ + { + "fleetobservability": [ + { + "logging_config": [ + { + "default_config": [ + { + "mode": "COPY" + } + ] + } + ] + } + ] + } + ] + } + - name: feature + manifest: |- + { + "location": "global", + "name": "fleetobservability", + "spec": [ + { + "fleetobservability": [ + { + "logging_config": [ + { + "fleet_scope_logs_config": [ + { + "mode": "MOVE" + } + ] + } + ] + } + ] + } + ] + } + - name: feature + manifest: |- + { + "location": "global", + "name": "fleetobservability", + "spec": [ + { + "fleetobservability": [ + { + "logging_config": [ + { + "default_config": [ + { + "mode": "COPY" + } + ], + "fleet_scope_logs_config": [ + { + "mode": "MOVE" + } + ] + } + ] + } + ] + } + ] + } + - name: feature + manifest: |- + { + "fleet_default_member_config": [ + { + "mesh": [ + { + "management": "MANAGEMENT_AUTOMATIC" + } + ] + } + ], + "location": "global", + "name": "servicemesh" + } + - name: feature + manifest: |- + { + "fleet_default_member_config": [ + { + "configmanagement": [ + { + "config_sync": [ + { + "git": [ + { + "sync_repo": "https://github.com/hashicorp/terraform" + } + ] + } + ] + } + ] + } + ], + "location": "global", + "name": "configmanagement" + } + - name: feature + manifest: |- + { + "fleet_default_member_config": [ + { + "policycontroller": [ + { + "policy_controller_hub_config": [ + { + "audit_interval_seconds": 30, + "exemptable_namespaces": [ + "foo" + ], + "install_spec": "INSTALL_SPEC_ENABLED", + "policy_content": [ + { + "bundles": [ + { + "bundle": "policy-essentials-v2022", + "exempted_namespaces": [ + "foo", + "bar" + ] + } + ], + "template_library": [ + { + "installation": "ALL" + } + ] + } + ], + "referential_rules_enabled": true + } + ] + } + ] + } + ], + "location": "global", + "name": "policycontroller" + } + - name: feature + manifest: |- + { + "fleet_default_member_config": [ + { + "policycontroller": [ + { + "policy_controller_hub_config": [ + { + "constraint_violation_limit": 50, + "deployment_configs": [ + { + "component": "admission", + "pod_affinity": "ANTI_AFFINITY", + "replica_count": 2 + }, + { + "component": "audit", + "container_resources": [ + { + "limits": [ + { + "cpu": "1.5", + "memory": "1Gi" + } + ], + "requests": [ + { + "cpu": "150m", + "memory": "500Mi" + } + ] + } + ], + "pod_toleration": [ + { + "effect": "NoSchedule", + "key": "key1", + "operator": "Equal", + "value": "value1" + } + ] + } + ], + "install_spec": "INSTALL_SPEC_SUSPENDED", + "log_denies_enabled": true, + "monitoring": [ + { + "backends": [ + "PROMETHEUS" + ] + } + ], + "mutation_enabled": true, + "policy_content": [ + { + "bundles": [ + { + "bundle": "pci-dss-v3.2.1", + "exempted_namespaces": [ + "baz", + "bar" + ] + }, + { + "bundle": "nist-sp-800-190", + "exempted_namespaces": [] + } + ], + "template_library": [ + { + "installation": "ALL" + } + ] + } + ], + "referential_rules_enabled": true + } + ] + } + ] + } + ], + "location": "global", + "name": "policycontroller" + } + - name: feature + manifest: |- + { + "fleet_default_member_config": [ + { + "policycontroller": [ + { + "policy_controller_hub_config": [ + { + "constraint_violation_limit": 50, + "deployment_configs": [ + { + "component": "admission" + } + ], + "install_spec": "INSTALL_SPEC_ENABLED", + "log_denies_enabled": true, + "monitoring": [ + {} + ], + "mutation_enabled": true, + "policy_content": [ + {} + ], + "referential_rules_enabled": true + } + ] + } + ] + } + ], + "location": "global", + "name": "policycontroller" + } + - name: feature + manifest: |- + { + "location": "global", + "name": "clusterupgrade", + "spec": [ + { + "clusterupgrade": [ + { + "post_conditions": [ + { + "soaking": "60s" + } + ], + "upstream_fleets": [] + } + ] + } + ] + } + argumentDocs: + bundles.bundle: '- (Required) The identifier for this object. Format specified above.' + bundles.exempted_namespaces: |- + - + (Optional) + The set of namespaces to be exempted from the bundle. + clusterupgrade.gke_upgrade_overrides: |- + - + (Optional) + Configuration overrides for individual upgrades. + Structure is documented below. + clusterupgrade.post_conditions: |- + - + (Required) + Post conditions to override for the specified upgrade. + Structure is documented below. + clusterupgrade.upstream_fleets: |- + - + (Required) + Specified if other fleet should be considered as a source of upgrades. Currently, at most one upstream fleet is allowed. The fleet name should be either fleet project number or id. + config_sync.git: |- + - + (Optional) + Git repo configuration for the cluster + Structure is documented below. + config_sync.oci: |- + - + (Optional) + OCI repo configuration for the cluster + Structure is documented below. + config_sync.source_format: |- + - + (Optional) + Specifies whether the Config Sync Repo is in hierarchical or unstructured mode + configmanagement.config_sync: |- + - + (Optional) + ConfigSync configuration for the cluster + Structure is documented below. + configmanagement.version: |- + - + (Optional) + Version of ACM installed + container_resources.limits: |- + - + (Optional) + Limits describes the maximum amount of compute resources allowed for use by the running container. + Structure is documented below. + container_resources.requests: |- + - + (Optional) + Requests describes the amount of compute resources reserved for the container by the kube-scheduler. + Structure is documented below. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. When the Feature resource was created. + default_config.mode: |- + - + (Optional) + Specified if fleet logging feature is enabled. + Possible values are: MODE_UNSPECIFIED, COPY, MOVE. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. When the Feature resource was deleted. + deployment_configs.component: '- (Required) The identifier for this object. Format specified above.' + deployment_configs.container_resources: |- + - + (Optional) + Container resource requirements. + Structure is documented below. + deployment_configs.pod_affinity: |- + - + (Optional) + Pod affinity configuration. + Possible values are: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY. + deployment_configs.pod_toleration: |- + - + (Optional) + Pod tolerations of node taints. + Structure is documented below. + deployment_configs.replica_count: |- + - + (Optional) + Pod replica count. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + fleet_default_member_config: |- + - + (Optional) + Optional. Fleet Default Membership Configuration. + Structure is documented below. + fleet_default_member_config.configmanagement: |- + - + (Optional) + Config Management spec + Structure is documented below. + fleet_default_member_config.mesh: |- + - + (Optional) + Service Mesh spec + Structure is documented below. + fleet_default_member_config.policycontroller: |- + - + (Optional) + Policy Controller spec + Structure is documented below. + fleet_scope_logs_config.mode: |- + - + (Optional) + Specified if fleet logging feature is enabled. + Possible values are: MODE_UNSPECIFIED, COPY, MOVE. + fleetobservability.logging_config: |- + - + (Optional) + Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet. + Structure is documented below. + fleetobservability.logging_config.default_config: |- + - + (Optional) + Specified if applying the default routing config to logs not specified in other configs. + Structure is documented below. + fleetobservability.logging_config.fleet_scope_logs_config: |- + - + (Optional) + Specified if applying the routing config to all logs for all fleet scopes. + Structure is documented below. + git.gcp_service_account_email: |- + - + (Optional) + The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount + git.https_proxy: |- + - + (Optional) + URL for the HTTPS Proxy to be used when communicating with the Git repo + git.policy_dir: |- + - + (Optional) + The path within the Git repository that represents the top level of the repo to sync + git.secret_type: |- + - + (Required) + Type of secret configured for access to the Git repo + git.sync_branch: |- + - + (Optional) + The branch of the repository to sync from. Default: master + git.sync_repo: |- + - + (Optional) + The URL of the Git repository to use as the source of truth + git.sync_rev: |- + - + (Optional) + Git revision (tag or hash) to check out. Default HEAD + git.sync_wait_secs: |- + - + (Optional) + Period in seconds between consecutive syncs. Default: 15 + gke_upgrade_overrides.post_conditions: |- + - + (Required) + Post conditions to override for the specified upgrade. + Structure is documented below. + gke_upgrade_overrides.upgrade: |- + - + (Required) + Which upgrade to override. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{name}}' + labels: |- + - + (Optional) + GCP labels for this Feature. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + limits.cpu: |- + - + (Optional) + CPU requirement expressed in Kubernetes resource units. + limits.memory: |- + - + (Optional) + Memory requirement expressed in Kubernetes resource units. + location: |- + - + (Required) + The location for the resource + mesh.management: |- + - + (Required) + Whether to automatically manage Service Mesh + Possible values are: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL. + monitoring.backends: |- + - + (Optional) + Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. + Each value may be one of: MONITORING_BACKEND_UNSPECIFIED, PROMETHEUS, CLOUD_MONITORING. + multiclusteringress.config_membership: |- + - + (Required) + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: projects/foo-proj/locations/global/memberships/bar + name: |- + - + (Optional) + The full, unique name of this Feature resource + oci.configmanagement.config_sync.oci.version: field is deprecated and will be removed in a future major release. Please use configmanagement.version field to specify the version of ACM installed instead. + oci.gcp_service_account_email: |- + - + (Optional) + The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount + oci.policy_dir: |- + - + (Optional) + The absolute path of the directory that contains the local resources. Default: the root directory of the image + oci.secret_type: |- + - + (Required) + Type of secret configured for access to the Git repo + oci.sync_repo: |- + - + (Optional) + The OCI image repository URL for the package to sync from + oci.sync_wait_secs: |- + - + (Optional) + Period in seconds between consecutive syncs. Default: 15 + oci.version: |- + - + (Optional, Deprecated) + Version of ACM installed + pod_toleration.effect: |- + - + (Optional) + Matches a taint effect. + pod_toleration.key: |- + - + (Optional) + Matches a taint key (not necessarily unique). + pod_toleration.operator: |- + - + (Optional) + Matches a taint operator. + pod_toleration.value: |- + - + (Optional) + Matches a taint value. + policy_content.bundles: |- + - + (Optional) + Configures which bundles to install and their corresponding install specs. + Structure is documented below. + policy_content.template_library: |- + - + (Optional) + Configures the installation of the Template Library. + Structure is documented below. + policy_controller_hub_config.audit_interval_seconds: |- + - + (Optional) + Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether. + policy_controller_hub_config.constraint_violation_limit: |- + - + (Optional) + The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used. + policy_controller_hub_config.deployment_configs: |- + - + (Optional) + Map of deployment configs to deployments ("admission", "audit", "mutation"). + Structure is documented below. + policy_controller_hub_config.exemptable_namespaces: |- + - + (Optional) + The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. + policy_controller_hub_config.install_spec: |- + - + (Required) + Configures the mode of the Policy Controller installation + Possible values are: INSTALL_SPEC_UNSPECIFIED, INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, INSTALL_SPEC_DETACHED. + policy_controller_hub_config.log_denies_enabled: |- + - + (Optional) + Logs all denies and dry run failures. + policy_controller_hub_config.monitoring: |- + - + (Optional) + Monitoring specifies the configuration of monitoring Policy Controller. + Structure is documented below. + policy_controller_hub_config.mutation_enabled: |- + - + (Optional) + Enables the ability to mutate resources using Policy Controller. + policy_controller_hub_config.policy_content: |- + - + (Optional) + Specifies the desired policy content on the cluster. + Structure is documented below. + policy_controller_hub_config.referential_rules_enabled: |- + - + (Optional) + Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. + policycontroller.policy_controller_hub_config: |- + - + (Required) + Configuration of Policy Controller + Structure is documented below. + policycontroller.version: |- + - + (Optional) + Configures the version of Policy Controller + post_conditions.soaking: |- + - + (Required) + Amount of time to "soak" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + requests.cpu: |- + - + (Optional) + CPU requirement expressed in Kubernetes resource units. + requests.memory: |- + - + (Optional) + Memory requirement expressed in Kubernetes resource units. + resource_state: |- + - + State of the Feature resource itself. + Structure is documented below. + resource_state.has_resources: |- + - + (Output) + Whether this Feature has outstanding resources that need to be cleaned up before it can be disabled. + resource_state.state: |- + - + (Output) + The current state of the Feature resource in the Hub API. + spec: |- + - + (Optional) + Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused. + Structure is documented below. + spec.clusterupgrade: |- + - + (Optional) + Clusterupgrade feature spec. + Structure is documented below. + spec.fleetobservability: |- + - + (Optional) + Fleet Observability feature spec. + Structure is documented below. + spec.multiclusteringress: |- + - + (Optional) + Multicluster Ingress-specific spec. + Structure is documented below. + state: |- + - + Output only. The Hub-wide Feature state + Structure is documented below. + state.state: |- + - + (Output) + Output only. The "running state" of the Feature in this Hub. + Structure is documented below. + state.state.code: |- + - + (Output) + The high-level, machine-readable status of this Feature. + state.state.description: |- + - + (Output) + A human-readable description of the current status. + state.state.update_time: |- + - + (Output) + The time this status and any related Feature-specific details were updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" + template_library.installation: |- + - + (Optional) + Configures the manner in which the template library is installed on the cluster. + Possible values are: INSTALATION_UNSPECIFIED, NOT_INSTALLED, ALL. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. When the Feature resource was last updated. + upgrade.name: |- + - + (Required) + Name of the upgrade, e.g., "k8s_control_plane". It should be a valid upgrade name. It must not exceet 99 characters. + upgrade.version: |- + - + (Required) + Version of the upgrade, e.g., "1.22.1-gke.100". It should be a valid version. It must not exceet 99 characters. + importStatements: [] + google_gke_hub_feature_iam_policy: + subCategory: GKEHub + description: Collection of resources to manage IAM policy for GKEHub Feature + name: google_gke_hub_feature_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_gke_hub_feature.feature.location}", + "name": "${google_gke_hub_feature.feature.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_gke_hub_feature.feature.project}" + } + references: + location: google_gke_hub_feature.feature.location + name: google_gke_hub_feature.feature.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_gke_hub_feature.feature.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_gke_hub_feature_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.' + google_gke_hub_feature_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.' + google_gke_hub_feature_iam_policy: ': Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.' + location: '- (Required) The location for the resource Used to find the parent resource to bind the IAM policy to' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_gke_hub_feature_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_gke_hub_feature_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_gke_hub_feature_membership: + subCategory: GKEHub + description: Contains information about a GKEHub Feature Memberships. + name: google_gke_hub_feature_membership + title: "" + examples: + - name: feature_member + manifest: |- + { + "configmanagement": [ + { + "config_sync": [ + { + "git": [ + { + "sync_repo": "https://github.com/hashicorp/terraform" + } + ] + } + ], + "version": "1.6.2" + } + ], + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}" + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "configmanagement" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } + - name: feature_member + manifest: |- + { + "configmanagement": [ + { + "config_sync": [ + { + "oci": [ + { + "gcp_service_account_email": "sa@project-id.iam.gserviceaccount.com", + "policy_dir": "config-connector", + "secret_type": "gcpserviceaccount", + "sync_repo": "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest", + "sync_wait_secs": "20" + } + ] + } + ], + "version": "1.15.1" + } + ], + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}" + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "configmanagement" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } + - name: feature_member + manifest: |- + { + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}", + "mesh": [ + { + "management": "MANAGEMENT_AUTOMATIC" + } + ] + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "location": "global", + "name": "servicemesh" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } + - name: feature_member + manifest: |- + { + "configmanagement": [ + { + "config_sync": [ + { + "git": [ + { + "sync_repo": "https://github.com/hashicorp/terraform" + } + ] + } + ], + "version": "1.6.2" + } + ], + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}", + "membership_location": "${google_gke_hub_membership.membership.location}" + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + membership_location: google_gke_hub_membership.membership.location + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "configmanagement" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "location": "us-central1", + "membership_id": "my-membership" + } + - name: feature_member + manifest: |- + { + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}", + "policycontroller": [ + { + "policy_controller_hub_config": [ + { + "install_spec": "INSTALL_SPEC_ENABLED" + } + ] + } + ] + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "location": "global", + "name": "policycontroller" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } + - name: feature_member + manifest: |- + { + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}", + "policycontroller": [ + { + "policy_controller_hub_config": [ + { + "audit_interval_seconds": 120, + "constraint_violation_limit": 50, + "install_spec": "INSTALL_SPEC_SUSPENDED", + "log_denies_enabled": true, + "mutation_enabled": true, + "policy_content": [ + { + "template_library": [ + { + "installation": "NOT_INSTALLED" + } + ] + } + ], + "referential_rules_enabled": true + } + ], + "version": "1.17.0" + } + ] + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "location": "global", + "name": "policycontroller" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } + argumentDocs: + binauthz.enabled: |- + - + (Optional) + Whether binauthz is enabled in this cluster. + config_sync.git: |- + - + (Optional) Structure is documented below. + config_sync.oci: |- + - + (Optional) Supported from ACM versions 1.12.0 onwards. Structure is documented below. + config_sync.prevent_drift: |- + - + (Optional) + Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts. + config_sync.source_format: |- + - + (Optional) + Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. + configmanagement: |- + - + (Optional) + Config Management-specific spec. Structure is documented below. + configmanagement.binauthz: |- + - + (Optional) + Binauthz configuration for the cluster. Structure is documented below. + configmanagement.config_sync: |- + - + (Optional) + Config Sync configuration for the cluster. Structure is documented below. + configmanagement.hierarchy_controller: |- + - + (Optional) + Hierarchy Controller configuration for the cluster. Structure is documented below. + configmanagement.policy_controller: |- + - + (Optional) + Policy Controller configuration for the cluster. Structure is documented below. + configmanagement.version: |- + - + (Optional) + Version of ACM installed. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + feature: |- + - + (Optional) + The name of the feature + git.gcp_service_account_email: |- + - + (Optional) + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. + git.https_proxy: |- + - + (Optional) + URL for the HTTPS proxy to be used when communicating with the Git repo. + git.policy_dir: |- + - + (Optional) + The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. + git.secret_type: |- + - + (Optional) + Type of secret configured for access to the Git repo. + git.sync_branch: |- + - + (Optional) + The branch of the repository to sync from. Default: master. + git.sync_repo: |- + - + (Optional) + The URL of the Git repository to use as the source of truth. + git.sync_rev: |- + - + (Optional) + Git revision (tag or hash) to check out. Default HEAD. + git.sync_wait_secs: |- + - + (Optional) + Period in seconds between consecutive syncs. Default: 15. + hierarchy_controller.enable_hierarchical_resource_quota: |- + - + (Optional) + Whether hierarchical resource quota is enabled in this cluster. + hierarchy_controller.enable_pod_tree_labels: |- + - + (Optional) + Whether pod tree labels are enabled in this cluster. + hierarchy_controller.enabled: |- + - + (Optional) + Whether Hierarchy Controller is enabled in this cluster. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}' + location: |- + - + (Optional) + The location of the feature + membership: |- + - + (Optional) + The name of the membership + membership_location: |- + - + (Optional) + The location of the membership, for example, "us-central1". Default is "global". + mesh: |- + - + (Optional) + Service mesh specific spec. Structure is documented below. + mesh.management: |- + - + (Optional) + Whether to automatically manage Service Mesh. Can either be MANAGEMENT_AUTOMATIC or MANAGEMENT_MANUAL. + monitoring.backends: |- + (Optional) + Specifies the list of backends Policy Controller will export to. Must be one of CLOUD_MONITORING or PROMETHEUS. Defaults to [CLOUD_MONITORING, PROMETHEUS]. Specifying an empty value [] disables metrics export. + oci.gcp_service_account_email: |- + - + (Optional) + The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. + oci.policy_dir: |- + - + (Optional) + The absolute path of the directory that contains the local resources. Default: the root directory of the image. + oci.secret_type: |- + - + (Optional) + Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. + oci.sync_repo: |- + - + (Optional) + The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + oci.sync_wait_secs: |- + - + (Optional) + Period in seconds(int64 format) between consecutive syncs. Default: 15. + policy_content.template_library: |- + (Optional) + Configures the installation of the Template Library. Structure is documented below. + policy_content.template_library.installation: |- + (Optional) + Configures the manner in which the template library is installed on the cluster. Must be one of ALL, NOT_INSTALLED or INSTALLATION_UNSPECIFIED. Defaults to ALL. + policy_controller.audit_interval_seconds: |- + - + (Optional) + Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. + policy_controller.enabled: |- + - + (Optional) + Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. + policy_controller.exemptable_namespaces: |- + - + (Optional) + The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. + policy_controller.log_denies_enabled: |- + - + (Optional) + Logs all denies and dry run failures. + policy_controller.monitoring: |- + - + (Optional) + Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"] + policy_controller.mutation_enabled: |- + - + (Optional) + Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster. + policy_controller.referential_rules_enabled: |- + - + (Optional) + Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. + policy_controller.template_library_installed: |- + - + (Optional) + Installs the default template library along with Policy Controller. + policy_controller_hub_config.audit_interval_seconds: |- + - + (Optional) + Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. + policy_controller_hub_config.constraint_violation_limit: |- + - + (Optional) + The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used. + policy_controller_hub_config.exemptable_namespaces: |- + - + (Optional) + The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. + policy_controller_hub_config.install_spec: |- + - + (Optional) + Configures the mode of the Policy Controller installation. Must be one of INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED or INSTALL_SPEC_DETACHED. + policy_controller_hub_config.log_denies_enabled: |- + - + (Optional) + Logs all denies and dry run failures. + policy_controller_hub_config.monitoring: |- + - + (Optional) + Specifies the backends Policy Controller should export metrics to. Structure is documented below. + policy_controller_hub_config.mutation_enabled: |- + - + (Optional) + Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster. + policy_controller_hub_config.policy_content: |- + - + (Optional) + Specifies the desired policy content on the cluster. Structure is documented below. + policy_controller_hub_config.referential_rules_enabled: |- + - + (Optional) + Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. + policycontroller: |- + - + (Optional) + Policy Controller-specific spec. Structure is documented below. + policycontroller.policy_controller_hub_config: |- + - + Policy Controller configuration for the cluster. Structure is documented below. + policycontroller.version: |- + - + (Optional) + Version of Policy Controller to install. Defaults to the latest version. + project: |- + - + (Optional) + The project of the feature + update: '- Default is 20 minutes.' + importStatements: [] + google_gke_hub_fleet: + subCategory: GKEHub + description: Fleet contains information about a group of clusters. + name: google_gke_hub_fleet + title: "" + examples: + - name: default + manifest: |- + { + "default_cluster_config": [ + { + "security_posture_config": [ + { + "mode": "DISABLED", + "vulnerability_mode": "VULNERABILITY_DISABLED" + } + ] + } + ], + "display_name": "my production fleet" + } + argumentDocs: + binary_authorization_config.evaluation_mode: |- + - + (Optional) + Mode of operation for binauthz policy evaluation. + Possible values are: DISABLED, POLICY_BINDINGS. + binary_authorization_config.policy_bindings: |- + - + (Optional) + Binauthz policies that apply to this cluster. + Structure is documented below. + create: '- Default is 20 minutes.' + create_time: |- + - + The time the fleet was created, in RFC3339 text format. + default_cluster_config: |- + - + (Optional) + The default cluster configurations to apply across the fleet. + Structure is documented below. + default_cluster_config.binary_authorization_config: |- + - + (Optional) + Enable/Disable binary authorization features for the cluster. + Structure is documented below. + default_cluster_config.security_posture_config: |- + - + (Optional) + Enable/Disable Security Posture features for the cluster. + Structure is documented below. + delete: '- Default is 20 minutes.' + delete_time: |- + - + The time the fleet was deleted, in RFC3339 text format. + display_name: |- + - + (Optional) + A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters. + Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/fleets/default' + policy_bindings.name: |- + - + (Optional) + The relative resource name of the binauthz platform policy to audit. GKE + platform policies have the following format: + projects/{project_number}/platforms/gke/policies/{policy_id}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + security_posture_config.mode: |- + - + (Optional) + Sets which mode to use for Security Posture features. + Possible values are: DISABLED, BASIC. + security_posture_config.vulnerability_mode: |- + - + (Optional) + Sets which mode to use for vulnerability scanning. + Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_BASIC, VULNERABILITY_ENTERPRISE. + state: |- + - + The state of the fleet resource. + Structure is documented below. + state.code: |- + - + (Output) + Describes the state of a Fleet resource. + uid: |- + - + Google-generated UUID for this resource. This is unique across all + Fleet resources. If a Fleet resource is deleted and another + resource with the same name is created, it gets a different uid. + update: '- Default is 20 minutes.' + update_time: |- + - + The time the fleet was last updated, in RFC3339 text format. + importStatements: [] + google_gke_hub_membership: + subCategory: GKEHub + description: Membership contains information about a member cluster. + name: google_gke_hub_membership + title: "" + examples: + - name: membership + manifest: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.primary.id}" + } + ] + } + ], + "location": "us-west1", + "membership_id": "basic" + } + dependencies: + google_container_cluster.primary: |- + { + "deletion_protection": false, + "initial_node_count": 1, + "location": "us-central1-a", + "name": "basic-cluster", + "network": "default", + "subnetwork": "default" + } + - name: membership + manifest: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.primary.id}" + } + ] + } + ], + "labels": { + "env": "test" + }, + "membership_id": "basic" + } + dependencies: + google_container_cluster.primary: |- + { + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1-a", + "name": "basic-cluster", + "network": "default", + "subnetwork": "default" + } + - name: membership + manifest: |- + { + "authority": [ + { + "issuer": "https://container.googleapis.com/v1/${google_container_cluster.primary.id}" + } + ], + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "${google_container_cluster.primary.id}" + } + ] + } + ], + "membership_id": "basic" + } + references: + endpoint.gke_cluster.resource_link: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1-a", + "name": "basic-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + argumentDocs: + authority: |- + - + (Optional) + Authority encodes how Google will recognize identities from this Membership. + See the workload identity documentation for more details: + https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity + Structure is documented below. + authority.issuer: |- + - + (Required) + A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid + with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones). If the cluster is provisioned with Terraform, this is "https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}". + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional, Beta, Deprecated) + The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API. + effective_labels: for all of the labels present on the resource. + endpoint: |- + - + (Optional) + If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. + Structure is documented below. + endpoint.gke_cluster: |- + - + (Optional) + If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. + Structure is documented below. + endpoint.gke_cluster.resource_link: |- + - + (Required) + Self-link of the GCP resource for the GKE cluster. + For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, + this can be "//container.googleapis.com/${google_container_cluster.my-cluster.id}" or + google_container_cluster.my-cluster.id. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}' + labels: |- + - + (Optional) + Labels to apply to this membership. + location: |- + - + (Optional) + Location of the membership. + The default value is global. + membership_id: |- + - + (Required) + The client-provided identifier of the membership. + name: |- + - + The unique identifier of the membership. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + importStatements: [] + google_gke_hub_membership_binding: + subCategory: GKEHub + description: MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to. + name: google_gke_hub_membership_binding + title: "" + examples: + - name: membership_binding + manifest: |- + { + "depends_on": [ + "${google_gke_hub_membership.membership}", + "${google_gke_hub_scope.scope}" + ], + "labels": { + "keya": "valuea", + "keyb": "valueb", + "keyc": "valuec" + }, + "location": "global", + "membership_binding_id": "tf-test-membership-binding", + "membership_id": "${google_gke_hub_membership.membership.membership_id}", + "scope": "${google_gke_hub_scope.scope.name}" + } + references: + membership_id: google_gke_hub_membership.membership.membership_id + scope: google_gke_hub_scope.scope.name + dependencies: + google_container_cluster.primary: |- + { + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1-a", + "name": "basic-cluster", + "network": "default", + "subnetwork": "default" + } + google_gke_hub_membership.membership: |- + { + "depends_on": [ + "${google_container_cluster.primary}" + ], + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.primary.id}" + } + ] + } + ], + "membership_id": "tf-test-membership" + } + google_gke_hub_scope.scope: |- + { + "scope_id": "tf-test-scope" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the MembershipBinding was created in UTC. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Time the MembershipBinding was deleted in UTC. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/bindings/{{membership_binding_id}}' + labels: |- + - + (Optional) + Labels for this Membership binding. + location: |- + - + (Required) + Location of the membership + membership_binding_id: |- + - + (Required) + The client-provided identifier of the membership binding. + membership_id: |- + - + (Required) + Id of the membership + name: |- + - + The resource name for the membershipbinding itself + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + scope: |- + - + (Required) + A Workspace resource name in the format + projects/*/locations/*/scopes/*. + state: |- + - + State of the membership binding resource. + Structure is documented below. + state.code: |- + - + (Output) + Code describes the state of a MembershipBinding resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Google-generated UUID for this resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the MembershipBinding was updated in UTC. + importStatements: [] + google_gke_hub_membership_iam_policy: + subCategory: GKEHub + description: Collection of resources to manage IAM policy for GKEHub Membership + name: google_gke_hub_membership_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_gke_hub_membership.membership.location}", + "membership_id": "${google_gke_hub_membership.membership.membership_id}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_gke_hub_membership.membership.project}" + } + references: + location: google_gke_hub_membership.membership.location + membership_id: google_gke_hub_membership.membership.membership_id + policy_data: data.google_iam_policy.admin.policy_data + project: google_gke_hub_membership.membership.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_gke_hub_membership_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.' + google_gke_hub_membership_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.' + google_gke_hub_membership_iam_policy: ': Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.' + location: |- + - (Required) Location of the membership. + The default value is global. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_gke_hub_membership_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_gke_hub_membership_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_gke_hub_membership_rbac_role_binding: + subCategory: GKEHub + description: RBACRoleBinding represents a rbacrolebinding across the Fleet. + name: google_gke_hub_membership_rbac_role_binding + title: "" + examples: + - name: membership_rbac_role_binding + manifest: |- + { + "depends_on": [ + "${google_gke_hub_membership.membership}" + ], + "location": "global", + "membership_id": "${google_gke_hub_membership.membership.membership_id}", + "membership_rbac_role_binding_id": "tf-test-membership-rbac-role-binding", + "provider": "${google-beta}", + "role": [ + { + "predefined_role": "ANTHOS_SUPPORT" + } + ], + "user": "service-${data.google_project.project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com" + } + references: + membership_id: google_gke_hub_membership.membership.membership_id + provider: google-beta + dependencies: + google_container_cluster.primary: |- + { + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1-a", + "name": "basic-cluster", + "network": "default", + "provider": "${google-beta}", + "subnetwork": "default" + } + google_gke_hub_membership.membership: |- + { + "depends_on": [ + "${google_container_cluster.primary}" + ], + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.primary.id}" + } + ] + } + ], + "membership_id": "tf-test-membership", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the RBAC Role Binding was created in UTC. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Time the RBAC Role Binding was deleted in UTC. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/rbacrolebindings/{{membership_rbac_role_binding_id}}' + location: |- + - + (Required) + Location of the Membership + membership_id: |- + - + (Required) + Id of the membership + membership_rbac_role_binding_id: |- + - + (Required) + The client-provided identifier of the RBAC Role Binding. + name: |- + - + The resource name for the RBAC Role Binding + role: |- + - + (Required) + Role to bind to the principal. + Structure is documented below. + role.predefined_role: |- + - + (Required) + PredefinedRole is an ENUM representation of the default Kubernetes Roles + Possible values are: UNKNOWN, ADMIN, EDIT, VIEW, ANTHOS_SUPPORT. + role.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + state: |- + - + State of the RBAC Role Binding resource. + Structure is documented below. + state.code: |- + - + (Output) + Code describes the state of a RBAC Role Binding resource. + uid: |- + - + Google-generated UUID for this resource. + update_time: |- + - + Time the RBAC Role Binding was updated in UTC. + user: |- + - + (Required) + Principal that is be authorized in the cluster (at least of one the oneof + is required). Updating one will unset the other automatically. + user is the name of the user as seen by the kubernetes cluster, example + "alice" or "alice@domain.tld" + importStatements: [] + google_gke_hub_namespace: + subCategory: GKEHub + description: Namespace represents a namespace across the Fleet. + name: google_gke_hub_namespace + title: "" + examples: + - name: namespace + manifest: |- + { + "depends_on": [ + "${google_gke_hub_scope.scope}" + ], + "labels": { + "keya": "valuea", + "keyb": "valueb", + "keyc": "valuec" + }, + "namespace_labels": { + "keya": "valuea", + "keyb": "valueb", + "keyc": "valuec" + }, + "scope": "${google_gke_hub_scope.scope.name}", + "scope_id": "${google_gke_hub_scope.scope.scope_id}", + "scope_namespace_id": "tf-test-namespace" + } + references: + scope: google_gke_hub_scope.scope.name + scope_id: google_gke_hub_scope.scope.scope_id + dependencies: + google_gke_hub_scope.scope: |- + { + "scope_id": "tf-test-scope" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the Namespace was created in UTC. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Time the Namespace was deleted in UTC. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/scopes/{{scope_id}}/namespaces/{{scope_namespace_id}}' + labels: |- + - + (Optional) + Labels for this Namespace. + name: |- + - + The resource name for the namespace + namespace_labels: |- + - + (Optional) + Namespace-level cluster namespace labels. These labels are applied + to the related namespace of the member clusters bound to the parent + Scope. Scope-level labels (namespace_labels in the Fleet Scope + resource) take precedence over Namespace-level labels if they share + a key. Keys and values must be Kubernetes-conformant. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + scope: |- + - + (Required) + The name of the Scope instance. + scope_id: |- + - + (Required) + Id of the scope + scope_namespace_id: |- + - + (Required) + The client-provided identifier of the namespace. + state: |- + - + State of the namespace resource. + Structure is documented below. + state.code: |- + - + (Output) + Code describes the state of a Namespace resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Google-generated UUID for this resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the Namespace was updated in UTC. + importStatements: [] + google_gke_hub_scope: + subCategory: GKEHub + description: Scope represents a Scope in a Fleet. + name: google_gke_hub_scope + title: "" + examples: + - name: scope + manifest: |- + { + "labels": { + "keya": "valuea", + "keyb": "valueb", + "keyc": "valuec" + }, + "namespace_labels": { + "keya": "valuea", + "keyb": "valueb", + "keyc": "valuec" + }, + "scope_id": "my-scope" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the Scope was created in UTC. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Time the Scope was deleted in UTC. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/scopes/{{scope_id}}' + labels: |- + - + (Optional) + Labels for this Scope. + name: |- + - + The unique identifier of the scope + namespace_labels: |- + - + (Optional) + Scope-level cluster namespace labels. For the member clusters bound + to the Scope, these labels are applied to each namespace under the + Scope. Scope-level labels take precedence over Namespace-level + labels (namespace_labels in the Fleet Namespace resource) if they + share a key. Keys and values must be Kubernetes-conformant. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + scope_id: |- + - + (Required) + The client-provided identifier of the scope. + state: |- + - + State of the scope resource. + Structure is documented below. + state.code: |- + - + (Output) + Code describes the state of a Scope resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Google-generated UUID for this resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the Scope was updated in UTC. + importStatements: [] + google_gke_hub_scope_iam_policy: + subCategory: GKEHub + description: Collection of resources to manage IAM policy for GKEHub Scope + name: google_gke_hub_scope_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_gke_hub_scope.scope.project}", + "scope_id": "${google_gke_hub_scope.scope.scope_id}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_gke_hub_scope.scope.project + scope_id: google_gke_hub_scope.scope.scope_id + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_gke_hub_scope_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.' + google_gke_hub_scope_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.' + google_gke_hub_scope_iam_policy: ': Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_gke_hub_scope_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_gke_hub_scope_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_gke_hub_scope_rbac_role_binding: + subCategory: GKEHub + description: RBACRoleBinding represents a rbacrolebinding across the Fleet. + name: google_gke_hub_scope_rbac_role_binding + title: "" + examples: + - name: scope_rbac_role_binding + manifest: |- + { + "depends_on": [ + "${google_gke_hub_scope.scope}" + ], + "labels": { + "key": "value" + }, + "role": [ + { + "predefined_role": "ADMIN" + } + ], + "scope_id": "${google_gke_hub_scope.scope.scope_id}", + "scope_rbac_role_binding_id": "tf-test-scope-rbac-role-binding", + "user": "test-email@gmail.com" + } + references: + scope_id: google_gke_hub_scope.scope.scope_id + dependencies: + google_gke_hub_scope.scope: |- + { + "scope_id": "tf-test-scope" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the RBAC Role Binding was created in UTC. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Time the RBAC Role Binding was deleted in UTC. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}' + name: |- + - + The resource name for the RBAC Role Binding + role: |- + - + (Required) + Role to bind to the principal. + Structure is documented below. + role.effective_labels: for all of the labels present on the resource. + role.group: |- + - + (Optional) + Principal that is be authorized in the cluster (at least of one the oneof + is required). Updating one will unset the other automatically. + group is the group, as seen by the kubernetes cluster. + role.labels: |- + - + (Optional) + Labels for this ScopeRBACRoleBinding. + role.predefined_role: |- + - + (Optional) + PredefinedRole is an ENUM representation of the default Kubernetes Roles + Possible values are: UNKNOWN, ADMIN, EDIT, VIEW. + role.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + role.user: |- + - + (Optional) + Principal that is be authorized in the cluster (at least of one the oneof + is required). Updating one will unset the other automatically. + user is the name of the user as seen by the kubernetes cluster, example + "alice" or "alice@domain.tld" + scope_id: |- + - + (Required) + Id of the scope + scope_rbac_role_binding_id: |- + - + (Required) + The client-provided identifier of the RBAC Role Binding. + state: |- + - + State of the RBAC Role Binding resource. + Structure is documented below. + state.code: |- + - + (Output) + Code describes the state of a RBAC Role Binding resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Google-generated UUID for this resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the RBAC Role Binding was updated in UTC. + importStatements: [] + google_gkeonprem_bare_metal_admin_cluster: + subCategory: Anthos On-Prem + description: A Google Bare Metal Admin Cluster. + name: google_gkeonprem_bare_metal_admin_cluster + title: "" + examples: + - name: admin-cluster-basic + manifest: |- + { + "bare_metal_version": "1.13.4", + "control_plane": [ + { + "control_plane_node_pool_config": [ + { + "node_pool_config": [ + { + "labels": {}, + "node_configs": [ + { + "labels": {}, + "node_ip": "10.200.0.2" + }, + { + "labels": {}, + "node_ip": "10.200.0.3" + }, + { + "labels": {}, + "node_ip": "10.200.0.4" + } + ], + "operating_system": "LINUX" + } + ] + } + ] + } + ], + "load_balancer": [ + { + "port_config": [ + { + "control_plane_load_balancer_port": 443 + } + ], + "vip_config": [ + { + "control_plane_vip": "10.200.0.5" + } + ] + } + ], + "location": "us-west1", + "name": "my-cluster", + "network_config": [ + { + "island_mode_cidr": [ + { + "pod_address_cidr_blocks": [ + "10.240.0.0/13" + ], + "service_address_cidr_blocks": [ + "172.26.0.0/16" + ] + } + ] + } + ], + "node_access_config": [ + { + "login_user": "root" + } + ], + "node_config": [ + { + "max_pods_per_node": 250 + } + ], + "storage": [ + { + "lvp_node_mounts_config": [ + { + "path": "/mnt/localpv-disk", + "storage_class": "local-disks" + } + ], + "lvp_share_config": [ + { + "lvp_config": [ + { + "path": "/mnt/localpv-share", + "storage_class": "local-shared" + } + ], + "shared_path_pv_count": 5 + } + ] + } + ] + } + - name: admin-cluster-basic + manifest: |- + { + "annotations": { + "env": "test" + }, + "bare_metal_version": "1.13.4", + "cluster_operations": [ + { + "enable_application_logs": true + } + ], + "control_plane": [ + { + "api_server_args": [ + { + "argument": "test argument", + "value": "test value" + } + ], + "control_plane_node_pool_config": [ + { + "node_pool_config": [ + { + "labels": {}, + "node_configs": [ + { + "labels": {}, + "node_ip": "10.200.0.2" + }, + { + "labels": {}, + "node_ip": "10.200.0.3" + }, + { + "labels": {}, + "node_ip": "10.200.0.4" + } + ], + "operating_system": "LINUX", + "taints": [ + { + "effect": "NO_EXECUTE", + "key": "test-key", + "value": "test-value" + } + ] + } + ] + } + ] + } + ], + "description": "test description", + "load_balancer": [ + { + "manual_lb_config": [ + { + "enabled": true + } + ], + "port_config": [ + { + "control_plane_load_balancer_port": 443 + } + ], + "vip_config": [ + { + "control_plane_vip": "10.200.0.5" + } + ] + } + ], + "location": "us-west1", + "maintenance_config": [ + { + "maintenance_address_cidr_blocks": [ + "10.0.0.1/32", + "10.0.0.2/32" + ] + } + ], + "name": "my-cluster", + "network_config": [ + { + "island_mode_cidr": [ + { + "pod_address_cidr_blocks": [ + "10.240.0.0/13" + ], + "service_address_cidr_blocks": [ + "172.26.0.0/16" + ] + } + ] + } + ], + "node_access_config": [ + { + "login_user": "root" + } + ], + "node_config": [ + { + "max_pods_per_node": 250 + } + ], + "proxy": [ + { + "no_proxy": [ + "127.0.0.1" + ], + "uri": "test proxy uri" + } + ], + "security_config": [ + { + "authorization": [ + { + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] + } + ] + } + ], + "storage": [ + { + "lvp_node_mounts_config": [ + { + "path": "/mnt/localpv-disk", + "storage_class": "local-disks" + } + ], + "lvp_share_config": [ + { + "lvp_config": [ + { + "path": "/mnt/localpv-share", + "storage_class": "local-shared" + } + ], + "shared_path_pv_count": 5 + } + ] + } + ] + } + argumentDocs: + annotations: |- + - + (Optional) + Annotations on the Bare Metal Admin Cluster. + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + api_server_args.argument: |- + - + (Required) + The argument name as it appears on the API Server command line please make sure to remove the leading dashes. + api_server_args.value: |- + - + (Required) + The value of the arg as it will be passed to the API Server command line. + bare_metal_version: |- + - + (Optional) + A human readable description of this Bare Metal Admin Cluster. + cluster_operations: |- + - + (Optional) + Specifies the Admin Cluster's observability infrastructure. + Structure is documented below. + cluster_operations.enable_application_logs: |- + - + (Optional) + Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics). + conditions.last_transition_time: |- + - + (Output) + Last time the condition transit from one status to another. + conditions.message: |- + - + (Optional) + Human-readable message indicating details about last transition. + conditions.reason: |- + - + (Optional) + Machine-readable message indicating details about last transition. + conditions.state: |- + - + (Output) + The lifecycle state of the condition. + conditions.type: |- + - + (Optional) + Type of the condition. + (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) + control_plane: |- + - + (Optional) + Specifies the control plane configuration. + Structure is documented below. + control_plane.api_server_args: |- + - + (Optional) + Customizes the default API server args. Only a subset of + customized flags are supported. Please refer to the API server + documentation below to know the exact format: + https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + Structure is documented below. + control_plane.control_plane_node_pool_config: |- + - + (Required) + Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster. + Structure is documented below. + control_plane_node_pool_config.node_pool_config: |- + - + (Required) + The generic configuration for a node pool running the control plane. + Structure is documented below. + control_plane_node_pool_config.node_pool_config.labels: |- + - + (Optional) + The map of Kubernetes labels (key/value pairs) to be applied to + each node. These will added in addition to any default label(s) + that Kubernetes may apply to the node. In case of conflict in + label keys, the applied set may differ depending on the Kubernetes + version -- it's best to assume the behavior is undefined and + conflicts should be avoided. For more information, including usage + and the valid values, see: + http://kubernetes.io/v1.1/docs/user-guide/labels.html + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + control_plane_node_pool_config.node_pool_config.node_configs: |- + - + (Optional) + The list of machine addresses in the Bare Metal Node Pool. + Structure is documented below. + control_plane_node_pool_config.node_pool_config.operating_system: |- + - + (Optional) + Specifies the nodes operating system (default: LINUX). + control_plane_node_pool_config.node_pool_config.taints: |- + - + (Optional) + The initial taints assigned to nodes of this node pool. + Structure is documented below. + create: '- Default is 60 minutes.' + create_time: |- + - + The time the cluster was created, in RFC3339 text format. + delete: '- Default is 20 minutes.' + delete_time: |- + - + The time the cluster was deleted, in RFC3339 text format. + description: |- + - + (Optional) + A human readable description of this Bare Metal Admin Cluster. + effective_annotations: for all of the annotations present on the resource. + endpoint: |- + - + The IP address name of Bare Metal Admin Cluster's API server. + etag: |- + - + This checksum is computed by the server based on the value of other + fields, and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + Allows clients to perform consistent read-modify-writes through optimistic concurrency control. fleet: |- - @@ -70301,7 +84615,6 @@ resources: ] } ], - "provider": "${google-beta}", "security_config": [ { "authorization": [ @@ -70335,109 +84648,114 @@ resources: } ] } - ] - } - references: - provider: google-beta - - name: cluster-manuallb - manifest: |- - { - "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", - "bare_metal_version": "1.12.3", - "control_plane": [ - { - "control_plane_node_pool_config": [ - { - "node_pool_config": [ - { - "labels": {}, - "node_configs": [ - { - "labels": {}, - "node_ip": "10.200.0.9" - } - ], - "operating_system": "LINUX" - } - ] - } - ] - } - ], - "load_balancer": [ - { - "manual_lb_config": [ - { - "enabled": true - } - ], - "port_config": [ - { - "control_plane_load_balancer_port": 443 - } - ], - "vip_config": [ - { - "control_plane_vip": "10.200.0.13", - "ingress_vip": "10.200.0.14" - } - ] - } - ], - "location": "us-west1", - "name": "cluster-manuallb", - "network_config": [ - { - "island_mode_cidr": [ - { - "pod_address_cidr_blocks": [ - "10.240.0.0/13" - ], - "service_address_cidr_blocks": [ - "172.26.0.0/16" - ] - } - ] - } - ], - "provider": "${google-beta}", - "security_config": [ - { - "authorization": [ - { - "admin_users": [ - { - "username": "admin@hashicorptest.com" - } - ] - } - ] - } + ] + } + - name: cluster-manuallb + manifest: |- + { + "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", + "bare_metal_version": "1.12.3", + "binary_authorization": [ + { + "evaluation_mode": "DISABLED" + } + ], + "control_plane": [ + { + "control_plane_node_pool_config": [ + { + "node_pool_config": [ + { + "labels": {}, + "node_configs": [ + { + "labels": {}, + "node_ip": "10.200.0.9" + } + ], + "operating_system": "LINUX" + } + ] + } + ] + } + ], + "load_balancer": [ + { + "manual_lb_config": [ + { + "enabled": true + } + ], + "port_config": [ + { + "control_plane_load_balancer_port": 443 + } + ], + "vip_config": [ + { + "control_plane_vip": "10.200.0.13", + "ingress_vip": "10.200.0.14" + } + ] + } + ], + "location": "us-west1", + "name": "cluster-manuallb", + "network_config": [ + { + "island_mode_cidr": [ + { + "pod_address_cidr_blocks": [ + "10.240.0.0/13" + ], + "service_address_cidr_blocks": [ + "172.26.0.0/16" + ] + } + ] + } + ], + "security_config": [ + { + "authorization": [ + { + "admin_users": [ + { + "username": "admin@hashicorptest.com" + } + ] + } + ] + } + ], + "storage": [ + { + "lvp_node_mounts_config": [ + { + "path": "/mnt/localpv-disk", + "storage_class": "local-disks" + } + ], + "lvp_share_config": [ + { + "lvp_config": [ + { + "path": "/mnt/localpv-share", + "storage_class": "local-shared" + } + ], + "shared_path_pv_count": 5 + } + ] + } ], - "storage": [ + "upgrade_policy": [ { - "lvp_node_mounts_config": [ - { - "path": "/mnt/localpv-disk", - "storage_class": "local-disks" - } - ], - "lvp_share_config": [ - { - "lvp_config": [ - { - "path": "/mnt/localpv-share", - "storage_class": "local-shared" - } - ], - "shared_path_pv_count": 5 - } - ] + "policy": "SERIAL" } ] } - references: - provider: google-beta - name: cluster-bgplb manifest: |- { @@ -70606,7 +84924,6 @@ resources: "package_repo_excluded": true } ], - "provider": "${google-beta}", "proxy": [ { "no_proxy": [ @@ -70650,8 +84967,6 @@ resources: } ] } - references: - provider: google-beta argumentDocs: address_pools.addresses: |- - @@ -70732,6 +85047,12 @@ resources: - (Required) The IP address of the external peer device. + binary_authorization.evaluation_mode: |- + - + (Optional) + Mode of operation for binauthz policy evaluation. If unspecified, + defaults to DISABLED. + Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. cluster_operations.enable_application_logs: |- - (Optional) @@ -70815,6 +85136,9 @@ resources: delete_time: |- - The time the cluster was deleted, in RFC3339 text format. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. endpoint: |- - The IP address name of Bare Metal User Cluster's API server. @@ -70976,6 +85300,11 @@ resources: Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. + lvp_node_mounts_config.binary_authorization: |- + - + (Optional) + Binary Authorization related configurations. + Structure is documented below. lvp_node_mounts_config.cluster_operations: |- - (Optional) @@ -70985,6 +85314,7 @@ resources: - (Optional) A human readable description of this Bare Metal User Cluster. + lvp_node_mounts_config.effective_annotations: for all of the annotations present on the resource. lvp_node_mounts_config.maintenance_config: |- - (Optional) @@ -71026,6 +85356,11 @@ resources: - (Required) The StorageClass name that PVs will be created with. + lvp_node_mounts_config.upgrade_policy: |- + - + (Optional) + The cluster upgrade policy. + Structure is documented below. lvp_share_config.lvp_config: |- - (Required) @@ -71254,6 +85589,11 @@ resources: update_time: |- - The time the cluster was last updated, in RFC3339 text format. + upgrade_policy.policy: |- + - + (Optional) + Specifies which upgrade policy to use. + Possible values are: SERIAL, CONCURRENT. validation_check: |- - Specifies the security related settings for the Bare Metal User Cluster. @@ -71301,12 +85641,10 @@ resources: ], "operating_system": "LINUX" } - ], - "provider": "${google-beta}" + ] } references: bare_metal_cluster: google_gkeonprem_bare_metal_cluster.default-basic.name - provider: google-beta dependencies: google_gkeonprem_bare_metal_cluster.default-basic: |- { @@ -71383,7 +85721,6 @@ resources: ] } ], - "provider": "${google-beta}", "security_config": [ { "authorization": [ @@ -71445,12 +85782,10 @@ resources: } ] } - ], - "provider": "${google-beta}" + ] } references: bare_metal_cluster: google_gkeonprem_bare_metal_cluster.default-full.name - provider: google-beta dependencies: google_gkeonprem_bare_metal_cluster.default-full: |- { @@ -71527,7 +85862,6 @@ resources: ] } ], - "provider": "${google-beta}", "security_config": [ { "authorization": [ @@ -71597,6 +85931,9 @@ resources: delete_time: |- - The time the cluster was deleted, in RFC3339 text format. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. etag: |- - This checksum is computed by the server based on the value of other @@ -71706,6 +86043,7 @@ resources: (Optional) Specifies the nodes operating system (default: LINUX). Possible values are: EFFECT_UNSPECIFIED, PREFER_NO_SCHEDULE, NO_EXECUTE. + taints.effective_annotations: for all of the annotations present on the resource. taints.key: |- - (Optional) @@ -71793,11 +86131,8 @@ resources: ] } ], - "on_prem_version": "1.13.1-gke.35", - "provider": "${google-beta}" + "on_prem_version": "1.13.1-gke.35" } - references: - provider: google-beta - name: cluster-f5lb manifest: |- { @@ -71894,7 +86229,6 @@ resources: } ], "on_prem_version": "1.13.1-gke.35", - "provider": "${google-beta}", "storage": [ { "vsphere_csi_disabled": true @@ -71902,8 +86236,6 @@ resources: ], "vm_tracking_enabled": true } - references: - provider: google-beta - name: cluster-manuallb manifest: |- { @@ -72021,11 +86353,24 @@ resources: } ], "on_prem_version": "1.13.1-gke.35", - "provider": "${google-beta}", + "upgrade_policy": [ + { + "control_plane_only": true + } + ], + "vcenter": [ + { + "ca_cert_data": "test-ca-cert-data", + "cluster": "test-cluster", + "datacenter": "test-datacenter", + "datastore": "test-datastore", + "folder": "test-folder", + "resource_pool": "test-resource-pool", + "storage_policy_name": "test-storage-policy-name" + } + ], "vm_tracking_enabled": true } - references: - provider: google-beta argumentDocs: admin_cluster_membership: |- - @@ -72152,6 +86497,9 @@ resources: (Required) enabled is a flag to mark if DHCP IP allocation is used for VMware user clusters. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. endpoint: |- - The DNS name of VMware User Cluster's API server. @@ -72411,6 +86759,10 @@ resources: update_time: |- - The time at which VMware User Cluster was last updated. + upgrade_policy.control_plane_only: |- + - + (Optional) + Controls whether the upgrade applies to the control plane only. validation_check: |- - ValidationCheck represents the result of the preflight check job. @@ -72428,39 +86780,38 @@ resources: (Output) Specifies the detailed validation check status Structure is documented below. - vcenter: |- - - - VmwareVCenterConfig specifies vCenter config for the user cluster. - Inherited from the admin cluster. - Structure is documented below. vcenter.address: |- - (Output) The vCenter IP address. vcenter.ca_cert_data: |- - - (Output) + (Optional) Contains the vCenter CA certificate public key for SSL verification. vcenter.cluster: |- - - (Output) + (Optional) The name of the vCenter cluster for the user cluster. vcenter.datacenter: |- - - (Output) + (Optional) The name of the vCenter datacenter for the user cluster. vcenter.datastore: |- - - (Output) + (Optional) The name of the vCenter datastore for the user cluster. vcenter.folder: |- - - (Output) + (Optional) The name of the vCenter folder for the user cluster. vcenter.resource_pool: |- - - (Output) + (Optional) The name of the vCenter resource pool for the user cluster. + vcenter.storage_policy_name: |- + - + (Optional) + The name of the vCenter storage policy for the user cluster. vip_config.control_plane_vip: |- - (Optional) @@ -72509,6 +86860,7 @@ resources: - (Optional) A human readable description of this VMware User Cluster. + vsphere_config.effective_annotations: for all of the annotations present on the resource. vsphere_config.enable_control_plane_v2: |- - (Optional) @@ -72531,6 +86883,21 @@ resources: (Optional) Storage configuration. Structure is documented below. + vsphere_config.storage_policy_name: |- + - + (Output) + The Vsphere storage policy used by the control plane Node. + vsphere_config.upgrade_policy: |- + - + (Optional) + Specifies upgrade policy for the cluster. + Structure is documented below. + vsphere_config.vcenter: |- + - + (Optional) + VmwareVCenterConfig specifies vCenter config for the user cluster. + Inherited from the admin cluster. + Structure is documented below. vsphere_config.vm_tracking_enabled: |- - (Optional) @@ -72554,11 +86921,9 @@ resources: ], "location": "us-west1", "name": "my-nodepool", - "provider": "${google-beta}", "vmware_cluster": "${google_gkeonprem_vmware_cluster.default-basic.name}" } references: - provider: google-beta vmware_cluster: google_gkeonprem_vmware_cluster.default-basic.name dependencies: google_gkeonprem_vmware_cluster.default-basic: |- @@ -72619,8 +86984,7 @@ resources: ] } ], - "on_prem_version": "1.13.1-gke.35", - "provider": "${google-beta}" + "on_prem_version": "1.13.1-gke.35" } - name: nodepool-full manifest: |- @@ -72646,6 +87010,25 @@ resources: "key": "key", "value": "value" } + ], + "vsphere_config": [ + { + "datastore": "test-datastore", + "host_groups": [ + "host1", + "host2" + ], + "tags": [ + { + "category": "test-category-1", + "tag": "tag-1" + }, + { + "category": "test-category-2", + "tag": "tag-2" + } + ] + } ] } ], @@ -72657,11 +87040,9 @@ resources: "min_replicas": 1 } ], - "provider": "${google-beta}", "vmware_cluster": "${google_gkeonprem_vmware_cluster.default-full.name}" } references: - provider: google-beta vmware_cluster: google_gkeonprem_vmware_cluster.default-full.name dependencies: google_gkeonprem_vmware_cluster.default-full: |- @@ -72722,8 +87103,7 @@ resources: ] } ], - "on_prem_version": "1.13.1-gke.35", - "provider": "${google-beta}" + "on_prem_version": "1.13.1-gke.35" } argumentDocs: conditions.last_transition_time: |- @@ -72798,7 +87178,7 @@ resources: Structure is documented below. config.vsphere_config: |- - - (Output) + (Optional) Specifies the vSphere config for node pool. Structure is documented below. create: '- Default is 60 minutes.' @@ -72809,6 +87189,9 @@ resources: delete_time: |- - The time the cluster was deleted, in RFC3339 text format. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. etag: |- - This checksum is computed by the server based on the value of other @@ -72872,12 +87255,13 @@ resources: with dashes (-), underscores (_), dots (.), and alphanumerics between. tags.category: |- - - (Output) + (Optional) The Vsphere tag category. tags.display_name: |- - (Optional) The display name for the node pool. + tags.effective_annotations: for all of the annotations present on the resource. tags.node_pool_autoscaling: |- - (Optional) @@ -72888,7 +87272,7 @@ resources: If it is not provided, the provider project is used. tags.tag: |- - - (Output) + (Optional) The Vsphere tag name. taints.effect: |- - @@ -72916,11 +87300,15 @@ resources: The cluster this node pool belongs to. vsphere_config.datastore: |- - - (Output) + (Optional) The name of the vCenter datastore. Inherited from the user cluster. + vsphere_config.host_groups: |- + - + (Optional) + Vsphere host groups to apply to all VMs in the node pool vsphere_config.tags: |- - - (Output) + (Optional) Tags to apply to VMs. Structure is documented below. importStatements: [] @@ -73002,6 +87390,7 @@ resources: Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. enable_consent_create_on_update: |- - (Optional) @@ -73023,6 +87412,10 @@ resources: (Required) The name of this ConsentStore, for example: "consent1" + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_healthcare_consent_store_iam_policy: @@ -73234,6 +87627,7 @@ resources: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format {{dataset}}/dicomStores/{{name}}' labels: |- - @@ -73283,6 +87677,10 @@ resources: - (Required) a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_healthcare_dicom_store_iam_policy: @@ -73331,6 +87729,7 @@ resources: { "complex_data_type_reference_parsing": "DISABLED", "dataset": "${google_healthcare_dataset.dataset.id}", + "default_search_handling_strict": false, "disable_referential_integrity": false, "disable_resource_versioning": false, "enable_history_import": false, @@ -73454,6 +87853,7 @@ resources: "disable_referential_integrity": false, "disable_resource_versioning": false, "enable_history_import": false, + "enable_history_modifications": false, "enable_update_create": false, "labels": { "label1": "labelvalue1" @@ -73462,7 +87862,8 @@ resources: "notification_configs": [ { "pubsub_topic": "${google_pubsub_topic.topic.id}", - "send_full_resource": true + "send_full_resource": true, + "send_previous_resource_on_delete": true } ], "provider": "${google-beta}", @@ -73507,6 +87908,12 @@ resources: (Required) Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' + default_search_handling_strict: |- + - + (Optional) + If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters. + If false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters. + The handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient. delete: '- Default is 20 minutes.' disable_referential_integrity: |- - @@ -73526,6 +87933,7 @@ resources: cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for attempts to read the historical versions. ** Changing this property may recreate the FHIR store (removing all data) ** + effective_labels: for all of the labels present on the resource. enable_history_import: |- - (Optional) @@ -73535,6 +87943,11 @@ resources: will fail with an error. ** Changing this property may recreate the FHIR store (removing all data) ** ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store ** + enable_history_modifications: |- + - + (Optional, Beta) + Whether to allow the ExecuteBundle API to accept history bundles, and directly insert and overwrite historical + resource versions into the FHIR store. If set to false, using history bundles fails with an error. enable_update_create: |- - (Optional) @@ -73606,6 +88019,14 @@ resources: full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full resource as a separate operation. + notification_configs.send_previous_resource_on_delete: |- + - + (Optional) + Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. Note that setting this to + true does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a + resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always + check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full previous + resource as a separate operation. schema_config.last_updated_partition_config: |- - (Optional) @@ -73650,6 +88071,10 @@ resources: Supply a FHIR resource type (such as "Patient" or "Observation"). See https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats an empty list as an intent to stream all the supported resource types in this FHIR store. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' version: |- - @@ -73711,7 +88136,8 @@ resources: { "pubsub_topic": "${google_pubsub_topic.topic.id}" } - ] + ], + "reject_duplicate_message": true } references: dataset: google_healthcare_dataset.dataset.id @@ -73782,6 +88208,7 @@ resources: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format {{dataset}}/hl7V2Stores/{{name}}' labels: |- - @@ -73861,9 +88288,17 @@ resources: The version of the unschematized parser to be used when a custom schema is not set. Default value is V1. Possible values are: V1, V2, V3. + reject_duplicate_message: |- + - + (Optional) + Determines whether duplicate messages are allowed. self_link: |- - The fully qualified name of this dataset + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_healthcare_hl7_v2_store_iam_policy: @@ -74054,7 +88489,6 @@ resources: "display_name": "A deny rule", "name": "my-deny-policy", "parent": "${urlencode(\"cloudresourcemanager.googleapis.com/projects/${google_project.project.project_id}\")}", - "provider": "${google-beta}", "rules": [ { "deny_rule": [ @@ -74066,7 +88500,7 @@ resources: } ], "denied_permissions": [ - "cloudresourcemanager.googleapis.com/projects.delete" + "cloudresourcemanager.googleapis.com/projects.update" ], "denied_principals": [ "principalSet://goog/public:all" @@ -74085,7 +88519,7 @@ resources: } ], "denied_permissions": [ - "cloudresourcemanager.googleapis.com/projects.delete" + "cloudresourcemanager.googleapis.com/projects.update" ], "denied_principals": [ "principalSet://goog/public:all" @@ -74099,23 +88533,19 @@ resources: } ] } - references: - provider: google-beta dependencies: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", "name": "my-project", "org_id": "123456789", - "project_id": "my-project", - "provider": "${google-beta}" + "project_id": "my-project" } google_service_account.test-account: |- { "account_id": "svc-acc", "display_name": "Test Service Account", - "project": "${google_project.project.project_id}", - "provider": "${google-beta}" + "project": "${google_project.project.project_id}" } argumentDocs: create: '- Default is 20 minutes.' @@ -74212,6 +88642,16 @@ resources: - name: example manifest: |- { + "access_restrictions": [ + { + "allowed_services": [ + { + "domain": "backstory.chronicle.security" + } + ], + "disable_programmatic_signin": false + } + ], "description": "A sample workforce pool.", "disabled": false, "display_name": "Display name", @@ -74221,6 +88661,28 @@ resources: "workforce_pool_id": "example-pool" } argumentDocs: + access_restrictions: |- + - + (Optional) + Configure access restrictions on the workforce pool users. This is an optional field. If specified web + sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. + Structure is documented below. + access_restrictions.allowed_services: |- + - + (Optional) + Services allowed for web sign-in with the workforce pool. + If not set by default there are no restrictions. + Structure is documented below. + access_restrictions.disable_programmatic_signin: |- + - + (Optional) + Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. + See Security Token Service API. + allowed_services.domain: |- + - + (Optional) + Domain name of the service. + Example: console.cloud.google create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' description: |- @@ -74395,6 +88857,10 @@ resources: "issuer_uri": "https://accounts.thirdparty.com", "web_sso_config": [ { + "additional_scopes": [ + "groups", + "roles" + ], "assertion_claims_behavior": "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS", "response_type": "CODE" } @@ -74533,6 +88999,15 @@ resources: - (Required) The OIDC issuer URI. Must be a valid URI using the 'https' scheme. + oidc.jwks_json: |- + - + (Optional) + OIDC JWKs in JSON String format. For details on definition of a + JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we + use the jwks_uri from the discovery document fetched from the + .well-known path for the issuer_uri. Currently, RSA and EC asymmetric + keys are supported. The JWK must use following format and include only + the following fields: oidc.web_sso_config: |- - (Optional) @@ -74564,6 +89039,11 @@ resources: - The current state of the provider. update: '- Default is 20 minutes.' + web_sso_config.additional_scopes: |- + - + (Optional) + Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the openid, profile and email scopes that are supported by the identity provider are requested. + Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured. web_sso_config.assertion_claims_behavior: |- - (Required) @@ -74671,12 +89151,64 @@ resources: }, "aws": [ { - "account_id": "999999999999" + "account_id": "999999999999" + } + ], + "description": "AWS identity pool provider for automated test", + "disabled": true, + "display_name": "Name of provider", + "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", + "workload_identity_pool_provider_id": "example-prvdr" + } + references: + workload_identity_pool_id: google_iam_workload_identity_pool.pool.workload_identity_pool_id + dependencies: + google_iam_workload_identity_pool.pool: |- + { + "workload_identity_pool_id": "example-pool" + } + - name: example + manifest: |- + { + "attribute_mapping": { + "google.subject": "assertion.sub" + }, + "oidc": [ + { + "issuer_uri": "https://sts.windows.net/azure-tenant-id" + } + ], + "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", + "workload_identity_pool_provider_id": "example-prvdr" + } + references: + workload_identity_pool_id: google_iam_workload_identity_pool.pool.workload_identity_pool_id + dependencies: + google_iam_workload_identity_pool.pool: |- + { + "workload_identity_pool_id": "example-pool" + } + - name: example + manifest: |- + { + "attribute_condition": "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups", + "attribute_mapping": { + "attribute.managed_identity_name": " {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n", + "attribute.tid": "assertion.tid", + "google.subject": "\"azure::\" + assertion.tid + \"::\" + assertion.sub" + }, + "description": "OIDC identity pool provider for automated test", + "disabled": true, + "display_name": "Name of provider", + "oidc": [ + { + "allowed_audiences": [ + "https://example.com/gcp-oidc-federation", + "example.com/gcp-oidc-federation" + ], + "issuer_uri": "https://sts.windows.net/azure-tenant-id" } ], - "description": "AWS identity pool provider for automated test", - "disabled": true, - "display_name": "Name of provider", "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", "workload_identity_pool_provider_id": "example-prvdr" } @@ -74691,11 +89223,13 @@ resources: manifest: |- { "attribute_mapping": { - "google.subject": "assertion.sub" + "attribute.aws_account": "assertion.account", + "attribute.environment": "assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"", + "google.subject": "assertion.arn" }, - "oidc": [ + "saml": [ { - "issuer_uri": "https://sts.windows.net/azure-tenant-id" + "idp_metadata_xml": "${file(\"test-fixtures/metadata.xml\")}" } ], "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", @@ -74711,22 +89245,17 @@ resources: - name: example manifest: |- { - "attribute_condition": "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups", "attribute_mapping": { - "attribute.managed_identity_name": " {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n", - "attribute.tid": "assertion.tid", - "google.subject": "\"azure::\" + assertion.tid + \"::\" + assertion.sub" + "attribute.aws_account": "assertion.account", + "attribute.environment": "assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"", + "google.subject": "assertion.arn" }, - "description": "OIDC identity pool provider for automated test", + "description": "SAML 2.0 identity pool provider for automated test", "disabled": true, "display_name": "Name of provider", - "oidc": [ + "saml": [ { - "allowed_audiences": [ - "https://example.com/gcp-oidc-federation", - "example.com/gcp-oidc-federation" - ], - "issuer_uri": "https://sts.windows.net/azure-tenant-id" + "idp_metadata_xml": "${file(\"test-fixtures/metadata.xml\")}" } ], "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", @@ -74808,7 +89337,7 @@ resources: aws: |- - (Optional) - An Amazon Web Services identity provider. Not compatible with the property oidc. + An Amazon Web Services identity provider. Not compatible with the property oidc or saml. Structure is documented below. aws.account_id: |- - @@ -74852,7 +89381,7 @@ resources: oidc: |- - (Optional) - An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. Structure is documented below. oidc.allowed_audiences: |- - @@ -74879,50 +89408,546 @@ resources: the following fields: project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - state: |- - - - The state of the provider. - update: '- Default is 20 minutes.' - workload_identity_pool_id: |- - - - (Required) - The ID used for the pool, which is the final component of the pool resource name. This - value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix - gcp- is reserved for use by Google, and may not be specified. - workload_identity_pool_provider_id: |- - - - (Required) - The ID for the provider, which becomes the final component of the resource name. This - value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix - gcp- is reserved for use by Google, and may not be specified. + If it is not provided, the provider project is used. + saml: |- + - + (Optional) + An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + Structure is documented below. + saml.idp_metadata_xml: |- + - + (Required) + SAML Identity provider configuration metadata xml doc. + state: |- + - + The state of the provider. + update: '- Default is 20 minutes.' + workload_identity_pool_id: |- + - + (Required) + The ID used for the pool, which is the final component of the pool resource name. This + value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix + gcp- is reserved for use by Google, and may not be specified. + workload_identity_pool_provider_id: |- + - + (Required) + The ID for the provider, which becomes the final component of the resource name. This + value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix + gcp- is reserved for use by Google, and may not be specified. + importStatements: [] + google_iap_app_engine_service_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy AppEngineService + name: google_iap_app_engine_service_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "app_id": "${google_app_engine_standard_app_version.version.project}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_app_engine_standard_app_version.version.project}", + "service": "${google_app_engine_standard_app_version.version.service}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + - name: policy + manifest: |- + { + "app_id": "${google_app_engine_standard_app_version.version.project}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_app_engine_standard_app_version.version.project}", + "service": "${google_app_engine_standard_app_version.version.service}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + argumentDocs: + app_id: '- (Required) Id of the App Engine application. Used to find the parent resource to bind the IAM policy to' + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_app_engine_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.' + google_iap_app_engine_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.' + google_iap_app_engine_service_iam_policy: ': Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_app_engine_service_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_iap_app_engine_service_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + service: '- (Required) Service id of the App Engine application Used to find the parent resource to bind the IAM policy to' + importStatements: [] + google_iap_app_engine_version_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy AppEngineVersion + name: google_iap_app_engine_version_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "app_id": "${google_app_engine_standard_app_version.version.project}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_app_engine_standard_app_version.version.project}", + "service": "${google_app_engine_standard_app_version.version.service}", + "version_id": "${google_app_engine_standard_app_version.version.version_id}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + - name: policy + manifest: |- + { + "app_id": "${google_app_engine_standard_app_version.version.project}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_app_engine_standard_app_version.version.project}", + "service": "${google_app_engine_standard_app_version.version.service}", + "version_id": "${google_app_engine_standard_app_version.version.version_id}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + argumentDocs: + app_id: '- (Required) Id of the App Engine application. Used to find the parent resource to bind the IAM policy to' + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_app_engine_version_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.' + google_iap_app_engine_version_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.' + google_iap_app_engine_version_iam_policy: ': Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_app_engine_version_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_iap_app_engine_version_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + service: '- (Required) Service id of the App Engine application Used to find the parent resource to bind the IAM policy to' + version_id: '- (Required) Version id of the App Engine application Used to find the parent resource to bind the IAM policy to' + importStatements: [] + google_iap_brand: + subCategory: Identity-Aware Proxy + description: OAuth brand data. + name: google_iap_brand + title: "" + examples: + - name: project_brand + manifest: |- + { + "application_title": "Cloud IAP protected Application", + "project": "${google_project_service.project_service.project}", + "support_email": "support@example.com" + } + references: + project: google_project_service.project_service.project + dependencies: + google_project.project: |- + { + "name": "my-project", + "org_id": "123456789", + "project_id": "my-project" + } + google_project_service.project_service: |- + { + "project": "${google_project.project.project_id}", + "service": "iap.googleapis.com" + } + argumentDocs: + application_title: |- + - + (Required) + Application name displayed on OAuth consent screen. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{name}}' + name: |- + - + Output only. Identifier of the brand, in the format projects/{project_number}/brands/{brand_id} + NOTE: The name can also be expressed as projects/{project_id}/brands/{brand_id}, e.g. when importing. + NOTE: The brand identification corresponds to the project number as only one + brand can be created per project. + org_internal_only: |- + - + Whether the brand is only intended for usage inside the GSuite organization only. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + support_email: |- + - + (Required) + Support email displayed on the OAuth consent screen. Can be either a + user or group email. When a user email is specified, the caller must + be the user with the associated email address. When a group email is + specified, the caller can be either a user or a service account which + is an owner of the specified group in Cloud Identity. + importStatements: [] + google_iap_client: + subCategory: Identity-Aware Proxy + description: Contains the data that describes an Identity Aware Proxy owned client. + name: google_iap_client + title: "" + examples: + - name: project_client + manifest: |- + { + "brand": "${google_iap_brand.project_brand.name}", + "display_name": "Test Client" + } + references: + brand: google_iap_brand.project_brand.name + dependencies: + google_iap_brand.project_brand: |- + { + "application_title": "Cloud IAP protected Application", + "project": "${google_project_service.project_service.project}", + "support_email": "support@example.com" + } + google_project.project: |- + { + "name": "my-project", + "org_id": "123456789", + "project_id": "my-project" + } + google_project_service.project_service: |- + { + "project": "${google_project.project.project_id}", + "service": "iap.googleapis.com" + } + argumentDocs: + brand: |- + - + (Required) + Identifier of the brand to which this client + is attached to. The format is + projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}. + client_id: |- + - + Output only. Unique identifier of the OAuth client. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + Human-friendly name given to the OAuth client. + id: '- an identifier for the resource with format {{brand}}/identityAwareProxyClients/{{client_id}}' + secret: |- + - + Output only. Client secret of the OAuth client. + Note: This property is sensitive and will not be displayed in the plan. + importStatements: [] + google_iap_tunnel_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy Tunnel + name: google_iap_tunnel_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_project_service.project_service.project}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_project_service.project_service.project + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_project_service.project_service.project}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_project_service.project_service.project + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_tunnel_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.' + google_iap_tunnel_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.' + google_iap_tunnel_iam_policy: ': Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_tunnel_iam_policy) The policy data generated by + a google_iam_policy data source. + project: '- (Required) Project ID. Used to find the parent resource to bind the IAM policy to' + role: |- + - (Required) The role that should be applied. Only one + google_iap_tunnel_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_iap_tunnel_instance_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy TunnelInstance + name: google_iap_tunnel_instance_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "instance": "${google_compute_instance.tunnelvm.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_compute_instance.tunnelvm.project}", + "zone": "${google_compute_instance.tunnelvm.zone}" + } + references: + instance: google_compute_instance.tunnelvm.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_compute_instance.tunnelvm.project + zone: google_compute_instance.tunnelvm.zone + - name: policy + manifest: |- + { + "instance": "${google_compute_instance.tunnelvm.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_compute_instance.tunnelvm.project}", + "zone": "${google_compute_instance.tunnelvm.zone}" + } + references: + instance: google_compute_instance.tunnelvm.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_compute_instance.tunnelvm.project + zone: google_compute_instance.tunnelvm.zone + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_tunnel_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.' + google_iap_tunnel_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.' + google_iap_tunnel_instance_iam_policy: ': Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.' + instance: '- (Required) Used to find the parent resource to bind the IAM policy to' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_tunnel_instance_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_iap_web_backend_service_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebBackendService + name: google_iap_web_backend_service_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_compute_backend_service.default.project}", + "web_backend_service": "${google_compute_backend_service.default.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_compute_backend_service.default.project + web_backend_service: google_compute_backend_service.default.name + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_compute_backend_service.default.project}", + "web_backend_service": "${google_compute_backend_service.default.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_compute_backend_service.default.project + web_backend_service: google_compute_backend_service.default.name + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_web_backend_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.' + google_iap_web_backend_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.' + google_iap_web_backend_service_iam_policy: ': Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_web_backend_service_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_iap_web_backend_service_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + web_backend_service: '- (Required) Used to find the parent resource to bind the IAM policy to' + importStatements: [] + google_iap_web_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy Web + name: google_iap_web_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_project_service.project_service.project}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_project_service.project_service.project + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_project_service.project_service.project}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_project_service.project_service.project + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_web_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.' + google_iap_web_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.' + google_iap_web_iam_policy: ': Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_web_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_iap_web_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_iap_web_region_backend_service_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebRegionBackendService + name: google_iap_web_region_backend_service_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_compute_region_backend_service.default.project}", + "region": "${google_compute_region_backend_service.default.region}", + "web_region_backend_service": "${google_compute_region_backend_service.default.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_compute_region_backend_service.default.project + region: google_compute_region_backend_service.default.region + web_region_backend_service: google_compute_region_backend_service.default.name + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_compute_region_backend_service.default.project}", + "region": "${google_compute_region_backend_service.default.region}", + "web_region_backend_service": "${google_compute_region_backend_service.default.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_compute_region_backend_service.default.project + region: google_compute_region_backend_service.default.region + web_region_backend_service: google_compute_region_backend_service.default.name + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_web_region_backend_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.' + google_iap_web_region_backend_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.' + google_iap_web_region_backend_service_iam_policy: ': Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_web_region_backend_service_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_iap_web_region_backend_service_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + web_region_backend_service: '- (Required) Used to find the parent resource to bind the IAM policy to' importStatements: [] - google_iap_app_engine_service_iam_policy: + google_iap_web_type_app_engine_iam_policy: subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy AppEngineService - name: google_iap_app_engine_service_iam_policy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebTypeAppEngine + name: google_iap_web_type_app_engine_iam_policy title: "" examples: - name: policy manifest: |- { - "app_id": "${google_app_engine_standard_app_version.version.project}", + "app_id": "${google_app_engine_application.app.app_id}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_app_engine_standard_app_version.version.project}", - "service": "${google_app_engine_standard_app_version.version.service}" + "project": "${google_app_engine_application.app.project}" } references: + app_id: google_app_engine_application.app.app_id policy_data: data.google_iam_policy.admin.policy_data + project: google_app_engine_application.app.project - name: policy manifest: |- { - "app_id": "${google_app_engine_standard_app_version.version.project}", + "app_id": "${google_app_engine_application.app.app_id}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_app_engine_standard_app_version.version.project}", - "service": "${google_app_engine_standard_app_version.version.service}" + "project": "${google_app_engine_application.app.project}" } references: + app_id: google_app_engine_application.app.app_id policy_data: data.google_iam_policy.admin.policy_data + project: google_app_engine_application.app.project argumentDocs: app_id: '- (Required) Id of the App Engine application. Used to find the parent resource to bind the IAM policy to' condition: |- @@ -74932,54 +89957,48 @@ resources: condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' etag: '- (Computed) The etag of the IAM policy.' - google_iap_app_engine_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.' - google_iap_app_engine_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.' - google_iap_app_engine_service_iam_policy: ': Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.' + google_iap_web_type_app_engine_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.' + google_iap_web_type_app_engine_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.' + google_iap_web_type_app_engine_iam_policy: ': Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.' member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: policy_data: |- - - (Required only by google_iap_app_engine_service_iam_policy) The policy data generated by + - (Required only by google_iap_web_type_app_engine_iam_policy) The policy data generated by a google_iam_policy data source. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. role: |- - (Required) The role that should be applied. Only one - google_iap_app_engine_service_iam_binding can be used per role. Note that custom roles must be of the format + google_iap_web_type_app_engine_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. - service: '- (Required) Service id of the App Engine application Used to find the parent resource to bind the IAM policy to' importStatements: [] - google_iap_app_engine_version_iam_policy: + google_iap_web_type_compute_iam_policy: subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy AppEngineVersion - name: google_iap_app_engine_version_iam_policy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebTypeCompute + name: google_iap_web_type_compute_iam_policy title: "" examples: - name: policy manifest: |- { - "app_id": "${google_app_engine_standard_app_version.version.project}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_app_engine_standard_app_version.version.project}", - "service": "${google_app_engine_standard_app_version.version.service}", - "version_id": "${google_app_engine_standard_app_version.version.version_id}" + "project": "${google_project_service.project_service.project}" } references: policy_data: data.google_iam_policy.admin.policy_data + project: google_project_service.project_service.project - name: policy manifest: |- { - "app_id": "${google_app_engine_standard_app_version.version.project}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_app_engine_standard_app_version.version.project}", - "service": "${google_app_engine_standard_app_version.version.service}", - "version_id": "${google_app_engine_standard_app_version.version.version_id}" + "project": "${google_project_service.project_service.project}" } references: policy_data: data.google_iam_policy.admin.policy_data + project: google_project_service.project_service.project argumentDocs: - app_id: '- (Required) Id of the App Engine application. Used to find the parent resource to bind the IAM policy to' condition: |- - (Optional) An IAM Condition for a given binding. Structure is documented below. @@ -74987,1770 +90006,3186 @@ resources: condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' etag: '- (Computed) The etag of the IAM policy.' - google_iap_app_engine_version_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.' - google_iap_app_engine_version_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.' - google_iap_app_engine_version_iam_policy: ': Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.' + google_iap_web_type_compute_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.' + google_iap_web_type_compute_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.' + google_iap_web_type_compute_iam_policy: ': Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.' member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: policy_data: |- - - (Required only by google_iap_app_engine_version_iam_policy) The policy data generated by + - (Required only by google_iap_web_type_compute_iam_policy) The policy data generated by a google_iam_policy data source. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. role: |- - (Required) The role that should be applied. Only one - google_iap_app_engine_version_iam_binding can be used per role. Note that custom roles must be of the format + google_iap_web_type_compute_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. - service: '- (Required) Service id of the App Engine application Used to find the parent resource to bind the IAM policy to' - version_id: '- (Required) Version id of the App Engine application Used to find the parent resource to bind the IAM policy to' importStatements: [] - google_iap_brand: - subCategory: Identity-Aware Proxy - description: OAuth brand data. - name: google_iap_brand + google_identity_platform_config: + subCategory: Identity Platform + description: Identity Platform configuration for a Cloud project. + name: google_identity_platform_config title: "" examples: - - name: project_brand + - name: default manifest: |- { - "application_title": "Cloud IAP protected Application", - "project": "${google_project_service.project_service.project}", - "support_email": "support@example.com" + "authorized_domains": [ + "localhost", + "my-project.firebaseapp.com", + "my-project.web.app" + ], + "autodelete_anonymous_users": true, + "blocking_functions": [ + { + "forward_inbound_credentials": [ + { + "access_token": true, + "id_token": true, + "refresh_token": true + } + ], + "triggers": [ + { + "event_type": "beforeSignIn", + "function_uri": "https://us-east1-my-project.cloudfunctions.net/before-sign-in" + } + ] + } + ], + "project": "${google_project.default.project_id}", + "quota": [ + { + "sign_up_quota_config": [ + { + "quota": 1000, + "quota_duration": "7200s", + "start_time": "" + } + ] + } + ], + "sign_in": [ + { + "allow_duplicate_emails": true, + "anonymous": [ + { + "enabled": true + } + ], + "email": [ + { + "enabled": true, + "password_required": false + } + ], + "phone_number": [ + { + "enabled": true, + "test_phone_numbers": { + "+11231231234": "000000" + } + } + ] + } + ], + "sms_region_config": [ + { + "allowlist_only": [ + { + "allowed_regions": [ + "US", + "CA" + ] + } + ] + } + ] } references: - project: google_project_service.project_service.project + project: google_project.default.project_id dependencies: - google_project.project: |- + google_project.default: |- { + "billing_account": "000000-0000000-0000000-000000", + "labels": { + "firebase": "enabled" + }, "name": "my-project", "org_id": "123456789", "project_id": "my-project" } - google_project_service.project_service: |- + google_project_service.identitytoolkit: |- { - "project": "${google_project.project.project_id}", - "service": "iap.googleapis.com" + "project": "${google_project.default.project_id}", + "service": "identitytoolkit.googleapis.com" } argumentDocs: - application_title: |- + allow_by_default.disallowed_regions: |- + - + (Optional) + Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + allowlist_only.allowed_regions: |- + - + (Optional) + Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + anonymous.enabled: |- + - + (Required) + Whether anonymous user auth is enabled for the project or not. + authorized_domains: |- + - + (Optional) + List of domains authorized for OAuth redirects. + autodelete_anonymous_users: |- + - + (Optional) + Whether anonymous users will be auto-deleted after a period of 30 days + blocking_functions: |- + - + (Optional) + Configuration related to blocking functions. + Structure is documented below. + blocking_functions.forward_inbound_credentials: |- + - + (Optional) + The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + Structure is documented below. + blocking_functions.triggers: |- + - + (Required) + Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + Structure is documented below. + client: |- + - + (Optional) + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + client.api_key: |- + - + (Output) + API key that can be used when making requests for this project. + Note: This property is sensitive and will not be displayed in the plan. + client.firebase_subdomain: |- + - + (Output) + Firebase subdomain. + client.permissions: |- + - + (Optional) + Configuration related to restricting a user's ability to affect their account. + Structure is documented below. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + email.enabled: |- + - + (Required) + Whether email auth is enabled for the project or not. + email.password_required: |- + - + (Optional) + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + forward_inbound_credentials.access_token: |- + - + (Optional) + Whether to pass the user's OAuth identity provider's access token. + forward_inbound_credentials.id_token: |- + - + (Optional) + Whether to pass the user's OIDC identity provider's ID token. + forward_inbound_credentials.refresh_token: |- + - + (Optional) + Whether to pass the user's OAuth identity provider's refresh token. + hash_config.algorithm: |- + - + (Output) + Different password hash algorithms used in Identity Toolkit. + hash_config.memory_cost: |- + - + (Output) + Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. + hash_config.rounds: |- + - + (Output) + How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. + hash_config.salt_separator: |- + - + (Output) + Non-printable character to be inserted between the salt and plain text password in base64. + hash_config.signer_key: |- + - + (Output) + Signer key in base64. + id: '- an identifier for the resource with format projects/{{project}}/config' + mfa: |- + - + (Optional) + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + mfa.enabled_providers: |- + - + (Optional) + A list of usable second factors for this project. + Each value may be one of: PHONE_SMS. + mfa.provider_configs: |- + - + (Optional) + A list of usable second factors for this project along with their configurations. + This field does not support phone based MFA, for that use the 'enabledProviders' field. + Structure is documented below. + mfa.state: |- + - + (Optional) + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + monitoring: |- + - + (Optional) + Configuration related to monitoring project activity. + Structure is documented below. + monitoring.request_logging: |- + - + (Optional) + Configuration for logging requests made to this project to Stackdriver Logging + Structure is documented below. + monitoring.request_logging.enabled: |- + - + (Optional) + Whether logging is enabled for this project or not. + multi_tenant: |- + - + (Optional) + Configuration related to multi-tenant functionality. + Structure is documented below. + multi_tenant.allow_tenants: |- + - + (Optional) + Whether this project can have tenants or not. + multi_tenant.default_tenant_location: |- + - + (Optional) + The default cloud parent org or folder that the tenant project should be created under. + The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + If the value is not set, the tenant will be created under the same organization or folder as the agent project. + name: |- + - + The name of the Config resource + permissions.disabled_user_deletion: |- + - + (Optional) + When true, end users cannot delete their account on the associated project through any of our API methods + permissions.disabled_user_signup: |- + - + (Optional) + When true, end users cannot sign up for a new account on the associated project through any of our API methods + phone_number.enabled: |- + - + (Required) + Whether phone number auth is enabled for the project or not. + phone_number.test_phone_numbers: |- + - + (Optional) + A map of that can be used for phone auth testing. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + provider_configs.state: |- + - + (Optional) + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + provider_configs.totp_provider_config: |- + - + (Optional) + TOTP MFA provider config for this project. + Structure is documented below. + quota: |- + - + (Optional) + Configuration related to quotas. + Structure is documented below. + quota.sign_up_quota_config: |- + - + (Optional) + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + Structure is documented below. + quota.sign_up_quota_config.quota: |- + - + (Optional) + A sign up APIs quota that customers can override temporarily. + quota.sign_up_quota_config.quota_duration: |- + - + (Optional) + How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". + quota.sign_up_quota_config.start_time: |- + - + (Optional) + When this quota will take affect. + sign_in: |- + - + (Optional) + Configuration related to local sign in methods. + Structure is documented below. + sign_in.allow_duplicate_emails: |- + - + (Optional) + Whether to allow more than one account to have the same email. + sign_in.anonymous: |- + - + (Optional) + Configuration options related to authenticating an anonymous user. + Structure is documented below. + sign_in.email: |- + - + (Optional) + Configuration options related to authenticating a user by their email address. + Structure is documented below. + sign_in.hash_config: |- + - + (Output) + Output only. Hash config information. + Structure is documented below. + sign_in.phone_number: |- + - + (Optional) + Configuration options related to authenticated a user by their phone number. + Structure is documented below. + sms_region_config: |- + - + (Optional) + Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + Structure is documented below. + sms_region_config.allow_by_default: |- + - + (Optional) + A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + Structure is documented below. + sms_region_config.allowlist_only: |- + - + (Optional) + A policy of only allowing regions by explicitly adding them to an allowlist. + Structure is documented below. + totp_provider_config.adjacent_intervals: |- + - + (Optional) + The allowed number of adjacent intervals that will be used for verification to avoid clock skew. + triggers.event_type: '- (Required) The identifier for this object. Format specified above.' + triggers.function_uri: |- + - + (Required) + HTTP URI trigger for the Cloud Function. + triggers.update_time: |- + - + (Output) + When the trigger was changed. + update: '- Default is 20 minutes.' + importStatements: [] + google_identity_platform_default_supported_idp_config: + subCategory: Identity Platform + description: Configurations options for authenticating with a the standard set of Identity Toolkit-trusted IDPs. + name: google_identity_platform_default_supported_idp_config + title: "" + examples: + - name: idp_config + manifest: |- + { + "client_id": "client-id", + "client_secret": "secret", + "enabled": true, + "idp_id": "playgames.google.com" + } + argumentDocs: + client_id: |- + - + (Required) + OAuth client ID + client_secret: |- + - + (Required) + OAuth client secret + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + enabled: |- + - + (Optional) + If this IDP allows the user to sign in + id: '- an identifier for the resource with format projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}}' + idp_id: |- + - + (Required) + ID of the IDP. Possible values include: + name: |- + - + The name of the DefaultSupportedIdpConfig resource + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + importStatements: [] + google_identity_platform_inbound_saml_config: + subCategory: Identity Platform + description: Inbound SAML configuration for a Identity Toolkit project. + name: google_identity_platform_inbound_saml_config + title: "" + examples: + - name: saml_config + manifest: |- + { + "display_name": "Display Name", + "idp_config": [ + { + "idp_certificates": [ + { + "x509_certificate": "${file(\"test-fixtures/rsa_cert.pem\")}" + } + ], + "idp_entity_id": "tf-idp", + "sign_request": true, + "sso_url": "https://example.com" + } + ], + "name": "saml.tf-config", + "sp_config": [ + { + "callback_uri": "https://example.com", + "sp_entity_id": "tf-sp" + } + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + Human friendly display name. + id: '- an identifier for the resource with format projects/{{project}}/inboundSamlConfigs/{{name}}' + idp_certificates.x509_certificate: |- + - + (Optional) + The IdP's x509 certificate. + idp_config: |- + - + (Required) + SAML IdP configuration when the project acts as the relying party + Structure is documented below. + idp_config.idp_certificates: |- + - + (Required) + The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + Structure is documented below. + idp_config.idp_entity_id: |- + - + (Required) + Unique identifier for all SAML entities + idp_config.sign_request: |- + - + (Optional) + Indicates if outbounding SAMLRequest should be signed. + idp_config.sso_url: |- - (Required) - Application name displayed on OAuth consent screen. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format {{name}}' + URL to send Authentication request to. name: |- - - Output only. Identifier of the brand, in the format projects/{project_number}/brands/{brand_id} - NOTE: The name can also be expressed as projects/{project_id}/brands/{brand_id}, e.g. when importing. - NOTE: The brand identification corresponds to the project number as only one - brand can be created per project. - org_internal_only: |- + (Required) + The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, + hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an + alphanumeric character, and have at least 2 characters. + sp_certificates.enabled: |- - - Whether the brand is only intended for usage inside the GSuite organization only. - project: |- + (Optional) + If this config allows users to sign in with the provider. + sp_certificates.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - support_email: |- + sp_certificates.x509_certificate: |- + - + (Output) + The x509 certificate + sp_config: |- - (Required) - Support email displayed on the OAuth consent screen. Can be either a - user or group email. When a user email is specified, the caller must - be the user with the associated email address. When a group email is - specified, the caller can be either a user or a service account which - is an owner of the specified group in Cloud Identity. + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + Structure is documented below. + sp_config.callback_uri: |- + - + (Optional) + Callback URI where responses from IDP are handled. Must start with https://. + sp_config.sp_certificates: |- + - + (Output) + The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + Structure is documented below. + sp_config.sp_entity_id: |- + - + (Optional) + Unique identifier for all SAML entities. + update: '- Default is 20 minutes.' importStatements: [] - google_iap_client: - subCategory: Identity-Aware Proxy - description: Contains the data that describes an Identity Aware Proxy owned client. - name: google_iap_client + google_identity_platform_oauth_idp_config: + subCategory: Identity Platform + description: OIDC IdP configuration for a Identity Toolkit project. + name: google_identity_platform_oauth_idp_config title: "" examples: - - name: project_client + - name: oauth_idp_config manifest: |- { - "brand": "${google_iap_brand.project_brand.name}", - "display_name": "Test Client" + "client_id": "client-id", + "client_secret": "secret", + "display_name": "Display Name", + "enabled": true, + "issuer": "issuer", + "name": "oidc.oauth-idp-config" } - references: - brand: google_iap_brand.project_brand.name - dependencies: - google_iap_brand.project_brand: |- - { - "application_title": "Cloud IAP protected Application", - "project": "${google_project_service.project_service.project}", - "support_email": "support@example.com" - } - google_project.project: |- - { - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project" - } - google_project_service.project_service: |- - { - "project": "${google_project.project.project_id}", - "service": "iap.googleapis.com" - } argumentDocs: - brand: |- + client_id: |- - (Required) - Identifier of the brand to which this client - is attached to. The format is - projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}. - client_id: |- + The client id of an OAuth client. + client_secret: |- - - Output only. Unique identifier of the OAuth client. + (Optional) + The client secret of the OAuth client, to enable OIDC code flow. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' display_name: |- + - + (Optional) + Human friendly display name. + enabled: |- + - + (Optional) + If this config allows users to sign in with the provider. + id: '- an identifier for the resource with format projects/{{project}}/oauthIdpConfigs/{{name}}' + issuer: |- - (Required) - Human-friendly name given to the OAuth client. - id: '- an identifier for the resource with format {{brand}}/identityAwareProxyClients/{{client_id}}' - secret: |- + For OIDC Idps, the issuer identifier. + name: |- - - Output only. Client secret of the OAuth client. - Note: This property is sensitive and will not be displayed in the plan. - importStatements: [] - google_iap_tunnel_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy Tunnel - name: google_iap_tunnel_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_project_service.project_service.project}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_project_service.project_service.project - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_project_service.project_service.project}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_project_service.project_service.project - argumentDocs: - condition: |- - - (Optional) An IAM Condition for a given binding. - Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_tunnel_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.' - google_iap_tunnel_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.' - google_iap_tunnel_iam_policy: ': Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_tunnel_iam_policy) The policy data generated by - a google_iam_policy data source. - project: '- (Required) Project ID. Used to find the parent resource to bind the IAM policy to' - role: |- - - (Required) The role that should be applied. Only one - google_iap_tunnel_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + (Required) + The name of the OauthIdpConfig. Must start with oidc.. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' importStatements: [] - google_iap_tunnel_instance_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy TunnelInstance - name: google_iap_tunnel_instance_iam_policy + google_identity_platform_project_default_config: + subCategory: Identity Platform + description: There is no persistent data associated with this resource. + name: google_identity_platform_project_default_config title: "" examples: - - name: policy - manifest: |- - { - "instance": "${google_compute_instance.tunnelvm.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_compute_instance.tunnelvm.project}", - "zone": "${google_compute_instance.tunnelvm.zone}" - } - references: - instance: google_compute_instance.tunnelvm.name - policy_data: data.google_iam_policy.admin.policy_data - project: google_compute_instance.tunnelvm.project - zone: google_compute_instance.tunnelvm.zone - - name: policy + - name: default manifest: |- { - "instance": "${google_compute_instance.tunnelvm.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_compute_instance.tunnelvm.project}", - "zone": "${google_compute_instance.tunnelvm.zone}" + "sign_in": [ + { + "allow_duplicate_emails": true, + "anonymous": [ + { + "enabled": true + } + ], + "email": [ + { + "enabled": true, + "password_required": false + } + ], + "phone_number": [ + { + "enabled": true, + "test_phone_numbers": { + "+11231231234": "000000" + } + } + ] + } + ] } - references: - instance: google_compute_instance.tunnelvm.name - policy_data: data.google_iam_policy.admin.policy_data - project: google_compute_instance.tunnelvm.project - zone: google_compute_instance.tunnelvm.zone argumentDocs: - condition: |- - - (Optional) An IAM Condition for a given binding. - Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_tunnel_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.' - google_iap_tunnel_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.' - google_iap_tunnel_instance_iam_policy: ': Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.' - instance: '- (Required) Used to find the parent resource to bind the IAM policy to' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_tunnel_instance_iam_policy) The policy data generated by - a google_iam_policy data source. + anonymous.enabled: |- + - + (Required) + Whether anonymous user auth is enabled for the project or not. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + email.enabled: |- + - + (Optional) + Whether email auth is enabled for the project or not. + email.password_required: |- + - + (Optional) + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + hash_config.algorithm: |- + - + (Output) + Different password hash algorithms used in Identity Toolkit. + hash_config.memory_cost: |- + - + (Output) + Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. + hash_config.rounds: |- + - + (Output) + How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. + hash_config.salt_separator: |- + - + (Output) + Non-printable character to be inserted between the salt and plain text password in base64. + hash_config.signer_key: |- + - + (Output) + Signer key in base64. + id: '- an identifier for the resource with format {{project}}' + name: |- + - + The name of the Config resource. Example: "projects/my-awesome-project/config" + phone_number.enabled: |- + - + (Optional) + Whether phone number auth is enabled for the project or not. + phone_number.test_phone_numbers: |- + - + (Optional) + A map of that can be used for phone auth testing. project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + If it is not provided, the provider project is used. + sign_in: |- + - + (Optional) + Configuration related to local sign in methods. + Structure is documented below. + sign_in.allow_duplicate_emails: |- + - + (Optional) + Whether to allow more than one account to have the same email. + sign_in.anonymous: |- + - + (Optional) + Configuration options related to authenticating an anonymous user. + Structure is documented below. + sign_in.email: |- + - + (Optional) + Configuration options related to authenticating a user by their email address. + Structure is documented below. + sign_in.hash_config: |- + - + (Output) + Output only. Hash config information. + Structure is documented below. + sign_in.phone_number: |- + - + (Optional) + Configuration options related to authenticated a user by their phone number. + Structure is documented below. + update: '- Default is 20 minutes.' importStatements: [] - google_iap_web_backend_service_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebBackendService - name: google_iap_web_backend_service_iam_policy + google_identity_platform_tenant: + subCategory: Identity Platform + description: Tenant configuration in a multi-tenant project. + name: google_identity_platform_tenant title: "" examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_compute_backend_service.default.project}", - "web_backend_service": "${google_compute_backend_service.default.name}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_compute_backend_service.default.project - web_backend_service: google_compute_backend_service.default.name - - name: policy + - name: tenant manifest: |- { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_compute_backend_service.default.project}", - "web_backend_service": "${google_compute_backend_service.default.name}" + "allow_password_signup": true, + "display_name": "tenant" } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_compute_backend_service.default.project - web_backend_service: google_compute_backend_service.default.name argumentDocs: - condition: |- - - (Optional) An IAM Condition for a given binding. - Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_web_backend_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.' - google_iap_web_backend_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.' - google_iap_web_backend_service_iam_policy: ': Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_web_backend_service_iam_policy) The policy data generated by - a google_iam_policy data source. + allow_password_signup: |- + - + (Optional) + Whether to allow email/password user authentication. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + disable_auth: |- + - + (Optional) + Whether authentication is disabled for the tenant. If true, the users under + the disabled tenant are not allowed to sign-in. Admins of the disabled tenant + are not able to manage its users. + display_name: |- + - + (Required) + Human friendly display name of the tenant. + enable_email_link_signin: |- + - + (Optional) + Whether to enable email link user authentication. + id: '- an identifier for the resource with format projects/{{project}}/tenants/{{name}}' + name: |- + - + The name of the tenant that is generated by the server project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_iap_web_backend_service_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - web_backend_service: '- (Required) Used to find the parent resource to bind the IAM policy to' + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' importStatements: [] - google_iap_web_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy Web - name: google_iap_web_iam_policy + google_identity_platform_tenant_default_supported_idp_config: + subCategory: Identity Platform + description: Configurations options for the tenant for authenticating with a the standard set of Identity Toolkit-trusted IDPs. + name: google_identity_platform_tenant_default_supported_idp_config title: "" examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_project_service.project_service.project}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_project_service.project_service.project - - name: policy + - name: idp_config manifest: |- { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_project_service.project_service.project}" + "client_id": "my-client-id", + "client_secret": "secret", + "enabled": true, + "idp_id": "playgames.google.com", + "tenant": "${google_identity_platform_tenant.tenant.name}" } references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_project_service.project_service.project + tenant: google_identity_platform_tenant.tenant.name + dependencies: + google_identity_platform_tenant.tenant: |- + { + "display_name": "tenant" + } argumentDocs: - condition: |- - - (Optional) An IAM Condition for a given binding. - Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_web_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.' - google_iap_web_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.' - google_iap_web_iam_policy: ': Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_web_iam_policy) The policy data generated by - a google_iam_policy data source. + client_id: |- + - + (Required) + OAuth client ID + client_secret: |- + - + (Required) + OAuth client secret + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + enabled: |- + - + (Optional) + If this IDP allows the user to sign in + id: '- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs/{{idp_id}}' + idp_id: |- + - + (Required) + ID of the IDP. Possible values include: + name: |- + - + The name of the default supported IDP config resource project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_iap_web_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + If it is not provided, the provider project is used. + tenant: |- + - + (Required) + The name of the tenant where this DefaultSupportedIdpConfig resource exists + update: '- Default is 20 minutes.' importStatements: [] - google_iap_web_region_backend_service_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebRegionBackendService - name: google_iap_web_region_backend_service_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_compute_region_backend_service.default.project}", - "region": "${google_compute_region_backend_service.default.region}", - "web_region_backend_service": "${google_compute_region_backend_service.default.name}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_compute_region_backend_service.default.project - region: google_compute_region_backend_service.default.region - web_region_backend_service: google_compute_region_backend_service.default.name - - name: policy + google_identity_platform_tenant_inbound_saml_config: + subCategory: Identity Platform + description: Inbound SAML configuration for a Identity Toolkit tenant. + name: google_identity_platform_tenant_inbound_saml_config + title: "" + examples: + - name: tenant_saml_config manifest: |- { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_compute_region_backend_service.default.project}", - "region": "${google_compute_region_backend_service.default.region}", - "web_region_backend_service": "${google_compute_region_backend_service.default.name}" + "display_name": "Display Name", + "idp_config": [ + { + "idp_certificates": [ + { + "x509_certificate": "${file(\"test-fixtures/rsa_cert.pem\")}" + } + ], + "idp_entity_id": "tf-idp", + "sign_request": true, + "sso_url": "https://example.com" + } + ], + "name": "saml.tf-config", + "sp_config": [ + { + "callback_uri": "https://example.com", + "sp_entity_id": "tf-sp" + } + ], + "tenant": "${google_identity_platform_tenant.tenant.name}" } references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_compute_region_backend_service.default.project - region: google_compute_region_backend_service.default.region - web_region_backend_service: google_compute_region_backend_service.default.name + tenant: google_identity_platform_tenant.tenant.name + dependencies: + google_identity_platform_tenant.tenant: |- + { + "display_name": "tenant" + } argumentDocs: - condition: |- - - (Optional) An IAM Condition for a given binding. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + Human friendly display name. + id: '- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}' + idp_certificates.x509_certificate: |- + - + (Optional) + The x509 certificate + idp_config: |- + - + (Required) + SAML IdP configuration when the project acts as the relying party Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_web_region_backend_service_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.' - google_iap_web_region_backend_service_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.' - google_iap_web_region_backend_service_iam_policy: ': Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_web_region_backend_service_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- + idp_config.idp_certificates: |- + - + (Required) + The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + Structure is documented below. + idp_config.idp_entity_id: |- + - + (Required) + Unique identifier for all SAML entities + idp_config.sign_request: |- + - + (Optional) + Indicates if outbounding SAMLRequest should be signed. + idp_config.sso_url: |- + - + (Required) + URL to send Authentication request to. + name: |- + - + (Required) + The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, + hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an + alphanumeric character, and have at least 2 characters. + sp_certificates.enabled: |- + - + (Optional) + If this config allows users to sign in with the provider. + sp_certificates.project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_iap_web_region_backend_service_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - web_region_backend_service: '- (Required) Used to find the parent resource to bind the IAM policy to' + If it is not provided, the provider project is used. + sp_certificates.x509_certificate: |- + - + (Output) + The x509 certificate + sp_config: |- + - + (Required) + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + Structure is documented below. + sp_config.callback_uri: |- + - + (Required) + Callback URI where responses from IDP are handled. Must start with https://. + sp_config.sp_certificates: |- + - + (Output) + The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + Structure is documented below. + sp_config.sp_entity_id: |- + - + (Required) + Unique identifier for all SAML entities. + tenant: |- + - + (Required) + The name of the tenant where this inbound SAML config resource exists + update: '- Default is 20 minutes.' importStatements: [] - google_iap_web_type_app_engine_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebTypeAppEngine - name: google_iap_web_type_app_engine_iam_policy + google_identity_platform_tenant_oauth_idp_config: + subCategory: Identity Platform + description: OIDC IdP configuration for a Identity Toolkit project within a tenant. + name: google_identity_platform_tenant_oauth_idp_config title: "" examples: - - name: policy - manifest: |- - { - "app_id": "${google_app_engine_application.app.app_id}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_app_engine_application.app.project}" - } - references: - app_id: google_app_engine_application.app.app_id - policy_data: data.google_iam_policy.admin.policy_data - project: google_app_engine_application.app.project - - name: policy + - name: tenant_oauth_idp_config manifest: |- { - "app_id": "${google_app_engine_application.app.app_id}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_app_engine_application.app.project}" + "client_id": "client-id", + "client_secret": "secret", + "display_name": "Display Name", + "enabled": true, + "issuer": "issuer", + "name": "oidc.oauth-idp-config", + "tenant": "${google_identity_platform_tenant.tenant.name}" } references: - app_id: google_app_engine_application.app.app_id - policy_data: data.google_iam_policy.admin.policy_data - project: google_app_engine_application.app.project + tenant: google_identity_platform_tenant.tenant.name + dependencies: + google_identity_platform_tenant.tenant: |- + { + "display_name": "tenant" + } argumentDocs: - app_id: '- (Required) Id of the App Engine application. Used to find the parent resource to bind the IAM policy to' - condition: |- - - (Optional) An IAM Condition for a given binding. - Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_web_type_app_engine_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.' - google_iap_web_type_app_engine_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.' - google_iap_web_type_app_engine_iam_policy: ': Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_web_type_app_engine_iam_policy) The policy data generated by - a google_iam_policy data source. + client_id: |- + - + (Required) + The client id of an OAuth client. + client_secret: |- + - + (Optional) + The client secret of the OAuth client, to enable OIDC code flow. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + Human friendly display name. + enabled: |- + - + (Optional) + If this config allows users to sign in with the provider. + id: '- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs/{{name}}' + issuer: |- + - + (Required) + For OIDC Idps, the issuer identifier. + name: |- + - + (Required) + The name of the OauthIdpConfig. Must start with oidc.. project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_iap_web_type_app_engine_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + If it is not provided, the provider project is used. + tenant: |- + - + (Required) + The name of the tenant where this OIDC IDP configuration resource exists + update: '- Default is 20 minutes.' importStatements: [] - google_iap_web_type_compute_iam_policy: - subCategory: Identity-Aware Proxy - description: Collection of resources to manage IAM policy for Identity-Aware Proxy WebTypeCompute - name: google_iap_web_type_compute_iam_policy + google_integration_connectors_connection: + subCategory: Integration Connectors + description: An Integration connectors Connection. + name: google_integration_connectors_connection title: "" examples: - - name: policy + - name: pubsubconnection manifest: |- { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_project_service.project_service.project}" + "config_variable": [ + { + "key": "project_id", + "string_value": "connectors-example" + }, + { + "key": "topic_id", + "string_value": "test" + } + ], + "connector_version": "projects/${data.google_project.test_project.project_id}/locations/global/providers/gcp/connectors/pubsub/versions/1", + "description": "tf created description", + "location": "us-central1", + "name": "test-pubsub" } - references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_project_service.project_service.project - - name: policy + - name: zendeskconnection manifest: |- { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_project_service.project_service.project}" + "auth_config": [ + { + "additional_variable": [ + { + "key": "sample_string", + "string_value": "sampleString" + }, + { + "boolean_value": false, + "key": "sample_boolean" + }, + { + "integer_value": 1, + "key": "sample_integer" + }, + { + "key": "sample_secret_value", + "secret_value": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ] + }, + { + "encryption_key_value": [ + { + "kms_key_name": "sampleKMSKkey", + "type": "GOOGLE_MANAGED" + } + ], + "key": "sample_encryption_key_value" + } + ], + "auth_key": "sampleAuthKey", + "auth_type": "USER_PASSWORD", + "user_password": [ + { + "password": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ], + "username": "user@xyz.com" + } + ] + } + ], + "config_variable": [ + { + "boolean_value": false, + "key": "proxy_enabled" + }, + { + "integer_value": 1, + "key": "sample_integer_value" + }, + { + "encryption_key_value": [ + { + "kms_key_name": "sampleKMSKkey", + "type": "GOOGLE_MANAGED" + } + ], + "key": "sample_encryption_key_value" + }, + { + "key": "sample_secret_value", + "secret_value": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ] + } + ], + "connector_version": "projects/${data.google_project.test_project.project_id}/locations/global/providers/zendesk/connectors/zendesk/versions/1", + "description": "tf updated description", + "destination_config": [ + { + "destination": [ + { + "host": "https://test.zendesk.com", + "port": 80 + } + ], + "key": "url" + } + ], + "eventing_config": [ + { + "additional_variable": [ + { + "key": "sample_string", + "string_value": "sampleString" + }, + { + "boolean_value": false, + "key": "sample_boolean" + }, + { + "integer_value": 1, + "key": "sample_integer" + }, + { + "key": "sample_secret_value", + "secret_value": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ] + }, + { + "encryption_key_value": [ + { + "kms_key_name": "sampleKMSKkey", + "type": "GOOGLE_MANAGED" + } + ], + "key": "sample_encryption_key_value" + } + ], + "auth_config": [ + { + "additional_variable": [ + { + "key": "sample_string", + "string_value": "sampleString" + }, + { + "boolean_value": false, + "key": "sample_boolean" + }, + { + "integer_value": 1, + "key": "sample_integer" + }, + { + "key": "sample_secret_value", + "secret_value": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ] + }, + { + "encryption_key_value": [ + { + "kms_key_name": "sampleKMSKkey", + "type": "GOOGLE_MANAGED" + } + ], + "key": "sample_encryption_key_value" + } + ], + "auth_key": "sampleAuthKey", + "auth_type": "USER_PASSWORD", + "user_password": [ + { + "password": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ], + "username": "user@xyz.com" + } + ] + } + ], + "enrichment_enabled": true, + "registration_destination_config": [ + { + "destination": [ + { + "host": "https://test.zendesk.com", + "port": 80 + } + ], + "key": "registration_destination_config" + } + ] + } + ], + "eventing_enablement_type": "EVENTING_AND_CONNECTION", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "lock_config": [ + { + "locked": false, + "reason": "Its not locked" + } + ], + "log_config": [ + { + "enabled": true + } + ], + "name": "test-zendesk", + "node_config": [ + { + "max_node_count": 50, + "min_node_count": 2 + } + ], + "service_account": "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com", + "ssl_config": [ + { + "additional_variable": [ + { + "key": "sample_string", + "string_value": "sampleString" + }, + { + "boolean_value": false, + "key": "sample_boolean" + }, + { + "integer_value": 1, + "key": "sample_integer" + }, + { + "key": "sample_secret_value", + "secret_value": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ] + }, + { + "encryption_key_value": [ + { + "kms_key_name": "sampleKMSKkey", + "type": "GOOGLE_MANAGED" + } + ], + "key": "sample_encryption_key_value" + } + ], + "client_cert_type": "PEM", + "client_certificate": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ], + "client_private_key": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ], + "client_private_key_pass": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ], + "private_server_certificate": [ + { + "secret_version": "${google_secret_manager_secret_version.secret-version-basic.name}" + } + ], + "server_cert_type": "PEM", + "trust_model": "PRIVATE", + "type": "TLS", + "use_ssl": true + } + ], + "suspended": false } references: - policy_data: data.google_iam_policy.admin.policy_data - project: google_project_service.project_service.project + auth_config.additional_variable.secret_value.secret_version: google_secret_manager_secret_version.secret-version-basic.name + auth_config.user_password.password.secret_version: google_secret_manager_secret_version.secret-version-basic.name + config_variable.secret_value.secret_version: google_secret_manager_secret_version.secret-version-basic.name + eventing_config.additional_variable.secret_value.secret_version: google_secret_manager_secret_version.secret-version-basic.name + eventing_config.auth_config.additional_variable.secret_value.secret_version: google_secret_manager_secret_version.secret-version-basic.name + eventing_config.auth_config.user_password.password.secret_version: google_secret_manager_secret_version.secret-version-basic.name + ssl_config.additional_variable.secret_value.secret_version: google_secret_manager_secret_version.secret-version-basic.name + ssl_config.client_certificate.secret_version: google_secret_manager_secret_version.secret-version-basic.name + ssl_config.client_private_key.secret_version: google_secret_manager_secret_version.secret-version-basic.name + ssl_config.client_private_key_pass.secret_version: google_secret_manager_secret_version.secret-version-basic.name + ssl_config.private_server_certificate.secret_version: google_secret_manager_secret_version.secret-version-basic.name + dependencies: + google_secret_manager_secret.secret-basic: |- + { + "replication": [ + { + "user_managed": [ + { + "replicas": [ + { + "location": "us-central1" + } + ] + } + ] + } + ], + "secret_id": "test-secret" + } + google_secret_manager_secret_iam_member.secret_iam: |- + { + "depends_on": [ + "${google_secret_manager_secret_version.secret-version-basic}" + ], + "member": "serviceAccount:${data.google_project.test_project.number}-compute@developer.gserviceaccount.com", + "role": "roles/secretmanager.admin", + "secret_id": "${google_secret_manager_secret.secret-basic.id}" + } + google_secret_manager_secret_version.secret-version-basic: |- + { + "secret": "${google_secret_manager_secret.secret-basic.id}", + "secret_data": "dummypassword" + } argumentDocs: - condition: |- - - (Optional) An IAM Condition for a given binding. + additional_variable.boolean_value: |- + - + (Optional) + Boolean Value of configVariable. + additional_variable.encryption_key_value: |- + - + (Optional) + Encription key value of configVariable. + Structure is documented below. + additional_variable.integer_value: |- + - + (Optional) + Integer Value of configVariable. + additional_variable.key: |- + - + (Required) + Key for the configVariable + additional_variable.secret_value: |- + - + (Optional) + Secret value of configVariable. + Structure is documented below. + additional_variable.string_value: |- + - + (Optional) + String Value of configVariabley. + auth_config: |- + - + (Optional) + authConfig for the connection. + Structure is documented below. + auth_config.additional_variable: |- + - + (Optional) + List containing additional auth configs. + Structure is documented below. + auth_config.auth_key: |- + - + (Optional) + The type of authentication configured. + auth_config.auth_type: |- + - + (Required) + authType of the Connection + Possible values are: USER_PASSWORD, OAUTH2_JWT_BEARER, OAUTH2_CLIENT_CREDENTIALS, SSH_PUBLIC_KEY, OAUTH2_AUTH_CODE_FLOW. + auth_config.oauth2_auth_code_flow: |- + - + (Optional) + Parameters to support Oauth 2.0 Auth Code Grant Authentication. + Structure is documented below. + auth_config.oauth2_client_credentials: |- + - + (Optional) + OAuth3 Client Credentials for Authentication. + Structure is documented below. + auth_config.oauth2_jwt_bearer: |- + - + (Optional) + OAuth2 JWT Bearer for Authentication. + Structure is documented below. + auth_config.ssh_public_key: |- + - + (Optional) + SSH Public Key for Authentication. + Structure is documented below. + auth_config.user_password: |- + - + (Optional) + User password for Authentication. + Structure is documented below. + client_certificate.secret_version: |- + - + (Required) + Secret version of Secret Value for Config variable. + client_key.secret_version: |- + - + (Required) + The resource name of the secret version in the format, + format as: projects//secrets//versions/*. + client_private_key.secret_version: |- + - + (Required) + Secret version of Secret Value for Config variable. + client_private_key_pass.secret_version: |- + - + (Required) + Secret version of Secret Value for Config variable. + client_secret.secret_version: |- + - + (Required) + The resource name of the secret version in the format, + format as: projects//secrets//versions/*. + config_variable: |- + - + (Optional) + Config Variables for the connection. + Structure is documented below. + config_variable.boolean_value: |- + - + (Optional) + Boolean Value of configVariable + config_variable.encryption_key_value: |- + - + (Optional) + Encription key value of configVariable. + Structure is documented below. + config_variable.integer_value: |- + - + (Optional) + Integer Value of configVariable + config_variable.key: |- + - + (Required) + Key for the configVariable + config_variable.secret_value: |- + - + (Optional) + Secret value of configVariable. + Structure is documented below. + config_variable.string_value: |- + - + (Optional) + String Value of configVariabley + connection_revision: |- + - + Connection revision. This field is only updated when the connection is created or updated by User. + connector_version: |- + - + (Required) + connectorVersion of the Connector. + connector_version_infra_config: |- + - + This configuration provides infra configs like rate limit threshold which need to be configurable for every connector version. + Structure is documented below. + connector_version_infra_config.ratelimit_threshold: |- + - + (Output) + Max QPS supported by the connector version before throttling of requests. + connector_version_launch_stage: |- + - + Flag to mark the version indicating the launch stage. + create: '- Default is 30 minutes.' + create_time: |- + - + Time the Namespace was created in UTC. + delete: '- Default is 30 minutes.' + description: |- + - + (Optional) + An arbitrary description for the Conection. + destination.host: |- + - + (Optional) + For publicly routable host. + destination.port: |- + - + (Optional) + The port is the target port number that is accepted by the destination. + destination.service_attachment: |- + - + (Optional) + PSC service attachments. Format: projects//regions//serviceAttachments/* + destination_config: |- + - + (Optional) + Define the Connectors target endpoint. Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the IAM policy.' - google_iap_web_type_compute_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.' - google_iap_web_type_compute_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.' - google_iap_web_type_compute_iam_policy: ': Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_iap_web_type_compute_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_iap_web_type_compute_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_identity_platform_config: - subCategory: Identity Platform - description: Identity Platform configuration for a Cloud project. - name: google_identity_platform_config - title: "" - examples: - - name: default - manifest: |- - { - "authorized_domains": [ - "localhost", - "my-project.firebaseapp.com", - "my-project.web.app" - ], - "autodelete_anonymous_users": true, - "blocking_functions": [ - { - "forward_inbound_credentials": [ - { - "access_token": true, - "id_token": true, - "refresh_token": true - } - ], - "triggers": [ - { - "event_type": "beforeSignIn", - "function_uri": "https://us-east1-my-project.cloudfunctions.net/before-sign-in" - } - ] - } - ], - "project": "${google_project.default.project_id}", - "quota": [ - { - "sign_up_quota_config": [ - { - "quota": 1000, - "quota_duration": "7200s", - "start_time": "" - } - ] - } - ] - } - references: - project: google_project.default.project_id - dependencies: - google_project.default: |- - { - "billing_account": "000000-0000000-0000000-000000", - "labels": { - "firebase": "enabled" - }, - "name": "my-project", - "org_id": "123456789", - "project_id": "my-project" - } - google_project_service.identitytoolkit: |- - { - "project": "${google_project.default.project_id}", - "service": "identitytoolkit.googleapis.com" - } - argumentDocs: - authorized_domains: |- + destination_config.destination: |- - (Optional) - List of domains authorized for OAuth redirects. - autodelete_anonymous_users: |- + The destinations for the key. + Structure is documented below. + destination_config.key: |- + - + (Required) + The key is the destination identifier that is supported by the Connector. + effective_labels: for all of the labels present on the resource. + encryption_key_value.kms_key_name: |- - (Optional) - Whether anonymous users will be auto-deleted after a period of 30 days - blocking_functions: |- + The [KMS key name] with which the content of the Operation is encrypted. The expected + format: projects//locations//keyRings//cryptoKeys/. + Will be empty string if google managed. + encryption_key_value.type: |- + - + (Required) + Type of Encription Key + Possible values are: GOOGLE_MANAGED, CUSTOMER_MANAGED. + eventing_config: |- - (Optional) - Configuration related to blocking functions. + Eventing Configuration of a connection Structure is documented below. - blocking_functions.forward_inbound_credentials: |- + eventing_config.additional_variable: |- - (Optional) - The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + List containing additional auth configs. Structure is documented below. - blocking_functions.triggers: |- + eventing_config.auth_config: |- + - + (Optional) + authConfig for Eventing Configuration. + Structure is documented below. + eventing_config.enrichment_enabled: |- + - + (Optional) + Enrichment Enabled. + eventing_config.registration_destination_config: |- - (Required) - Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + registrationDestinationConfig Structure is documented below. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - forward_inbound_credentials.access_token: |- + eventing_enablement_type: |- - (Optional) - Whether to pass the user's OAuth identity provider's access token. - forward_inbound_credentials.id_token: |- + Eventing enablement type. Will be nil if eventing is not enabled. + Possible values are: EVENTING_AND_CONNECTION, ONLY_EVENTING. + eventing_runtime_data: |- + - + Eventing Runtime Data. + Structure is documented below. + eventing_runtime_data.events_listener_endpoint: |- - (Optional) - Whether to pass the user's OIDC identity provider's ID token. - forward_inbound_credentials.refresh_token: |- + Events listener endpoint. The value will populated after provisioning the events listener. + eventing_runtime_data.status: |- + - + (Output) + Current status of eventing. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connections/{{name}}' + jwt_claims.audience: |- - (Optional) - Whether to pass the user's OAuth identity provider's refresh token. - id: '- an identifier for the resource with format projects/{{project}}/config' + Value for the "aud" claim. + jwt_claims.issuer: |- + - + (Optional) + Value for the "iss" claim. + jwt_claims.subject: |- + - + (Optional) + Value for the "sub" claim. + labels: |- + - + (Optional) + Resource labels to represent user provided metadata. + location: |- + - + (Required) + Location in which Connection needs to be created. + lock_config: |- + - + (Optional) + Determines whether or no a connection is locked. If locked, a reason must be specified. + Structure is documented below. + lock_config.locked: |- + - + (Required) + Indicates whether or not the connection is locked. + lock_config.reason: |- + - + (Optional) + Describes why a connection is locked. + log_config: |- + - + (Optional) + Log configuration for the connection. + Structure is documented below. + log_config.enabled: |- + - + (Required) + Enabled represents whether logging is enabled or not for a connection. name: |- - - The name of the Config resource + (Required) + Name of Connection needs to be created. + node_config: |- + - + (Optional) + Node configuration for the connection. + Structure is documented below. + node_config.max_node_count: |- + - + (Required) + Minimum number of nodes in the runtime nodes. + node_config.min_node_count: |- + - + (Required) + Minimum number of nodes in the runtime nodes. + oauth2_auth_code_flow.auth_uri: |- + - + (Optional) + Auth URL for Authorization Code Flow. + oauth2_auth_code_flow.client_id: |- + - + (Optional) + Client ID for user-provided OAuth app. + oauth2_auth_code_flow.client_secret: |- + - + (Optional) + Client secret for user-provided OAuth app. + Structure is documented below. + oauth2_auth_code_flow.enable_pkce: |- + - + (Optional) + Whether to enable PKCE when the user performs the auth code flow. + oauth2_auth_code_flow.scopes: |- + - + (Optional) + Scopes the connection will request when the user performs the auth code flow. + oauth2_client_credentials.client_id: |- + - + (Required) + Secret version of Password for Authentication. + oauth2_client_credentials.client_secret: |- + - + (Optional) + Secret version reference containing the client secret. + Structure is documented below. + oauth2_jwt_bearer.client_key: |- + - + (Optional) + Secret version reference containing a PKCS#8 PEM-encoded private key associated with the Client Certificate. + This private key will be used to sign JWTs used for the jwt-bearer authorization grant. + Specified in the form as: projects//secrets//versions/*. + Structure is documented below. + oauth2_jwt_bearer.jwt_claims: |- + - + (Optional) + JwtClaims providers fields to generate the token. + Structure is documented below. + password.secret_version: |- + - + (Required) + The resource name of the secret version in the format, + format as: projects//secrets//versions/*. + private_server_certificate.secret_version: |- + - + (Required) + Secret version of Secret Value for Config variable. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - quota: |- + registration_destination_config.destination: |- - (Optional) - Configuration related to quotas. + destinations for the connection Structure is documented below. - quota.sign_up_quota_config: |- + registration_destination_config.key: |- - (Optional) - Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + Key for the connection + secret_value.secret_version: |- + - + (Required) + Secret version of Secret Value for Config variable. + service_account: |- + - + (Optional) + Service account needed for runtime plane to access Google Cloud resources. + service_directory: |- + - + The name of the Service Directory service name. Used for Private Harpoon to resolve the ILB address. + e.g. "projects/cloud-connectors-e2e-testing/locations/us-central1/namespaces/istio-system/services/istio-ingressgateway-connectors" + ssh_client_cert.secret_version: |- + - + (Required) + The resource name of the secret version in the format, + format as: projects//secrets//versions/*. + ssh_client_cert_pass.secret_version: |- + - + (Required) + The resource name of the secret version in the format, + format as: projects//secrets//versions/*. + ssh_public_key.cert_type: |- + - + (Optional) + Format of SSH Client cert. + ssh_public_key.ssh_client_cert: |- + - + (Optional) + SSH Client Cert. It should contain both public and private key. Structure is documented below. - quota.sign_up_quota_config.quota: |- + ssh_public_key.ssh_client_cert_pass: |- - (Optional) - A sign up APIs quota that customers can override temporarily. - quota.sign_up_quota_config.quota_duration: |- + Password (passphrase) for ssh client certificate if it has one. + Structure is documented below. + ssh_public_key.username: |- + - + (Required) + The user account used to authenticate. + ssl_config: |- - (Optional) - How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". - quota.sign_up_quota_config.start_time: |- + SSL Configuration of a connection + Structure is documented below. + ssl_config.additional_variable: |- - (Optional) - When this quota will take affect. - triggers.event_type: '- (Required) The identifier for this object. Format specified above.' - triggers.function_uri: |- + Additional SSL related field values. + Structure is documented below. + ssl_config.client_cert_type: |- + - + (Optional) + Type of Client Cert (PEM/JKS/.. etc.) + Possible values are: PEM. + ssl_config.client_certificate: |- + - + (Optional) + Client Certificate + Structure is documented below. + ssl_config.client_private_key: |- + - + (Optional) + Client Private Key + Structure is documented below. + ssl_config.client_private_key_pass: |- + - + (Optional) + Secret containing the passphrase protecting the Client Private Key + Structure is documented below. + ssl_config.private_server_certificate: |- + - + (Optional) + Private Server Certificate. Needs to be specified if trust model is PRIVATE. + Structure is documented below. + ssl_config.server_cert_type: |- + - + (Optional) + Type of Server Cert (PEM/JKS/.. etc.) + Possible values are: PEM. + ssl_config.trust_model: |- + - + (Optional) + Enum for Trust Model + Possible values are: PUBLIC, PRIVATE, INSECURE. + ssl_config.type: |- - (Required) - HTTP URI trigger for the Cloud Function. - triggers.update_time: |- + Enum for controlling the SSL Type (TLS/MTLS) + Possible values are: TLS, MTLS. + ssl_config.use_ssl: |- + - + (Optional) + Bool for enabling SSL + status: |- + - + Status of the Integration Connector. + Structure is documented below. + status.description: |- - (Output) - When the trigger was changed. - update: '- Default is 20 minutes.' + Description of Status of Connection. + status.state: |- + - + (Output) + State of the Integration Connector + status.status: |- + - + (Output) + Status of the Connection. + subscription_type: |- + - + This subscription type enum states the subscription type of the project. + suspended: |- + - + (Optional) + Suspended indicates if a user has suspended a connection or not. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + update_time: |- + - + Time the Namespace was updated in UTC. + user_password.password: |- + - + (Optional) + Password for Authentication. + Structure is documented below. + user_password.username: |- + - + (Required) + Username for Authentication. importStatements: [] - google_identity_platform_default_supported_idp_config: - subCategory: Identity Platform - description: Configurations options for authenticating with a the standard set of Identity Toolkit-trusted IDPs. - name: google_identity_platform_default_supported_idp_config + google_integration_connectors_endpoint_attachment: + subCategory: Integration Connectors + description: An Integration connectors Endpoint Attachment. + name: google_integration_connectors_endpoint_attachment title: "" examples: - - name: idp_config + - name: sampleendpointattachment manifest: |- { - "client_id": "client-id", - "client_secret": "secret", - "enabled": true, - "idp_id": "playgames.google.com" + "description": "tf created description", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "name": "test-endpoint-attachment", + "service_attachment": "projects/connectors-example/regions/us-central1/serviceAttachments/test" } argumentDocs: - client_id: |- + create: '- Default is 5 minutes.' + create_time: |- - - (Required) - OAuth client ID - client_secret: |- + Time the Namespace was created in UTC. + delete: '- Default is 5 minutes.' + description: |- - - (Required) - OAuth client secret - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - enabled: |- + (Optional) + Description of the resource. + effective_labels: for all of the labels present on the resource. + endpoint_ip: |- + - + The Private Service Connect connection endpoint ip. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/endpointAttachments/{{name}}' + labels: |- - (Optional) - If this IDP allows the user to sign in - id: '- an identifier for the resource with format projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}}' - idp_id: |- + Resource labels to represent user provided metadata. + location: |- - (Required) - ID of the IDP. Possible values include: + Location in which Endpoint Attachment needs to be created. name: |- - - The name of the DefaultSupportedIdpConfig resource + (Required) + Name of Endpoint Attachment needs to be created. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' + service_attachment: |- + - + (Required) + The path of the service attachment. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 5 minutes.' + update_time: |- + - + Time the Namespace was updated in UTC. importStatements: [] - google_identity_platform_inbound_saml_config: - subCategory: Identity Platform - description: Inbound SAML configuration for a Identity Toolkit project. - name: google_identity_platform_inbound_saml_config + google_kms_crypto_key: + subCategory: Cloud Key Management Service + description: A + name: google_kms_crypto_key title: "" examples: - - name: saml_config + - name: example-key manifest: |- { - "display_name": "Display Name", - "idp_config": [ + "key_ring": "${google_kms_key_ring.keyring.id}", + "lifecycle": [ { - "idp_certificates": [ - { - "x509_certificate": "${file(\"test-fixtures/rsa_cert.pem\")}" - } - ], - "idp_entity_id": "tf-idp", - "sign_request": true, - "sso_url": "https://example.com" + "prevent_destroy": true } ], - "name": "saml.tf-config", - "sp_config": [ + "name": "crypto-key-example", + "rotation_period": "7776000s" + } + references: + key_ring: google_kms_key_ring.keyring.id + dependencies: + google_kms_key_ring.keyring: |- { - "callback_uri": "https://example.com", - "sp_entity_id": "tf-sp" + "location": "global", + "name": "keyring-example" + } + - name: example-asymmetric-sign-key + manifest: |- + { + "key_ring": "${google_kms_key_ring.keyring.id}", + "lifecycle": [ + { + "prevent_destroy": true + } + ], + "name": "crypto-key-example", + "purpose": "ASYMMETRIC_SIGN", + "version_template": [ + { + "algorithm": "EC_SIGN_P384_SHA384" } ] } + references: + key_ring: google_kms_key_ring.keyring.id + dependencies: + google_kms_key_ring.keyring: |- + { + "location": "global", + "name": "keyring-example" + } argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - display_name: |- + destroy_scheduled_duration: |- + - + (Optional) + The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format {{key_ring}}/cryptoKeys/{{name}}' + import_only: |- + - + (Optional) + Whether this key may contain imported versions only. + key_ring: |- - (Required) - Human friendly display name. - id: '- an identifier for the resource with format projects/{{project}}/inboundSamlConfigs/{{name}}' - idp_certificates.x509_certificate: |- + The KeyRing that this key belongs to. + Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'. + labels: |- + - + (Optional) + Labels with user-defined metadata to apply to this resource. + name: |- + - + (Required) + The resource name for the CryptoKey. + primary: |- + - + A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. + Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. + Structure is documented below. + primary.name: |- + - + (Output) + The resource name for this CryptoKeyVersion. + primary.state: |- + - + (Output) + The current state of the CryptoKeyVersion. + purpose: |- + - + (Optional) + The immutable purpose of this CryptoKey. See the + purpose reference + for possible inputs. + Default value is "ENCRYPT_DECRYPT". + rotation_period: |- + - + (Optional) + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter s (seconds). It must be greater than a day (ie, 86400). + skip_initial_version_creation: |- + - + (Optional) + If set to true, the request will create a CryptoKey without any CryptoKeyVersions. + You must use the google_kms_key_ring_import_job resource to import the CryptoKeyVersion. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + version_template: |- + - + (Optional) + A template describing settings for new crypto key versions. + Structure is documented below. + version_template.algorithm: |- + - + (Required) + The algorithm to use when creating a version based on this template. + See the algorithm reference for possible inputs. + version_template.protection_level: |- + - + (Optional) + The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + importStatements: [] + google_kms_crypto_key_iam_policy: + subCategory: Cloud Key Management Service + description: Collection of resources to manage IAM policy for a Google Cloud KMS crypto key. + name: google_kms_crypto_key_iam_policy + title: "" + examples: + - name: crypto_key + manifest: |- + { + "crypto_key_id": "${google_kms_crypto_key.key.id}", + "policy_data": "${data.google_iam_policy.admin.policy_data}" + } + references: + crypto_key_id: google_kms_crypto_key.key.id + policy_data: data.google_iam_policy.admin.policy_data + dependencies: + google_kms_crypto_key.key: |- + { + "key_ring": "${google_kms_key_ring.keyring.id}", + "lifecycle": [ + { + "prevent_destroy": true + } + ], + "name": "crypto-key-example", + "rotation_period": "7776000s" + } + google_kms_key_ring.keyring: |- + { + "location": "global", + "name": "keyring-example" + } + argumentDocs: + condition: |- + - (Optional, Beta) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + crypto_key_id: |- + - (Required) The crypto key ID, in the form + {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or + {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, + the provider's project setting will be used as a fallback. + etag: '- (Computed) The etag of the project''s IAM policy.' + google_kms_crypto_key_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.' + google_kms_crypto_key_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.' + google_kms_crypto_key_iam_policy: ': Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_kms_crypto_key_iam_policy) The policy data generated by + a google_iam_policy data source. + role: |- + - (Required) The role that should be applied. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_kms_crypto_key_version: + subCategory: Cloud Key Management Service + description: A + name: google_kms_crypto_key_version + title: "" + examples: + - name: example-key + manifest: |- + { + "crypto_key": "${google_kms_crypto_key.cryptokey.id}" + } + references: + crypto_key: google_kms_crypto_key.cryptokey.id + dependencies: + google_kms_crypto_key.cryptokey: |- + { + "key_ring": "${google_kms_key_ring.keyring.id}", + "name": "crypto-key-example", + "rotation_period": "7776000s" + } + google_kms_key_ring.keyring: |- + { + "location": "global", + "name": "keyring-example" + } + argumentDocs: + algorithm: |- - - (Optional) - The IdP's x509 certificate. - idp_config: |- + The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. + attestation: |- - - (Required) - SAML IdP configuration when the project acts as the relying party + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. Structure is documented below. - idp_config.idp_certificates: |- + attestation.cert_chains: |- - - (Required) - The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + (Optional) + The certificate chains needed to validate the attestation Structure is documented below. - idp_config.idp_entity_id: |- + attestation.content: |- - - (Required) - Unique identifier for all SAML entities - idp_config.sign_request: |- + (Output) + The attestation data provided by the HSM when the key operation was performed. + attestation.external_protection_level_options: |- - (Optional) - Indicates if outbounding SAMLRequest should be signed. - idp_config.sso_url: |- + ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + Structure is documented below. + attestation.format: |- - - (Required) - URL to send Authentication request to. - name: |- + (Output) + The format of the attestation data. + cert_chains.cavium_certs: |- - - (Required) - The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, - hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an - alphanumeric character, and have at least 2 characters. - sp_certificates.enabled: |- + (Optional) + Cavium certificate chain corresponding to the attestation. + cert_chains.google_card_certs: |- - (Optional) - If this config allows users to sign in with the provider. - sp_certificates.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - sp_certificates.x509_certificate: |- + Google card certificate chain corresponding to the attestation. + cert_chains.google_partition_certs: |- - - (Output) - The x509 certificate - sp_config: |- + (Optional) + Google partition certificate chain corresponding to the attestation. + create: '- Default is 20 minutes.' + crypto_key: |- - (Required) - SAML SP (Service Provider) configuration when the project acts as the relying party to receive - and accept an authentication assertion issued by a SAML identity provider. - Structure is documented below. - sp_config.callback_uri: |- + The name of the cryptoKey associated with the CryptoKeyVersions. + Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' + delete: '- Default is 20 minutes.' + external_protection_level_options.ekm_connection_key_path: |- - (Optional) - Callback URI where responses from IDP are handled. Must start with https://. - sp_config.sp_certificates: |- + The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. + external_protection_level_options.external_key_uri: |- - - (Output) - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - Structure is documented below. - sp_config.sp_entity_id: |- + (Optional) + The URI for an external resource that this CryptoKeyVersion represents. + generate_time: |- + - + The time this CryptoKeyVersion key material was generated + id: '- an identifier for the resource with format {{name}}' + name: |- + - + The resource name for this CryptoKeyVersion. + protection_level: |- + - + The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. + state: |- - (Optional) - Unique identifier for all SAML entities. + The current state of the CryptoKeyVersion. + Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED. update: '- Default is 20 minutes.' importStatements: [] - google_identity_platform_oauth_idp_config: - subCategory: Identity Platform - description: OIDC IdP configuration for a Identity Toolkit project. - name: google_identity_platform_oauth_idp_config + google_kms_key_ring: + subCategory: Cloud Key Management Service + description: A + name: google_kms_key_ring title: "" examples: - - name: oauth_idp_config + - name: example-keyring manifest: |- { - "client_id": "client-id", - "client_secret": "secret", - "display_name": "Display Name", - "enabled": true, - "issuer": "issuer", - "name": "oidc.oauth-idp-config" + "location": "global", + "name": "keyring-example" } argumentDocs: - client_id: |- - - - (Required) - The client id of an OAuth client. - client_secret: |- - - - (Optional) - The client secret of the OAuth client, to enable OIDC code flow. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - display_name: |- - - - (Optional) - Human friendly display name. - enabled: |- - - - (Optional) - If this config allows users to sign in with the provider. - id: '- an identifier for the resource with format projects/{{project}}/oauthIdpConfigs/{{name}}' - issuer: |- + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/keyRings/{{name}}' + location: |- - (Required) - For OIDC Idps, the issuer identifier. + The location for the KeyRing. + A full list of valid locations can be found by running gcloud kms locations list. name: |- - (Required) - The name of the OauthIdpConfig. Must start with oidc.. + The resource name for the KeyRing. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' importStatements: [] - google_identity_platform_project_default_config: - subCategory: Identity Platform - description: There is no persistent data associated with this resource. - name: google_identity_platform_project_default_config + google_kms_key_ring_iam_policy: + subCategory: Cloud Key Management Service + description: Collection of resources to manage IAM policy for a Google Cloud KMS key ring. + name: google_kms_key_ring_iam_policy title: "" examples: - - name: default + - name: key_ring manifest: |- { - "sign_in": [ + "key_ring_id": "${google_kms_key_ring.keyring.id}", + "policy_data": "${data.google_iam_policy.admin.policy_data}" + } + references: + key_ring_id: google_kms_key_ring.keyring.id + policy_data: data.google_iam_policy.admin.policy_data + dependencies: + google_kms_key_ring.keyring: |- { - "allow_duplicate_emails": true, - "anonymous": [ - { - "enabled": true - } - ], - "email": [ - { - "enabled": true, - "password_required": false - } - ], - "phone_number": [ - { - "enabled": true, - "test_phone_numbers": { - "+11231231234": "000000" - } - } - ] + "location": "global", + "name": "keyring-example" } - ] + - name: key_ring + manifest: |- + { + "key_ring_id": "${google_kms_key_ring.keyring.id}", + "policy_data": "${data.google_iam_policy.admin.policy_data}" } + references: + key_ring_id: google_kms_key_ring.keyring.id + policy_data: data.google_iam_policy.admin.policy_data + dependencies: + google_kms_key_ring.keyring: |- + { + "location": "global", + "name": "keyring-example" + } argumentDocs: - anonymous.enabled: |- - - - (Required) - Whether anonymous user auth is enabled for the project or not. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - email.enabled: |- - - - (Optional) - Whether email auth is enabled for the project or not. - email.password_required: |- - - - (Optional) - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - hash_config.algorithm: |- - - - (Output) - Different password hash algorithms used in Identity Toolkit. - hash_config.memory_cost: |- - - - (Output) - Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. - hash_config.rounds: |- + condition: |- + - (Optional, Beta) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the key ring''s IAM policy.' + google_kms_key_ring_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.' + google_kms_key_ring_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.' + google_kms_key_ring_iam_policy: ': Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.' + key_ring_id: |- + - (Required) The key ring ID, in the form + {project_id}/{location_name}/{key_ring_name} or + {location_name}/{key_ring_name}. In the second form, the provider's + project setting will be used as a fallback. + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_kms_key_ring_iam_policy) The policy data generated by + a google_iam_policy data source. + role: |- + - (Required) The role that should be applied. Only one + google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_kms_key_ring_import_job: + subCategory: Cloud Key Management Service + description: A + name: google_kms_key_ring_import_job + title: "" + argumentDocs: + attestation: |- - - (Output) - How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - hash_config.salt_separator: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + Structure is documented below. + attestation.content: |- - (Output) - Non-printable character to be inserted between the salt and plain text password in base64. - hash_config.signer_key: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + attestation.format: |- - (Output) - Signer key in base64. - id: '- an identifier for the resource with format {{project}}' - name: |- + The format of the attestation data. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + expire_time: |- - - The name of the Config resource. Example: "projects/my-awesome-project/config" - phone_number.enabled: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + id: '- an identifier for the resource with format {{name}}' + import_job_id: |- - - (Optional) - Whether phone number auth is enabled for the project or not. - phone_number.test_phone_numbers: |- + (Required) + It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} + import_method: |- - - (Optional) - A map of that can be used for phone auth testing. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - sign_in: |- + (Required) + The wrapping method to be used for incoming key material. + Possible values are: RSA_OAEP_3072_SHA1_AES_256, RSA_OAEP_4096_SHA1_AES_256. + key_ring: |- - - (Optional) - Configuration related to local sign in methods. - Structure is documented below. - sign_in.allow_duplicate_emails: |- + (Required) + The KeyRing that this import job belongs to. + Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'. + name: |- - - (Optional) - Whether to allow more than one account to have the same email. - sign_in.anonymous: |- + The resource name for this ImportJob in the format projects//locations//keyRings//importJobs/. + protection_level: |- - - (Optional) - Configuration options related to authenticating an anonymous user. - Structure is documented below. - sign_in.email: |- + (Required) + The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. + Possible values are: SOFTWARE, HSM, EXTERNAL. + public_key: |- - - (Optional) - Configuration options related to authenticating a user by their email address. + The public key with which to wrap key material prior to import. Only returned if state is ACTIVE. Structure is documented below. - sign_in.hash_config: |- + public_key.pem: |- - (Output) - Output only. Hash config information. - Structure is documented below. - sign_in.phone_number: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + state: |- - - (Optional) - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - update: '- Default is 20 minutes.' + The current state of the ImportJob, indicating if it can be used. importStatements: [] - google_identity_platform_tenant: - subCategory: Identity Platform - description: Tenant configuration in a multi-tenant project. - name: google_identity_platform_tenant + google_kms_secret_ciphertext: + subCategory: Cloud Key Management Service + description: Encrypts secret data with Google Cloud KMS and provides access to the ciphertext. + name: google_kms_secret_ciphertext title: "" examples: - - name: tenant + - name: my_password manifest: |- { - "allow_password_signup": true, - "display_name": "tenant" + "crypto_key": "${google_kms_crypto_key.cryptokey.id}", + "plaintext": "my-secret-password" } + references: + crypto_key: google_kms_crypto_key.cryptokey.id + dependencies: + google_compute_instance.instance: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "debian-cloud/debian-11" + } + ] + } + ], + "machine_type": "e2-medium", + "metadata": { + "password": "${google_kms_secret_ciphertext.my_password.ciphertext}" + }, + "name": "my-instance", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "default" + } + ], + "zone": "us-central1-a" + } + google_kms_crypto_key.cryptokey: |- + { + "key_ring": "${google_kms_key_ring.keyring.id}", + "lifecycle": [ + { + "prevent_destroy": true + } + ], + "name": "crypto-key-example", + "rotation_period": "7776000s" + } + google_kms_key_ring.keyring: |- + { + "location": "global", + "name": "keyring-example" + } argumentDocs: - allow_password_signup: |- + additional_authenticated_data: |- - (Optional) - Whether to allow email/password user authentication. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - disable_auth: |- + The additional authenticated data used for integrity checks during encryption and decryption. + Note: This property is sensitive and will not be displayed in the plan. + ciphertext: |- - - (Optional) - Whether authentication is disabled for the tenant. If true, the users under - the disabled tenant are not allowed to sign-in. Admins of the disabled tenant - are not able to manage its users. - display_name: |- + Contains the result of encrypting the provided plaintext, encoded in base64. + create: '- Default is 20 minutes.' + crypto_key: |- - (Required) - Human friendly display name of the tenant. - enable_email_link_signin: |- - - - (Optional) - Whether to enable email link user authentication. - id: '- an identifier for the resource with format projects/{{project}}/tenants/{{name}}' - name: |- + The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{crypto_key}}/{{ciphertext}}' + plaintext: |- - - The name of the tenant that is generated by the server - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' + (Required) + The plaintext to be encrypted. + Note: This property is sensitive and will not be displayed in the plan. importStatements: [] - google_identity_platform_tenant_default_supported_idp_config: - subCategory: Identity Platform - description: Configurations options for the tenant for authenticating with a the standard set of Identity Toolkit-trusted IDPs. - name: google_identity_platform_tenant_default_supported_idp_config + google_logging_billing_account_bucket_config: + subCategory: Cloud (Stackdriver) Logging + description: Manages a billing account level logging bucket config. + name: google_logging_billing_account_bucket_config title: "" examples: - - name: idp_config + - name: basic manifest: |- { - "client_id": "my-client-id", - "client_secret": "secret", - "enabled": true, - "idp_id": "playgames.google.com", - "tenant": "${google_identity_platform_tenant.tenant.name}" + "billing_account": "${data.google_billing_account.default.billing_account}", + "bucket_id": "_Default", + "location": "global", + "retention_days": 30 } references: - tenant: google_identity_platform_tenant.tenant.name - dependencies: - google_identity_platform_tenant.tenant: |- - { - "display_name": "tenant" - } + billing_account: data.google_billing_account.default.billing_account + - name: example-billing-account-bucket-index-configs + manifest: |- + { + "bucket_id": "_Default", + "folder": "${data.google_billing_account.default.billing_account}", + "index_configs": { + "file_path": "jsonPayload.request.status", + "type": "INDEX_TYPE_STRING" + }, + "location": "global", + "retention_days": 30 + } + references: + folder: data.google_billing_account.default.billing_account argumentDocs: - client_id: |- - - - (Required) - OAuth client ID - client_secret: |- - - - (Required) - OAuth client secret - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - enabled: |- - - - (Optional) - If this IDP allows the user to sign in - id: '- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs/{{idp_id}}' - idp_id: |- - - - (Required) - ID of the IDP. Possible values include: - name: |- - - - The name of the default supported IDP config resource - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - tenant: |- - - - (Required) - The name of the tenant where this DefaultSupportedIdpConfig resource exists - update: '- Default is 20 minutes.' + billing_account: '- (Required) The parent resource that contains the logging bucket.' + bucket_id: '- (Required) The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.' + description: '- (Optional) Describes this bucket.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/buckets/{{bucket}}' + index_configs: '- (Optional) A list of indexed fields and related configuration data. Structure is documented below.' + index_configs.field_path: |- + - The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + index_configs.type: '- The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER.' + lifecycle_state: '- The bucket''s lifecycle such as active or deleted. See LifecycleState.' + location: '- (Required) The location of the bucket.' + name: '- The resource name of the bucket. For example: "projects/my-project-id/locations/my-location/buckets/my-bucket-id"' + retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. Bucket retention can not be increased on buckets outside of projects.' + importStatements: [] + google_logging_billing_account_exclusion: + subCategory: Cloud (Stackdriver) Logging + description: Manages a billing_account-level logging exclusion. + name: google_logging_billing_account_exclusion + title: "" + examples: + - name: my-exclusion + manifest: |- + { + "billing_account": "ABCDEF-012345-GHIJKL", + "description": "Exclude GCE instance debug logs", + "filter": "resource.type = gce_instance AND severity \u003c= DEBUG", + "name": "my-instance-debug-exclusion" + } + argumentDocs: + billing_account: '- (Required) The billing account to create the exclusion for.' + description: '- (Optional) A human-readable description.' + disabled: |- + - (Optional) Whether this exclusion rule should be disabled or not. This defaults to + false. + filter: |- + - (Required) The filter to apply when excluding logs. Only log entries that match the filter are excluded. + See Advanced Log Filters for information on how to + write a filter. + id: '- an identifier for the resource with format billingAccounts/{{billing_account}}/exclusions/{{name}}' + name: '- (Required) The name of the logging exclusion.' importStatements: [] - google_identity_platform_tenant_inbound_saml_config: - subCategory: Identity Platform - description: Inbound SAML configuration for a Identity Toolkit tenant. - name: google_identity_platform_tenant_inbound_saml_config + google_logging_billing_account_sink: + subCategory: Cloud (Stackdriver) Logging + description: Manages a billing account logging sink. + name: google_logging_billing_account_sink title: "" examples: - - name: tenant_saml_config + - name: my-sink manifest: |- { - "display_name": "Display Name", - "idp_config": [ + "billing_account": "ABCDEF-012345-GHIJKL", + "description": "some explanation on what this is", + "destination": "storage.googleapis.com/${google_storage_bucket.log-bucket.name}", + "name": "my-sink" + } + dependencies: + google_project_iam_binding.log-writer: |- { - "idp_certificates": [ - { - "x509_certificate": "${file(\"test-fixtures/rsa_cert.pem\")}" - } + "members": [ + "${google_logging_billing_account_sink.my-sink.writer_identity}" ], - "idp_entity_id": "tf-idp", - "sign_request": true, - "sso_url": "https://example.com" - } - ], - "name": "saml.tf-config", - "sp_config": [ - { - "callback_uri": "https://example.com", - "sp_entity_id": "tf-sp" + "project": "your-project-id", + "role": "roles/storage.objectCreator" } - ], - "tenant": "${google_identity_platform_tenant.tenant.name}" - } - references: - tenant: google_identity_platform_tenant.tenant.name - dependencies: - google_identity_platform_tenant.tenant: |- + google_storage_bucket.log-bucket: |- { - "display_name": "tenant" + "location": "US", + "name": "billing-logging-bucket" } argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- - - - (Required) - Human friendly display name. - id: '- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}' - idp_certificates.x509_certificate: |- - - - (Optional) - The x509 certificate - idp_config: |- - - - (Required) - SAML IdP configuration when the project acts as the relying party - Structure is documented below. - idp_config.idp_certificates: |- - - - (Required) - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - Structure is documented below. - idp_config.idp_entity_id: |- - - - (Required) - Unique identifier for all SAML entities - idp_config.sign_request: |- - - - (Optional) - Indicates if outbounding SAMLRequest should be signed. - idp_config.sso_url: |- - - - (Required) - URL to send Authentication request to. - name: |- - - - (Required) - The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, - hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an - alphanumeric character, and have at least 2 characters. - sp_certificates.enabled: |- - - - (Optional) - If this config allows users to sign in with the provider. - sp_certificates.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - sp_certificates.x509_certificate: |- - - - (Output) - The x509 certificate - sp_config: |- - - - (Required) - SAML SP (Service Provider) configuration when the project acts as the relying party to receive - and accept an authentication assertion issued by a SAML identity provider. - Structure is documented below. - sp_config.callback_uri: |- - - - (Required) - Callback URI where responses from IDP are handled. Must start with https://. - sp_config.sp_certificates: |- - - - (Output) - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - Structure is documented below. - sp_config.sp_entity_id: |- - - - (Required) - Unique identifier for all SAML entities. - tenant: |- - - - (Required) - The name of the tenant where this inbound SAML config resource exists - update: '- Default is 20 minutes.' + bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' + bigquery_options.use_partitioned_tables: |- + - (Required) Whether to use BigQuery's partition tables. + By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned + tables, the date suffix is no longer present and special query syntax + has to be used instead. In both cases, tables are sharded based on UTC timezone. + billing_account: '- (Required) The billing account exported to the sink.' + description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' + destination: |- + - (Required) The destination of the sink (or, in other words, where logs are written to). Can be a + Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' + exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' + exclusions.description: '- (Optional) A description of this exclusion.' + exclusions.disabled: '- (Optional) If set to True, then this exclusion is disabled and it does not exclude any log entries.' + exclusions.filter: |- + - (Required) An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. See Advanced Log Filters for information on how to + write a filter. + exclusions.name: '- (Required) A client-assigned identifier, such as load-balancer-exclusion. Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.' + filter: |- + - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. + See Advanced Log Filters for information on how to + write a filter. + id: '- an identifier for the resource with format billingAccounts/{{billing_account_id}}/sinks/{{sink_id}}' + name: '- (Required) The name of the logging sink.' + writer_identity: |- + - The identity associated with this sink. This identity must be granted write access to the + configured destination. importStatements: [] - google_identity_platform_tenant_oauth_idp_config: - subCategory: Identity Platform - description: OIDC IdP configuration for a Identity Toolkit project within a tenant. - name: google_identity_platform_tenant_oauth_idp_config + google_logging_folder_bucket_config: + subCategory: Cloud (Stackdriver) Logging + description: Manages a folder-level logging bucket config. + name: google_logging_folder_bucket_config title: "" examples: - - name: tenant_oauth_idp_config + - name: basic manifest: |- { - "client_id": "client-id", - "client_secret": "secret", - "display_name": "Display Name", - "enabled": true, - "issuer": "issuer", - "name": "oidc.oauth-idp-config", - "tenant": "${google_identity_platform_tenant.tenant.name}" + "bucket_id": "_Default", + "folder": "${google_folder.default.name}", + "index_configs": { + "file_path": "jsonPayload.request.status", + "type": "INDEX_TYPE_STRING" + }, + "location": "global", + "retention_days": 30 } references: - tenant: google_identity_platform_tenant.tenant.name + folder: google_folder.default.name dependencies: - google_identity_platform_tenant.tenant: |- + google_folder.default: |- { - "display_name": "tenant" + "display_name": "some-folder-name", + "parent": "organizations/123456789" } argumentDocs: - client_id: |- - - - (Required) - The client id of an OAuth client. - client_secret: |- - - - (Optional) - The client secret of the OAuth client, to enable OIDC code flow. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- - - - (Required) - Human friendly display name. - enabled: |- - - - (Optional) - If this config allows users to sign in with the provider. - id: '- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs/{{name}}' - issuer: |- - - - (Required) - For OIDC Idps, the issuer identifier. - name: |- - - - (Required) - The name of the OauthIdpConfig. Must start with oidc.. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - tenant: |- - - - (Required) - The name of the tenant where this OIDC IDP configuration resource exists - update: '- Default is 20 minutes.' + bucket_id: '- (Required) The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.' + description: '- (Optional) Describes this bucket.' + folder: '- (Required) The parent resource that contains the logging bucket.' + id: '- an identifier for the resource with format folders/{{folder}}/locations/{{location}}/buckets/{{bucket_id}}' + index_configs: '- (Optional) A list of indexed fields and related configuration data. Structure is documented below.' + index_configs.field_path: |- + - The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + index_configs.type: '- The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER.' + lifecycle_state: '- The bucket''s lifecycle such as active or deleted. See LifecycleState.' + location: '- (Required) The location of the bucket.' + name: '- The resource name of the bucket. For example: "folders/my-folder-id/locations/my-location/buckets/my-bucket-id"' + retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. Bucket retention can not be increased on buckets outside of projects.' importStatements: [] - google_kms_crypto_key: - subCategory: Cloud Key Management Service - description: A - name: google_kms_crypto_key + google_logging_folder_exclusion: + subCategory: Cloud (Stackdriver) Logging + description: Manages a folder-level logging exclusion. + name: google_logging_folder_exclusion title: "" examples: - - name: example-key + - name: my-exclusion manifest: |- { - "key_ring": "${google_kms_key_ring.keyring.id}", - "lifecycle": [ - { - "prevent_destroy": true - } - ], - "name": "crypto-key-example", - "rotation_period": "100000s" + "description": "Exclude GCE instance debug logs", + "filter": "resource.type = gce_instance AND severity \u003c= DEBUG", + "folder": "${google_folder.my-folder.name}", + "name": "my-instance-debug-exclusion" } references: - key_ring: google_kms_key_ring.keyring.id + folder: google_folder.my-folder.name dependencies: - google_kms_key_ring.keyring: |- + google_folder.my-folder: |- { - "location": "global", - "name": "keyring-example" + "display_name": "My folder", + "parent": "organizations/123456" } - - name: example-asymmetric-sign-key + argumentDocs: + description: '- (Optional) A human-readable description.' + disabled: |- + - (Optional) Whether this exclusion rule should be disabled or not. This defaults to + false. + filter: |- + - (Required) The filter to apply when excluding logs. Only log entries that match the filter are excluded. + See Advanced Log Filters for information on how to + write a filter. + folder: |- + - (Required) The folder to be exported to the sink. Note that either [FOLDER_ID] or "folders/[FOLDER_ID]" is + accepted. + id: '- an identifier for the resource with format folders/{{folder}}/exclusions/{{name}}' + name: '- (Required) The name of the logging exclusion.' + importStatements: [] + google_logging_folder_settings: + subCategory: Cloud (Stackdriver) Logging + description: Default resource settings control whether CMEK is required for new log buckets. + name: google_logging_folder_settings + title: "" + examples: + - name: example manifest: |- { - "key_ring": "${google_kms_key_ring.keyring.id}", - "lifecycle": [ - { - "prevent_destroy": true - } + "depends_on": [ + "${google_kms_crypto_key_iam_member.iam}" ], - "name": "crypto-key-example", - "purpose": "ASYMMETRIC_SIGN", - "version_template": [ - { - "algorithm": "EC_SIGN_P384_SHA384" - } - ] + "disable_default_sink": true, + "folder": "${google_folder.my_folder.folder_id}", + "kms_key_name": "kms-key", + "storage_location": "us-central1" } references: - key_ring: google_kms_key_ring.keyring.id + folder: google_folder.my_folder.folder_id dependencies: - google_kms_key_ring.keyring: |- + google_folder.my_folder: |- { - "location": "global", - "name": "keyring-example" + "display_name": "folder-name", + "parent": "organizations/123456789" + } + google_kms_crypto_key_iam_member.iam: |- + { + "crypto_key_id": "kms-key", + "member": "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - destroy_scheduled_duration: |- - - - (Optional) - The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - id: '- an identifier for the resource with format {{key_ring}}/cryptoKeys/{{name}}' - import_only: |- + disable_default_sink: |- - (Optional) - Whether this key may contain imported versions only. - key_ring: |- + If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + folder: |- - (Required) - The KeyRing that this key belongs to. - Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'. - labels: |- + The folder for which to retrieve settings. + id: '- an identifier for the resource with format folders/{{folder}}/settings' + kms_key_name: |- - (Optional) - Labels with user-defined metadata to apply to this resource. - name: |- + The resource name for the configured Cloud KMS key. + kms_service_account_id: |- - - (Required) - The resource name for the CryptoKey. - purpose: |- + The service account that will be used by the Log Router to access your Cloud KMS key. + logging_service_account_id: |- - - (Optional) - The immutable purpose of this CryptoKey. See the - purpose reference - for possible inputs. - Default value is "ENCRYPT_DECRYPT". - rotation_period: |- + The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. + name: |- - - (Optional) - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter s (seconds). It must be greater than a day (ie, 86400). - skip_initial_version_creation: |- + The resource name of the settings. + storage_location: |- - (Optional) - If set to true, the request will create a CryptoKey without any CryptoKeyVersions. - You must use the google_kms_key_ring_import_job resource to import the CryptoKeyVersion. + The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. update: '- Default is 20 minutes.' - version_template: |- - - - (Optional) - A template describing settings for new crypto key versions. - Structure is documented below. - version_template.algorithm: |- - - - (Required) - The algorithm to use when creating a version based on this template. - See the algorithm reference for possible inputs. - version_template.protection_level: |- - - - (Optional) - The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". importStatements: [] - google_kms_crypto_key_iam_policy: - subCategory: Cloud Key Management Service - description: Collection of resources to manage IAM policy for a Google Cloud KMS crypto key. - name: google_kms_crypto_key_iam_policy + google_logging_folder_sink: + subCategory: Cloud (Stackdriver) Logging + description: Manages a folder-level logging sink. + name: google_logging_folder_sink title: "" examples: - - name: crypto_key + - name: my-sink manifest: |- { - "crypto_key_id": "${google_kms_crypto_key.key.id}", - "policy_data": "${data.google_iam_policy.admin.policy_data}" + "description": "some explanation on what this is", + "destination": "storage.googleapis.com/${google_storage_bucket.log-bucket.name}", + "filter": "resource.type = gce_instance AND severity \u003e= WARNING", + "folder": "${google_folder.my-folder.name}", + "name": "my-sink" } references: - crypto_key_id: google_kms_crypto_key.key.id - policy_data: data.google_iam_policy.admin.policy_data + folder: google_folder.my-folder.name dependencies: - google_kms_crypto_key.key: |- + google_folder.my-folder: |- { - "key_ring": "${google_kms_key_ring.keyring.id}", - "lifecycle": [ - { - "prevent_destroy": true - } + "display_name": "My folder", + "parent": "organizations/123456" + } + google_project_iam_binding.log-writer: |- + { + "members": [ + "${google_logging_folder_sink.my-sink.writer_identity}" ], - "name": "crypto-key-example", - "rotation_period": "100000s" + "project": "your-project-id", + "role": "roles/storage.objectCreator" } - google_kms_key_ring.keyring: |- + google_storage_bucket.log-bucket: |- { - "location": "global", - "name": "keyring-example" + "location": "US", + "name": "folder-logging-bucket" } argumentDocs: - condition: |- - - (Optional, Beta) An IAM Condition for a given binding. - Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - crypto_key_id: |- - - (Required) The crypto key ID, in the form - {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or - {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, - the provider's project setting will be used as a fallback. - etag: '- (Computed) The etag of the project''s IAM policy.' - google_kms_crypto_key_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.' - google_kms_crypto_key_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.' - google_kms_crypto_key_iam_policy: ': Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_kms_crypto_key_iam_policy) The policy data generated by - a google_iam_policy data source. - role: |- - - (Required) The role that should be applied. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' + bigquery_options.use_partitioned_tables: |- + - (Required) Whether to use BigQuery's partition tables. + By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned + tables, the date suffix is no longer present and special query syntax + has to be used instead. In both cases, tables are sharded based on UTC timezone. + description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' + destination: '- (Required) The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples:' + disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' + exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' + exclusions.description: '- (Optional) A description of this exclusion.' + exclusions.disabled: '- (Optional) If set to True, then this exclusion is disabled and it does not exclude any log entries.' + exclusions.filter: |- + - (Required) An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. See Advanced Log Filters for information on how to + write a filter. + exclusions.name: '- (Required) A client-assigned identifier, such as load-balancer-exclusion. Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.' + filter: |- + - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. + See Advanced Log Filters for information on how to + write a filter. + folder: |- + - (Required) The folder to be exported to the sink. Note that either [FOLDER_ID] or folders/[FOLDER_ID] is + accepted. + id: '- an identifier for the resource with format folders/{{folder_id}}/sinks/{{name}}' + include_children: |- + - (Optional) Whether or not to include children folders in the sink export. If true, logs + associated with child projects are also exported; otherwise only logs relating to the provided folder are included. + name: '- (Required) The name of the logging sink.' + writer_identity: |- + - The identity associated with this sink. This identity must be granted write access to the + configured destination. importStatements: [] - google_kms_crypto_key_version: - subCategory: Cloud Key Management Service - description: A - name: google_kms_crypto_key_version + google_logging_linked_dataset: + subCategory: Cloud (Stackdriver) Logging + description: Describes a BigQuery linked dataset + name: google_logging_linked_dataset title: "" examples: - - name: example-key + - name: logging_linked_dataset manifest: |- { - "crypto_key": "${google_kms_crypto_key.cryptokey.id}" + "bucket": "${google_logging_project_bucket_config.logging_linked_dataset.id}", + "description": "Linked dataset test", + "link_id": "mylink" } references: - crypto_key: google_kms_crypto_key.cryptokey.id + bucket: google_logging_project_bucket_config.logging_linked_dataset.id dependencies: - google_kms_crypto_key.cryptokey: |- - { - "key_ring": "${google_kms_key_ring.keyring.id}", - "name": "crypto-key-example", - "rotation_period": "100000s" - } - google_kms_key_ring.keyring: |- + google_logging_project_bucket_config.logging_linked_dataset: |- { + "bucket_id": "my-bucket", + "enable_analytics": true, "location": "global", - "name": "keyring-example" + "project": "my-project-name" } - argumentDocs: - algorithm: |- - - - The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. - attestation: |- - - - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. - Only provided for key versions with protectionLevel HSM. - Structure is documented below. - attestation.cert_chains: |- + - name: logging_linked_dataset + manifest: |- + { + "bucket": "my-bucket", + "depends_on": [ + "google_logging_project_bucket_config.logging_linked_dataset" + ], + "description": "Linked dataset test", + "link_id": "mylink", + "location": "global", + "parent": "projects/my-project-name" + } + dependencies: + google_logging_project_bucket_config.logging_linked_dataset: |- + { + "bucket_id": "my-bucket", + "enable_analytics": true, + "location": "global", + "project": "my-project-name" + } + argumentDocs: + bigquery_dataset: |- - - (Optional) - The certificate chains needed to validate the attestation + The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along + with it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery + Views corresponding to the LogViews in the bucket. Structure is documented below. - attestation.content: |- + bigquery_dataset.dataset_id: |- - (Output) - The attestation data provided by the HSM when the key operation was performed. - attestation.external_protection_level_options: |- - - - (Optional) - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. - Structure is documented below. - attestation.format: |- + Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID + of the link, so the link must match the naming restrictions of BigQuery datasets + (alphanumeric characters and underscores only). The dataset will have a resource path of + "bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]" + bucket: |- - - (Output) - The format of the attestation data. - cert_chains.cavium_certs: |- + (Required) + The bucket to which the linked dataset is attached. + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - Cavium certificate chain corresponding to the attestation. - cert_chains.google_card_certs: |- + Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + description: |- - (Optional) - Google card certificate chain corresponding to the attestation. - cert_chains.google_partition_certs: |- + Describes this link. The maximum length of the description is 8000 characters. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/buckets/{{bucket}}/links/{{link_id}}' + lifecycle_state: |- - - (Optional) - Google partition certificate chain corresponding to the attestation. - create: '- Default is 20 minutes.' - crypto_key: |- + Output only. The linked dataset lifecycle state. + link_id: |- - (Required) - The name of the cryptoKey associated with the CryptoKeyVersions. - Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - delete: '- Default is 20 minutes.' - external_protection_level_options.ekm_connection_key_path: |- - - - (Optional) - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. - external_protection_level_options.external_key_uri: |- + The id of the linked dataset. + location: |- - (Optional) - The URI for an external resource that this CryptoKeyVersion represents. - generate_time: |- - - - The time this CryptoKeyVersion key material was generated - id: '- an identifier for the resource with format {{name}}' + The location of the linked dataset. name: |- - - The resource name for this CryptoKeyVersion. - protection_level: |- - - - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. - state: |- + The resource name of the linked dataset. The name can have up to 100 characters. A valid link id + (at the end of the link name) must only have alphanumeric characters and underscores within it. + parent: |- - (Optional) - The current state of the CryptoKeyVersion. - Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED. - update: '- Default is 20 minutes.' + The parent of the linked dataset. importStatements: [] - google_kms_key_ring: - subCategory: Cloud Key Management Service - description: A - name: google_kms_key_ring + google_logging_log_view: + subCategory: Cloud (Stackdriver) Logging + description: Describes a view over log entries in a bucket. + name: google_logging_log_view title: "" examples: - - name: example-keyring + - name: logging_log_view manifest: |- { - "location": "global", - "name": "keyring-example" + "bucket": "${google_logging_project_bucket_config.logging_log_view.id}", + "description": "A logging view configured with Terraform", + "filter": "SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")", + "name": "my-view" } + references: + bucket: google_logging_project_bucket_config.logging_log_view.id + dependencies: + google_logging_project_bucket_config.logging_log_view: |- + { + "bucket_id": "_Default", + "location": "global", + "project": "my-project-name", + "retention_days": 30 + } argumentDocs: + bucket: |- + - + (Required) + The bucket of the resource create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation timestamp of the view. delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/keyRings/{{name}}' + description: |- + - + (Optional) + Describes this view. + filter: |- + - + (Optional) + Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE("projects/myproject") AND resource.type = "gce_instance" AND LOG_ID("stdout") + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}' location: |- - - (Required) - The location for the KeyRing. - A full list of valid locations can be found by running gcloud kms locations list. + (Optional) + The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1. name: |- - (Required) - The resource name for the KeyRing. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. + The resource name of the view. For example: `projects/my-project/locations/global/buckets/my-bucket/views/my-view` + parent: |- + - + (Optional) + The parent of the resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last update timestamp of the view. importStatements: [] - google_kms_key_ring_iam_policy: - subCategory: Cloud Key Management Service - description: Collection of resources to manage IAM policy for a Google Cloud KMS key ring. - name: google_kms_key_ring_iam_policy + google_logging_metric: + subCategory: Cloud (Stackdriver) Logging + description: Logs-based metric can also be used to extract values from logs and create a a distribution of the values. + name: google_logging_metric title: "" examples: - - name: key_ring + - name: logging_metric manifest: |- { - "key_ring_id": "${google_kms_key_ring.keyring.id}", - "policy_data": "${data.google_iam_policy.admin.policy_data}" + "bucket_options": [ + { + "linear_buckets": [ + { + "num_finite_buckets": 3, + "offset": 1, + "width": 1 + } + ] + } + ], + "filter": "resource.type=gae_app AND severity\u003e=ERROR", + "label_extractors": { + "mass": "EXTRACT(jsonPayload.request)", + "sku": "EXTRACT(jsonPayload.id)" + }, + "metric_descriptor": [ + { + "display_name": "My metric", + "labels": [ + { + "description": "amount of matter", + "key": "mass", + "value_type": "STRING" + }, + { + "description": "Identifying number for item", + "key": "sku", + "value_type": "INT64" + } + ], + "metric_kind": "DELTA", + "unit": "1", + "value_type": "DISTRIBUTION" + } + ], + "name": "my-(custom)/metric", + "value_extractor": "EXTRACT(jsonPayload.request)" } - references: - key_ring_id: google_kms_key_ring.keyring.id - policy_data: data.google_iam_policy.admin.policy_data - dependencies: - google_kms_key_ring.keyring: |- + - name: logging_metric + manifest: |- + { + "filter": "resource.type=gae_app AND severity\u003e=ERROR", + "metric_descriptor": [ { - "location": "global", - "name": "keyring-example" + "metric_kind": "DELTA", + "value_type": "INT64" } - - name: key_ring + ], + "name": "my-(custom)/metric" + } + - name: logging_metric manifest: |- { - "key_ring_id": "${google_kms_key_ring.keyring.id}", - "policy_data": "${data.google_iam_policy.admin.policy_data}" + "filter": "resource.type=gae_app AND severity\u003e=ERROR", + "label_extractors": { + "mass": "EXTRACT(jsonPayload.request)" + }, + "metric_descriptor": [ + { + "labels": [ + { + "description": "amount of matter", + "key": "mass", + "value_type": "STRING" + } + ], + "metric_kind": "DELTA", + "value_type": "INT64" + } + ], + "name": "my-(custom)/metric" + } + - name: logging_metric + manifest: |- + { + "bucket_name": "${google_logging_project_bucket_config.logging_metric.id}", + "filter": "resource.type=gae_app AND severity\u003e=ERROR", + "name": "my-(custom)/metric" } references: - key_ring_id: google_kms_key_ring.keyring.id - policy_data: data.google_iam_policy.admin.policy_data + bucket_name: google_logging_project_bucket_config.logging_metric.id dependencies: - google_kms_key_ring.keyring: |- + google_logging_project_bucket_config.logging_metric: |- { + "bucket_id": "_Default", "location": "global", - "name": "keyring-example" + "project": "my-project-name" + } + - name: logging_metric + manifest: |- + { + "disabled": true, + "filter": "resource.type=gae_app AND severity\u003e=ERROR", + "metric_descriptor": [ + { + "metric_kind": "DELTA", + "value_type": "INT64" } + ], + "name": "my-(custom)/metric" + } argumentDocs: - condition: |- - - (Optional, Beta) An IAM Condition for a given binding. + bucket_name: |- + - + (Optional) + The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects + are supported. The bucket has to be in the same project as the metric. + bucket_options: |- + - + (Optional) + The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it + describes the bucket boundaries used to create a histogram of the extracted values. Structure is documented below. - condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' - condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' - condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' - etag: '- (Computed) The etag of the key ring''s IAM policy.' - google_kms_key_ring_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.' - google_kms_key_ring_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.' - google_kms_key_ring_iam_policy: ': Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.' - key_ring_id: |- - - (Required) The key ring ID, in the form - {project_id}/{location_name}/{key_ring_name} or - {location_name}/{key_ring_name}. In the second form, the provider's - project setting will be used as a fallback. - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_kms_key_ring_iam_policy) The policy data generated by - a google_iam_policy data source. - role: |- - - (Required) The role that should be applied. Only one - google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_kms_key_ring_import_job: - subCategory: Cloud Key Management Service - description: A - name: google_kms_key_ring_import_job - title: "" - argumentDocs: - attestation: |- + bucket_options.explicit_buckets: |- - - Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. - Use this statement to verify attributes of the key as stored on the HSM, independently of Google. - Only present if the chosen ImportMethod is one with a protection level of HSM. + (Optional) + Specifies a set of buckets with arbitrary widths. Structure is documented below. - attestation.content: |- + bucket_options.exponential_buckets: |- - - (Output) - The attestation data provided by the HSM when the key operation was performed. - A base64-encoded string. - attestation.format: |- + (Optional) + Specifies an exponential sequence of buckets that have a width that is proportional to the value of + the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket. + Structure is documented below. + bucket_options.linear_buckets: |- - - (Output) - The format of the attestation data. + (Optional) + Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). + Each bucket represents a constant absolute uncertainty on the specific value in the bucket. + Structure is documented below. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - expire_time: |- + description: |- - - The time at which this resource is scheduled for expiration and can no longer be used. - This is in RFC3339 text format. - id: '- an identifier for the resource with format {{name}}' - import_job_id: |- + (Optional) + A description of this metric, which is used in documentation. The maximum length of the + description is 8000 characters. + disabled: |- + - + (Optional) + If set to True, then this metric is disabled and it does not generate any points. + explicit_buckets.bounds: |- - (Required) - It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} - import_method: |- + The values must be monotonically increasing. + exponential_buckets.growth_factor: |- - (Required) - The wrapping method to be used for incoming key material. - Possible values are: RSA_OAEP_3072_SHA1_AES_256, RSA_OAEP_4096_SHA1_AES_256. - key_ring: |- + Must be greater than 1. + exponential_buckets.num_finite_buckets: |- - (Required) - The KeyRing that this import job belongs to. - Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'. - name: |- + Must be greater than 0. + exponential_buckets.scale: |- - - The resource name for this ImportJob in the format projects//locations//keyRings//importJobs/. - protection_level: |- + (Required) + Must be greater than 0. + filter: |- - (Required) - The protection level of the ImportJob. This must match the protectionLevel of the - versionTemplate on the CryptoKey you attempt to import into. - Possible values are: SOFTWARE, HSM, EXTERNAL. - public_key: |- + An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which + is used to match log entries. + id: '- an identifier for the resource with format {{name}}' + label_extractors: |- - - The public key with which to wrap key material prior to import. Only returned if state is ACTIVE. + (Optional) + A map from a label key string to an extractor expression which is used to extract data from a log + entry field and assign as the label value. Each label key specified in the LabelDescriptor must + have an associated extractor expression in this map. The syntax of the extractor expression is + the same as for the valueExtractor field. + labels.description: |- + - + (Optional) + A human-readable description for the label. + labels.key: |- + - + (Required) + The label key. + labels.value_type: |- + - + (Optional) + The type of data that can be assigned to the label. + Default value is STRING. + Possible values are: BOOL, INT64, STRING. + linear_buckets.num_finite_buckets: |- + - + (Required) + Must be greater than 0. + linear_buckets.offset: |- + - + (Required) + Lower bound of the first bucket. + linear_buckets.width: |- + - + (Required) + Must be greater than 0. + metric_descriptor: |- + - + (Optional) + The optional metric descriptor associated with the logs-based metric. + If unspecified, it uses a default metric descriptor with a DELTA metric kind, + INT64 value type, with no labels and a unit of "1". Such a metric counts the + number of log entries matching the filter expression. Structure is documented below. - public_key.pem: |- + metric_descriptor.display_name: |- - - (Output) - The public key, encoded in PEM format. For more information, see the RFC 7468 sections - for General Considerations and Textual Encoding of Subject Public Key Info. - state: |- + (Optional) + A concise name for the metric, which can be displayed in user interfaces. Use sentence case + without an ending period, for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible concepts, such as Quota. + metric_descriptor.labels: |- - - The current state of the ImportJob, indicating if it can be used. - importStatements: [] - google_kms_secret_ciphertext: - subCategory: Cloud Key Management Service - description: Encrypts secret data with Google Cloud KMS and provides access to the ciphertext. - name: google_kms_secret_ciphertext - title: "" - examples: - - name: my_password - manifest: |- - { - "crypto_key": "${google_kms_crypto_key.cryptokey.id}", - "plaintext": "my-secret-password" - } - references: - crypto_key: google_kms_crypto_key.cryptokey.id - dependencies: - google_compute_instance.instance: |- - { - "boot_disk": [ - { - "initialize_params": [ - { - "image": "debian-cloud/debian-11" - } - ] - } - ], - "machine_type": "e2-medium", - "metadata": { - "password": "${google_kms_secret_ciphertext.my_password.ciphertext}" - }, - "name": "my-instance", - "network_interface": [ - { - "access_config": [ - {} - ], - "network": "default" - } - ], - "zone": "us-central1-a" - } - google_kms_crypto_key.cryptokey: |- - { - "key_ring": "${google_kms_key_ring.keyring.id}", - "lifecycle": [ - { - "prevent_destroy": true - } - ], - "name": "crypto-key-example", - "rotation_period": "100000s" - } - google_kms_key_ring.keyring: |- - { - "location": "global", - "name": "keyring-example" - } - argumentDocs: - additional_authenticated_data: |- + (Optional) + The set of labels that can be used to describe a specific instance of this metric type. For + example, the appengine.googleapis.com/http/server/response_latencies metric type has a label + for the HTTP response code, response_code, so you can look at latencies for successful responses + or just for responses that failed. + Structure is documented below. + metric_descriptor.metric_kind: |- + - + (Required) + Whether the metric records instantaneous values, changes to a value, etc. + Some combinations of metricKind and valueType might not be supported. + For counter metrics, set this to DELTA. + Possible values are: DELTA, GAUGE, CUMULATIVE. + metric_descriptor.unit: |- - (Optional) - The additional authenticated data used for integrity checks during encryption and decryption. - Note: This property is sensitive and will not be displayed in the plan. - ciphertext: |- + The unit in which the metric value is reported. It is only applicable if the valueType is + INT64, DOUBLE, or DISTRIBUTION. The supported units are a subset of + The Unified Code for Units of Measure standard + metric_descriptor.value_type: |- - - Contains the result of encrypting the provided plaintext, encoded in base64. - create: '- Default is 20 minutes.' - crypto_key: |- + (Required) + Whether the measurement is an integer, a floating-point number, etc. + Some combinations of metricKind and valueType might not be supported. + For counter metrics, set this to INT64. + Possible values are: BOOL, INT64, DOUBLE, STRING, DISTRIBUTION, MONEY. + name: |- - (Required) - The full name of the CryptoKey that will be used to encrypt the provided plaintext. - Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format {{crypto_key}}/{{ciphertext}}' - plaintext: |- + The client-assigned metric identifier. Examples - "error_count", "nginx/requests". + Metric identifiers are limited to 100 characters and can include only the following + characters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash + character (/) denotes a hierarchy of name pieces, and it cannot be the first character + of the name. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + value_extractor: |- - - (Required) - The plaintext to be encrypted. - Note: This property is sensitive and will not be displayed in the plan. + (Optional) + A valueExtractor is required when using a distribution logs-based metric to extract the values to + record from a log entry. Two functions are supported for value extraction - EXTRACT(field) or + REGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which + the value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax + (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified + log entry field. The value of the field is converted to a string before applying the regex. It is an + error to specify a regex that does not include exactly one capture group. importStatements: [] - google_logging_billing_account_bucket_config: + google_logging_organization_bucket_config: subCategory: Cloud (Stackdriver) Logging - description: Manages a billing account level logging bucket config. - name: google_logging_billing_account_bucket_config + description: Manages a organization-level logging bucket config. + name: google_logging_organization_bucket_config title: "" examples: - name: basic manifest: |- { - "billing_account": "${data.google_billing_account.default.billing_account}", "bucket_id": "_Default", + "index_configs": { + "file_path": "jsonPayload.request.status", + "type": "INDEX_TYPE_STRING" + }, "location": "global", + "organization": "${data.google_organization.default.organization}", "retention_days": 30 } references: - billing_account: data.google_billing_account.default.billing_account + organization: data.google_organization.default.organization argumentDocs: - billing_account: '- (Required) The parent resource that contains the logging bucket.' bucket_id: '- (Required) The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.' description: '- (Optional) Describes this bucket.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/buckets/{{bucket}}' + id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/buckets/{{bucket_id}}' + index_configs: '- (Optional) A list of indexed fields and related configuration data. Structure is documented below.' + index_configs.field_path: |- + - The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + index_configs.type: '- The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER.' lifecycle_state: '- The bucket''s lifecycle such as active or deleted. See LifecycleState.' - location: '- (Required) The location of the bucket.' - name: '- The resource name of the bucket. For example: "projects/my-project-id/locations/my-location/buckets/my-bucket-id"' + location: '- (Required) The location of the bucket. The supported locations are: "global" "us-central1"' + name: '- The resource name of the bucket. For example: "organizations/my-organization-id/locations/my-location/buckets/my-bucket-id"' + organization: '- (Required) The parent resource that contains the logging bucket.' retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. Bucket retention can not be increased on buckets outside of projects.' importStatements: [] - google_logging_billing_account_exclusion: + google_logging_organization_exclusion: subCategory: Cloud (Stackdriver) Logging - description: Manages a billing_account-level logging exclusion. - name: google_logging_billing_account_exclusion + description: Manages a organization-level logging exclusion. + name: google_logging_organization_exclusion title: "" examples: - name: my-exclusion manifest: |- { - "billing_account": "ABCDEF-012345-GHIJKL", "description": "Exclude GCE instance debug logs", "filter": "resource.type = gce_instance AND severity \u003c= DEBUG", - "name": "my-instance-debug-exclusion" + "name": "my-instance-debug-exclusion", + "org_id": "123456789" } argumentDocs: - billing_account: '- (Required) The billing account to create the exclusion for.' description: '- (Optional) A human-readable description.' disabled: |- - (Optional) Whether this exclusion rule should be disabled or not. This defaults to @@ -76759,49 +93194,101 @@ resources: - (Required) The filter to apply when excluding logs. Only log entries that match the filter are excluded. See Advanced Log Filters for information on how to write a filter. - id: '- an identifier for the resource with format billingAccounts/{{billing_account}}/exclusions/{{name}}' + id: '- an identifier for the resource with format organizations/{{organization}}/exclusions/{{name}}' name: '- (Required) The name of the logging exclusion.' + org_id: '- (Required) The organization to create the exclusion in.' importStatements: [] - google_logging_billing_account_sink: + google_logging_organization_settings: subCategory: Cloud (Stackdriver) Logging - description: Manages a billing account logging sink. - name: google_logging_billing_account_sink + description: Default resource settings control whether CMEK is required for new log buckets. + name: google_logging_organization_settings + title: "" + examples: + - name: example + manifest: |- + { + "depends_on": [ + "${google_kms_crypto_key_iam_member.iam}" + ], + "disable_default_sink": true, + "kms_key_name": "kms-key", + "organization": "123456789", + "storage_location": "us-central1" + } + dependencies: + google_kms_crypto_key_iam_member.iam: |- + { + "crypto_key_id": "kms-key", + "member": "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + disable_default_sink: |- + - + (Optional) + If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + id: '- an identifier for the resource with format organizations/{{organization}}/settings' + kms_key_name: |- + - + (Optional) + The resource name for the configured Cloud KMS key. + kms_service_account_id: |- + - + The service account that will be used by the Log Router to access your Cloud KMS key. + logging_service_account_id: |- + - + The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. + name: |- + - + The resource name of the settings. + organization: |- + - + (Required) + The organization for which to retrieve or configure settings. + storage_location: |- + - + (Optional) + The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. + update: '- Default is 20 minutes.' + importStatements: [] + google_logging_organization_sink: + subCategory: Cloud (Stackdriver) Logging + description: Manages a organization-level logging sink. + name: google_logging_organization_sink title: "" examples: - name: my-sink manifest: |- { - "billing_account": "ABCDEF-012345-GHIJKL", "description": "some explanation on what this is", "destination": "storage.googleapis.com/${google_storage_bucket.log-bucket.name}", - "name": "my-sink" + "filter": "resource.type = gce_instance AND severity \u003e= WARNING", + "name": "my-sink", + "org_id": "123456789" } dependencies: - google_project_iam_binding.log-writer: |- + google_project_iam_member.log-writer: |- { - "members": [ - "${google_logging_billing_account_sink.my-sink.writer_identity}" - ], + "member": "${google_logging_organization_sink.my-sink.writer_identity}", "project": "your-project-id", "role": "roles/storage.objectCreator" } google_storage_bucket.log-bucket: |- { "location": "US", - "name": "billing-logging-bucket" + "name": "organization-logging-bucket" } argumentDocs: bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' bigquery_options.use_partitioned_tables: |- - (Required) Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned - tables, the date suffix is no longer present and special query syntax + tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone. - billing_account: '- (Required) The billing account exported to the sink.' description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' - destination: |- - - (Required) The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + destination: '- (Required) The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples:' disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' exclusions.description: '- (Optional) A description of this exclusion.' @@ -76814,48 +93301,147 @@ resources: - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. See Advanced Log Filters for information on how to write a filter. - id: '- an identifier for the resource with format billingAccounts/{{billing_account_id}}/sinks/{{sink_id}}' + id: '- an identifier for the resource with format organizations/{{organization}}/sinks/{{name}}' + include_children: |- + - (Optional) Whether or not to include children organizations in the sink export. If true, logs + associated with child projects are also exported; otherwise only logs relating to the provided organization are included. name: '- (Required) The name of the logging sink.' + org_id: '- (Required) The numeric ID of the organization to be exported to the sink.' writer_identity: |- - The identity associated with this sink. This identity must be granted write access to the configured destination. importStatements: [] - google_logging_folder_bucket_config: + google_logging_project_bucket_config: subCategory: Cloud (Stackdriver) Logging - description: Manages a folder-level logging bucket config. - name: google_logging_folder_bucket_config + description: Manages a project-level logging bucket config. + name: google_logging_project_bucket_config title: "" examples: - name: basic manifest: |- { "bucket_id": "_Default", - "folder": "${google_folder.default.name}", "location": "global", + "project": "${google_project.default.project_id}", "retention_days": 30 } references: - folder: google_folder.default.name + project: google_project.default.project_id dependencies: - google_folder.default: |- + google_project.default: |- { - "display_name": "some-folder-name", - "parent": "organizations/123456789" + "name": "your-project-id", + "org_id": "123456789", + "project_id": "your-project-id" + } + - name: basic + manifest: |- + { + "bucket_id": "custom-bucket", + "location": "global", + "project": "project_id", + "retention_days": 30 + } + - name: analytics-enabled-bucket + manifest: |- + { + "bucket_id": "custom-bucket", + "enable_analytics": true, + "location": "global", + "project": "project_id", + "retention_days": 30 + } + - name: example-project-bucket-cmek-settings + manifest: |- + { + "bucket_id": "custom-bucket", + "cmek_settings": [ + { + "kms_key_name": "${google_kms_crypto_key.key.id}" } + ], + "depends_on": [ + "${google_kms_crypto_key_iam_binding.crypto_key_binding}" + ], + "location": "us-central1", + "project": "project_id", + "retention_days": 30 + } + references: + cmek_settings.kms_key_name: google_kms_crypto_key.key.id + dependencies: + google_kms_crypto_key.key: |- + { + "key_ring": "${google_kms_key_ring.keyring.id}", + "name": "crypto-key-example", + "rotation_period": "7776000s" + } + google_kms_crypto_key_iam_binding.crypto_key_binding: |- + { + "crypto_key_id": "${google_kms_crypto_key.key.id}", + "members": [ + "serviceAccount:${data.google_logging_project_cmek_settings.cmek_settings.service_account_id}" + ], + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.keyring: |- + { + "location": "us-central1", + "name": "keyring-example" + } + - name: example-project-bucket-index-configs + manifest: |- + { + "bucket_id": "custom-bucket", + "index_configs": { + "file_path": "jsonPayload.request.status", + "type": "INDEX_TYPE_STRING" + }, + "location": "global", + "project": "project_id", + "retention_days": 30 + } argumentDocs: bucket_id: '- (Required) The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.' + cmek_settings: '- (Optional) The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed. Structure is documented below.' + cmek_settings.kms_key_name: |- + - The resource name for the configured Cloud KMS key. + KMS key name format: + 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' + To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. + The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. + See Enabling CMEK for Logging Buckets for more information. + cmek_settings.kms_key_version_name: |- + - The CryptoKeyVersion resource name for the configured Cloud KMS key. + KMS key name format: + 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' + For example: + "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" + This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. + cmek_settings.name: '- The resource name of the CMEK settings.' + cmek_settings.service_account_id: |- + - The service account associated with a project for which CMEK will apply. + Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. + See Enabling CMEK for Logging Buckets for more information. description: '- (Optional) Describes this bucket.' - folder: '- (Required) The parent resource that contains the logging bucket.' - id: '- an identifier for the resource with format folders/{{folder}}/locations/{{location}}/buckets/{{bucket_id}}' + enable_analytics: '- (Optional) Whether or not Log Analytics is enabled. Logs for buckets with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}}' + index_configs: '- (Optional) A list of indexed fields and related configuration data. Structure is documented below.' + index_configs.field_path: |- + - The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + index_configs.type: '- The type of data in this index. Allowed types include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and INDEX_TYPE_INTEGER.' lifecycle_state: '- The bucket''s lifecycle such as active or deleted. See LifecycleState.' location: '- (Required) The location of the bucket.' - name: '- The resource name of the bucket. For example: "folders/my-folder-id/locations/my-location/buckets/my-bucket-id"' - retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. Bucket retention can not be increased on buckets outside of projects.' + locked: '- (Optional) Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.' + name: '- The resource name of the bucket. For example: "projects/my-project-id/locations/my-location/buckets/my-bucket-id"' + project: '- (Required) The parent resource that contains the logging bucket.' + retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.' importStatements: [] - google_logging_folder_exclusion: + google_logging_project_exclusion: subCategory: Cloud (Stackdriver) Logging - description: Manages a folder-level logging exclusion. - name: google_logging_folder_exclusion + description: Manages a project-level logging exclusion. + name: google_logging_project_exclusion title: "" examples: - name: my-exclusion @@ -76863,17 +93449,8 @@ resources: { "description": "Exclude GCE instance debug logs", "filter": "resource.type = gce_instance AND severity \u003c= DEBUG", - "folder": "${google_folder.my-folder.name}", "name": "my-instance-debug-exclusion" } - references: - folder: google_folder.my-folder.name - dependencies: - google_folder.my-folder: |- - { - "display_name": "My folder", - "parent": "organizations/123456" - } argumentDocs: description: '- (Optional) A human-readable description.' disabled: |- @@ -76883,3766 +93460,4627 @@ resources: - (Required) The filter to apply when excluding logs. Only log entries that match the filter are excluded. See Advanced Log Filters for information on how to write a filter. - folder: |- - - (Required) The folder to be exported to the sink. Note that either [FOLDER_ID] or "folders/[FOLDER_ID]" is - accepted. - id: '- an identifier for the resource with format folders/{{folder}}/exclusions/{{name}}' + id: '- an identifier for the resource with format projects/{{project}}/exclusions/{{name}}' name: '- (Required) The name of the logging exclusion.' + project: |- + - (Optional) The project to create the exclusion in. If omitted, the project associated with the provider is + used. importStatements: [] - google_logging_folder_sink: + google_logging_project_sink: subCategory: Cloud (Stackdriver) Logging - description: Manages a folder-level logging sink. - name: google_logging_folder_sink + description: Manages a project-level logging sink. + name: google_logging_project_sink title: "" examples: - name: my-sink + manifest: |- + { + "destination": "pubsub.googleapis.com/projects/my-project/topics/instance-activity", + "filter": "resource.type = gce_instance AND severity \u003e= WARNING", + "name": "my-pubsub-instance-sink", + "unique_writer_identity": true + } + - name: instance-sink manifest: |- { "description": "some explanation on what this is", - "destination": "storage.googleapis.com/${google_storage_bucket.log-bucket.name}", + "destination": "storage.googleapis.com/${google_storage_bucket.gcs-bucket.name}", + "filter": "resource.type = gce_instance AND resource.labels.instance_id = \"${google_compute_instance.my-logged-instance.instance_id}\"", + "name": "my-instance-sink", + "unique_writer_identity": true + } + dependencies: + google_compute_instance.my-logged-instance: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "debian-cloud/debian-11" + } + ] + } + ], + "machine_type": "e2-medium", + "name": "my-instance", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "default" + } + ], + "zone": "us-central1-a" + } + google_project_iam_binding.gcs-bucket-writer: |- + { + "members": [ + "${google_logging_project_sink.instance-sink.writer_identity}" + ], + "project": "your-project-id", + "role": "roles/storage.objectCreator" + } + google_storage_bucket.gcs-bucket: |- + { + "location": "US", + "name": "my-unique-logging-bucket" + } + - name: my-sink + manifest: |- + { + "custom_writer_identity": "${google_service_account.custom-sa.email}", + "destination": "logging.googleapis.com/projects/other-project-id/locations/global/buckets/gce-logs", "filter": "resource.type = gce_instance AND severity \u003e= WARNING", - "folder": "${google_folder.my-folder.name}", - "name": "my-sink" + "name": "other-project-log-bucket-sink", + "unique_writer_identity": true + } + references: + custom_writer_identity: google_service_account.custom-sa.email + dependencies: + google_project_iam_member.custom-sa-logbucket-binding: |- + { + "member": "serviceAccount:${google_service_account.custom-sa.email}", + "project": "destination-project-id", + "role": "roles/logging.bucketWriter" + } + google_service_account.custom-sa: |- + { + "account_id": "gce-log-bucket-sink", + "display_name": "gce-log-bucket-sink", + "project": "other-project-id" + } + - name: log-bucket + manifest: |- + { + "destination": "logging.googleapis.com/projects/my-project/locations/global/buckets/_Default", + "exclusions": [ + { + "description": "Exclude logs from namespace-1 in k8s", + "filter": "resource.type = k8s_container resource.labels.namespace_name=\"namespace-1\" ", + "name": "nsexcllusion1" + }, + { + "description": "Exclude logs from namespace-2 in k8s", + "filter": "resource.type = k8s_container resource.labels.namespace_name=\"namespace-2\" ", + "name": "nsexcllusion2" + } + ], + "name": "my-logging-sink", + "unique_writer_identity": true + } + argumentDocs: + bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' + bigquery_options.use_partitioned_tables: |- + - (Required) Whether to use BigQuery's partition tables. + By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned + tables the date suffix is no longer present and special query syntax + has to be used instead. In both cases, tables are sharded based on UTC timezone. + custom_writer_identity: |- + - (Optional) A user managed service account that will be used to write + the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + routing logs to a destination outside this sink's project. If not specified, a Logging service account + will automatically be generated. + description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' + destination: '- (Required) The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or a Google Cloud project. Examples:' + disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' + exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' + exclusions.description: '- (Optional) A description of this exclusion.' + exclusions.disabled: '- (Optional) If set to True, then this exclusion is disabled and it does not exclude any log entries.' + exclusions.filter: |- + - (Required) An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. See Advanced Log Filters for information on how to + write a filter. + exclusions.name: '- (Required) A client-assigned identifier, such as load-balancer-exclusion. Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.' + filter: |- + - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. + See Advanced Log Filters for information on how to + write a filter. + id: '- an identifier for the resource with format projects/{{project}}/sinks/{{name}}' + name: '- (Required) The name of the logging sink. Logging automatically creates two sinks: _Required and _Default.' + project: |- + - (Optional) The ID of the project to create the sink in. If omitted, the project associated with the provider is + used. + unique_writer_identity: |- + - (Optional) Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), + then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize + bigquery_options, you must set unique_writer_identity to true. + writer_identity: |- + - The identity associated with this sink. This identity must be granted write access to the + configured destination. + importStatements: [] + google_looker_instance: + subCategory: Looker (Google Cloud core) + description: A Google Cloud Looker instance. + name: google_looker_instance + title: "" + examples: + - name: looker-instance + manifest: |- + { + "name": "my-instance", + "oauth_config": [ + { + "client_id": "my-client-id", + "client_secret": "my-client-secret" + } + ], + "platform_edition": "LOOKER_CORE_STANDARD", + "region": "us-central1" + } + - name: looker-instance + manifest: |- + { + "admin_settings": [ + { + "allowed_email_domains": [ + "google.com" + ] + } + ], + "deny_maintenance_period": [ + { + "end_date": [ + { + "day": 1, + "month": 2, + "year": 2050 + } + ], + "start_date": [ + { + "day": 1, + "month": 1, + "year": 2050 + } + ], + "time": [ + { + "hours": 10, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ], + "maintenance_window": [ + { + "day_of_week": "THURSDAY", + "start_time": [ + { + "hours": 22, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ], + "name": "my-instance", + "oauth_config": [ + { + "client_id": "my-client-id", + "client_secret": "my-client-secret" + } + ], + "platform_edition": "LOOKER_CORE_STANDARD", + "public_ip_enabled": true, + "region": "us-central1", + "user_metadata": [ + { + "additional_developer_user_count": 10, + "additional_standard_user_count": 10, + "additional_viewer_user_count": 10 + } + ] + } + - name: looker-instance + manifest: |- + { + "admin_settings": [ + { + "allowed_email_domains": [ + "google.com" + ] + } + ], + "consumer_network": "${google_compute_network.looker_network.id}", + "deny_maintenance_period": [ + { + "end_date": [ + { + "day": 1, + "month": 2, + "year": 2050 + } + ], + "start_date": [ + { + "day": 1, + "month": 1, + "year": 2050 + } + ], + "time": [ + { + "hours": 10, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ], + "depends_on": [ + "${google_service_networking_connection.looker_vpc_connection}" + ], + "encryption_config": [ + { + "kms_key_name": "looker-kms-key" + } + ], + "maintenance_window": [ + { + "day_of_week": "THURSDAY", + "start_time": [ + { + "hours": 22, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ], + "name": "my-instance", + "oauth_config": [ + { + "client_id": "my-client-id", + "client_secret": "my-client-secret" + } + ], + "platform_edition": "LOOKER_CORE_ENTERPRISE_ANNUAL", + "private_ip_enabled": true, + "public_ip_enabled": false, + "region": "us-central1", + "reserved_range": "${google_compute_global_address.looker_range.name}" } references: - folder: google_folder.my-folder.name + consumer_network: google_compute_network.looker_network.id dependencies: - google_folder.my-folder: |- + google_compute_global_address.looker_range: |- { - "display_name": "My folder", - "parent": "organizations/123456" + "address_type": "INTERNAL", + "name": "looker-range", + "network": "${google_compute_network.looker_network.id}", + "prefix_length": 20, + "purpose": "VPC_PEERING" } - google_project_iam_binding.log-writer: |- + google_compute_network.looker_network: |- { - "members": [ - "${google_logging_folder_sink.my-sink.writer_identity}" - ], - "project": "your-project-id", - "role": "roles/storage.objectCreator" + "name": "looker-network" } - google_storage_bucket.log-bucket: |- + google_kms_crypto_key_iam_member.crypto_key: |- { - "location": "US", - "name": "folder-logging-bucket" + "crypto_key_id": "looker-kms-key", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-looker.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } - argumentDocs: - bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' - bigquery_options.use_partitioned_tables: |- - - (Required) Whether to use BigQuery's partition tables. - By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned - tables, the date suffix is no longer present and special query syntax - has to be used instead. In both cases, tables are sharded based on UTC timezone. - description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' - destination: |- - - (Required) The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: - disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' - exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' - exclusions.description: '- (Optional) A description of this exclusion.' - exclusions.disabled: '- (Optional) If set to True, then this exclusion is disabled and it does not exclude any log entries.' - exclusions.filter: |- - - (Required) An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. See Advanced Log Filters for information on how to - write a filter. - exclusions.name: '- (Required) A client-assigned identifier, such as load-balancer-exclusion. Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.' - filter: |- - - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. - See Advanced Log Filters for information on how to - write a filter. - folder: |- - - (Required) The folder to be exported to the sink. Note that either [FOLDER_ID] or folders/[FOLDER_ID] is - accepted. - id: '- an identifier for the resource with format folders/{{folder_id}}/sinks/{{name}}' - include_children: |- - - (Optional) Whether or not to include children folders in the sink export. If true, logs - associated with child projects are also exported; otherwise only logs relating to the provided folder are included. - name: '- (Required) The name of the logging sink.' - writer_identity: |- - - The identity associated with this sink. This identity must be granted write access to the - configured destination. - importStatements: [] - google_logging_linked_dataset: - subCategory: Cloud (Stackdriver) Logging - description: Describes a BigQuery linked dataset - name: google_logging_linked_dataset - title: "" - examples: - - name: logging_linked_dataset - manifest: |- - { - "bucket": "${google_logging_project_bucket_config.logging_linked_dataset.id}", - "description": "Linked dataset test", - "link_id": "mylink" - } - references: - bucket: google_logging_project_bucket_config.logging_linked_dataset.id - dependencies: - google_logging_project_bucket_config.logging_linked_dataset: |- + google_service_networking_connection.looker_vpc_connection: |- { - "bucket_id": "my-bucket", - "enable_analytics": true, - "location": "global", - "project": "my-project-name" + "network": "${google_compute_network.looker_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.looker_range.name}" + ], + "service": "servicenetworking.googleapis.com" } - - name: logging_linked_dataset + - name: looker-instance manifest: |- { - "bucket": "my-bucket", - "depends_on": [ - "google_logging_project_bucket_config.logging_linked_dataset" + "custom_domain": [ + { + "domain": "my-custom-domain.com" + } ], - "description": "Linked dataset test", - "link_id": "mylink", - "location": "global", - "parent": "projects/my-project-name" - } - dependencies: - google_logging_project_bucket_config.logging_linked_dataset: |- + "name": "my-instance", + "oauth_config": [ { - "bucket_id": "my-bucket", - "enable_analytics": true, - "location": "global", - "project": "my-project-name" + "client_id": "my-client-id", + "client_secret": "my-client-secret" } + ], + "platform_edition": "LOOKER_CORE_STANDARD", + "region": "us-central1" + } argumentDocs: - bigquery_dataset: |- + LOOKER_CORE_TRIAL: |- + . + Possible values are: LOOKER_CORE_TRIAL, LOOKER_CORE_STANDARD, LOOKER_CORE_STANDARD_ANNUAL, LOOKER_CORE_ENTERPRISE_ANNUAL, LOOKER_CORE_EMBED_ANNUAL. + MONDAY: ', TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.' + admin_settings: |- - - The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along - with it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery - Views corresponding to the LogViews in the bucket. + (Optional) + Looker instance Admin settings. Structure is documented below. - bigquery_dataset.dataset_id: |- + admin_settings.allowed_email_domains: |- - - (Output) - Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID - of the link, so the link must match the naming restrictions of BigQuery datasets - (alphanumeric characters and underscores only). The dataset will have a resource path of - "bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]" - bucket: |- + (Optional) + Email domain allowlist for the instance. + Define the email domains to which your users can deliver Looker (Google Cloud core) content. + Updating this list will restart the instance. Updating the allowed email domains from terraform + means the value provided will be considered as the entire list and not an amendment to the + existing list of allowed email domains. + consumer_network: |- - - (Required) - The bucket to which the linked dataset is attached. - create: '- Default is 20 minutes.' + (Optional) + Network name in the consumer project in the format of: projects/{project}/global/networks/{network} + Note that the consumer network may be in a different GCP project than the consumer + project that is hosting the Looker Instance. + create: '- Default is 90 minutes.' create_time: |- - - Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC "Zulu" format, - with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" - and "2014-10-02T15:01:23.045123456Z". - delete: '- Default is 20 minutes.' - description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + custom_domain: |- - (Optional) - Describes this link. The maximum length of the description is 8000 characters. - id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/buckets/{{bucket}}/links/{{link_id}}' - lifecycle_state: |- + Custom domain settings for a Looker instance. + Structure is documented below. + custom_domain.domain: |- - - Output only. The linked dataset lifecycle state. - link_id: |- + (Optional) + Domain name + custom_domain.state: |- + - + (Output) + Status of the custom domain. + delete: '- Default is 90 minutes.' + deny_maintenance_period: |- + - + (Optional) + Maintenance denial period for this instance. + You must allow at least 14 days of maintenance availability + between any two deny maintenance periods. + Structure is documented below. + deny_maintenance_period.end_date: |- - (Required) - The id of the linked dataset. - location: |- + Required. Start date of the deny maintenance period + Structure is documented below. + deny_maintenance_period.start_date: |- + - + (Required) + Required. Start date of the deny maintenance period + Structure is documented below. + deny_maintenance_period.time: |- + - + (Required) + Required. Start time of the window in UTC time. + Structure is documented below. + egress_public_ip: |- + - + Public Egress IP (IPv4). + encryption_config: |- - (Optional) - The location of the linked dataset. + Looker instance encryption settings. + Structure is documented below. + encryption_config.kms_key_name: |- + - + (Optional) + Name of the customer managed encryption key (CMEK) in KMS. + encryption_config.kms_key_name_version: |- + - + (Output) + Full name and version of the CMEK key currently in use to encrypt Looker data. + encryption_config.kms_key_state: |- + - + (Output) + Status of the customer managed encryption key (CMEK) in KMS. + end_date.day: |- + - + (Optional) + Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 + to specify a year by itself or a year and month where the day isn't significant. + end_date.month: |- + - + (Optional) + Month of a year. Must be from 1 to 12, or 0 to specify a year without a + month and day. + end_date.year: |- + - + (Optional) + Year of the date. Must be from 1 to 9999, or 0 to specify a date without + a year. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}' + ingress_private_ip: |- + - + Private Ingress IP (IPv4). + ingress_public_ip: |- + - + Public Ingress IP (IPv4). + looker_uri: |- + - + Looker instance URI which can be used to access the Looker Instance UI. + looker_version: |- + - + The Looker version that the instance is using. + maintenance_window: |- + - + (Optional) + Maintenance window for an instance. + Maintenance of your instance takes place once a month, and will require + your instance to be restarted during updates, which will temporarily + disrupt service. + Structure is documented below. + maintenance_window.day_of_week: |- + - + (Required) + Required. Day of the week for this MaintenanceWindow (in UTC). + maintenance_window.start_time: |- + - + (Required) + Required. Start time of the window in UTC time. + Structure is documented below. name: |- - - The resource name of the linked dataset. The name can have up to 100 characters. A valid link id - (at the end of the link name) must only have alphanumeric characters and underscores within it. - parent: |- + (Required) + The ID of the instance or a fully qualified identifier for the instance. + oauth_config: |- - (Optional) - The parent of the linked dataset. - importStatements: [] - google_logging_log_view: - subCategory: Cloud (Stackdriver) Logging - description: Describes a view over log entries in a bucket. - name: google_logging_log_view - title: "" - examples: - - name: logging_log_view - manifest: |- - { - "bucket": "${google_logging_project_bucket_config.logging_log_view.id}", - "description": "A logging view configured with Terraform", - "filter": "SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")", - "name": "my-view" - } - references: - bucket: google_logging_project_bucket_config.logging_log_view.id - dependencies: - google_logging_project_bucket_config.logging_log_view: |- - { - "bucket_id": "_Default", - "location": "global", - "project": "my-project-name", - "retention_days": 30 - } - argumentDocs: - bucket: |- + Looker Instance OAuth login settings. + Structure is documented below. + oauth_config.client_id: |- - (Required) - The bucket of the resource - create: '- Default is 20 minutes.' - create_time: |- + The client ID for the Oauth config. + oauth_config.client_secret: |- - - Output only. The creation timestamp of the view. - delete: '- Default is 20 minutes.' - description: |- + (Required) + The client secret for the Oauth config. + platform_edition: |- - (Optional) - Describes this view. - filter: |- + Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values: + private_ip_enabled: |- - (Optional) - Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE("projects/myproject") AND resource.type = "gce_instance" AND LOG_ID("stdout") - id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}' - location: |- + Whether private IP is enabled on the Looker instance. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + public_ip_enabled: |- - (Optional) - The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1. - name: |- + Whether public IP is enabled on the Looker instance. + region: |- - - (Required) - The resource name of the view. For example: `projects/my-project/locations/global/buckets/my-bucket/views/my-view` - parent: |- + (Optional) + The name of the Looker region of the instance. + reserved_range: |- - (Optional) - The parent of the resource. - update: '- Default is 20 minutes.' + Name of a reserved IP address range within the consumer network, to be used for + private service access connection. User may or may not specify this in a request. + start_date.day: |- + - + (Optional) + Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 + to specify a year by itself or a year and month where the day isn't significant. + start_date.month: |- + - + (Optional) + Month of a year. Must be from 1 to 12, or 0 to specify a year without a + month and day. + start_date.year: |- + - + (Optional) + Year of the date. Must be from 1 to 9999, or 0 to specify a date without + a year. + start_time.hours: |- + - + (Optional) + Hours of day in 24 hour format. Should be from 0 to 23. + start_time.minutes: |- + - + (Optional) + Minutes of hour of day. Must be from 0 to 59. + start_time.nanos: |- + - + (Optional) + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + start_time.seconds: |- + - + (Optional) + Seconds of minutes of the time. Must normally be from 0 to 59. + time.hours: |- + - + (Optional) + Hours of day in 24 hour format. Should be from 0 to 23. + time.minutes: |- + - + (Optional) + Minutes of hour of day. Must be from 0 to 59. + time.nanos: |- + - + (Optional) + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + time.seconds: |- + - + (Optional) + Seconds of minutes of the time. Must normally be from 0 to 59. + update: '- Default is 90 minutes.' update_time: |- - - Output only. The last update timestamp of the view. + The time the instance was updated in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + user_metadata: |- + - + (Optional) + Metadata about users for a Looker instance. + These settings are only available when platform edition LOOKER_CORE_STANDARD is set. + There are ten Standard and two Developer users included in the cost of the product. + You can allocate additional Standard, Viewer, and Developer users for this instance. + It is an optional step and can be modified later. + With the Standard edition of Looker (Google Cloud core), you can provision up to 50 + total users, distributed across Viewer, Standard, and Developer. + Structure is documented below. + user_metadata.additional_developer_user_count: |- + - + (Optional) + Number of additional Developer Users to allocate to the Looker Instance. + user_metadata.additional_standard_user_count: |- + - + (Optional) + Number of additional Standard Users to allocate to the Looker Instance. + user_metadata.additional_viewer_user_count: |- + - + (Optional) + Number of additional Viewer Users to allocate to the Looker Instance. importStatements: [] - google_logging_metric: - subCategory: Cloud (Stackdriver) Logging - description: Logs-based metric can also be used to extract values from logs and create a a distribution of the values. - name: google_logging_metric + google_memcache_instance: + subCategory: Memcache + description: A Google Cloud Memcache instance. + name: google_memcache_instance title: "" examples: - - name: logging_metric + - name: instance manifest: |- { - "bucket_options": [ - { - "linear_buckets": [ - { - "num_finite_buckets": 3, - "offset": 1, - "width": 1 - } - ] - } - ], - "filter": "resource.type=gae_app AND severity\u003e=ERROR", - "label_extractors": { - "mass": "EXTRACT(jsonPayload.request)", - "sku": "EXTRACT(jsonPayload.id)" + "authorized_network": "${google_service_networking_connection.private_service_connection.network}", + "labels": { + "env": "test" }, - "metric_descriptor": [ + "maintenance_policy": [ { - "display_name": "My metric", - "labels": [ - { - "description": "amount of matter", - "key": "mass", - "value_type": "STRING" - }, + "weekly_maintenance_window": [ { - "description": "Identifying number for item", - "key": "sku", - "value_type": "INT64" + "day": "SATURDAY", + "duration": "14400s", + "start_time": [ + { + "hours": 0, + "minutes": 30, + "nanos": 0, + "seconds": 0 + } + ] } - ], - "metric_kind": "DELTA", - "unit": "1", - "value_type": "DISTRIBUTION" - } - ], - "name": "my-(custom)/metric", - "value_extractor": "EXTRACT(jsonPayload.request)" - } - - name: logging_metric - manifest: |- - { - "filter": "resource.type=gae_app AND severity\u003e=ERROR", - "metric_descriptor": [ - { - "metric_kind": "DELTA", - "value_type": "INT64" + ] } ], - "name": "my-(custom)/metric" - } - - name: logging_metric - manifest: |- - { - "filter": "resource.type=gae_app AND severity\u003e=ERROR", - "label_extractors": { - "mass": "EXTRACT(jsonPayload.request)" - }, - "metric_descriptor": [ + "memcache_version": "MEMCACHE_1_5", + "name": "test-instance", + "node_config": [ { - "labels": [ - { - "description": "amount of matter", - "key": "mass", - "value_type": "STRING" - } - ], - "metric_kind": "DELTA", - "value_type": "INT64" + "cpu_count": 1, + "memory_size_mb": 1024 } ], - "name": "my-(custom)/metric" - } - - name: logging_metric - manifest: |- - { - "bucket_name": "${google_logging_project_bucket_config.logging_metric.id}", - "filter": "resource.type=gae_app AND severity\u003e=ERROR", - "name": "my-(custom)/metric" + "node_count": 1 } references: - bucket_name: google_logging_project_bucket_config.logging_metric.id + authorized_network: google_service_networking_connection.private_service_connection.network dependencies: - google_logging_project_bucket_config.logging_metric: |- + google_compute_global_address.service_range: |- + { + "address_type": "INTERNAL", + "name": "address", + "network": "${google_compute_network.memcache_network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.memcache_network: |- { - "bucket_id": "_Default", - "location": "global", - "project": "my-project-name" + "name": "test-network" } - - name: logging_metric - manifest: |- - { - "disabled": true, - "filter": "resource.type=gae_app AND severity\u003e=ERROR", - "metric_descriptor": [ + google_service_networking_connection.private_service_connection: |- { - "metric_kind": "DELTA", - "value_type": "INT64" + "network": "${google_compute_network.memcache_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.service_range.name}" + ], + "service": "servicenetworking.googleapis.com" } - ], - "name": "my-(custom)/metric" - } argumentDocs: - bucket_name: |- + DAY_OF_WEEK_UNSPECIFIED: ', MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.' + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects - are supported. The bucket has to be in the same project as the metric. - bucket_options: |- + Creation timestamp in RFC3339 text format. + delete: '- Default is 20 minutes.' + discovery_endpoint: |- - - (Optional) - The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it - describes the bucket boundaries used to create a histogram of the extracted values. - Structure is documented below. - bucket_options.explicit_buckets: |- + Endpoint for Discovery API + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}' + maintenance_policy.create_time: |- + - + (Output) + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits + maintenance_policy.description: |- - (Optional) - Specifies a set of buckets with arbitrary widths. + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + maintenance_policy.update_time: |- + - + (Output) + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_policy.weekly_maintenance_window: |- + - + (Required) + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. Structure is documented below. - bucket_options.exponential_buckets: |- + maintenance_schedule: |- - - (Optional) - Specifies an exponential sequence of buckets that have a width that is proportional to the value of - the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket. + Output only. Published maintenance schedule. Structure is documented below. - bucket_options.linear_buckets: |- + maintenance_schedule.end_time: |- - - (Optional) - Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). - Each bucket represents a constant absolute uncertainty on the specific value in the bucket. + (Output) + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_schedule.schedule_deadline_time: |- + - + (Output) + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_schedule.start_time: |- + - + (Output) + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + memcache_full_version: |- + - + The full version of memcached server running on this instance. + memcache_nodes: |- + - + Additional information about the instance state, if available. Structure is documented below. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - description: |- + memcache_nodes.host: |- - - (Optional) - A description of this metric, which is used in documentation. The maximum length of the - description is 8000 characters. - disabled: |- + (Output) + Hostname or IP address of the Memcached node used by the clients to connect to the Memcached server on this node. + memcache_nodes.node_id: |- + - + (Output) + Identifier of the Memcached node. The node id does not include project or location like the Memcached instance name. + memcache_nodes.port: |- + - + (Output) + The port number of the Memcached server on this node. + memcache_nodes.state: |- + - + (Output) + Current state of the Memcached node. + memcache_nodes.zone: |- + - + (Output) + Location (GCP Zone) for the Memcached node. + memcache_parameters.id: |- + - + (Output) + This is a unique ID associated with this set of parameters. + memcache_parameters.params: |- - (Optional) - If set to True, then this metric is disabled and it does not generate any points. - explicit_buckets.bounds: |- + User-defined set of parameters to use in the memcache process. + name: |- - (Required) - The values must be monotonically increasing. - exponential_buckets.growth_factor: |- + The resource name of the instance. + node_config: |- + - + (Required) + Configuration for memcache nodes. + Structure is documented below. + node_config.authorized_network: |- - (Optional) - Must be greater than 1. - exponential_buckets.num_finite_buckets: |- + The full name of the GCE network to connect the instance to. If not provided, + 'default' will be used. + node_config.cpu_count: |- + - + (Required) + Number of CPUs per node. + node_config.display_name: |- - (Optional) - Must be greater than 0. - exponential_buckets.scale: |- + A user-visible name for the instance. + node_config.effective_labels: for all of the labels present on the resource. + node_config.labels: |- - (Optional) - Must be greater than 0. - filter: |- + Resource labels to represent user-provided metadata. + node_config.maintenance_policy: |- - - (Required) - An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which - is used to match log entries. - id: '- an identifier for the resource with format {{name}}' - label_extractors: |- + (Optional) + Maintenance policy for an instance. + Structure is documented below. + node_config.memcache_parameters: |- - (Optional) - A map from a label key string to an extractor expression which is used to extract data from a log - entry field and assign as the label value. Each label key specified in the LabelDescriptor must - have an associated extractor expression in this map. The syntax of the extractor expression is - the same as for the valueExtractor field. - labels.description: |- + User-specified parameters for this memcache instance. + Structure is documented below. + node_config.memcache_version: |- - (Optional) - A human-readable description for the label. - labels.key: |- + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. + Default value is MEMCACHE_1_5. + Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. + node_config.memory_size_mb: |- - (Required) - The label key. - labels.value_type: |- + Memory size in Mebibytes for each memcache node. + node_config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + node_config.region: |- - (Optional) - The type of data that can be assigned to the label. - Default value is STRING. - Possible values are: BOOL, INT64, STRING. - linear_buckets.num_finite_buckets: |- + The region of the Memcache instance. If it is not provided, the provider region is used. + node_config.reserved_ip_range_id: |- - (Optional) - Must be greater than 0. - linear_buckets.offset: |- + Contains the name of allocated IP address ranges associated with + the private service access connection for example, "test-default" + associated with IP range 10.0.0.0/29. + node_config.zones: |- - (Optional) - Lower bound of the first bucket. - linear_buckets.width: |- + Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + node_count: |- - - (Optional) - Must be greater than 0. - metric_descriptor: |- + (Required) + Number of nodes in the memcache instance. + start_time.hours: |- - (Optional) - The optional metric descriptor associated with the logs-based metric. - If unspecified, it uses a default metric descriptor with a DELTA metric kind, - INT64 value type, with no labels and a unit of "1". Such a metric counts the - number of log entries matching the filter expression. - Structure is documented below. - metric_descriptor.display_name: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + start_time.minutes: |- - (Optional) - A concise name for the metric, which can be displayed in user interfaces. Use sentence case - without an ending period, for example "Request count". This field is optional but it is - recommended to be set for any metrics associated with user-visible concepts, such as Quota. - metric_descriptor.labels: |- + Minutes of hour of day. Must be from 0 to 59. + start_time.nanos: |- - (Optional) - The set of labels that can be used to describe a specific instance of this metric type. For - example, the appengine.googleapis.com/http/server/response_latencies metric type has a label - for the HTTP response code, response_code, so you can look at latencies for successful responses - or just for responses that failed. - Structure is documented below. - metric_descriptor.metric_kind: |- - - - (Required) - Whether the metric records instantaneous values, changes to a value, etc. - Some combinations of metricKind and valueType might not be supported. - For counter metrics, set this to DELTA. - Possible values are: DELTA, GAUGE, CUMULATIVE. - metric_descriptor.unit: |- + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + start_time.seconds: |- - (Optional) - The unit in which the metric value is reported. It is only applicable if the valueType is - INT64, DOUBLE, or DISTRIBUTION. The supported units are a subset of - The Unified Code for Units of Measure standard - metric_descriptor.value_type: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + weekly_maintenance_window.day: |- - (Required) - Whether the measurement is an integer, a floating-point number, etc. - Some combinations of metricKind and valueType might not be supported. - For counter metrics, set this to INT64. - Possible values are: BOOL, INT64, DOUBLE, STRING, DISTRIBUTION, MONEY. - name: |- + Required. The day of week that maintenance updates occur. + weekly_maintenance_window.duration: |- - (Required) - The client-assigned metric identifier. Examples - "error_count", "nginx/requests". - Metric identifiers are limited to 100 characters and can include only the following - characters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash - character (/) denotes a hierarchy of name pieces, and it cannot be the first character - of the name. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' - value_extractor: |- + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + weekly_maintenance_window.start_time: |- - - (Optional) - A valueExtractor is required when using a distribution logs-based metric to extract the values to - record from a log entry. Two functions are supported for value extraction - EXTRACT(field) or - REGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which - the value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax - (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified - log entry field. The value of the field is converted to a string before applying the regex. It is an - error to specify a regex that does not include exactly one capture group. - importStatements: [] - google_logging_organization_bucket_config: - subCategory: Cloud (Stackdriver) Logging - description: Manages a organization-level logging bucket config. - name: google_logging_organization_bucket_config - title: "" - examples: - - name: basic - manifest: |- - { - "bucket_id": "_Default", - "location": "global", - "organization": "${data.google_organization.default.organization}", - "retention_days": 30 - } - references: - organization: data.google_organization.default.organization - argumentDocs: - bucket_id: '- (Required) The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.' - description: '- (Optional) Describes this bucket.' - id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/buckets/{{bucket_id}}' - lifecycle_state: '- The bucket''s lifecycle such as active or deleted. See LifecycleState.' - location: '- (Required) The location of the bucket. The supported locations are: "global" "us-central1"' - name: '- The resource name of the bucket. For example: "organizations/my-organization-id/locations/my-location/buckets/my-bucket-id"' - organization: '- (Required) The parent resource that contains the logging bucket.' - retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. Bucket retention can not be increased on buckets outside of projects.' - importStatements: [] - google_logging_organization_exclusion: - subCategory: Cloud (Stackdriver) Logging - description: Manages a organization-level logging exclusion. - name: google_logging_organization_exclusion - title: "" - examples: - - name: my-exclusion - manifest: |- - { - "description": "Exclude GCE instance debug logs", - "filter": "resource.type = gce_instance AND severity \u003c= DEBUG", - "name": "my-instance-debug-exclusion", - "org_id": "123456789" - } - argumentDocs: - description: '- (Optional) A human-readable description.' - disabled: |- - - (Optional) Whether this exclusion rule should be disabled or not. This defaults to - false. - filter: |- - - (Required) The filter to apply when excluding logs. Only log entries that match the filter are excluded. - See Advanced Log Filters for information on how to - write a filter. - id: '- an identifier for the resource with format organizations/{{organization}}/exclusions/{{name}}' - name: '- (Required) The name of the logging exclusion.' - org_id: '- (Required) The organization to create the exclusion in.' - importStatements: [] - google_logging_organization_sink: - subCategory: Cloud (Stackdriver) Logging - description: Manages a organization-level logging sink. - name: google_logging_organization_sink - title: "" - examples: - - name: my-sink - manifest: |- - { - "description": "some explanation on what this is", - "destination": "storage.googleapis.com/${google_storage_bucket.log-bucket.name}", - "filter": "resource.type = gce_instance AND severity \u003e= WARNING", - "name": "my-sink", - "org_id": "123456789" - } - dependencies: - google_project_iam_member.log-writer: |- - { - "member": "${google_logging_organization_sink.my-sink.writer_identity}", - "project": "your-project-id", - "role": "roles/storage.objectCreator" - } - google_storage_bucket.log-bucket: |- - { - "location": "US", - "name": "organization-logging-bucket" - } - argumentDocs: - bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' - bigquery_options.use_partitioned_tables: |- - - (Required) Whether to use BigQuery's partition tables. - By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned - tables the date suffix is no longer present and special query syntax - has to be used instead. In both cases, tables are sharded based on UTC timezone. - description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' - destination: |- - - (Required) The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: - disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' - exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' - exclusions.description: '- (Optional) A description of this exclusion.' - exclusions.disabled: '- (Optional) If set to True, then this exclusion is disabled and it does not exclude any log entries.' - exclusions.filter: |- - - (Required) An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. See Advanced Log Filters for information on how to - write a filter. - exclusions.name: '- (Required) A client-assigned identifier, such as load-balancer-exclusion. Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.' - filter: |- - - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. - See Advanced Log Filters for information on how to - write a filter. - id: '- an identifier for the resource with format organizations/{{organization}}/sinks/{{name}}' - include_children: |- - - (Optional) Whether or not to include children organizations in the sink export. If true, logs - associated with child projects are also exported; otherwise only logs relating to the provided organization are included. - name: '- (Required) The name of the logging sink.' - org_id: '- (Required) The numeric ID of the organization to be exported to the sink.' - writer_identity: |- - - The identity associated with this sink. This identity must be granted write access to the - configured destination. - importStatements: [] - google_logging_project_bucket_config: - subCategory: Cloud (Stackdriver) Logging - description: Manages a project-level logging bucket config. - name: google_logging_project_bucket_config - title: "" - examples: - - name: basic - manifest: |- - { - "bucket_id": "_Default", - "location": "global", - "project": "${google_project.default.project_id}", - "retention_days": 30 - } - references: - project: google_project.default.project_id - dependencies: - google_project.default: |- - { - "name": "your-project-id", - "org_id": "123456789", - "project_id": "your-project-id" - } - - name: basic - manifest: |- - { - "bucket_id": "custom-bucket", - "location": "global", - "project": "project_id", - "retention_days": 30 - } - - name: analytics-enabled-bucket - manifest: |- - { - "bucket_id": "custom-bucket", - "enable_analytics": true, - "location": "global", - "project": "project_id", - "retention_days": 30 - } - - name: example-project-bucket-cmek-settings - manifest: |- - { - "bucket_id": "custom-bucket", - "cmek_settings": [ - { - "kms_key_name": "${google_kms_crypto_key.key.id}" - } - ], - "depends_on": [ - "${google_kms_crypto_key_iam_binding.crypto_key_binding}" - ], - "location": "us-central1", - "project": "project_id", - "retention_days": 30 - } - references: - cmek_settings.kms_key_name: google_kms_crypto_key.key.id - dependencies: - google_kms_crypto_key.key: |- - { - "key_ring": "${google_kms_key_ring.keyring.id}", - "name": "crypto-key-example", - "rotation_period": "100000s" - } - google_kms_crypto_key_iam_binding.crypto_key_binding: |- - { - "crypto_key_id": "${google_kms_crypto_key.key.id}", - "members": [ - "serviceAccount:${data.google_logging_project_cmek_settings.cmek_settings.service_account_id}" - ], - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" - } - google_kms_key_ring.keyring: |- - { - "location": "us-central1", - "name": "keyring-example" - } - argumentDocs: - bucket_id: '- (Required) The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.' - cmek_settings: '- (Optional) The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed. Structure is documented below.' - cmek_settings.kms_key_name: |- - - The resource name for the configured Cloud KMS key. - KMS key name format: - 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' - To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. - The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. - See Enabling CMEK for Logging Buckets for more information. - cmek_settings.kms_key_version_name: |- - - The CryptoKeyVersion resource name for the configured Cloud KMS key. - KMS key name format: - 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' - For example: - "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" - This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - cmek_settings.name: '- The resource name of the CMEK settings.' - cmek_settings.service_account_id: |- - - The service account associated with a project for which CMEK will apply. - Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. - See Enabling CMEK for Logging Buckets for more information. - description: '- (Optional) Describes this bucket.' - enable_analytics: '- (Optional) Whether or not Log Analytics is enabled. Logs for buckets with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}}' - lifecycle_state: '- The bucket''s lifecycle such as active or deleted. See LifecycleState.' - location: '- (Required) The location of the bucket.' - locked: '- (Optional) Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.' - name: '- The resource name of the bucket. For example: "projects/my-project-id/locations/my-location/buckets/my-bucket-id"' - project: '- (Required) The parent resource that contains the logging bucket.' - retention_days: '- (Optional) Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.' + (Required) + Required. Start time of the window in UTC time. + Structure is documented below. importStatements: [] - google_logging_project_exclusion: - subCategory: Cloud (Stackdriver) Logging - description: Manages a project-level logging exclusion. - name: google_logging_project_exclusion + google_migration_center_group: + subCategory: Migration Center + description: A resource that represents an asset group. + name: google_migration_center_group title: "" examples: - - name: my-exclusion + - name: default manifest: |- - { - "description": "Exclude GCE instance debug logs", - "filter": "resource.type = gce_instance AND severity \u003c= DEBUG", - "name": "my-instance-debug-exclusion" + { + "description": "Terraform integration test description", + "display_name": "Terraform integration test display", + "group_id": "group-test", + "labels": { + "key": "value" + }, + "location": "us-central1" } argumentDocs: - description: '- (Optional) A human-readable description.' - disabled: |- - - (Optional) Whether this exclusion rule should be disabled or not. This defaults to - false. - filter: |- - - (Required) The filter to apply when excluding logs. Only log entries that match the filter are excluded. - See Advanced Log Filters for information on how to - write a filter. - id: '- an identifier for the resource with format projects/{{project}}/exclusions/{{name}}' - name: '- (Required) The name of the logging exclusion.' + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The timestamp when the group was created. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Optional. The description of the group. + display_name: |- + - + (Optional) + Optional. User-friendly display name. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + group_id: |- + - + (Required) + Required. User specified ID for the group. It will become the last component of the group name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression: [a-z]([a-z0-9-]{0,61}[a-z0-9])?. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/groups/{{group_id}}' + labels: |- + - + (Optional) + Labels as key value pairs. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The location of the group. + name: |- + - + Output only. The name of the group. project: |- - - (Optional) The project to create the exclusion in. If omitted, the project associated with the provider is - used. + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The timestamp when the group was last updated. importStatements: [] - google_logging_project_sink: - subCategory: Cloud (Stackdriver) Logging - description: Manages a project-level logging sink. - name: google_logging_project_sink + google_migration_center_preference_set: + subCategory: Migration Center + description: Manages the PreferenceSet resource. + name: google_migration_center_preference_set title: "" examples: - - name: my-sink + - name: default manifest: |- { - "destination": "pubsub.googleapis.com/projects/my-project/topics/instance-activity", - "filter": "resource.type = gce_instance AND severity \u003e= WARNING", - "name": "my-pubsub-instance-sink", - "unique_writer_identity": true + "description": "Terraform integration test description", + "display_name": "Terraform integration test display", + "location": "us-central1", + "preference_set_id": "preference-set-test", + "virtual_machine_preferences": [ + { + "sizing_optimization_strategy": "SIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE", + "target_product": "COMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE", + "vmware_engine_preferences": [ + { + "cpu_overcommit_ratio": 1.5 + } + ] + } + ] } - - name: instance-sink + - name: default manifest: |- { - "description": "some explanation on what this is", - "destination": "storage.googleapis.com/${google_storage_bucket.log-bucket.name}", - "filter": "resource.type = gce_instance AND resource.labels.instance_id = \"${google_compute_instance.my-logged-instance.instance_id}\"", - "name": "my-instance-sink", - "unique_writer_identity": true - } - dependencies: - google_compute_instance.my-logged-instance: |- + "description": "Terraform integration test description", + "display_name": "Terraform integration test display", + "location": "us-central1", + "preference_set_id": "preference-set-test", + "virtual_machine_preferences": [ { - "boot_disk": [ + "commitment_plan": "COMMITMENT_PLAN_ONE_YEAR", + "compute_engine_preferences": [ { - "initialize_params": [ + "license_type": "LICENSE_TYPE_BRING_YOUR_OWN_LICENSE", + "machine_preferences": [ { - "image": "debian-cloud/debian-11" + "allowed_machine_series": [ + { + "code": "C3" + } + ] } ] } ], - "machine_type": "e2-medium", - "name": "my-instance", - "network_interface": [ + "region_preferences": [ { - "access_config": [ - {} - ], - "network": "default" + "preferred_regions": [ + "us-central1" + ] } ], - "zone": "us-central1-a" - } - google_project_iam_binding.log-writer: |- - { - "members": [ - "${google_logging_project_sink.instance-sink.writer_identity}" + "sizing_optimization_strategy": "SIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE", + "sole_tenancy_preferences": [ + { + "commitment_plan": "ON_DEMAND", + "cpu_overcommit_ratio": 1.2, + "host_maintenance_policy": "HOST_MAINTENANCE_POLICY_DEFAULT", + "node_types": [ + { + "node_name": "tf-test" + } + ] + } ], - "project": "your-project-id", - "role": "roles/storage.objectCreator" - } - google_storage_bucket.log-bucket: |- - { - "location": "US", - "name": "my-unique-logging-bucket" - } - - name: log-bucket - manifest: |- - { - "destination": "logging.googleapis.com/projects/my-project/locations/global/buckets/_Default", - "exclusions": [ - { - "description": "Exclude logs from namespace-1 in k8s", - "filter": "resource.type = k8s_container resource.labels.namespace_name=\"namespace-1\" ", - "name": "nsexcllusion1" - }, - { - "description": "Exclude logs from namespace-2 in k8s", - "filter": "resource.type = k8s_container resource.labels.namespace_name=\"namespace-2\" ", - "name": "nsexcllusion2" + "target_product": "COMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE", + "vmware_engine_preferences": [ + { + "commitment_plan": "ON_DEMAND", + "cpu_overcommit_ratio": 1.5, + "storage_deduplication_compression_ratio": 1.3 + } + ] } - ], - "name": "my-logging-sink", - "unique_writer_identity": true + ] } argumentDocs: - bigquery_options: '- (Optional) Options that affect sinks exporting data to BigQuery. Structure documented below.' - bigquery_options.use_partitioned_tables: |- - - (Required) Whether to use BigQuery's partition tables. - By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned - tables the date suffix is no longer present and special query syntax - has to be used instead. In both cases, tables are sharded based on UTC timezone. - description: '- (Optional) A description of this sink. The maximum length of the description is 8000 characters.' - destination: |- - - (Required) The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: - disabled: '- (Optional) If set to True, then this sink is disabled and it does not export any log entries.' - exclusions: '- (Optional) Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusions.filter, it will not be exported. Can be repeated multiple times for multiple exclusions. Structure is documented below.' - exclusions.description: '- (Optional) A description of this exclusion.' - exclusions.disabled: '- (Optional) If set to True, then this exclusion is disabled and it does not exclude any log entries.' - exclusions.filter: |- - - (Required) An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. See Advanced Log Filters for information on how to - write a filter. - exclusions.name: '- (Required) A client-assigned identifier, such as load-balancer-exclusion. Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.' - filter: |- - - (Optional) The filter to apply when exporting logs. Only log entries that match the filter are exported. - See Advanced Log Filters for information on how to - write a filter. - id: '- an identifier for the resource with format projects/{{project}}/sinks/{{name}}' - name: '- (Required) The name of the logging sink.' + compute_engine_preferences.license_type: |- + - + (Optional) + License type to consider when calculating costs for virtual machine insights and recommendations. If unspecified, costs are calculated based on the default licensing plan. + Possible values: + LICENSE_TYPE_UNSPECIFIED + LICENSE_TYPE_DEFAULT + LICENSE_TYPE_BRING_YOUR_OWN_LICENSE + compute_engine_preferences.machine_preferences: |- + - + (Optional) + The type of machines to consider when calculating virtual machine migration insights and recommendations. Not all machine types are available in all zones and regions. + Structure is documented below. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The timestamp when the preference set was created. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + A description of the preference set. + display_name: |- + - + (Optional) + User-friendly display name. Maximum length is 63 characters. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/preferenceSets/{{preference_set_id}}' + location: |- + - + (Required) + Part of parent. See documentation of projectsId. + machine_preferences.allowed_machine_series: |- + - + (Optional) + Compute Engine machine series to consider for insights and recommendations. If empty, no restriction is applied on the machine series. + Structure is documented below. + machine_preferences.allowed_machine_series.code: |- + - + (Optional) + Code to identify a Compute Engine machine series. Consult https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for more details on the available series. + name: |- + - + Output only. Name of the preference set. + node_types.node_name: |- + - + (Optional) + Name of the Sole Tenant node. Consult https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes + preference_set_id: |- + - + (Required) + Required. User specified ID for the preference set. It will become the last component of the preference set name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression [a-z]([a-z0-9-]{0,61}[a-z0-9])?. project: |- - - (Optional) The ID of the project to create the sink in. If omitted, the project associated with the provider is - used. - unique_writer_identity: |- - - (Optional) Whether or not to create a unique identity associated with this sink. If false - (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, - then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize - bigquery_options, you must set unique_writer_identity to true. - writer_identity: |- - - The identity associated with this sink. This identity must be granted write access to the - configured destination. + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region_preferences.preferred_regions: |- + - + (Optional) + A list of preferred regions, ordered by the most preferred region first. Set only valid Google Cloud region names. See https://cloud.google.com/compute/docs/regions-zones for available regions. + sole_tenancy_preferences.commitment_plan: |- + - + (Optional) + Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. + Possible values: + COMMITMENT_PLAN_UNSPECIFIED + ON_DEMAND + COMMITMENT_1_YEAR + COMMITMENT_3_YEAR + sole_tenancy_preferences.cpu_overcommit_ratio: |- + - + (Optional) + CPU overcommit ratio. Acceptable values are between 1.0 and 2.0 inclusive. + sole_tenancy_preferences.host_maintenance_policy: |- + - + (Optional) + Sole Tenancy nodes maintenance policy. + Possible values: + HOST_MAINTENANCE_POLICY_UNSPECIFIED + HOST_MAINTENANCE_POLICY_DEFAULT + HOST_MAINTENANCE_POLICY_RESTART_IN_PLACE + HOST_MAINTENANCE_POLICY_MIGRATE_WITHIN_NODE_GROUP + sole_tenancy_preferences.node_types: |- + - + (Optional) + A list of sole tenant node types. An empty list means that all possible node types will be considered. + Structure is documented below. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The timestamp when the preference set was last updated. + virtual_machine_preferences: |- + - + (Optional) + VirtualMachinePreferences enables you to create sets of assumptions, for example, a geographical location and pricing track, for your migrated virtual machines. The set of preferences influence recommendations for migrating virtual machine assets. + Structure is documented below. + virtual_machine_preferences.commitment_plan: |- + - + (Optional) + Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. + Possible values: + COMMITMENT_PLAN_UNSPECIFIED + COMMITMENT_PLAN_NONE + COMMITMENT_PLAN_ONE_YEAR + COMMITMENT_PLAN_THREE_YEARS + virtual_machine_preferences.compute_engine_preferences: |- + - + (Optional) + The user preferences relating to Compute Engine target platform. + Structure is documented below. + virtual_machine_preferences.region_preferences: |- + - + (Optional) + The user preferences relating to target regions. + Structure is documented below. + virtual_machine_preferences.sizing_optimization_strategy: |- + - + (Optional) + Sizing optimization strategy specifies the preferred strategy used when extrapolating usage data to calculate insights and recommendations for a virtual machine. If you are unsure which value to set, a moderate sizing optimization strategy is often a good value to start with. + Possible values: + SIZING_OPTIMIZATION_STRATEGY_UNSPECIFIED + SIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE + SIZING_OPTIMIZATION_STRATEGY_MODERATE + SIZING_OPTIMIZATION_STRATEGY_AGGRESSIVE + virtual_machine_preferences.sole_tenancy_preferences: |- + - + (Optional) + Preferences concerning Sole Tenancy nodes and VMs. + Structure is documented below. + virtual_machine_preferences.target_product: |- + - + (Optional) + Target product for assets using this preference set. Specify either target product or business goal, but not both. + Possible values: + COMPUTE_MIGRATION_TARGET_PRODUCT_UNSPECIFIED + COMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE + COMPUTE_MIGRATION_TARGET_PRODUCT_VMWARE_ENGINE + COMPUTE_MIGRATION_TARGET_PRODUCT_SOLE_TENANCY + virtual_machine_preferences.vmware_engine_preferences: |- + - + (Optional) + The user preferences relating to Google Cloud VMware Engine target platform. + Structure is documented below. + vmware_engine_preferences.commitment_plan: |- + - + (Optional) + Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. + Possible values: + COMMITMENT_PLAN_UNSPECIFIED + ON_DEMAND + COMMITMENT_1_YEAR_MONTHLY_PAYMENTS + COMMITMENT_3_YEAR_MONTHLY_PAYMENTS + COMMITMENT_1_YEAR_UPFRONT_PAYMENT + COMMITMENT_3_YEAR_UPFRONT_PAYMENT + vmware_engine_preferences.cpu_overcommit_ratio: |- + - + (Optional) + CPU overcommit ratio. Acceptable values are between 1.0 and 8.0, with 0.1 increment. + vmware_engine_preferences.memory_overcommit_ratio: |- + - + (Optional) + Memory overcommit ratio. Acceptable values are 1.0, 1.25, 1.5, 1.75 and 2.0. + vmware_engine_preferences.storage_deduplication_compression_ratio: |- + - + (Optional) + The Deduplication and Compression ratio is based on the logical (Used Before) space required to store data before applying deduplication and compression, in relation to the physical (Used After) space required after applying deduplication and compression. Specifically, the ratio is the Used Before space divided by the Used After space. For example, if the Used Before space is 3 GB, but the physical Used After space is 1 GB, the deduplication and compression ratio is 3x. Acceptable values are between 1.0 and 4.0. importStatements: [] - google_looker_instance: - subCategory: Looker (Google Cloud core) - description: A Google Cloud Looker instance. - name: google_looker_instance + google_ml_engine_model: + subCategory: ML Engine + description: Represents a machine learning solution. + name: google_ml_engine_model title: "" examples: - - name: looker-instance + - name: default manifest: |- { - "name": "my-instance", - "oauth_config": [ - { - "client_id": "my-client-id", - "client_secret": "my-client-secret" - } - ], - "platform_edition": "LOOKER_CORE_STANDARD", - "region": "us-central1" + "description": "My model", + "name": "default", + "regions": [ + "us-central1" + ] } - - name: looker-instance + - name: default manifest: |- { - "admin_settings": [ - { - "allowed_email_domains": [ - "google.com" - ] - } - ], - "deny_maintenance_period": [ + "description": "My model", + "labels": { + "my_model": "foo" + }, + "name": "default", + "online_prediction_console_logging": true, + "online_prediction_logging": true, + "regions": [ + "us-central1" + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + default_version: |- + - + (Optional) + The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + Structure is documented below. + default_version.name: |- + - + (Required) + The name specified for the version when it was created. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description specified for the model when it was created. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/models/{{name}}' + labels: |- + - + (Optional) + One or more labels that you can add, to organize your models. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + name: |- + - + (Required) + The name specified for the model. + online_prediction_console_logging: |- + - + (Optional) + If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging + online_prediction_logging: |- + - + (Optional) + If true, online prediction access logs are sent to StackDriver Logging. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + regions: |- + - + (Optional) + The list of regions where the model is going to be deployed. + Currently only one region per model is supported + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + importStatements: [] + google_monitoring_alert_policy: + subCategory: Cloud (Stackdriver) Monitoring + description: A description of the conditions under which some aspect of your system is considered to be "unhealthy" and the ways to notify people or services about this state. + name: google_monitoring_alert_policy + title: "" + examples: + - name: alert_policy + manifest: |- + { + "combiner": "OR", + "conditions": [ { - "end_date": [ - { - "day": 1, - "month": 2, - "year": 2050 - } - ], - "start_date": [ + "condition_threshold": [ { - "day": 1, - "month": 1, - "year": 2050 + "aggregations": [ + { + "alignment_period": "60s", + "per_series_aligner": "ALIGN_RATE" + } + ], + "comparison": "COMPARISON_GT", + "duration": "60s", + "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" } ], - "time": [ - { - "hours": 10, - "minutes": 0, - "nanos": 0, - "seconds": 0 - } - ] - } - ], - "maintenance_window": [ - { - "day_of_week": "THURSDAY", - "start_time": [ - { - "hours": 22, - "minutes": 0, - "nanos": 0, - "seconds": 0 - } - ] - } - ], - "name": "my-instance", - "oauth_config": [ - { - "client_id": "my-client-id", - "client_secret": "my-client-secret" + "display_name": "test condition" } ], - "platform_edition": "LOOKER_CORE_STANDARD", - "public_ip_enabled": true, - "region": "us-central1", - "user_metadata": [ - { - "additional_developer_user_count": 10, - "additional_standard_user_count": 10, - "additional_viewer_user_count": 10 - } - ] + "display_name": "My Alert Policy", + "user_labels": { + "foo": "bar" + } } - - name: looker-instance + - name: alert_policy manifest: |- { - "admin_settings": [ - { - "allowed_email_domains": [ - "google.com" - ] - } - ], - "consumer_network": "${data.google_compute_network.looker_network.id}", - "deny_maintenance_period": [ + "combiner": "OR", + "conditions": [ { - "end_date": [ - { - "day": 1, - "month": 2, - "year": 2050 - } - ], - "start_date": [ + "condition_threshold": [ { - "day": 1, - "month": 1, - "year": 2050 + "aggregations": [ + { + "alignment_period": "60s", + "per_series_aligner": "ALIGN_RATE" + } + ], + "comparison": "COMPARISON_GT", + "duration": "60s", + "evaluation_missing_data": "EVALUATION_MISSING_DATA_INACTIVE", + "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" } ], - "time": [ - { - "hours": 10, - "minutes": 0, - "nanos": 0, - "seconds": 0 - } - ] - } - ], - "depends_on": [ - "${google_service_networking_connection.looker_vpc_connection}" - ], - "encryption_config": [ - { - "kms_key_name": "looker-kms-key" + "display_name": "test condition" } ], - "maintenance_window": [ + "display_name": "My Alert Policy", + "user_labels": { + "foo": "bar" + } + } + - name: alert_policy + manifest: |- + { + "combiner": "OR", + "conditions": [ { - "day_of_week": "THURSDAY", - "start_time": [ + "condition_threshold": [ { - "hours": 22, - "minutes": 0, - "nanos": 0, - "seconds": 0 + "aggregations": [ + { + "alignment_period": "60s", + "per_series_aligner": "ALIGN_RATE" + } + ], + "comparison": "COMPARISON_GT", + "duration": "60s", + "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"", + "forecast_options": [ + { + "forecast_horizon": "3600s" + } + ] } - ] - } - ], - "name": "my-instance", - "oauth_config": [ - { - "client_id": "my-client-id", - "client_secret": "my-client-secret" + ], + "display_name": "test condition" } ], - "platform_edition": "LOOKER_CORE_ENTERPRISE_ANNUAL", - "private_ip_enabled": true, - "public_ip_enabled": false, - "region": "us-central1", - "reserved_range": "${google_compute_global_address.looker_range.name}" + "display_name": "My Alert Policy", + "user_labels": { + "foo": "bar" + } } - references: - consumer_network: data.google_compute_network.looker_network.id - dependencies: - google_compute_global_address.looker_range: |- - { - "address_type": "INTERNAL", - "name": "looker-range", - "network": "${data.google_compute_network.looker_network.id}", - "prefix_length": 20, - "purpose": "VPC_PEERING" - } - google_kms_crypto_key_iam_member.crypto_key: |- + - name: alert_policy + manifest: |- + { + "alert_strategy": [ { - "crypto_key_id": "looker-kms-key", - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-looker.iam.gserviceaccount.com", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + "auto_close": "1800s" } - google_service_networking_connection.looker_vpc_connection: |- + ], + "combiner": "OR", + "conditions": [ { - "network": "${data.google_compute_network.looker_network.id}", - "reserved_peering_ranges": [ - "${google_compute_global_address.looker_range.name}" + "condition_prometheus_query_language": [ + { + "alert_rule": "AlwaysOn", + "duration": "60s", + "evaluation_interval": "60s", + "query": "compute_googleapis_com:instance_cpu_usage_time \u003e 0", + "rule_group": "a test" + } ], - "service": "servicenetworking.googleapis.com" + "display_name": "test condition" } + ], + "display_name": "My Alert Policy" + } argumentDocs: - LOOKER_CORE_TRIAL: |- - . - Possible values are: LOOKER_CORE_TRIAL, LOOKER_CORE_STANDARD, LOOKER_CORE_STANDARD_ANNUAL, LOOKER_CORE_ENTERPRISE_ANNUAL, LOOKER_CORE_EMBED_ANNUAL, LOOKER_MODELER. - MONDAY: ', TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.' - admin_settings: |- + aggregations.alignment_period: |- - (Optional) - Looker instance Admin settings. - Structure is documented below. - admin_settings.allowed_email_domains: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + aggregations.cross_series_reducer: |- - (Optional) - Email domain allowlist for the instance. - Define the email domains to which your users can deliver Looker (Google Cloud core) content. - Updating this list will restart the instance. Updating the allowed email domains from terraform - means the value provided will be considered as the entire list and not an amendment to the - existing list of allowed email domains. - consumer_network: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + Possible values are: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05. + aggregations.group_by_fields: |- - (Optional) - Network name in the consumer project in the format of: projects/{project}/global/networks/{network} - Note that the consumer network may be in a different GCP project than the consumer - project that is hosting the Looker Instance. - create: '- Default is 90 minutes.' - create_time: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + aggregations.per_series_aligner: |- - - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - delete: '- Default is 90 minutes.' - deny_maintenance_period: |- + (Optional) + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + Possible values are: ALIGN_NONE, ALIGN_DELTA, ALIGN_RATE, ALIGN_INTERPOLATE, ALIGN_NEXT_OLDER, ALIGN_MIN, ALIGN_MAX, ALIGN_MEAN, ALIGN_COUNT, ALIGN_SUM, ALIGN_STDDEV, ALIGN_COUNT_TRUE, ALIGN_COUNT_FALSE, ALIGN_FRACTION_TRUE, ALIGN_PERCENTILE_99, ALIGN_PERCENTILE_95, ALIGN_PERCENTILE_50, ALIGN_PERCENTILE_05, ALIGN_PERCENT_CHANGE. + alert_strategy.auto_close: |- - (Optional) - Maintenance denial period for this instance. - You must allow at least 14 days of maintenance availability - between any two deny maintenance periods. + If an alert policy that was active has no data for this long, any open incidents will close. + alert_strategy.notification_channel_strategy: |- + - + (Optional) + Control over how the notification channels in notification_channels + are notified when this alert fires, on a per-channel basis. Structure is documented below. - deny_maintenance_period.end_date: |- + alert_strategy.notification_rate_limit: |- + - + (Optional) + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + Structure is documented below. + combiner: |- - (Required) - Required. Start date of the deny maintenance period + How to combine the results of multiple conditions to + determine if an incident should be opened. + Possible values are: AND, OR, AND_WITH_MATCHING_RESOURCE. + condition_absent.aggregations: |- + - + (Optional) + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. Structure is documented below. - deny_maintenance_period.start_date: |- + condition_absent.duration: |- - (Required) - Required. Start date of the deny maintenance period + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + condition_absent.filter: |- + - + (Optional) + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + condition_absent.trigger: |- + - + (Optional) + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. Structure is documented below. - deny_maintenance_period.time: |- + condition_matched_log.filter: |- - (Required) - Required. Start time of the window in UTC time. + A logs-based filter. + condition_matched_log.label_extractors: |- + - + (Optional) + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + condition_monitoring_query_language.duration: |- + - + (Required) + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + condition_monitoring_query_language.evaluation_missing_data: |- + - + (Optional) + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. + Possible values are: EVALUATION_MISSING_DATA_INACTIVE, EVALUATION_MISSING_DATA_ACTIVE, EVALUATION_MISSING_DATA_NO_OP. + condition_monitoring_query_language.query: |- + - + (Required) + Monitoring Query Language query that outputs a boolean stream. + condition_monitoring_query_language.trigger: |- + - + (Optional) + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. Structure is documented below. - egress_public_ip: |- + condition_prometheus_query_language.alert_rule: |- - - Public Egress IP (IPv4). - encryption_config: |- + (Optional) + The alerting rule name of this alert in the corresponding Prometheus + configuration file. + Some external tools may require this field to be populated correctly + in order to refer to the original Prometheus configuration file. + The rule group name and the alert name are necessary to update the + relevant AlertPolicies in case the definition of the rule group changes + in the future. + This field is optional. If this field is not empty, then it must be a + valid Prometheus label name. + condition_prometheus_query_language.alert_strategy: |- - (Optional) - Looker instance encryption settings. + Control over how this alert policy's notification channels are notified. Structure is documented below. - encryption_config.kms_key_name: |- + condition_prometheus_query_language.documentation: |- - (Optional) - Name of the customer managed encryption key (CMEK) in KMS. - encryption_config.kms_key_name_version: |- + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + Structure is documented below. + condition_prometheus_query_language.duration: |- - - (Output) - Full name and version of the CMEK key currently in use to encrypt Looker data. - encryption_config.kms_key_state: |- + (Optional) + Alerts are considered firing once their PromQL expression evaluated + to be "true" for this long. Alerts whose PromQL expression was not + evaluated to be "true" for long enough are considered pending. The + default value is zero. Must be zero or positive. + condition_prometheus_query_language.enabled: |- - - (Output) - Status of the customer managed encryption key (CMEK) in KMS. - end_date.day: |- + (Optional) + Whether or not the policy is enabled. The default is true. + condition_prometheus_query_language.evaluation_interval: |- - (Optional) - Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 - to specify a year by itself or a year and month where the day isn't significant. - end_date.month: |- + How often this rule should be evaluated. Must be a positive multiple + of 30 seconds or missing. The default value is 30 seconds. If this + PrometheusQueryLanguageCondition was generated from a Prometheus + alerting rule, then this value should be taken from the enclosing + rule group. + condition_prometheus_query_language.labels: |- - (Optional) - Month of a year. Must be from 1 to 12, or 0 to specify a year without a - month and day. - end_date.year: |- + Labels to add to or overwrite in the PromQL query result. Label names + must be valid. + Label values can be templatized by using variables. The only available + variable names are the names of the labels in the PromQL result, including + "name" and "value". "labels" may be empty. This field is intended to be + used for organizing and identifying the AlertPolicy + condition_prometheus_query_language.notification_channels: |- - (Optional) - Year of the date. Must be from 1 to 9999, or 0 to specify a date without - a year. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}' - ingress_private_ip: |- + Identifies the notification channels to which notifications should be + sent when incidents are opened or closed or when new violations occur + on an already opened incident. Each element of this array corresponds + to the name field in each of the NotificationChannel objects that are + returned from the notificationChannels.list method. The syntax of the + entries in this field is + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + condition_prometheus_query_language.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + condition_prometheus_query_language.query: |- - - Private Ingress IP (IPv4). - ingress_public_ip: |- + (Required) + The PromQL expression to evaluate. Every evaluation cycle this + expression is evaluated at the current time, and all resultant time + series become pending/firing alerts. This field must not be empty. + condition_prometheus_query_language.rule_group: |- - - Public Ingress IP (IPv4). - looker_uri: |- + (Optional) + The rule group name of this alert in the corresponding Prometheus + configuration file. + Some external tools may require this field to be populated correctly + in order to refer to the original Prometheus configuration file. + The rule group name and the alert name are necessary to update the + relevant AlertPolicies in case the definition of the rule group changes + in the future. This field is optional. + condition_prometheus_query_language.severity: |- - - Looker instance URI which can be used to access the Looker Instance UI. - looker_version: |- + (Optional) + The severity of an alert policy indicates how important incidents generated + by that policy are. The severity level will be displayed on the Incident + detail page and in notifications. + Possible values are: CRITICAL, ERROR, WARNING. + condition_prometheus_query_language.user_labels: |- - - The Looker version that the instance is using. - maintenance_window: |- + (Optional) + This field is intended to be used for organizing and identifying the AlertPolicy + objects.The field can contain up to 64 entries. Each key and value is limited + to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values + can contain only lowercase letters, numerals, underscores, and dashes. Keys + must begin with a letter. + condition_threshold.aggregations: |- - (Optional) - Maintenance window for an instance. - Maintenance of your instance takes place once a month, and will require - your instance to be restarted during updates, which will temporarily - disrupt service. + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. Structure is documented below. - maintenance_window.day_of_week: |- + condition_threshold.comparison: |- - (Required) - Required. Day of the week for this MaintenanceWindow (in UTC). - maintenance_window.start_time: |- + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. + Possible values are: COMPARISON_GT, COMPARISON_GE, COMPARISON_LT, COMPARISON_LE, COMPARISON_EQ, COMPARISON_NE. + condition_threshold.denominator_aggregations: |- + - + (Optional) + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + Structure is documented below. + condition_threshold.denominator_filter: |- + - + (Optional) + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + condition_threshold.duration: |- - (Required) - Required. Start time of the window in UTC time. + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + condition_threshold.evaluation_missing_data: |- + - + (Optional) + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. + Possible values are: EVALUATION_MISSING_DATA_INACTIVE, EVALUATION_MISSING_DATA_ACTIVE, EVALUATION_MISSING_DATA_NO_OP. + condition_threshold.filter: |- + - + (Optional) + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + condition_threshold.forecast_options: |- + - + (Optional) + When this field is present, the MetricThreshold + condition forecasts whether the time series is + predicted to violate the threshold within the + forecastHorizon. When this field is not set, the + MetricThreshold tests the current value of the + timeseries against the threshold. Structure is documented below. - name: |- + condition_threshold.threshold_value: |- + - + (Optional) + A value against which to compare the time + series. + condition_threshold.trigger: |- + - + (Optional) + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + Structure is documented below. + conditions: |- - (Required) - The ID of the instance or a fully qualified identifier for the instance. - oauth_config: |- + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + Structure is documented below. + conditions.condition_absent: |- + - + (Optional) + A condition that checks that a time series + continues to receive new data points. + Structure is documented below. + conditions.condition_matched_log: |- + - + (Optional) + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + Structure is documented below. + conditions.condition_monitoring_query_language: |- + - + (Optional) + A Monitoring Query Language query that outputs a boolean stream + Structure is documented below. + conditions.condition_prometheus_query_language: |- + - + (Optional) + A condition type that allows alert policies to be defined using + Prometheus Query Language (PromQL). + The PrometheusQueryLanguageCondition message contains information + from a Prometheus alerting rule and its associated rule group. + Structure is documented below. + conditions.condition_threshold: |- - (Optional) - Looker Instance OAuth login settings. + A condition that compares a time series against a + threshold. Structure is documented below. - oauth_config.client_id: |- - - - (Required) - The client ID for the Oauth config. - oauth_config.client_secret: |- + conditions.display_name: |- - (Required) - The client secret for the Oauth config. - platform_edition: |- - - - (Optional) - Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values: - private_ip_enabled: |- + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + conditions.name: |- - - (Optional) - Whether private IP is enabled on the Looker instance. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - public_ip_enabled: |- + (Output) + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + create: '- Default is 20 minutes.' + creation_record: |- - - (Optional) - Whether public IP is enabled on the Looker instance. - region: |- + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + Structure is documented below. + creation_record.mutate_time: |- - - (Optional) - The name of the Looker region of the instance. - reserved_range: |- + (Output) + When the change occurred. + creation_record.mutated_by: |- - - (Optional) - Name of a reserved IP address range within the consumer network, to be used for - private service access connection. User may or may not specify this in a request. - start_date.day: |- + (Output) + The email address of the user making the change. + delete: '- Default is 20 minutes.' + denominator_aggregations.alignment_period: |- - (Optional) - Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 - to specify a year by itself or a year and month where the day isn't significant. - start_date.month: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + denominator_aggregations.cross_series_reducer: |- - (Optional) - Month of a year. Must be from 1 to 12, or 0 to specify a year without a - month and day. - start_date.year: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + Possible values are: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05. + denominator_aggregations.group_by_fields: |- - (Optional) - Year of the date. Must be from 1 to 9999, or 0 to specify a date without - a year. - start_time.hours: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + denominator_aggregations.per_series_aligner: |- - (Optional) - Hours of day in 24 hour format. Should be from 0 to 23. - start_time.minutes: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + Possible values are: ALIGN_NONE, ALIGN_DELTA, ALIGN_RATE, ALIGN_INTERPOLATE, ALIGN_NEXT_OLDER, ALIGN_MIN, ALIGN_MAX, ALIGN_MEAN, ALIGN_COUNT, ALIGN_SUM, ALIGN_STDDEV, ALIGN_COUNT_TRUE, ALIGN_COUNT_FALSE, ALIGN_FRACTION_TRUE, ALIGN_PERCENTILE_99, ALIGN_PERCENTILE_95, ALIGN_PERCENTILE_50, ALIGN_PERCENTILE_05, ALIGN_PERCENT_CHANGE. + display_name: |- - - (Optional) - Minutes of hour of day. Must be from 0 to 59. - start_time.nanos: |- + (Required) + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + documentation.content: |- - (Optional) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - start_time.seconds: |- + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + documentation.mime_type: |- - (Optional) - Seconds of minutes of the time. Must normally be from 0 to 59. - time.hours: |- + The format of the content field. Presently, only the value + "text/markdown" is supported. + documentation.subject: |- - (Optional) - Hours of day in 24 hour format. Should be from 0 to 23. - time.minutes: |- + The subject line of the notification. The subject line may not + exceed 10,240 bytes. In notifications generated by this policy the contents + of the subject line after variable expansion will be truncated to 255 bytes + or shorter at the latest UTF-8 character boundary. + forecast_options.forecast_horizon: |- - - (Optional) - Minutes of hour of day. Must be from 0 to 59. - time.nanos: |- + (Required) + The length of time into the future to forecast + whether a timeseries will violate the threshold. + If the predicted value is found to violate the + threshold, and the violation is observed in all + forecasts made for the Configured duration, + then the timeseries is considered to be failing. + id: '- an identifier for the resource with format {{name}}' + name: |- - - (Optional) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - time.seconds: |- + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID] + notification_channel_strategy.notification_channel_names: |- - (Optional) - Seconds of minutes of the time. Must normally be from 0 to 59. - update: '- Default is 90 minutes.' - update_time: |- - - - The time the instance was updated in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - user_metadata: |- + The notification channels that these settings apply to. Each of these + correspond to the name field in one of the NotificationChannel objects + referenced in the notification_channels field of this AlertPolicy. The format is + projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID] + notification_channel_strategy.renotify_interval: |- - (Optional) - Metadata about users for a Looker instance. - These settings are only available when platform edition LOOKER_CORE_STANDARD is set. - There are ten Standard and two Developer users included in the cost of the product. - You can allocate additional Standard, Viewer, and Developer users for this instance. - It is an optional step and can be modified later. - With the Standard edition of Looker (Google Cloud core), you can provision up to 50 - total users, distributed across Viewer, Standard, and Developer. - Structure is documented below. - user_metadata.additional_developer_user_count: |- + The frequency at which to send reminder notifications for open incidents. + notification_rate_limit.period: |- - (Optional) - Number of additional Developer Users to allocate to the Looker Instance. - user_metadata.additional_standard_user_count: |- + Not more than one notification per period. + trigger.count: |- - (Optional) - Number of additional Standard Users to allocate to the Looker Instance. - user_metadata.additional_viewer_user_count: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + trigger.percent: |- - (Optional) - Number of additional Viewer Users to allocate to the Looker Instance. + The percentage of time series that + must fail the predicate for the + condition to be triggered. + update: '- Default is 20 minutes.' importStatements: [] - google_memcache_instance: - subCategory: Memcache - description: A Google Cloud Memcache instance. - name: google_memcache_instance + google_monitoring_custom_service: + subCategory: Cloud (Stackdriver) Monitoring + description: A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern. + name: google_monitoring_custom_service title: "" examples: - - name: instance + - name: custom manifest: |- { - "authorized_network": "${google_service_networking_connection.private_service_connection.network}", - "maintenance_policy": [ - { - "weekly_maintenance_window": [ - { - "day": "SATURDAY", - "duration": "14400s", - "start_time": [ - { - "hours": 0, - "minutes": 30, - "nanos": 0, - "seconds": 0 - } - ] - } - ] - } - ], - "memcache_version": "MEMCACHE_1_5", - "name": "test-instance", - "node_config": [ + "display_name": "My Custom Service custom-srv", + "service_id": "custom-srv", + "telemetry": [ { - "cpu_count": 1, - "memory_size_mb": 1024 + "resource_name": "//product.googleapis.com/foo/foo/services/test" } ], - "node_count": 1 + "user_labels": { + "my_key": "my_value", + "my_other_key": "my_other_value" + } } - references: - authorized_network: google_service_networking_connection.private_service_connection.network - dependencies: - google_compute_global_address.service_range: |- - { - "address_type": "INTERNAL", - "name": "address", - "network": "${data.google_compute_network.memcache_network.id}", - "prefix_length": 16, - "purpose": "VPC_PEERING" - } - google_service_networking_connection.private_service_connection: |- - { - "network": "${data.google_compute_network.memcache_network.id}", - "reserved_peering_ranges": [ - "${google_compute_global_address.service_range.name}" - ], - "service": "servicenetworking.googleapis.com" - } argumentDocs: - DAY_OF_WEEK_UNSPECIFIED: ', MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.' create: '- Default is 20 minutes.' - create_time: |- - - - Creation timestamp in RFC3339 text format. delete: '- Default is 20 minutes.' - discovery_endpoint: |- - - - Endpoint for Discovery API - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}' - maintenance_policy.create_time: |- - - - (Output) - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits - maintenance_policy.description: |- + display_name: |- - (Optional) - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - maintenance_policy.update_time: |- + Name used for UI elements listing this Service. + id: '- an identifier for the resource with format {{name}}' + name: |- - - (Output) - Output only. The time when the policy was updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - maintenance_policy.weekly_maintenance_window: |- + The full resource name for this service. The syntax is: + projects/[PROJECT_ID]/services/[SERVICE_ID]. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + service_id: |- - - (Required) - Required. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number of weekly_maintenance_windows - is expected to be one. - Structure is documented below. - maintenance_schedule: |- + (Optional) + An optional service ID to use. If not given, the server will generate a + service ID. + telemetry: |- - - Output only. Published maintenance schedule. + (Optional) + Configuration for how to query telemetry on a Service. Structure is documented below. - maintenance_schedule.end_time: |- - - - (Output) - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - maintenance_schedule.schedule_deadline_time: |- - - - (Output) - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - maintenance_schedule.start_time: |- - - - (Output) - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - memcache_full_version: |- - - - The full version of memcached server running on this instance. - memcache_nodes: |- + telemetry.resource_name: |- - - Additional information about the instance state, if available. - Structure is documented below. - memcache_nodes.host: |- + (Optional) + The full name of the resource that defines this service. + Formatted as described in + https://cloud.google.com/apis/design/resource_names. + update: '- Default is 20 minutes.' + user_labels: |- - - (Output) - Hostname or IP address of the Memcached node used by the clients to connect to the Memcached server on this node. - memcache_nodes.node_id: |- + (Optional) + Labels which have been used to annotate the service. Label keys must start + with a letter. Label keys and values may contain lowercase letters, + numbers, underscores, and dashes. Label keys and values have a maximum + length of 63 characters, and must be less than 128 bytes in size. Up to 64 + label entries may be stored. For labels which do not have a semantic value, + the empty string may be supplied for the label value. + importStatements: [] + google_monitoring_dashboard: + subCategory: Cloud (Stackdriver) Monitoring + description: A Google Stackdriver dashboard. + name: google_monitoring_dashboard + title: "" + examples: + - name: dashboard + manifest: |- + { + "dashboard_json": "{\n \"displayName\": \"Demo Dashboard\",\n \"gridLayout\": {\n \"widgets\": [\n {\n \"blank\": {}\n }\n ]\n }\n}\n\n" + } + - name: dashboard + manifest: |- + { + "dashboard_json": "{\n \"displayName\": \"Grid Layout Example\",\n \"gridLayout\": {\n \"columns\": \"2\",\n \"widgets\": [\n {\n \"title\": \"Widget 1\",\n \"xyChart\": {\n \"dataSets\": [{\n \"timeSeriesQuery\": {\n \"timeSeriesFilter\": {\n \"filter\": \"metric.type=\\\"agent.googleapis.com/nginx/connections/accepted_count\\\"\",\n \"aggregation\": {\n \"perSeriesAligner\": \"ALIGN_RATE\"\n }\n },\n \"unitOverride\": \"1\"\n },\n \"plotType\": \"LINE\"\n }],\n \"timeshiftDuration\": \"0s\",\n \"yAxis\": {\n \"label\": \"y1Axis\",\n \"scale\": \"LINEAR\"\n }\n }\n },\n {\n \"text\": {\n \"content\": \"Widget 2\",\n \"format\": \"MARKDOWN\"\n }\n },\n {\n \"title\": \"Widget 3\",\n \"xyChart\": {\n \"dataSets\": [{\n \"timeSeriesQuery\": {\n \"timeSeriesFilter\": {\n \"filter\": \"metric.type=\\\"agent.googleapis.com/nginx/connections/accepted_count\\\"\",\n \"aggregation\": {\n \"perSeriesAligner\": \"ALIGN_RATE\"\n }\n },\n \"unitOverride\": \"1\"\n },\n \"plotType\": \"STACKED_BAR\"\n }],\n \"timeshiftDuration\": \"0s\",\n \"yAxis\": {\n \"label\": \"y1Axis\",\n \"scale\": \"LINEAR\"\n }\n }\n }\n ]\n }\n}\n\n" + } + argumentDocs: + create: '- Default is 4 minutes.' + dashboard_json: |- - - (Output) - Identifier of the Memcached node. The node id does not include project or location like the Memcached instance name. - memcache_nodes.port: |- + (Required) + The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards. + The representation of an existing dashboard can be found by using the API Explorer + delete: '- Default is 4 minutes.' + id: '- an identifier for the resource with format projects/{project_id_or_number}/dashboards/{dashboard_id}' + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 4 minutes.' + importStatements: [] + google_monitoring_group: + subCategory: Cloud (Stackdriver) Monitoring + description: The description of a dynamic collection of monitored resources. + name: google_monitoring_group + title: "" + examples: + - name: basic + manifest: |- + { + "display_name": "tf-test MonitoringGroup", + "filter": "resource.metadata.region=\"europe-west2\"" + } + - name: parent + manifest: |- + { + "display_name": "tf-test MonitoringParentGroup", + "filter": "resource.metadata.region=\"europe-west2\"" + } + - name: subgroup + manifest: |- + { + "display_name": "tf-test MonitoringSubGroup", + "filter": "resource.metadata.region=\"europe-west2\"", + "parent_name": "${google_monitoring_group.parent.name}" + } + references: + parent_name: google_monitoring_group.parent.name + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- - - (Output) - The port number of the Memcached server on this node. - memcache_nodes.state: |- + (Required) + A user-assigned name for this group, used only for display + purposes. + filter: |- - - (Output) - Current state of the Memcached node. - memcache_nodes.zone: |- + (Required) + The filter used to determine which monitored resources + belong to this group. + id: '- an identifier for the resource with format {{name}}' + is_cluster: |- - - (Output) - Location (GCP Zone) for the Memcached node. - memcache_parameters.id: |- + (Optional) + If true, the members of this group are considered to be a + cluster. The system can perform additional analysis on + groups that are clusters. + name: |- - - (Output) - This is a unique ID associated with this set of parameters. - memcache_parameters.params: |- + A unique identifier for this group. The format is + "projects/{project_id_or_number}/groups/{group_id}". + parent_name: |- - (Optional) - User-defined set of parameters to use in the memcache process. - name: |- + The name of the group's parent, if it has one. The format is + "projects/{project_id_or_number}/groups/{group_id}". For + groups with no parent, parentName is the empty string, "". + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + importStatements: [] + google_monitoring_metric_descriptor: + subCategory: Cloud (Stackdriver) Monitoring + description: Defines a metric type and its schema. + name: google_monitoring_metric_descriptor + title: "" + examples: + - name: basic + manifest: |- + { + "description": "Daily sales records from all branch stores.", + "display_name": "metric-descriptor", + "labels": [ + { + "description": "The ID of the store.", + "key": "store_id", + "value_type": "STRING" + } + ], + "launch_stage": "BETA", + "metadata": [ + { + "ingest_delay": "30s", + "sample_period": "60s" + } + ], + "metric_kind": "GAUGE", + "type": "custom.googleapis.com/stores/daily_sales", + "unit": "{USD}", + "value_type": "DOUBLE" + } + - name: with_alert + manifest: |- + { + "description": "Daily sales records from all branch stores.", + "display_name": "metric-descriptor", + "metric_kind": "GAUGE", + "type": "custom.googleapis.com/stores/daily_sales", + "unit": "{USD}", + "value_type": "DOUBLE" + } + dependencies: + google_monitoring_alert_policy.alert_policy: |- + { + "combiner": "OR", + "conditions": [ + { + "condition_threshold": [ + { + "comparison": "COMPARISON_GT", + "duration": "60s", + "filter": "metric.type=\"${google_monitoring_metric_descriptor.with_alert.type}\" AND resource.type=\"gce_instance\"" + } + ], + "display_name": "test condition" + } + ], + "display_name": "metric-descriptor" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- - (Required) - The resource name of the instance. - node_config: |- + A detailed description of the metric, which can be used in documentation. + display_name: |- - (Required) - Configuration for memcache nodes. + A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". + id: '- an identifier for the resource with format {{name}}' + labels: |- + - + (Optional) + The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels. Structure is documented below. - node_config.authorized_network: |- + labels.description: |- - (Optional) - The full name of the GCE network to connect the instance to. If not provided, - 'default' will be used. - node_config.cpu_count: |- + A human-readable description for the label. + labels.key: |- - (Required) - Number of CPUs per node. - node_config.display_name: |- + The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]* + labels.value_type: |- - (Optional) - A user-visible name for the instance. - node_config.labels: |- + The type of data that can be assigned to the label. + Default value is STRING. + Possible values are: STRING, BOOL, INT64. + launch_stage: |- - (Optional) - Resource labels to represent user-provided metadata. - node_config.maintenance_policy: |- + The launch stage of the metric definition. + Possible values are: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. + metadata: |- - (Optional) - Maintenance policy for an instance. + Metadata which can be used to guide usage of the metric. Structure is documented below. - node_config.memcache_parameters: |- + metadata.ingest_delay: |- - (Optional) - User-specified parameters for this memcache instance. - Structure is documented below. - node_config.memcache_version: |- + The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In [duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration). + metadata.sample_period: |- - (Optional) - The major version of Memcached software. If not provided, latest supported version will be used. - Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically - determined by our system based on the latest supported minor version. - Default value is MEMCACHE_1_5. - Possible values are: MEMCACHE_1_5. - node_config.memory_size_mb: |- + The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In [duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration). + metric_kind: |- - (Required) - Memory size in Mebibytes for each memcache node. - node_config.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - node_config.region: |- + Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. + Possible values are: METRIC_KIND_UNSPECIFIED, GAUGE, DELTA, CUMULATIVE. + monitored_resource_types: |- - - (Optional) - The region of the Memcache instance. If it is not provided, the provider region is used. - node_config.zones: |- + If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list. + name: |- - - (Optional) - Zones where memcache nodes should be provisioned. If not - provided, all zones will be used. - node_count: |- + The resource name of the metric descriptor. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: |- - (Required) - Number of nodes in the memcache instance. - start_time.hours: |- - - - (Optional) - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - start_time.minutes: |- - - - (Optional) - Minutes of hour of day. Must be from 0 to 59. - start_time.nanos: |- - - - (Optional) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - start_time.seconds: |- + The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/. + unit: |- - (Optional) - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. + The units in which the metric value is reported. It is only applicable if the + valueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of + the stored metric values. + Different systems may scale the values to be more easily displayed (so a value of + 0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as + 3.5MBy). However, if the unit is KBy, then the value of the metric is always in + thousands of bytes, no matter how it may be displayed. + If you want a custom metric to record the exact number of CPU-seconds used by a job, + you can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently + 1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as + 12005. + Alternatively, if you want a custom metric to record data in a more granular way, you + can create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value + 12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024). + The supported units are a subset of The Unified Code for Units of Measure standard. + More info can be found in the API documentation + (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors). update: '- Default is 20 minutes.' - weekly_maintenance_window.day: |- + value_type: |- - (Required) - Required. The day of week that maintenance updates occur. - weekly_maintenance_window.duration: |- + Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. + Possible values are: BOOL, INT64, DOUBLE, STRING, DISTRIBUTION. + importStatements: [] + google_monitoring_monitored_project: + subCategory: Cloud (Stackdriver) Monitoring + description: A [project being monitored](https://cloud. + name: google_monitoring_monitored_project + title: "" + examples: + - name: primary + manifest: |- + { + "metrics_scope": "my-project-name", + "name": "${google_project.basic.project_id}" + } + references: + name: google_project.basic.project_id + dependencies: + google_project.basic: |- + { + "name": "m-id-display", + "org_id": "123456789", + "project_id": "m-id" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time when this MonitoredProject was created. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format locations/global/metricsScopes/{{metrics_scope}}/projects/{{name}}' + metrics_scope: |- - (Required) - Required. The length of the maintenance window, ranging from 3 hours to 8 hours. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - weekly_maintenance_window.start_time: |- + Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER} + name: |- - (Required) - Required. Start time of the window in UTC time. - Structure is documented below. + Immutable. The resource name of the MonitoredProject. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER} importStatements: [] - google_ml_engine_model: - subCategory: ML Engine - description: Represents a machine learning solution. - name: google_ml_engine_model + google_monitoring_notification_channel: + subCategory: Cloud (Stackdriver) Monitoring + description: A NotificationChannel is a medium through which an alert is delivered when a policy violation is detected. + name: google_monitoring_notification_channel title: "" examples: - - name: default + - name: basic manifest: |- { - "description": "My model", - "name": "default", - "regions": [ - "us-central1" - ] + "display_name": "Test Notification Channel", + "force_delete": false, + "labels": { + "email_address": "fake_email@blahblah.com" + }, + "type": "email" } - name: default manifest: |- { - "description": "My model", + "display_name": "Test Slack Channel", "labels": { - "my_model": "foo" + "channel_name": "#foobar" }, - "name": "default", - "online_prediction_console_logging": true, - "online_prediction_logging": true, - "regions": [ - "us-central1" - ] + "sensitive_labels": [ + { + "auth_token": "one" + } + ], + "type": "slack" } argumentDocs: create: '- Default is 20 minutes.' - default_version: |- + delete: '- Default is 20 minutes.' + description: |- - (Optional) - The default version of the model. This version will be used to handle - prediction requests that do not specify a version. - Structure is documented below. - default_version.name: |- + An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters. + display_name: |- - - (Required) - The name specified for the version when it was created. - delete: '- Default is 20 minutes.' - description: |- + (Optional) + An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters. + enabled: |- - (Optional) - The description specified for the model when it was created. - id: '- an identifier for the resource with format projects/{{project}}/models/{{name}}' + Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future. + force_delete: |- + - (Optional) If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + id: '- an identifier for the resource with format {{name}}' labels: |- - (Optional) - One or more labels that you can add, to organize your models. + Configuration fields that define the channel and its behavior. The + permissible and required labels are specified in the + NotificationChannelDescriptor corresponding to the type field. + Labels with sensitive data are obfuscated by the API and therefore Terraform cannot + determine if there are upstream changes to these fields. They can also be configured via + the sensitive_labels block, but cannot be configured in both places. name: |- + - + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + sensitive_labels: |- + - + (Optional) + Different notification type behaviors are configured primarily using the the labels field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the labels map in the api request. + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + Structure is documented below. + sensitive_labels.auth_token: |- + - + (Optional) + An authorization token for a notification channel. Channel types that support this field include: slack + Note: This property is sensitive and will not be displayed in the plan. + sensitive_labels.password: |- + - + (Optional) + An password for a notification channel. Channel types that support this field include: webhook_basicauth + Note: This property is sensitive and will not be displayed in the plan. + sensitive_labels.service_key: |- + - + (Optional) + An servicekey token for a notification channel. Channel types that support this field include: pagerduty + Note: This property is sensitive and will not be displayed in the plan. + type: |- - (Required) - The name specified for the model. - online_prediction_console_logging: |- + The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as "email", "slack", etc... + update: '- Default is 20 minutes.' + user_labels: |- - (Optional) - If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging - online_prediction_logging: |- + User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. + verification_status: |- + - + Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel. + importStatements: [] + google_monitoring_service: + subCategory: Cloud (Stackdriver) Monitoring + description: A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern. + name: google_monitoring_service + title: "" + examples: + - name: my_service + manifest: |- + { + "basic_service": [ + { + "service_labels": { + "module_id": "another-module-id" + }, + "service_type": "APP_ENGINE" + } + ], + "display_name": "My Service my-service", + "service_id": "my-service", + "user_labels": { + "my_key": "my_value", + "my_other_key": "my_other_value" + } + } + argumentDocs: + basic_service: |- - (Optional) - If true, online prediction access logs are sent to StackDriver Logging. + A well-known service type, defined by its service type and service labels. + Valid values of service types and services labels are described at + https://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli + Structure is documented below. + basic_service.service_labels: |- + - + (Optional) + Labels that specify the resource that emits the monitoring data + which is used for SLO reporting of this Service. + basic_service.service_type: |- + - + (Optional) + The type of service that this basic service defines, e.g. + APP_ENGINE service type + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + Name used for UI elements listing this Service. + id: '- an identifier for the resource with format projects/{{project}}/services/{{service_id}}' + name: |- + - + The full resource name for this service. The syntax is: + projects/[PROJECT_ID]/services/[SERVICE_ID]. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - regions: |- + service_id: |- + - + (Required) + An optional service ID to use. If not given, the server will generate a + service ID. + telemetry: |- + - + Configuration for how to query telemetry on a Service. + Structure is documented below. + telemetry.resource_name: |- - (Optional) - The list of regions where the model is going to be deployed. - Currently only one region per model is supported + The full name of the resource that defines this service. + Formatted as described in + https://cloud.google.com/apis/design/resource_names. + update: '- Default is 20 minutes.' + user_labels: |- + - + (Optional) + Labels which have been used to annotate the service. Label keys must start + with a letter. Label keys and values may contain lowercase letters, + numbers, underscores, and dashes. Label keys and values have a maximum + length of 63 characters, and must be less than 128 bytes in size. Up to 64 + label entries may be stored. For labels which do not have a semantic value, + the empty string may be supplied for the label value. importStatements: [] - google_monitoring_alert_policy: + google_monitoring_slo: subCategory: Cloud (Stackdriver) Monitoring - description: A description of the conditions under which some aspect of your system is considered to be "unhealthy" and the ways to notify people or services about this state. - name: google_monitoring_alert_policy + description: A Service-Level Objective (SLO) describes the level of desired good service. + name: google_monitoring_slo title: "" examples: - - name: alert_policy + - name: appeng_slo manifest: |- { - "combiner": "OR", - "conditions": [ + "basic_sli": [ { - "condition_threshold": [ + "latency": [ { - "aggregations": [ + "threshold": "1s" + } + ] + } + ], + "calendar_period": "DAY", + "display_name": "Terraform Test SLO for App Engine", + "goal": 0.9, + "service": "${data.google_monitoring_app_engine_service.default.service_id}", + "slo_id": "ae-slo", + "user_labels": { + "my_key": "my_value", + "my_other_key": "my_other_value" + } + } + references: + service: data.google_monitoring_app_engine_service.default.service_id + - name: request_based_slo + manifest: |- + { + "display_name": "Terraform Test SLO with request based SLI (good total ratio)", + "goal": 0.9, + "request_based_sli": [ + { + "distribution_cut": [ + { + "distribution_filter": "metric.type=\"serviceruntime.googleapis.com/api/request_latencies\" resource.type=\"api\" ", + "range": [ { - "alignment_period": "60s", - "per_series_aligner": "ALIGN_RATE" + "max": 0.5 + } + ] + } + ] + } + ], + "rolling_period_days": 30, + "service": "${google_monitoring_custom_service.customsrv.service_id}", + "slo_id": "consumed-api-slo" + } + references: + service: google_monitoring_custom_service.customsrv.service_id + dependencies: + google_monitoring_custom_service.customsrv: |- + { + "display_name": "My Custom Service", + "service_id": "custom-srv-request-slos" + } + - name: windows_based + manifest: |- + { + "calendar_period": "FORTNIGHT", + "display_name": "Terraform Test SLO with window based SLI", + "goal": 0.95, + "service": "${google_monitoring_custom_service.customsrv.service_id}", + "windows_based_sli": [ + { + "good_bad_metric_filter": "${join(\" AND \", [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ])}", + "window_period": "400s" + } + ] + } + references: + service: google_monitoring_custom_service.customsrv.service_id + dependencies: + google_monitoring_custom_service.customsrv: |- + { + "display_name": "My Custom Service", + "service_id": "custom-srv-windows-slos" + } + - name: windows_based + manifest: |- + { + "display_name": "Terraform Test SLO with window based SLI", + "goal": 0.9, + "rolling_period_days": 20, + "service": "${google_monitoring_custom_service.customsrv.service_id}", + "windows_based_sli": [ + { + "metric_mean_in_range": [ + { + "range": [ + { + "max": 5 } ], - "comparison": "COMPARISON_GT", - "duration": "60s", - "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" + "time_series": "${join(\" AND \", [\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n ])}" } ], - "display_name": "test condition" + "window_period": "600s" } - ], - "display_name": "My Alert Policy", - "user_labels": { - "foo": "bar" - } + ] } - - name: alert_policy + references: + service: google_monitoring_custom_service.customsrv.service_id + dependencies: + google_monitoring_custom_service.customsrv: |- + { + "display_name": "My Custom Service", + "service_id": "custom-srv-windows-slos" + } + - name: windows_based manifest: |- { - "combiner": "OR", - "conditions": [ + "display_name": "Terraform Test SLO with window based SLI", + "goal": 0.9, + "rolling_period_days": 20, + "service": "${google_monitoring_custom_service.customsrv.service_id}", + "windows_based_sli": [ { - "condition_threshold": [ + "metric_sum_in_range": [ { - "aggregations": [ + "range": [ { - "alignment_period": "60s", - "per_series_aligner": "ALIGN_RATE" + "max": 5000 } ], - "comparison": "COMPARISON_GT", - "duration": "60s", - "evaluation_missing_data": "EVALUATION_MISSING_DATA_INACTIVE", - "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" + "time_series": "${join(\" AND \", [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ])}" } ], - "display_name": "test condition" + "window_period": "400s" } - ], - "display_name": "My Alert Policy", - "user_labels": { - "foo": "bar" - } + ] } - - name: alert_policy + references: + service: google_monitoring_custom_service.customsrv.service_id + dependencies: + google_monitoring_custom_service.customsrv: |- + { + "display_name": "My Custom Service", + "service_id": "custom-srv-windows-slos" + } + - name: windows_based manifest: |- { - "combiner": "OR", - "conditions": [ + "display_name": "Terraform Test SLO with window based SLI", + "goal": 0.9, + "rolling_period_days": 20, + "service": "${google_monitoring_custom_service.customsrv.service_id}", + "windows_based_sli": [ { - "condition_threshold": [ + "good_total_ratio_threshold": [ { - "aggregations": [ + "performance": [ { - "alignment_period": "60s", - "per_series_aligner": "ALIGN_RATE" + "distribution_cut": [ + { + "distribution_filter": "${join(\" AND \", [\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n ])}", + "range": [ + { + "max": 9, + "min": 1 + } + ] + } + ] } ], - "comparison": "COMPARISON_GT", - "duration": "60s", - "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"", - "forecast_options": [ - { - "forecast_horizon": "3600s" - } - ] + "threshold": 0.1 } ], - "display_name": "test condition" + "window_period": "100s" } - ], - "display_name": "My Alert Policy", - "user_labels": { - "foo": "bar" - } + ] } + references: + service: google_monitoring_custom_service.customsrv.service_id + dependencies: + google_monitoring_custom_service.customsrv: |- + { + "display_name": "My Custom Service", + "service_id": "custom-srv-windows-slos" + } argumentDocs: - aggregations.alignment_period: |- + availability.enabled: |- - (Optional) - The alignment period for per-time - series alignment. If present, - alignmentPeriod must be at least - 60 seconds. After per-time series - alignment, each time series will - contain data points only on the - period boundaries. If - perSeriesAligner is not specified - or equals ALIGN_NONE, then this - field is ignored. If - perSeriesAligner is specified and - does not equal ALIGN_NONE, then - this field must be defined; - otherwise an error is returned. - aggregations.cross_series_reducer: |- + Whether an availability SLI is enabled or not. Must be set to true. Defaults to true. + basic_sli: |- - (Optional) - The approach to be used to combine - time series. Not all reducer - functions may be applied to all - time series, depending on the - metric type and the value type of - the original time series. - Reduction may change the metric - type of value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - Possible values are: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05. - aggregations.group_by_fields: |- + Basic Service-Level Indicator (SLI) on a well-known service type. + Performance will be computed on the basis of pre-defined metrics. + SLIs are used to measure and calculate the quality of the Service's + performance with respect to a single aspect of service quality. + Exactly one of the following must be set: + basic_sli, request_based_sli, windows_based_sli + Structure is documented below. + basic_sli.availability: |- - (Optional) - The set of fields to preserve when - crossSeriesReducer is specified. - The groupByFields determine how - the time series are partitioned - into subsets prior to applying the - aggregation function. Each subset - contains time series that have the - same value for each of the - grouping fields. Each individual - time series is a member of exactly - one subset. The crossSeriesReducer - is applied to each subset of time - series. It is not possible to - reduce across different resource - types, so this field implicitly - contains resource.type. Fields not - specified in groupByFields are - aggregated away. If groupByFields - is not specified and all the time - series have the same resource - type, then the time series are - aggregated into a single output - time series. If crossSeriesReducer - is not defined, this field is - ignored. - aggregations.per_series_aligner: |- + Availability based SLI, dervied from count of requests made to this service that return successfully. + Structure is documented below. + basic_sli.latency: |- - (Optional) - The approach to be used to align - individual time series. Not all - alignment functions may be applied - to all time series, depending on - the metric type and value type of - the original time series. - Alignment may change the metric - type or the value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - Possible values are: ALIGN_NONE, ALIGN_DELTA, ALIGN_RATE, ALIGN_INTERPOLATE, ALIGN_NEXT_OLDER, ALIGN_MIN, ALIGN_MAX, ALIGN_MEAN, ALIGN_COUNT, ALIGN_SUM, ALIGN_STDDEV, ALIGN_COUNT_TRUE, ALIGN_COUNT_FALSE, ALIGN_FRACTION_TRUE, ALIGN_PERCENTILE_99, ALIGN_PERCENTILE_95, ALIGN_PERCENTILE_50, ALIGN_PERCENTILE_05, ALIGN_PERCENT_CHANGE. - alert_strategy.auto_close: |- + Parameters for a latency threshold SLI. + Structure is documented below. + basic_sli.location: |- - (Optional) - If an alert policy that was active has no data for this long, any open incidents will close. - alert_strategy.notification_channel_strategy: |- + An optional set of locations to which this SLI is relevant. + Telemetry from other locations will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + locations in which the Service has activity. For service types + that don't support breaking down by location, setting this + field will result in an error. + basic_sli.method: |- - (Optional) - Control over how the notification channels in notification_channels - are notified when this alert fires, on a per-channel basis. - Structure is documented below. - alert_strategy.notification_rate_limit: |- + An optional set of RPCs to which this SLI is relevant. + Telemetry from other methods will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + the Service's methods. For service types that don't support + breaking down by method, setting this field will result in an + error. + basic_sli.version: |- - (Optional) - Required for alert policies with a LogMatch condition. - This limit is not implemented for alert policies that are not log-based. - Structure is documented below. - combiner: |- + The set of API versions to which this SLI is relevant. + Telemetry from other API versions will not be used to + calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don't support breaking down by version, setting this + field will result in an error. + basic_sli_performance.availability: |- - - (Required) - How to combine the results of multiple conditions to - determine if an incident should be opened. - Possible values are: AND, OR, AND_WITH_MATCHING_RESOURCE. - condition_absent.aggregations: |- + (Optional) + Availability based SLI, dervied from count of requests made to this service that return successfully. + Structure is documented below. + basic_sli_performance.latency: |- - (Optional) - Specifies the alignment of data points in - individual time series as well as how to - combine the retrieved time series together - (such as when aggregating multiple streams - on each resource to a single stream for each - resource or when aggregating streams across - all members of a group of resources). - Multiple aggregations are applied in the - order specified. + Parameters for a latency threshold SLI. Structure is documented below. - condition_absent.duration: |- + basic_sli_performance.location: |- - - (Required) - The amount of time that a time series must - fail to report new data to be considered - failing. Currently, only values that are a - multiple of a minute--e.g. 60s, 120s, or 300s - --are supported. - condition_absent.filter: |- + (Optional) + An optional set of locations to which this SLI is relevant. + Telemetry from other locations will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + locations in which the Service has activity. For service types + that don't support breaking down by location, setting this + field will result in an error. + basic_sli_performance.method: |- - (Optional) - A filter that identifies which time series - should be compared with the threshold.The - filter is similar to the one that is - specified in the - MetricService.ListTimeSeries request (that - call is useful to verify the time series - that will be retrieved / processed) and must - specify the metric type and optionally may - contain restrictions on resource type, - resource labels, and metric labels. This - field may not exceed 2048 Unicode characters - in length. - condition_absent.trigger: |- + An optional set of RPCs to which this SLI is relevant. + Telemetry from other methods will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + the Service's methods. For service types that don't support + breaking down by method, setting this field will result in an + error. + basic_sli_performance.version: |- - (Optional) - The number/percent of time series for which - the comparison must hold in order for the - condition to trigger. If unspecified, then - the condition will trigger if the comparison - is true for any of the time series that have - been identified by filter and aggregations. - Structure is documented below. - condition_matched_log.filter: |- + The set of API versions to which this SLI is relevant. + Telemetry from other API versions will not be used to + calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don't support breaking down by version, setting this + field will result in an error. + calendar_period: |- - - (Required) - A logs-based filter. - condition_matched_log.label_extractors: |- + (Optional) + A calendar period, semantically "since the start of the current + ". + Possible values are: DAY, WEEK, FORTNIGHT, MONTH. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- - (Optional) - A map from a label key to an extractor expression, which is used to - extract the value for this label key. Each entry in this map is - a specification for how data should be extracted from log entries that - match filter. Each combination of extracted values is treated as - a separate rule for the purposes of triggering notifications. - Label keys and corresponding values can be used in notifications - generated by this condition. - condition_monitoring_query_language.duration: |- + Name used for UI elements listing this SLO. + distribution_cut.distribution_filter: |- - (Required) - The amount of time that a time series must - violate the threshold to be considered - failing. Currently, only values that are a - multiple of a minute--e.g., 0, 60, 120, or - 300 seconds--are supported. If an invalid - value is given, an error will be returned. - When choosing a duration, it is useful to - keep in mind the frequency of the underlying - time series data (which may also be affected - by any alignments specified in the - aggregations field); a good duration is long - enough so that a single outlier does not - generate spurious alerts, but short enough - that unhealthy states are detected and - alerted on quickly. - condition_monitoring_query_language.evaluation_missing_data: |- + A TimeSeries monitoring filter + aggregating values to quantify the good service provided. + Must have ValueType = DISTRIBUTION and + MetricKind = DELTA or MetricKind = CUMULATIVE. + distribution_cut.range: |- - - (Optional) - A condition control that determines how - metric-threshold conditions are evaluated when - data stops arriving. - Possible values are: EVALUATION_MISSING_DATA_INACTIVE, EVALUATION_MISSING_DATA_ACTIVE, EVALUATION_MISSING_DATA_NO_OP. - condition_monitoring_query_language.query: |- + (Required) + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. + Structure is documented below. + goal: |- - (Required) - Monitoring Query Language query that outputs a boolean stream. - condition_monitoring_query_language.trigger: |- + The fraction of service that must be good in order for this objective + to be met. 0 < goal <= 0.999 + good_total_ratio.bad_service_filter: |- - (Optional) - The number/percent of time series for which - the comparison must hold in order for the - condition to trigger. If unspecified, then - the condition will trigger if the comparison - is true for any of the time series that have - been identified by filter and aggregations, - or by the ratio, if denominator_filter and - denominator_aggregations are specified. - Structure is documented below. - condition_prometheus_query_language.alert_rule: |- + A TimeSeries monitoring filter + quantifying bad service provided, either demanded service that + was not provided or demanded service that was of inadequate + quality. + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + Exactly two of good_service_filter,bad_service_filter,total_service_filter + must be set (good + bad = total is assumed). + good_total_ratio.good_service_filter: |- - (Optional) - The alerting rule name of this alert in the corresponding Prometheus - configuration file. - Some external tools may require this field to be populated correctly - in order to refer to the original Prometheus configuration file. - The rule group name and the alert name are necessary to update the - relevant AlertPolicies in case the definition of the rule group changes - in the future. - This field is optional. If this field is not empty, then it must be a - valid Prometheus label name. - condition_prometheus_query_language.alert_strategy: |- + A TimeSeries monitoring filter + quantifying good service provided. + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + Exactly two of good_service_filter,bad_service_filter,total_service_filter + must be set (good + bad = total is assumed). + good_total_ratio.total_service_filter: |- - (Optional) - Control over how this alert policy's notification channels are notified. - Structure is documented below. - condition_prometheus_query_language.documentation: |- + A TimeSeries monitoring filter + quantifying total demanded service. + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + Exactly two of good_service_filter,bad_service_filter,total_service_filter + must be set (good + bad = total is assumed). + good_total_ratio_threshold.basic_sli_performance: |- - (Optional) - Documentation that is included with notifications and incidents related - to this policy. Best practice is for the documentation to include information - to help responders understand, mitigate, escalate, and correct the underlying - problems detected by the alerting policy. Notification channels that have - limited capacity might not show this documentation. + Basic SLI to evaluate to judge window quality. Structure is documented below. - condition_prometheus_query_language.duration: |- + good_total_ratio_threshold.performance: |- - (Optional) - Alerts are considered firing once their PromQL expression evaluated - to be "true" for this long. Alerts whose PromQL expression was not - evaluated to be "true" for long enough are considered pending. The - default value is zero. Must be zero or positive. - condition_prometheus_query_language.enabled: |- + Request-based SLI to evaluate to judge window quality. + Structure is documented below. + good_total_ratio_threshold.threshold: |- - (Optional) - Whether or not the policy is enabled. The default is true. - condition_prometheus_query_language.evaluation_interval: |- + If window performance >= threshold, the window is counted + as good. + id: '- an identifier for the resource with format {{name}}' + latency.threshold: |- - (Required) - How often this rule should be evaluated. Must be a positive multiple - of 30 seconds or missing. The default value is 30 seconds. If this - PrometheusQueryLanguageCondition was generated from a Prometheus - alerting rule, then this value should be taken from the enclosing - rule group. - condition_prometheus_query_language.labels: |- - - - (Optional) - Labels to add to or overwrite in the PromQL query result. Label names - must be valid. - Label values can be templatized by using variables. The only available - variable names are the names of the labels in the PromQL result, including - "name" and "value". "labels" may be empty. This field is intended to be - used for organizing and identifying the AlertPolicy - condition_prometheus_query_language.notification_channels: |- - - - (Optional) - Identifies the notification channels to which notifications should be - sent when incidents are opened or closed or when new violations occur - on an already opened incident. Each element of this array corresponds - to the name field in each of the NotificationChannel objects that are - returned from the notificationChannels.list method. The syntax of the - entries in this field is - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - condition_prometheus_query_language.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - condition_prometheus_query_language.query: |- + A duration string, e.g. 10s. + Good service is defined to be the count of requests made to + this service that return in no more than threshold. + metric_mean_in_range.range: |- - (Required) - The PromQL expression to evaluate. Every evaluation cycle this - expression is evaluated at the current time, and all resultant time - series become pending/firing alerts. This field must not be empty. - condition_prometheus_query_language.rule_group: |- - - - (Optional) - The rule group name of this alert in the corresponding Prometheus - configuration file. - Some external tools may require this field to be populated correctly - in order to refer to the original Prometheus configuration file. - The rule group name and the alert name are necessary to update the - relevant AlertPolicies in case the definition of the rule group changes - in the future. - This field is optional. If this field is not empty, then it must be a - valid Prometheus label name. - condition_prometheus_query_language.user_labels: |- + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. Mean value X of time_series + values should satisfy range.min <= X <= range.max for a + good service. + Structure is documented below. + metric_mean_in_range.time_series: |- - - (Optional) - This field is intended to be used for organizing and identifying the AlertPolicy - objects.The field can contain up to 64 entries. Each key and value is limited - to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values - can contain only lowercase letters, numerals, underscores, and dashes. Keys - must begin with a letter. - condition_threshold.aggregations: |- + (Required) + A monitoring filter + specifying the TimeSeries to use for evaluating window + The provided TimeSeries must have ValueType = INT64 or + ValueType = DOUBLE and MetricKind = GAUGE. Mean value X + should satisfy range.min <= X <= range.max + under good service. + metric_sum_in_range.range: |- - - (Optional) - Specifies the alignment of data points in - individual time series as well as how to - combine the retrieved time series together - (such as when aggregating multiple streams - on each resource to a single stream for each - resource or when aggregating streams across - all members of a group of resources). - Multiple aggregations are applied in the - order specified.This field is similar to the - one in the MetricService.ListTimeSeries - request. It is advisable to use the - ListTimeSeries method when debugging this - field. + (Required) + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. Summed value X should satisfy + range.min <= X <= range.max for a good window. Structure is documented below. - condition_threshold.comparison: |- + metric_sum_in_range.time_series: |- - (Required) - The comparison to apply between the time - series (indicated by filter and aggregation) - and the threshold (indicated by - threshold_value). The comparison is applied - on each time series, with the time series on - the left-hand side and the threshold on the - right-hand side. Only COMPARISON_LT and - COMPARISON_GT are supported currently. - Possible values are: COMPARISON_GT, COMPARISON_GE, COMPARISON_LT, COMPARISON_LE, COMPARISON_EQ, COMPARISON_NE. - condition_threshold.denominator_aggregations: |- + A monitoring filter + specifying the TimeSeries to use for evaluating window + quality. The provided TimeSeries must have + ValueType = INT64 or ValueType = DOUBLE and + MetricKind = GAUGE. + Summed value X should satisfy + range.min <= X <= range.max for a good window. + name: |- + - + The full resource name for this service. The syntax is: + projects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME] + performance.distribution_cut: |- - (Optional) - Specifies the alignment of data points in - individual time series selected by - denominatorFilter as well as how to combine - the retrieved time series together (such as - when aggregating multiple streams on each - resource to a single stream for each - resource or when aggregating streams across - all members of a group of resources).When - computing ratios, the aggregations and - denominator_aggregations fields must use the - same alignment period and produce time - series that have the same periodicity and - labels.This field is similar to the one in - the MetricService.ListTimeSeries request. It - is advisable to use the ListTimeSeries - method when debugging this field. + Used when good_service is defined by a count of values aggregated in a + Distribution that fall into a good range. The total_service is the + total count of all values aggregated in the Distribution. + Defines a distribution TimeSeries filter and thresholds used for + measuring good service and total service. Structure is documented below. - condition_threshold.denominator_filter: |- + performance.good_total_ratio: |- - (Optional) - A filter that identifies a time series that - should be used as the denominator of a ratio - that will be compared with the threshold. If - a denominator_filter is specified, the time - series specified by the filter field will be - used as the numerator.The filter is similar - to the one that is specified in the - MetricService.ListTimeSeries request (that - call is useful to verify the time series - that will be retrieved / processed) and must - specify the metric type and optionally may - contain restrictions on resource type, - resource labels, and metric labels. This - field may not exceed 2048 Unicode characters - in length. - condition_threshold.duration: |- - - - (Required) - The amount of time that a time series must - violate the threshold to be considered - failing. Currently, only values that are a - multiple of a minute--e.g., 0, 60, 120, or - 300 seconds--are supported. If an invalid - value is given, an error will be returned. - When choosing a duration, it is useful to - keep in mind the frequency of the underlying - time series data (which may also be affected - by any alignments specified in the - aggregations field); a good duration is long - enough so that a single outlier does not - generate spurious alerts, but short enough - that unhealthy states are detected and - alerted on quickly. - condition_threshold.evaluation_missing_data: |- + A means to compute a ratio of good_service to total_service. + Defines computing this ratio with two TimeSeries monitoring filters + Must specify exactly two of good, bad, and total service filters. + The relationship good_service + bad_service = total_service + will be assumed. + Structure is documented below. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + range.max: |- - (Optional) - A condition control that determines how - metric-threshold conditions are evaluated when - data stops arriving. - Possible values are: EVALUATION_MISSING_DATA_INACTIVE, EVALUATION_MISSING_DATA_ACTIVE, EVALUATION_MISSING_DATA_NO_OP. - condition_threshold.filter: |- + max value for the range (inclusive). If not given, + will be set to 0 + range.min: |- - (Optional) - A filter that identifies which time series - should be compared with the threshold.The - filter is similar to the one that is - specified in the - MetricService.ListTimeSeries request (that - call is useful to verify the time series - that will be retrieved / processed) and must - specify the metric type and optionally may - contain restrictions on resource type, - resource labels, and metric labels. This - field may not exceed 2048 Unicode characters - in length. - condition_threshold.forecast_options: |- + Min value for the range (inclusive). If not given, + will be set to 0 + request_based_sli: |- - (Optional) - When this field is present, the MetricThreshold - condition forecasts whether the time series is - predicted to violate the threshold within the - forecastHorizon. When this field is not set, the - MetricThreshold tests the current value of the - timeseries against the threshold. + A request-based SLI defines a SLI for which atomic units of + service are counted directly. + A SLI describes a good service. + It is used to measure and calculate the quality of the Service's + performance with respect to a single aspect of service quality. + Exactly one of the following must be set: + basic_sli, request_based_sli, windows_based_sli Structure is documented below. - condition_threshold.threshold_value: |- + request_based_sli.distribution_cut: |- - (Optional) - A value against which to compare the time - series. - condition_threshold.trigger: |- + Used when good_service is defined by a count of values aggregated in a + Distribution that fall into a good range. The total_service is the + total count of all values aggregated in the Distribution. + Defines a distribution TimeSeries filter and thresholds used for + measuring good service and total service. + Exactly one of distribution_cut or good_total_ratio can be set. + Structure is documented below. + request_based_sli.good_total_ratio: |- - (Optional) - The number/percent of time series for which - the comparison must hold in order for the - condition to trigger. If unspecified, then - the condition will trigger if the comparison - is true for any of the time series that have - been identified by filter and aggregations, - or by the ratio, if denominator_filter and - denominator_aggregations are specified. + A means to compute a ratio of good_service to total_service. + Defines computing this ratio with two TimeSeries monitoring filters + Must specify exactly two of good, bad, and total service filters. + The relationship good_service + bad_service = total_service + will be assumed. + Exactly one of distribution_cut or good_total_ratio can be set. Structure is documented below. - conditions: |- + rolling_period_days: |- + - + (Optional) + A rolling time period, semantically "in the past X days". + Must be between 1 to 30 days, inclusive. + service: |- - (Required) - A list of conditions for the policy. The conditions are combined by - AND or OR according to the combiner field. If the combined conditions - evaluate to true, then an incident is created. A policy can have from - one to six conditions. - Structure is documented below. - conditions.condition_absent: |- + ID of the service to which this SLO belongs. + slo_id: |- - (Optional) - A condition that checks that a time series - continues to receive new data points. - Structure is documented below. - conditions.condition_matched_log: |- + The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead. + update: '- Default is 20 minutes.' + user_labels: |- - (Optional) - A condition that checks for log messages matching given constraints. - If set, no other conditions can be present. - Structure is documented below. - conditions.condition_monitoring_query_language: |- + This field is intended to be used for organizing and identifying the AlertPolicy + objects.The field can contain up to 64 entries. Each key and value is limited + to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values + can contain only lowercase letters, numerals, underscores, and dashes. Keys + must begin with a letter. + windows_based_sli: |- - (Optional) - A Monitoring Query Language query that outputs a boolean stream + A windows-based SLI defines the criteria for time windows. + good_service is defined based off the count of these time windows + for which the provided service was of good quality. + A SLI describes a good service. It is used to measure and calculate + the quality of the Service's performance with respect to a single + aspect of service quality. + Exactly one of the following must be set: + basic_sli, request_based_sli, windows_based_sli Structure is documented below. - conditions.condition_prometheus_query_language: |- + windows_based_sli.good_bad_metric_filter: |- - (Optional) - A Monitoring Query Language query that outputs a boolean stream - A condition type that allows alert policies to be defined using - Prometheus Query Language (PromQL). - The PrometheusQueryLanguageCondition message contains information - from a Prometheus alerting rule and its associated rule group. - Structure is documented below. - conditions.condition_threshold: |- + A TimeSeries monitoring filter + with ValueType = BOOL. The window is good if any true values + appear in the window. One of good_bad_metric_filter, + good_total_ratio_threshold, metric_mean_in_range, + metric_sum_in_range must be set for windows_based_sli. + windows_based_sli.good_total_ratio_threshold: |- - (Optional) - A condition that compares a time series against a - threshold. + Criterion that describes a window as good if its performance is + high enough. One of good_bad_metric_filter, + good_total_ratio_threshold, metric_mean_in_range, + metric_sum_in_range must be set for windows_based_sli. Structure is documented below. - conditions.display_name: |- - - - (Required) - A short name or phrase used to identify the - condition in dashboards, notifications, and - incidents. To avoid confusion, don't use the same - display name for multiple conditions in the same - policy. - conditions.name: |- - - - (Output) - The unique resource name for this condition. - Its syntax is: - projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] - [CONDITION_ID] is assigned by Stackdriver Monitoring when - the condition is created as part of a new or updated alerting - policy. - create: '- Default is 20 minutes.' - creation_record: |- + windows_based_sli.metric_mean_in_range: |- - - A read-only record of the creation of the alerting policy. - If provided in a call to create or update, this field will - be ignored. + (Optional) + Criterion that describes a window as good if the metric's value + is in a good range, averaged across returned streams. + One of good_bad_metric_filter, + good_total_ratio_threshold, metric_mean_in_range, + metric_sum_in_range must be set for windows_based_sli. + Average value X of time_series should satisfy + range.min <= X <= range.max for a good window. Structure is documented below. - creation_record.mutate_time: |- - - - (Output) - When the change occurred. - creation_record.mutated_by: |- + windows_based_sli.metric_sum_in_range: |- - - (Output) - The email address of the user making the change. - delete: '- Default is 20 minutes.' - denominator_aggregations.alignment_period: |- + (Optional) + Criterion that describes a window as good if the metric's value + is in a good range, summed across returned streams. + Summed value X of time_series should satisfy + range.min <= X <= range.max for a good window. + One of good_bad_metric_filter, + good_total_ratio_threshold, metric_mean_in_range, + metric_sum_in_range must be set for windows_based_sli. + Structure is documented below. + windows_based_sli.window_period: |- - (Optional) - The alignment period for per-time - series alignment. If present, - alignmentPeriod must be at least - 60 seconds. After per-time series - alignment, each time series will - contain data points only on the - period boundaries. If - perSeriesAligner is not specified - or equals ALIGN_NONE, then this - field is ignored. If - perSeriesAligner is specified and - does not equal ALIGN_NONE, then - this field must be defined; - otherwise an error is returned. - denominator_aggregations.cross_series_reducer: |- + Duration over which window quality is evaluated, given as a + duration string "{X}s" representing X seconds. Must be an + integer fraction of a day and at least 60s. + importStatements: [] + google_monitoring_uptime_check_config: + subCategory: Cloud (Stackdriver) Monitoring + description: This message configures which resources and services to monitor for availability. + name: google_monitoring_uptime_check_config + title: "" + examples: + - name: http + manifest: |- + { + "checker_type": "STATIC_IP_CHECKERS", + "content_matchers": [ + { + "content": "\"example\"", + "json_path_matcher": [ + { + "json_matcher": "EXACT_MATCH", + "json_path": "$.path" + } + ], + "matcher": "MATCHES_JSON_PATH" + } + ], + "display_name": "http-uptime-check", + "http_check": [ + { + "body": "Zm9vJTI1M0RiYXI=", + "content_type": "USER_PROVIDED", + "custom_content_type": "application/json", + "path": "some-path", + "ping_config": [ + { + "pings_count": 1 + } + ], + "port": "8010", + "request_method": "POST" + } + ], + "monitored_resource": [ + { + "labels": { + "host": "192.168.1.1", + "project_id": "my-project-name" + }, + "type": "uptime_url" + } + ], + "timeout": "60s", + "user_labels": { + "example-key": "example-value" + } + } + - name: status_code + manifest: |- + { + "checker_type": "STATIC_IP_CHECKERS", + "content_matchers": [ + { + "content": "\"example\"", + "json_path_matcher": [ + { + "json_matcher": "EXACT_MATCH", + "json_path": "$.path" + } + ], + "matcher": "MATCHES_JSON_PATH" + } + ], + "display_name": "http-uptime-check", + "http_check": [ + { + "accepted_response_status_codes": [ + { + "status_class": "STATUS_CLASS_2XX" + }, + { + "status_value": 301 + }, + { + "status_value": 302 + } + ], + "body": "Zm9vJTI1M0RiYXI=", + "content_type": "URL_ENCODED", + "path": "some-path", + "port": "8010", + "request_method": "POST" + } + ], + "monitored_resource": [ + { + "labels": { + "host": "192.168.1.1", + "project_id": "my-project-name" + }, + "type": "uptime_url" + } + ], + "timeout": "60s" + } + - name: https + manifest: |- + { + "content_matchers": [ + { + "content": "example", + "json_path_matcher": [ + { + "json_matcher": "REGEX_MATCH", + "json_path": "$.path" + } + ], + "matcher": "MATCHES_JSON_PATH" + } + ], + "display_name": "https-uptime-check", + "http_check": [ + { + "path": "/some-path", + "port": "443", + "use_ssl": true, + "validate_ssl": true + } + ], + "monitored_resource": [ + { + "labels": { + "host": "192.168.1.1", + "project_id": "my-project-name" + }, + "type": "uptime_url" + } + ], + "timeout": "60s" + } + - name: tcp_group + manifest: |- + { + "display_name": "tcp-uptime-check", + "resource_group": [ + { + "group_id": "${google_monitoring_group.check.name}", + "resource_type": "INSTANCE" + } + ], + "tcp_check": [ + { + "ping_config": [ + { + "pings_count": 2 + } + ], + "port": 888 + } + ], + "timeout": "60s" + } + references: + resource_group.group_id: google_monitoring_group.check.name + dependencies: + google_monitoring_group.check: |- + { + "display_name": "uptime-check-group", + "filter": "resource.metadata.name=has_substring(\"foo\")" + } + - name: synthetic_monitor + manifest: |- + { + "display_name": "synthetic_monitor", + "synthetic_monitor": [ + { + "cloud_function_v2": [ + { + "name": "${google_cloudfunctions2_function.function.id}" + } + ] + } + ], + "timeout": "60s" + } + references: + synthetic_monitor.cloud_function_v2.name: google_cloudfunctions2_function.function.id + dependencies: + google_cloudfunctions2_function.function: |- + { + "build_config": [ + { + "entry_point": "SyntheticFunction", + "runtime": "nodejs16", + "source": [ + { + "storage_source": [ + { + "bucket": "${google_storage_bucket.bucket.name}", + "object": "${google_storage_bucket_object.object.name}" + } + ] + } + ] + } + ], + "location": "us-central1", + "name": "synthetic_function", + "service_config": [ + { + "available_memory": "256M", + "max_instance_count": 1, + "timeout_seconds": 60 + } + ] + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "my-project-name-gcf-source", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.object: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "name": "function-source.zip", + "source": "synthetic-fn-source.zip" + } + argumentDocs: + accepted_response_status_codes.status_class: |- - (Optional) - The approach to be used to combine - time series. Not all reducer - functions may be applied to all - time series, depending on the - metric type and the value type of - the original time series. - Reduction may change the metric - type of value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - Possible values are: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05. - denominator_aggregations.group_by_fields: |- + A class of status codes to accept. + Possible values are: STATUS_CLASS_1XX, STATUS_CLASS_2XX, STATUS_CLASS_3XX, STATUS_CLASS_4XX, STATUS_CLASS_5XX, STATUS_CLASS_ANY. + accepted_response_status_codes.status_value: |- - (Optional) - The set of fields to preserve when - crossSeriesReducer is specified. - The groupByFields determine how - the time series are partitioned - into subsets prior to applying the - aggregation function. Each subset - contains time series that have the - same value for each of the - grouping fields. Each individual - time series is a member of exactly - one subset. The crossSeriesReducer - is applied to each subset of time - series. It is not possible to - reduce across different resource - types, so this field implicitly - contains resource.type. Fields not - specified in groupByFields are - aggregated away. If groupByFields - is not specified and all the time - series have the same resource - type, then the time series are - aggregated into a single output - time series. If crossSeriesReducer - is not defined, this field is - ignored. - denominator_aggregations.per_series_aligner: |- + A status code to accept. + auth_info.password: |- + - + (Required) + The password to authenticate. + Note: This property is sensitive and will not be displayed in the plan. + auth_info.username: |- + - + (Required) + The username to authenticate. + checker_type: |- - (Optional) - The approach to be used to align - individual time series. Not all - alignment functions may be applied - to all time series, depending on - the metric type and value type of - the original time series. - Alignment may change the metric - type or the value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - Possible values are: ALIGN_NONE, ALIGN_DELTA, ALIGN_RATE, ALIGN_INTERPOLATE, ALIGN_NEXT_OLDER, ALIGN_MIN, ALIGN_MAX, ALIGN_MEAN, ALIGN_COUNT, ALIGN_SUM, ALIGN_STDDEV, ALIGN_COUNT_TRUE, ALIGN_COUNT_FALSE, ALIGN_FRACTION_TRUE, ALIGN_PERCENTILE_99, ALIGN_PERCENTILE_95, ALIGN_PERCENTILE_50, ALIGN_PERCENTILE_05, ALIGN_PERCENT_CHANGE. - display_name: |- + The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. + Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. + content_matchers: |- + - + (Optional) + The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required. + Structure is documented below. + content_matchers.content: |- - (Required) - A short name or phrase used to identify the policy in - dashboards, notifications, and incidents. To avoid confusion, don't use - the same display name for multiple policies in the same project. The - name is limited to 512 Unicode characters. - documentation.content: |- + String or regex content to match (max 1024 bytes) + content_matchers.json_path_matcher: |- - (Optional) - The text of the documentation, interpreted according to mimeType. - The content may not exceed 8,192 Unicode characters and may not - exceed more than 10,240 bytes when encoded in UTF-8 format, - whichever is smaller. - documentation.mime_type: |- + Information needed to perform a JSONPath content match. Used for ContentMatcherOption::MATCHES_JSON_PATH and ContentMatcherOption::NOT_MATCHES_JSON_PATH. + Structure is documented below. + content_matchers.matcher: |- - (Optional) - The format of the content field. Presently, only the value - "text/markdown" is supported. - forecast_options.forecast_horizon: |- + The type of content matcher that will be applied to the server output, compared to the content string when the check is run. + Default value is CONTAINS_STRING. + Possible values are: CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX, MATCHES_JSON_PATH, NOT_MATCHES_JSON_PATH. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- - (Required) - The length of time into the future to forecast - whether a timeseries will violate the threshold. - If the predicted value is found to violate the - threshold, and the violation is observed in all - forecasts made for the Configured duration, - then the timeseries is considered to be failing. - id: '- an identifier for the resource with format {{name}}' - name: |- + A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced. + http_check: |- - - The unique resource name for this policy. - Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID] - notification_channel_strategy.notification_channel_names: |- + (Optional) + Contains information needed to make an HTTP or HTTPS check. + Structure is documented below. + http_check.accepted_response_status_codes: |- - (Optional) - The notification channels that these settings apply to. Each of these - correspond to the name field in one of the NotificationChannel objects - referenced in the notification_channels field of this AlertPolicy. The format is - projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID] - notification_channel_strategy.renotify_interval: |- + If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299. + Structure is documented below. + http_check.auth_info: |- - (Optional) - The frequency at which to send reminder notifications for open incidents. - notification_rate_limit.period: |- + The authentication information. Optional when creating an HTTP check; defaults to empty. + Structure is documented below. + http_check.body: |- - (Optional) - Not more than one notification per period. - trigger.count: |- + The request body associated with the HTTP POST request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar and in base64 encoding is Zm9vJTI1M0RiYXI=. + http_check.content_type: |- - (Optional) - The absolute number of time series - that must fail the predicate for the - condition to be triggered. - trigger.percent: |- + The content type to use for the check. + Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. + http_check.custom_content_type: |- - (Optional) - The percentage of time series that - must fail the predicate for the - condition to be triggered. - update: '- Default is 20 minutes.' - importStatements: [] - google_monitoring_custom_service: - subCategory: Cloud (Stackdriver) Monitoring - description: A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern (Wikipedia). - name: google_monitoring_custom_service - title: "" - examples: - - name: custom - manifest: |- - { - "display_name": "My Custom Service custom-srv", - "service_id": "custom-srv", - "telemetry": [ - { - "resource_name": "//product.googleapis.com/foo/foo/services/test" - } - ], - "user_labels": { - "my_key": "my_value", - "my_other_key": "my_other_value" - } - } - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- + A user provided content type header to use for the check. The invalid configurations outlined in the content_type field apply to custom_content_type, as well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` is not set. + http_check.headers: |- - (Optional) - Name used for UI elements listing this Service. - id: '- an identifier for the resource with format {{name}}' - name: |- + The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in RFC 2616 (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. + http_check.mask_headers: |- - - The full resource name for this service. The syntax is: - projects/[PROJECT_ID]/services/[SERVICE_ID]. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - service_id: |- + (Optional) + Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to true then the headers will be obscured with ******. + http_check.path: |- - (Optional) - An optional service ID to use. If not given, the server will generate a - service ID. - telemetry: |- + The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with /, a / will be prepended automatically. Optional (defaults to /). + http_check.ping_config: |- - (Optional) - Configuration for how to query telemetry on a Service. + Contains information needed to add pings to an HTTP check. Structure is documented below. - telemetry.resource_name: |- + http_check.port: |- - (Optional) - The full name of the resource that defines this service. - Formatted as described in - https://cloud.google.com/apis/design/resource_names. - update: '- Default is 20 minutes.' - user_labels: |- + The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). + http_check.request_method: |- - (Optional) - Labels which have been used to annotate the service. Label keys must start - with a letter. Label keys and values may contain lowercase letters, - numbers, underscores, and dashes. Label keys and values have a maximum - length of 63 characters, and must be less than 128 bytes in size. Up to 64 - label entries may be stored. For labels which do not have a semantic value, - the empty string may be supplied for the label value. - importStatements: [] - google_monitoring_dashboard: - subCategory: Cloud (Stackdriver) Monitoring - description: A Google Stackdriver dashboard. - name: google_monitoring_dashboard - title: "" - examples: - - name: dashboard - manifest: |- - { - "dashboard_json": "{\n \"displayName\": \"Demo Dashboard\",\n \"gridLayout\": {\n \"widgets\": [\n {\n \"blank\": {}\n }\n ]\n }\n}\n\n" - } - - name: dashboard - manifest: |- - { - "dashboard_json": "{\n \"displayName\": \"Grid Layout Example\",\n \"gridLayout\": {\n \"columns\": \"2\",\n \"widgets\": [\n {\n \"title\": \"Widget 1\",\n \"xyChart\": {\n \"dataSets\": [{\n \"timeSeriesQuery\": {\n \"timeSeriesFilter\": {\n \"filter\": \"metric.type=\\\"agent.googleapis.com/nginx/connections/accepted_count\\\"\",\n \"aggregation\": {\n \"perSeriesAligner\": \"ALIGN_RATE\"\n }\n },\n \"unitOverride\": \"1\"\n },\n \"plotType\": \"LINE\"\n }],\n \"timeshiftDuration\": \"0s\",\n \"yAxis\": {\n \"label\": \"y1Axis\",\n \"scale\": \"LINEAR\"\n }\n }\n },\n {\n \"text\": {\n \"content\": \"Widget 2\",\n \"format\": \"MARKDOWN\"\n }\n },\n {\n \"title\": \"Widget 3\",\n \"xyChart\": {\n \"dataSets\": [{\n \"timeSeriesQuery\": {\n \"timeSeriesFilter\": {\n \"filter\": \"metric.type=\\\"agent.googleapis.com/nginx/connections/accepted_count\\\"\",\n \"aggregation\": {\n \"perSeriesAligner\": \"ALIGN_RATE\"\n }\n },\n \"unitOverride\": \"1\"\n },\n \"plotType\": \"STACKED_BAR\"\n }],\n \"timeshiftDuration\": \"0s\",\n \"yAxis\": {\n \"label\": \"y1Axis\",\n \"scale\": \"LINEAR\"\n }\n }\n }\n ]\n }\n}\n\n" - } - argumentDocs: - create: '- Default is 4 minutes.' - dashboard_json: |- + The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. + Default value is GET. + Possible values are: METHOD_UNSPECIFIED, GET, POST. + http_check.use_ssl: |- - - (Required) - The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards. - The representation of an existing dashboard can be found by using the API Explorer - delete: '- Default is 4 minutes.' - id: '- an identifier for the resource with format projects/{project_id_or_number}/dashboards/{dashboard_id}' - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update: '- Default is 4 minutes.' - importStatements: [] - google_monitoring_group: - subCategory: Cloud (Stackdriver) Monitoring - description: The description of a dynamic collection of monitored resources. - name: google_monitoring_group - title: "" - examples: - - name: basic - manifest: |- - { - "display_name": "tf-test MonitoringGroup", - "filter": "resource.metadata.region=\"europe-west2\"" - } - - name: parent - manifest: |- - { - "display_name": "tf-test MonitoringParentGroup", - "filter": "resource.metadata.region=\"europe-west2\"" - } - - name: subgroup - manifest: |- - { - "display_name": "tf-test MonitoringSubGroup", - "filter": "resource.metadata.region=\"europe-west2\"", - "parent_name": "${google_monitoring_group.parent.name}" - } - references: - parent_name: google_monitoring_group.parent.name - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- + (Optional) + If true, use HTTPS instead of HTTP to run the check. + http_check.validate_ssl: |- - - (Required) - A user-assigned name for this group, used only for display - purposes. - filter: |- + (Optional) + Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitored_resource is set to uptime_url. If use_ssl is false, setting validate_ssl to true has no effect. + id: '- an identifier for the resource with format {{name}}' + json_path_matcher.json_matcher: |- + - + (Optional) + Options to perform JSONPath content matching. + Default value is EXACT_MATCH. + Possible values are: EXACT_MATCH, REGEX_MATCH. + json_path_matcher.json_path: |- - (Required) - The filter used to determine which monitored resources - belong to this group. - id: '- an identifier for the resource with format {{name}}' - is_cluster: |- + JSONPath within the response output pointing to the expected ContentMatcher::content to match against. + monitored_resource: |- - (Optional) - If true, the members of this group are considered to be a - cluster. The system can perform additional analysis on - groups that are clusters. + The [monitored resource] + (https://cloud.google.com/monitoring/api/resources) associated with the + configuration. The following monitored resource types are supported for + uptime checks: + monitored_resource.labels: |- + - + (Required) + Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels project_id, instance_id, and zone. + monitored_resource.type: |- + - + (Required) + The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types and Logging resource types. name: |- - - A unique identifier for this group. The format is - "projects/{project_id_or_number}/groups/{group_id}". - parent_name: |- + A unique resource name for this UptimeCheckConfig. The format is projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]. + period: |- - (Optional) - The name of the group's parent, if it has one. The format is - "projects/{project_id_or_number}/groups/{group_id}". For - groups with no parent, parentName is the empty string, "". + How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s. + ping_config.pings_count: |- + - + (Required) + Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + resource_group: |- + - + (Optional) + The group resource associated with the configuration. + Structure is documented below. + resource_group.group_id: |- + - + (Optional) + The group of resources being monitored. Should be the name of a group + resource_group.resource_type: |- + - + (Optional) + The resource type of the group members. + Possible values are: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER. + selected_regions: |- + - + (Optional) + The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions. + synthetic_monitor: |- + - + (Optional) + A Synthetic Monitor deployed to a Cloud Functions V2 instance. + Structure is documented below. + synthetic_monitor.cloud_function_v2: |- + - + (Required) + Target a Synthetic Monitor GCFv2 Instance + Structure is documented below. + synthetic_monitor.cloud_function_v2.name: |- + - + (Required) + The fully qualified name of the cloud function resource. + tcp_check: |- + - + (Optional) + Contains information needed to make a TCP check. + Structure is documented below. + tcp_check.ping_config: |- + - + (Optional) + Contains information needed to add pings to a TCP check. + Structure is documented below. + tcp_check.port: |- + - + (Required) + The port to the page to run the check against. Will be combined with host (specified within the monitored_resource) to construct the full URL. + timeout: |- + - + (Required) + The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). See the accepted formats update: '- Default is 20 minutes.' + uptime_check_id: |- + - + The id of the uptime check + uptime_url: Structure is documented below. + user_labels: |- + - + (Optional) + User-supplied key/value data to be used for organizing and identifying the UptimeCheckConfig objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. importStatements: [] - google_monitoring_metric_descriptor: - subCategory: Cloud (Stackdriver) Monitoring - description: Defines a metric type and its schema. - name: google_monitoring_metric_descriptor + google_netapp_active_directory: + subCategory: Google Cloud NetApp Volumes + description: ActiveDirectory is the public representation of the active directory config. + name: google_netapp_active_directory title: "" examples: - - name: basic + - name: test_active_directory_full manifest: |- { - "description": "Daily sales records from all branch stores.", - "display_name": "metric-descriptor", - "labels": [ - { - "description": "The ID of the store.", - "key": "store_id", - "value_type": "STRING" - } + "aes_encryption": false, + "backup_operators": [ + "test1", + "test2" ], - "launch_stage": "BETA", - "metadata": [ - { - "ingest_delay": "30s", - "sample_period": "60s" - } + "description": "ActiveDirectory is the public representation of the active directory config.", + "dns": "172.30.64.3", + "domain": "ad.internal", + "encrypt_dc_connections": false, + "kdc_hostname": "hostname", + "kdc_ip": "10.10.0.11", + "labels": { + "foo": "bar" + }, + "ldap_signing": false, + "location": "us-central1", + "name": "test-active-directory-full", + "net_bios_prefix": "smbserver", + "nfs_users_with_ldap": false, + "organizational_unit": "CN=Computers", + "password": "pass", + "security_operators": [ + "test1", + "test2" ], - "metric_kind": "GAUGE", - "type": "custom.googleapis.com/stores/daily_sales", - "unit": "{USD}", - "value_type": "DOUBLE" - } - - name: with_alert - manifest: |- - { - "description": "Daily sales records from all branch stores.", - "display_name": "metric-descriptor", - "metric_kind": "GAUGE", - "type": "custom.googleapis.com/stores/daily_sales", - "unit": "{USD}", - "value_type": "DOUBLE" + "site": "test-site", + "username": "user" } - dependencies: - google_monitoring_alert_policy.alert_policy: |- - { - "combiner": "OR", - "conditions": [ - { - "condition_threshold": [ - { - "comparison": "COMPARISON_GT", - "duration": "60s", - "filter": "metric.type=\"${google_monitoring_metric_descriptor.with_alert.type}\" AND resource.type=\"gce_instance\"" - } - ], - "display_name": "test condition" - } - ], - "display_name": "metric-descriptor" - } argumentDocs: + aes_encryption: |- + - + (Optional) + Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory. + backup_operators: |- + - + (Optional) + Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list. create: '- Default is 20 minutes.' + create_time: |- + - + Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". delete: '- Default is 20 minutes.' description: |- + - + (Optional) + An optional description of this resource. + dns: |- - (Required) - A detailed description of the metric, which can be used in documentation. - display_name: |- + Comma separated list of DNS server IP addresses for the Active Directory domain. + domain: |- - (Required) - A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". - id: '- an identifier for the resource with format {{name}}' - labels: |- + Fully qualified domain name for the Active Directory domain. + effective_labels: for all of the labels present on the resource. + encrypt_dc_connections: |- - (Optional) - The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels. - Structure is documented below. - labels.description: |- + If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}' + kdc_hostname: |- - (Optional) - A human-readable description for the label. - labels.key: |- - - - (Required) - The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]* - labels.value_type: |- + Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1 + kdc_ip: |- - (Optional) - The type of data that can be assigned to the label. - Default value is STRING. - Possible values are: STRING, BOOL, INT64. - launch_stage: |- + IP address of the Active Directory server used as Kerberos Key Distribution Center. + labels: |- - (Optional) - The launch stage of the metric definition. - Possible values are: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. - metadata: |- + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + ldap_signing: |- - (Optional) - Metadata which can be used to guide usage of the metric. - Structure is documented below. - metadata.ingest_delay: |- + Specifies whether or not the LDAP traffic needs to be signed. + location: |- - - (Optional) - The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In [duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration). - metadata.sample_period: |- + (Required) + Name of the region for the policy to apply to. + name: |- - - (Optional) - The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In [duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration). - metric_kind: |- + (Required) + The resource name of the Active Directory pool. Needs to be unique per location. + net_bios_prefix: |- - (Required) - Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. - Possible values are: METRIC_KIND_UNSPECIFIED, GAUGE, DELTA, CUMULATIVE. - monitored_resource_types: |- + NetBIOS name prefix of the server to be created. + A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format: + \\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME + nfs_users_with_ldap: |- - - If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list. - name: |- + (Optional) + Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes. + This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups). + organizational_unit: |- - - The resource name of the metric descriptor. + (Optional) + Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes. + Defaults to CN=Computers if left empty. + password: |- + - + (Required) + Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform. + Note: This property is sensitive and will not be displayed in the plan. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - type: |- + security_operators: |- - - (Required) - The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/. - unit: |- + (Optional) + Domain accounts that require elevated privileges such as SeSecurityPrivilege to manage security logs. Comma-separated list. + site: |- - (Optional) - The units in which the metric value is reported. It is only applicable if the - valueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of - the stored metric values. - Different systems may scale the values to be more easily displayed (so a value of - 0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as - 3.5MBy). However, if the unit is KBy, then the value of the metric is always in - thousands of bytes, no matter how it may be displayed. - If you want a custom metric to record the exact number of CPU-seconds used by a job, - you can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently - 1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as - 12005. - Alternatively, if you want a custom metric to record data in a more granular way, you - can create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value - 12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024). - The supported units are a subset of The Unified Code for Units of Measure standard. - More info can be found in the API documentation - (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors). - update: '- Default is 20 minutes.' - value_type: |- + Specifies an Active Directory site to manage domain controller selection. + Use when Active Directory domain controllers in multiple regions are configured. Defaults to Default-First-Site-Name if left empty. + state: |- - - (Required) - Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. - Possible values are: BOOL, INT64, DOUBLE, STRING, DISTRIBUTION. - importStatements: [] - google_monitoring_monitored_project: - subCategory: Cloud (Stackdriver) Monitoring - description: A [project being monitored](https://cloud. - name: google_monitoring_monitored_project - title: "" - examples: - - name: primary - manifest: |- - { - "metrics_scope": "my-project-name", - "name": "${google_project.basic.project_id}" - } - references: - name: google_project.basic.project_id - dependencies: - google_project.basic: |- - { - "name": "m-id-display", - "org_id": "123456789", - "project_id": "m-id" - } - argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- + The state of the Active Directory policy (not the Active Directory itself). + state_details: |- - - Output only. The time when this MonitoredProject was created. - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format locations/global/metricsScopes/{{metrics_scope}}/projects/{{name}}' - metrics_scope: |- + The state details of the Active Directory. + terraform_labels: |- - - (Required) - Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER} - name: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + username: |- - (Required) - Immutable. The resource name of the MonitoredProject. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER} + Username for the Active Directory account with permissions to create the compute account within the specified organizational unit. importStatements: [] - google_monitoring_notification_channel: - subCategory: Cloud (Stackdriver) Monitoring - description: A NotificationChannel is a medium through which an alert is delivered when a policy violation is detected. - name: google_monitoring_notification_channel + google_netapp_backup_policy: + subCategory: Google Cloud NetApp Volumes + description: A backup policy is used to schedule backups at regular daily, weekly, or monthly intervals. + name: google_netapp_backup_policy title: "" examples: - - name: basic - manifest: |- - { - "display_name": "Test Notification Channel", - "force_delete": false, - "labels": { - "email_address": "fake_email@blahblah.com" - }, - "type": "email" - } - - name: default + - name: test_backup_policy_full manifest: |- { - "display_name": "Test Slack Channel", + "daily_backup_limit": 2, + "description": "TF test backup schedule", + "enabled": true, "labels": { - "channel_name": "#foobar" + "foo": "bar" }, - "sensitive_labels": [ - { - "auth_token": "one" - } - ], - "type": "slack" + "location": "us-central1", + "monthly_backup_limit": 1, + "name": "test-backup-policy-full", + "weekly_backup_limit": 1 } argumentDocs: + assigned_volume_count: |- + - + The total number of volumes assigned by this backup policy. create: '- Default is 20 minutes.' + create_time: |- + - + Create time of the backup policy. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + daily_backup_limit: |- + - + (Required) + Number of daily backups to keep. Note that the minimum daily backup limit is 2. delete: '- Default is 20 minutes.' description: |- - (Optional) - An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters. - display_name: |- - - - (Optional) - An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters. + An optional description of this resource. + effective_labels: for all of the labels present on the resource. enabled: |- - (Optional) - Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future. - force_delete: |- - - (Optional) If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - id: '- an identifier for the resource with format {{name}}' + If enabled, make backups automatically according to the schedules. + This will be applied to all volumes that have this policy attached and enforced on volume level. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPolicies/{{name}}' labels: |- - (Optional) - Configuration fields that define the channel and its behavior. The - permissible and required labels are specified in the - NotificationChannelDescriptor corresponding to the type field. - Labels with sensitive data are obfuscated by the API and therefore Terraform cannot - determine if there are upstream changes to these fields. They can also be configured via - the sensitive_labels block, but cannot be configured in both places. + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + location: |- + - + (Required) + Name of the region for the policy to apply to. + monthly_backup_limit: |- + - + (Required) + Number of monthly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1. name: |- - - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + (Required) + The name of the backup policy. Needs to be unique per location. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - sensitive_labels: |- - - - (Optional) - Different notification type behaviors are configured primarily using the the labels field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the labels map in the api request. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. - Structure is documented below. - sensitive_labels.auth_token: |- - - - (Optional) - An authorization token for a notification channel. Channel types that support this field include: slack - Note: This property is sensitive and will not be displayed in the plan. - sensitive_labels.password: |- - - - (Optional) - An password for a notification channel. Channel types that support this field include: webhook_basicauth - Note: This property is sensitive and will not be displayed in the plan. - sensitive_labels.service_key: |- + state: |- - - (Optional) - An servicekey token for a notification channel. Channel types that support this field include: pagerduty - Note: This property is sensitive and will not be displayed in the plan. - type: |- + The state of the backup policy. + terraform_labels: |- - - (Required) - The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as "email", "slack", etc... + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' - user_labels: |- - - - (Optional) - User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter. - verification_status: |- + weekly_backup_limit: |- - - Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel. + (Required) + Number of weekly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1. importStatements: [] - google_monitoring_service: - subCategory: Cloud (Stackdriver) Monitoring - description: A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual concern (Wikipedia). - name: google_monitoring_service + google_netapp_backup_vault: + subCategory: Google Cloud NetApp Volumes + description: A backup vault is the location where backups are stored. + name: google_netapp_backup_vault title: "" examples: - - name: my_service + - name: test_backup_vault manifest: |- { - "basic_service": [ - { - "service_labels": { - "module_id": "another-module-id" - }, - "service_type": "APP_ENGINE" - } - ], - "display_name": "My Service my-service", - "service_id": "my-service", - "user_labels": { - "my_key": "my_value", - "my_other_key": "my_other_value" - } + "description": "Terraform created vault", + "labels": { + "creator": "testuser" + }, + "location": "us-central1", + "name": "test-backup-vault" } argumentDocs: - basic_service: |- + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - A well-known service type, defined by its service type and service labels. - Valid values of service types and services labels are described at - https://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli - Structure is documented below. - basic_service.service_labels: |- + Create time of the backup vault. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + delete: '- Default is 20 minutes.' + description: |- - (Optional) - Labels that specify the resource that emits the monitoring data - which is used for SLO reporting of this Service. - basic_service.service_type: |- + An optional description of this resource. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupVaults/{{name}}' + labels: |- - (Optional) - The type of service that this basic service defines, e.g. - APP_ENGINE service type - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + location: |- - - (Optional) - Name used for UI elements listing this Service. - id: '- an identifier for the resource with format projects/{{project}}/services/{{service_id}}' + (Required) + Location (region) of the backup vault. name: |- - - The full resource name for this service. The syntax is: - projects/[PROJECT_ID]/services/[SERVICE_ID]. + (Required) + The resource name of the backup vault. Needs to be unique per location. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - service_id: |- - - - (Required) - An optional service ID to use. If not given, the server will generate a - service ID. - telemetry: |- + state: |- - - Configuration for how to query telemetry on a Service. - Structure is documented below. - telemetry.resource_name: |- + The state of the Backup Vault. + terraform_labels: |- - - (Optional) - The full name of the resource that defines this service. - Formatted as described in - https://cloud.google.com/apis/design/resource_names. + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' - user_labels: |- - - - (Optional) - Labels which have been used to annotate the service. Label keys must start - with a letter. Label keys and values may contain lowercase letters, - numbers, underscores, and dashes. Label keys and values have a maximum - length of 63 characters, and must be less than 128 bytes in size. Up to 64 - label entries may be stored. For labels which do not have a semantic value, - the empty string may be supplied for the label value. importStatements: [] - google_monitoring_slo: - subCategory: Cloud (Stackdriver) Monitoring - description: A Service-Level Objective (SLO) describes the level of desired good service. - name: google_monitoring_slo + google_netapp_kmsconfig: + subCategory: Google Cloud NetApp Volumes + description: NetApp Volumes always encrypts your data at rest using volume-specific keys. + name: google_netapp_kmsconfig title: "" examples: - - name: appeng_slo + - name: kmsConfig manifest: |- { - "basic_sli": [ - { - "latency": [ - { - "threshold": "1s" - } - ] - } - ], - "calendar_period": "DAY", - "display_name": "Terraform Test SLO for App Engine", - "goal": 0.9, - "service": "${data.google_monitoring_app_engine_service.default.service_id}", - "slo_id": "ae-slo", - "user_labels": { - "my_key": "my_value", - "my_other_key": "my_other_value" - } + "crypto_key_name": "${google_kms_crypto_key.crypto_key.id}", + "description": "this is a test description", + "location": "us-central1", + "name": "kms-test" } references: - service: data.google_monitoring_app_engine_service.default.service_id - - name: request_based_slo - manifest: |- - { - "display_name": "Terraform Test SLO with request based SLI (good total ratio)", - "goal": 0.9, - "request_based_sli": [ + crypto_key_name: google_kms_crypto_key.crypto_key.id + dependencies: + google_kms_crypto_key.crypto_key: |- { - "distribution_cut": [ - { - "distribution_filter": "metric.type=\"serviceruntime.googleapis.com/api/request_latencies\" resource.type=\"api\" ", - "range": [ - { - "max": 0.5 - } - ] - } - ] + "key_ring": "${google_kms_key_ring.keyring.id}", + "name": "crypto-name" } - ], - "rolling_period_days": 30, - "service": "${google_monitoring_custom_service.customsrv.service_id}", - "slo_id": "consumed-api-slo" - } - references: - service: google_monitoring_custom_service.customsrv.service_id - dependencies: - google_monitoring_custom_service.customsrv: |- + google_kms_key_ring.keyring: |- { - "display_name": "My Custom Service", - "service_id": "custom-srv-request-slos" + "location": "us-central1", + "name": "key-ring" } - - name: windows_based + argumentDocs: + create: '- Default is 20 minutes.' + crypto_key_name: |- + - + (Required) + Resource name of the KMS key to use. Only regional keys are supported. Format: projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Description for the CMEK policy. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}' + instructions: |- + - + Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access. + To make the policy work, a CMEK policy check is required, which verifies key access. + labels: |- + - + (Optional) + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + location: |- + - + (Required) + Name of the policy location. CMEK policies apply to the whole region. + name: |- + - + (Required) + Name of the CMEK policy. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + service_account: |- + - + The Service account which needs to have access to the provided KMS key. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + importStatements: [] + google_netapp_storage_pool: + subCategory: Google Cloud NetApp Volumes + description: Storage pools act as containers for volumes. + name: google_netapp_storage_pool + title: "" + examples: + - name: test_pool manifest: |- { - "calendar_period": "FORTNIGHT", - "display_name": "Terraform Test SLO with window based SLI", - "goal": 0.95, - "service": "${google_monitoring_custom_service.customsrv.service_id}", - "windows_based_sli": [ - { - "good_bad_metric_filter": "${join(\" AND \", [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ])}", - "window_period": "400s" - } - ] + "capacity_gib": "2048", + "location": "us-central1", + "name": "test-pool", + "network": "${google_compute_network.peering_network.id}", + "service_level": "PREMIUM" } references: - service: google_monitoring_custom_service.customsrv.service_id + network: google_compute_network.peering_network.id dependencies: - google_monitoring_custom_service.customsrv: |- + google_compute_global_address.private_ip_alloc: |- { - "display_name": "My Custom Service", - "service_id": "custom-srv-windows-slos" + "address_type": "INTERNAL", + "name": "test-address", + "network": "${google_compute_network.peering_network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" } - - name: windows_based - manifest: |- - { - "display_name": "Terraform Test SLO with window based SLI", - "goal": 0.9, - "rolling_period_days": 20, - "service": "${google_monitoring_custom_service.customsrv.service_id}", - "windows_based_sli": [ + google_compute_network.peering_network: |- { - "metric_mean_in_range": [ - { - "range": [ - { - "max": 5 - } - ], - "time_series": "${join(\" AND \", [\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n ])}" - } - ], - "window_period": "600s" + "name": "test-network" } - ] - } - references: - service: google_monitoring_custom_service.customsrv.service_id - dependencies: - google_monitoring_custom_service.customsrv: |- + google_compute_network_peering_routes_config.route_updates: |- { - "display_name": "My Custom Service", - "service_id": "custom-srv-windows-slos" + "export_custom_routes": true, + "import_custom_routes": true, + "network": "${google_compute_network.peering_network.name}", + "peering": "${google_service_networking_connection.default.peering}" } - - name: windows_based - manifest: |- - { - "display_name": "Terraform Test SLO with window based SLI", - "goal": 0.9, - "rolling_period_days": 20, - "service": "${google_monitoring_custom_service.customsrv.service_id}", - "windows_based_sli": [ + google_service_networking_connection.default: |- { - "metric_sum_in_range": [ - { - "range": [ - { - "max": 5000 - } - ], - "time_series": "${join(\" AND \", [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ])}" - } + "network": "${google_compute_network.peering_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" ], - "window_period": "400s" - } - ] - } - references: - service: google_monitoring_custom_service.customsrv.service_id - dependencies: - google_monitoring_custom_service.customsrv: |- - { - "display_name": "My Custom Service", - "service_id": "custom-srv-windows-slos" + "service": "netapp.servicenetworking.goog" } - - name: windows_based + argumentDocs: + active_directory: |- + - + (Optional) + Specifies the Active Directory policy to be used. Format: projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}. + The policy needs to be in the same location as the storage pool. + capacity_gib: |- + - + (Required) + Capacity of the storage pool (in GiB). + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of this resource. + effective_labels: for all of the labels present on the resource. + encryption_type: |- + - + Reports if volumes in the pool are encrypted using a Google-managed encryption key or CMEK. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/storagePools/{{name}}' + kms_config: |- + - + (Optional) + Specifies the CMEK policy to be used for volume encryption. Format: projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}. + The policy needs to be in the same location as the storage pool. + labels: |- + - + (Optional) + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + ldap_enabled: |- + - + (Optional) + When enabled, the volumes uses Active Directory as LDAP name service for UID/GID lookups. Required to enable extended group support for NFSv3, + using security identifiers for NFSv4.1 or principal names for kerberized NFSv4.1. + location: |- + - + (Required) + Name of the location. Usually a region name, expect for some STANDARD service level pools which require a zone name. + name: |- + - + (Required) + The resource name of the storage pool. Needs to be unique per location. + network: |- + - + (Required) + VPC network name with format: projects/{{project}}/global/networks/{{network}} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + service_level: |- + - + (Required) + Service level of the storage pool. + Possible values are: PREMIUM, EXTREME, STANDARD. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + volume_capacity_gib: |- + - + Size allocated to volumes in the storage pool (in GiB). + volume_count: |- + - + Number of volume in the storage pool. + importStatements: [] + google_netapp_volume: + subCategory: Google Cloud NetApp Volumes + description: A volume is a file system container in a storage pool that stores application, database, and user data. + name: google_netapp_volume + title: "" + examples: + - name: test_volume manifest: |- { - "display_name": "Terraform Test SLO with window based SLI", - "goal": 0.9, - "rolling_period_days": 20, - "service": "${google_monitoring_custom_service.customsrv.service_id}", - "windows_based_sli": [ - { - "good_total_ratio_threshold": [ - { - "performance": [ - { - "distribution_cut": [ - { - "distribution_filter": "${join(\" AND \", [\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n ])}", - "range": [ - { - "max": 9, - "min": 1 - } - ] - } - ] - } - ], - "threshold": 0.1 - } - ], - "window_period": "100s" - } - ] + "capacity_gib": "100", + "deletion_policy": "DEFAULT", + "location": "us-west2", + "name": "test-volume", + "protocols": [ + "NFSV3" + ], + "share_name": "test-volume", + "storage_pool": "${google_netapp_storage_pool.default.name}" } references: - service: google_monitoring_custom_service.customsrv.service_id + storage_pool: google_netapp_storage_pool.default.name dependencies: - google_monitoring_custom_service.customsrv: |- + google_netapp_storage_pool.default: |- { - "display_name": "My Custom Service", - "service_id": "custom-srv-windows-slos" + "capacity_gib": "2048", + "location": "us-west2", + "name": "test-pool", + "network": "${data.google_compute_network.default.id}", + "service_level": "PREMIUM" } argumentDocs: - availability.enabled: |- + active_directory: |- - - (Optional) - Whether an availability SLI is enabled or not. Must be set to true. Defaults to true. - basic_sli: |- + Reports the resource name of the Active Directory policy being used. Inherited from storage pool. + capacity_gib: |- - - (Optional) - Basic Service-Level Indicator (SLI) on a well-known service type. - Performance will be computed on the basis of pre-defined metrics. - SLIs are used to measure and calculate the quality of the Service's - performance with respect to a single aspect of service quality. - Exactly one of the following must be set: - basic_sli, request_based_sli, windows_based_sli - Structure is documented below. - basic_sli.availability: |- + (Required) + Capacity of the volume (in GiB). + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - Availability based SLI, dervied from count of requests made to this service that return successfully. - Structure is documented below. - basic_sli.latency: |- + Create time of the volume. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + daily_schedule.hour: |- - (Optional) - Parameters for a latency threshold SLI. - Structure is documented below. - basic_sli.location: |- + Set the hour to create the snapshot (0-23), defaults to midnight (0). + daily_schedule.minute: |- - (Optional) - An optional set of locations to which this SLI is relevant. - Telemetry from other locations will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - locations in which the Service has activity. For service types - that don't support breaking down by location, setting this - field will result in an error. - basic_sli.method: |- + Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0). + daily_schedule.snapshots_to_keep: |- - - (Optional) - An optional set of RPCs to which this SLI is relevant. - Telemetry from other methods will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - the Service's methods. For service types that don't support - breaking down by method, setting this field will result in an - error. - basic_sli.version: |- + (Required) + The maximum number of snapshots to keep for the daily schedule. + delete: '- Default is 20 minutes.' + deletion_policy: |- + - (Optional) Policy to determine if the volume should be deleted forcefully. + Volumes may have nested snapshot resources. Deleting such a volume will fail. + Setting this parameter to FORCE will delete volumes including nested snapshots. + description: |- - (Optional) - The set of API versions to which this SLI is relevant. - Telemetry from other API versions will not be used to - calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don't support breaking down by version, setting this - field will result in an error. - basic_sli_performance.availability: |- + An optional description of this resource. + effective_labels: for all of the labels present on the resource. + encryption_type: |- + - + Reports the data-at-rest encryption type of the volume. Inherited from storage pool. + export_policy: |- - (Optional) - Availability based SLI, dervied from count of requests made to this service that return successfully. + Export policy of the volume for NFSV3 and/or NFSV4.1 access. Structure is documented below. - basic_sli_performance.latency: |- + export_policy.rules: |- - - (Optional) - Parameters for a latency threshold SLI. + (Required) + Export rules (up to 5) control NFS volume access. Structure is documented below. - basic_sli_performance.location: |- + export_policy.rules.access_type: |- - (Optional) - An optional set of locations to which this SLI is relevant. - Telemetry from other locations will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - locations in which the Service has activity. For service types - that don't support breaking down by location, setting this - field will result in an error. - basic_sli_performance.method: |- + Defines the access type for clients matching the allowedClients specification. + Possible values are: READ_ONLY, READ_WRITE, READ_NONE. + export_policy.rules.allowed_clients: |- - (Optional) - An optional set of RPCs to which this SLI is relevant. - Telemetry from other methods will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - the Service's methods. For service types that don't support - breaking down by method, setting this field will result in an - error. - basic_sli_performance.version: |- + Defines the client ingress specification (allowed clients) as a comma seperated list with IPv4 CIDRs or IPv4 host addresses. + export_policy.rules.has_root_access: |- - (Optional) - The set of API versions to which this SLI is relevant. - Telemetry from other API versions will not be used to - calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don't support breaking down by version, setting this - field will result in an error. - calendar_period: |- + If enabled, the root user (UID = 0) of the specified clients doesn't get mapped to nobody (UID = 65534). This is also known as no_root_squash. + export_policy.rules.kerberos5i_read_only: |- - (Optional) - A calendar period, semantically "since the start of the current - ". - Possible values are: DAY, WEEK, FORTNIGHT, MONTH. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- + If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. + export_policy.rules.kerberos5i_read_write: |- - (Optional) - Name used for UI elements listing this SLO. - distribution_cut.distribution_filter: |- - - - (Required) - A TimeSeries monitoring filter - aggregating values to quantify the good service provided. - Must have ValueType = DISTRIBUTION and - MetricKind = DELTA or MetricKind = CUMULATIVE. - distribution_cut.range: |- - - - (Required) - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. - Structure is documented below. - goal: |- - - - (Required) - The fraction of service that must be good in order for this objective - to be met. 0 < goal <= 0.999 - good_total_ratio.bad_service_filter: |- + If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. The 'kerberos5iReadOnly' value is ignored if this is enabled. + export_policy.rules.kerberos5p_read_only: |- - (Optional) - A TimeSeries monitoring filter - quantifying bad service provided, either demanded service that - was not provided or demanded service that was of inadequate - quality. - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - Exactly two of good_service_filter,bad_service_filter,total_service_filter - must be set (good + bad = total is assumed). - good_total_ratio.good_service_filter: |- + If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. + export_policy.rules.kerberos5p_read_write: |- - (Optional) - A TimeSeries monitoring filter - quantifying good service provided. - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - Exactly two of good_service_filter,bad_service_filter,total_service_filter - must be set (good + bad = total is assumed). - good_total_ratio.total_service_filter: |- + If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled. + export_policy.rules.kerberos5_read_only: |- - (Optional) - A TimeSeries monitoring filter - quantifying total demanded service. - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - Exactly two of good_service_filter,bad_service_filter,total_service_filter - must be set (good + bad = total is assumed). - good_total_ratio_threshold.basic_sli_performance: |- + If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. + export_policy.rules.kerberos5_read_write: |- - (Optional) - Basic SLI to evaluate to judge window quality. - Structure is documented below. - good_total_ratio_threshold.performance: |- + If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. The 'kerberos5ReadOnly' value is ignored if this is enabled. + export_policy.rules.nfsv3: |- - (Optional) - Request-based SLI to evaluate to judge window quality. - Structure is documented below. - good_total_ratio_threshold.threshold: |- + Enable to apply the export rule to NFSV3 clients. + export_policy.rules.nfsv4: |- - (Optional) - If window performance >= threshold, the window is counted - as good. - id: '- an identifier for the resource with format {{name}}' - latency.threshold: |- + Enable to apply the export rule to NFSV4.1 clients. + has_replication: |- - - (Required) - A duration string, e.g. 10s. - Good service is defined to be the count of requests made to - this service that return in no more than threshold. - metric_mean_in_range.range: |- + Indicates whether the volume is part of a volume replication relationship. + hourly_schedule.minute: |- - - (Required) - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. Mean value X of time_series - values should satisfy range.min <= X <= range.max for a - good service. - Structure is documented below. - metric_mean_in_range.time_series: |- + (Optional) + Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0). + hourly_schedule.snapshots_to_keep: |- - (Required) - A monitoring filter - specifying the TimeSeries to use for evaluating window - The provided TimeSeries must have ValueType = INT64 or - ValueType = DOUBLE and MetricKind = GAUGE. Mean value X - should satisfy range.min <= X <= range.max - under good service. - metric_sum_in_range.range: |- + The maximum number of snapshots to keep for the hourly schedule. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/volumes/{{name}}' + kerberos_enabled: |- - - (Required) - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. Summed value X should satisfy - range.min <= X <= range.max for a good window. - Structure is documented below. - metric_sum_in_range.time_series: |- + (Optional) + Flag indicating if the volume is a kerberos volume or not, export policy rules control kerberos security modes (krb5, krb5i, krb5p). + kms_config: |- + - + Reports the CMEK policy resurce name being used for volume encryption. Inherited from storage pool. + labels: |- + - + (Optional) + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + ldap_enabled: |- + - + Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool. + location: |- - (Required) - A monitoring filter - specifying the TimeSeries to use for evaluating window - quality. The provided TimeSeries must have - ValueType = INT64 or ValueType = DOUBLE and - MetricKind = GAUGE. - Summed value X should satisfy - range.min <= X <= range.max for a good window. - name: |- + Name of the pool location. Usually a region name, expect for some STANDARD service level pools which require a zone name. + monthly_schedule.days_of_month: |- - - The full resource name for this service. The syntax is: - projects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME] - performance.distribution_cut: |- + (Optional) + Set the day or days of the month to make a snapshot (1-31). Accepts a comma separated number of days. Defaults to '1'. + monthly_schedule.hour: |- - (Optional) - Used when good_service is defined by a count of values aggregated in a - Distribution that fall into a good range. The total_service is the - total count of all values aggregated in the Distribution. - Defines a distribution TimeSeries filter and thresholds used for - measuring good service and total service. - Structure is documented below. - performance.good_total_ratio: |- + Set the hour to create the snapshot (0-23), defaults to midnight (0). + monthly_schedule.minute: |- - (Optional) - A means to compute a ratio of good_service to total_service. - Defines computing this ratio with two TimeSeries monitoring filters - Must specify exactly two of good, bad, and total service filters. - The relationship good_service + bad_service = total_service - will be assumed. + Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0). + monthly_schedule.snapshots_to_keep: |- + - + (Required) + The maximum number of snapshots to keep for the monthly schedule + mount_options: |- + - + Reports mount instructions for this volume. Structure is documented below. + mount_options.export: |- + - + (Output) + Export path of the volume. + mount_options.export_full: |- + - + (Output) + Full export path of the volume. + Format for NFS volumes: :/ + Format for SMB volumes: \\\\netbios_prefix-four_random_hex_letters.domain_name\\shareName + mount_options.instructions: |- + - + (Output) + Human-readable mount instructions. + mount_options.protocol: |- + - + (Output) + Protocol to mount with. + name: |- + - + (Required) + The name of the volume. Needs to be unique per location. + network: |- + - + VPC network name with format: projects/{{project}}/global/networks/{{network}}. Inherited from storage pool. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - range.max: |- + protocols: |- - - (Optional) - max value for the range (inclusive). If not given, - will be set to 0 - range.min: |- + (Required) + The protocol of the volume. Allowed combinations are ['NFSV3'], ['NFSV4'], ['SMB'], ['NFSV3', 'NFSV4'], ['SMB', 'NFSV3'] and ['SMB', 'NFSV4']. + Each value may be one of: NFSV3, NFSV4, SMB. + psa_range: |- - - (Optional) - Min value for the range (inclusive). If not given, - will be set to 0 - request_based_sli: |- + Name of the Private Service Access allocated range. Inherited from storage pool. + restore_parameters: |- - (Optional) - A request-based SLI defines a SLI for which atomic units of - service are counted directly. - A SLI describes a good service. - It is used to measure and calculate the quality of the Service's - performance with respect to a single aspect of service quality. - Exactly one of the following must be set: - basic_sli, request_based_sli, windows_based_sli + Used to create this volume from a snapshot (= cloning) or an backup. Structure is documented below. - request_based_sli.distribution_cut: |- + restore_parameters.source_backup: |- - (Optional) - Used when good_service is defined by a count of values aggregated in a - Distribution that fall into a good range. The total_service is the - total count of all values aggregated in the Distribution. - Defines a distribution TimeSeries filter and thresholds used for - measuring good service and total service. - Exactly one of distribution_cut or good_total_ratio can be set. - Structure is documented below. - request_based_sli.good_total_ratio: |- + Full name of the snapshot to use for creating this volume. + source_snapshot and source_backup cannot be used simultaneously. + Format: projects/{{project}}/locations/{{location}}/backupVaults/{{backupVaultId}}/backups/{{backup}}. + restore_parameters.source_snapshot: |- - (Optional) - A means to compute a ratio of good_service to total_service. - Defines computing this ratio with two TimeSeries monitoring filters - Must specify exactly two of good, bad, and total service filters. - The relationship good_service + bad_service = total_service - will be assumed. - Exactly one of distribution_cut or good_total_ratio can be set. - Structure is documented below. - rolling_period_days: |- + Full name of the snapshot to use for creating this volume. + source_snapshot and source_backup cannot be used simultaneously. + Format: projects/{{project}}/locations/{{location}}/volumes/{{volume}}/snapshots/{{snapshot}}. + restricted_actions: |- - (Optional) - A rolling time period, semantically "in the past X days". - Must be between 1 to 30 days, inclusive. - service: |- + List of actions that are restricted on this volume. + Each value may be one of: DELETE. + security_style: |- + - + (Optional) + Security Style of the Volume. Use UNIX to use UNIX or NFSV4 ACLs for file permissions. + Use NTFS to use NTFS ACLs for file permissions. Can only be set for volumes which use SMB together with NFS as protocol. + Possible values are: NTFS, UNIX. + service_level: |- + - + Service level of the volume. Inherited from storage pool. + share_name: |- - (Required) - ID of the service to which this SLO belongs. - slo_id: |- + Share name (SMB) or export path (NFS) of the volume. Needs to be unique per location. + smb_settings: |- - (Optional) - The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead. - update: '- Default is 20 minutes.' - user_labels: |- + Settings for volumes with SMB access. + Each value may be one of: ENCRYPT_DATA, BROWSABLE, CHANGE_NOTIFY, NON_BROWSABLE, OPLOCKS, SHOW_SNAPSHOT, SHOW_PREVIOUS_VERSIONS, ACCESS_BASED_ENUMERATION, CONTINUOUSLY_AVAILABLE. + snapshot_directory: |- - (Optional) - This field is intended to be used for organizing and identifying the AlertPolicy - objects.The field can contain up to 64 entries. Each key and value is limited - to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values - can contain only lowercase letters, numerals, underscores, and dashes. Keys - must begin with a letter. - windows_based_sli: |- + If enabled, a NFS volume will contain a read-only .snapshot directory which provides access to each of the volume's snapshots. Will enable "Previous Versions" support for SMB. + snapshot_policy: |- - (Optional) - A windows-based SLI defines the criteria for time windows. - good_service is defined based off the count of these time windows - for which the provided service was of good quality. - A SLI describes a good service. It is used to measure and calculate - the quality of the Service's performance with respect to a single - aspect of service quality. - Exactly one of the following must be set: - basic_sli, request_based_sli, windows_based_sli + Snapshot policy defines the schedule for automatic snapshot creation. + To disable automatic snapshot creation you have to remove the whole snapshot_policy block. Structure is documented below. - windows_based_sli.good_bad_metric_filter: |- + snapshot_policy.daily_schedule: |- - (Optional) - A TimeSeries monitoring filter - with ValueType = BOOL. The window is good if any true values - appear in the window. One of good_bad_metric_filter, - good_total_ratio_threshold, metric_mean_in_range, - metric_sum_in_range must be set for windows_based_sli. - windows_based_sli.good_total_ratio_threshold: |- + Daily schedule policy. + Structure is documented below. + snapshot_policy.enabled: |- - (Optional) - Criterion that describes a window as good if its performance is - high enough. One of good_bad_metric_filter, - good_total_ratio_threshold, metric_mean_in_range, - metric_sum_in_range must be set for windows_based_sli. + Enables automated snapshot creation according to defined schedule. Default is false. + To disable automatic snapshot creation you have to remove the whole snapshot_policy block. + snapshot_policy.hourly_schedule: |- + - + (Optional) + Hourly schedule policy. Structure is documented below. - windows_based_sli.metric_mean_in_range: |- + snapshot_policy.monthly_schedule: |- - (Optional) - Criterion that describes a window as good if the metric's value - is in a good range, averaged across returned streams. - One of good_bad_metric_filter, - good_total_ratio_threshold, metric_mean_in_range, - metric_sum_in_range must be set for windows_based_sli. - Average value X of time_series should satisfy - range.min <= X <= range.max for a good window. + Monthly schedule policy. Structure is documented below. - windows_based_sli.metric_sum_in_range: |- + snapshot_policy.weekly_schedule: |- - (Optional) - Criterion that describes a window as good if the metric's value - is in a good range, summed across returned streams. - Summed value X of time_series should satisfy - range.min <= X <= range.max for a good window. - One of good_bad_metric_filter, - good_total_ratio_threshold, metric_mean_in_range, - metric_sum_in_range must be set for windows_based_sli. + Weekly schedule policy. Structure is documented below. - windows_based_sli.window_period: |- + state: |- + - + State of the volume. + state_details: |- + - + State details of the volume. + storage_pool: |- + - + (Required) + Name of the storage pool to create the volume in. Pool needs enough spare capacity to accomodate the volume. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + unix_permissions: |- - (Optional) - Duration over which window quality is evaluated, given as a - duration string "{X}s" representing X seconds. Must be an - integer fraction of a day and at least 60s. + Unix permission the mount point will be created with. Default is 0770. Applicable for UNIX security style volumes only. + update: '- Default is 20 minutes.' + used_gib: |- + - + Used capacity of the volume (in GiB). This is computed periodically and it does not represent the realtime usage. + weekly_schedule.day: |- + - + (Optional) + Set the day or days of the week to make a snapshot. Accepts a comma separated days of the week. Defaults to 'Sunday'. + weekly_schedule.hour: |- + - + (Optional) + Set the hour to create the snapshot (0-23), defaults to midnight (0). + weekly_schedule.minute: |- + - + (Optional) + Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0). + weekly_schedule.snapshots_to_keep: |- + - + (Required) + The maximum number of snapshots to keep for the weekly schedule. importStatements: [] - google_monitoring_uptime_check_config: - subCategory: Cloud (Stackdriver) Monitoring - description: This message configures which resources and services to monitor for availability. - name: google_monitoring_uptime_check_config + google_netapp_volume_replication: + subCategory: Google Cloud NetApp Volumes + description: Volume replication creates an asynchronous mirror of a volume in a different location. + name: google_netapp_volume_replication title: "" examples: - - name: http + - name: test_replication manifest: |- { - "checker_type": "STATIC_IP_CHECKERS", - "content_matchers": [ - { - "content": "\"example\"", - "json_path_matcher": [ - { - "json_matcher": "EXACT_MATCH", - "json_path": "$.path" - } - ], - "matcher": "MATCHES_JSON_PATH" - } - ], - "display_name": "http-uptime-check", - "http_check": [ - { - "body": "Zm9vJTI1M0RiYXI=", - "content_type": "URL_ENCODED", - "path": "some-path", - "port": "8010", - "request_method": "POST" - } + "delete_destination_volume": true, + "depends_on": [ + "${google_netapp_volume.source_volume}" ], - "monitored_resource": [ + "description": "This is a replication resource", + "destination_volume_parameters": [ { - "labels": { - "host": "192.168.1.1", - "project_id": "my-project-name" - }, - "type": "uptime_url" + "description": "This is a replicated volume", + "share_name": "source-volume", + "storage_pool": "${google_netapp_storage_pool.destination_pool.id}", + "volume_id": "destination-volume" } ], - "timeout": "60s" + "location": "${google_netapp_volume.source_volume.location}", + "name": "test-replication", + "replication_schedule": "EVERY_10_MINUTES", + "volume_name": "${google_netapp_volume.source_volume.name}", + "wait_for_mirror": true } - - name: status_code - manifest: |- - { - "checker_type": "STATIC_IP_CHECKERS", - "content_matchers": [ - { - "content": "\"example\"", - "json_path_matcher": [ - { - "json_matcher": "EXACT_MATCH", - "json_path": "$.path" - } - ], - "matcher": "MATCHES_JSON_PATH" - } - ], - "display_name": "http-uptime-check", - "http_check": [ + references: + destination_volume_parameters.storage_pool: google_netapp_storage_pool.destination_pool.id + location: google_netapp_volume.source_volume.location + volume_name: google_netapp_volume.source_volume.name + dependencies: + google_netapp_storage_pool.destination_pool: |- { - "accepted_response_status_codes": [ - { - "status_class": "STATUS_CLASS_2XX" - }, - { - "status_value": 301 - }, - { - "status_value": 302 - } - ], - "body": "Zm9vJTI1M0RiYXI=", - "content_type": "URL_ENCODED", - "path": "some-path", - "port": "8010", - "request_method": "POST" + "capacity_gib": 2048, + "location": "us-west2", + "name": "destination-pool", + "network": "${data.google_compute_network.default.id}", + "service_level": "PREMIUM" } - ], - "monitored_resource": [ + google_netapp_storage_pool.source_pool: |- { - "labels": { - "host": "192.168.1.1", - "project_id": "my-project-name" - }, - "type": "uptime_url" + "capacity_gib": 2048, + "location": "us-central1", + "name": "source-pool", + "network": "${data.google_compute_network.default.id}", + "service_level": "PREMIUM" } - ], - "timeout": "60s" - } - - name: https - manifest: |- - { - "content_matchers": [ + google_netapp_volume.source_volume: |- { - "content": "example", - "json_path_matcher": [ - { - "json_matcher": "REGEX_MATCH", - "json_path": "$.path" - } + "capacity_gib": 100, + "deletion_policy": "FORCE", + "location": "${google_netapp_storage_pool.source_pool.location}", + "name": "source-volume", + "protocols": [ + "NFSV3" ], - "matcher": "MATCHES_JSON_PATH" - } - ], - "display_name": "https-uptime-check", - "http_check": [ - { - "path": "/some-path", - "port": "443", - "use_ssl": true, - "validate_ssl": true - } - ], - "monitored_resource": [ - { - "labels": { - "host": "192.168.1.1", - "project_id": "my-project-name" - }, - "type": "uptime_url" - } - ], - "timeout": "60s" - } - - name: tcp_group - manifest: |- - { - "display_name": "tcp-uptime-check", - "resource_group": [ - { - "group_id": "${google_monitoring_group.check.name}", - "resource_type": "INSTANCE" - } - ], - "tcp_check": [ - { - "port": 888 - } - ], - "timeout": "60s" - } - references: - resource_group.group_id: google_monitoring_group.check.name - dependencies: - google_monitoring_group.check: |- - { - "display_name": "uptime-check-group", - "filter": "resource.metadata.name=has_substring(\"foo\")" + "share_name": "source-volume", + "storage_pool": "${google_netapp_storage_pool.source_pool.name}" } argumentDocs: - accepted_response_status_codes.status_class: |- + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - A class of status codes to accept. - Possible values are: STATUS_CLASS_1XX, STATUS_CLASS_2XX, STATUS_CLASS_3XX, STATUS_CLASS_4XX, STATUS_CLASS_5XX, STATUS_CLASS_ANY. - accepted_response_status_codes.status_value: |- + Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + delete: '- Default is 20 minutes.' + delete_destination_volume: |- + - (Optional) A destination volume is created as part of replication creation. The destination volume will not became + under Terraform management unless you import it manually. If you delete the replication, this volume + will remain. + Setting this parameter to true will delete the current destination volume when destroying the + replication. If you reversed the replication direction, this will be your former source volume! + For production use, it is recommended to keep this parameter false to avoid accidental volume + deletion. Handle with care. Default is false. + description: |- - (Optional) - A status code to accept. - auth_info.password: |- - - - (Required) - The password to authenticate. - Note: This property is sensitive and will not be displayed in the plan. - auth_info.username: |- - - - (Required) - The username to authenticate. - checker_type: |- + An description of this resource. + destination_volume: |- - - (Optional) - The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. - Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. - content_matchers: |- + Full resource name of destination volume with format: projects/{{project}}/locations/{{location}}/volumes/{{volumeId}} + destination_volume_parameters: |- - (Optional) - The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required. + Destination volume parameters. Structure is documented below. - content_matchers.content: |- - - - (Required) - String or regex content to match (max 1024 bytes) - content_matchers.json_path_matcher: |- + destination_volume_parameters.description: |- - (Optional) - Information needed to perform a JSONPath content match. Used for ContentMatcherOption::MATCHES_JSON_PATH and ContentMatcherOption::NOT_MATCHES_JSON_PATH. - Structure is documented below. - content_matchers.matcher: |- + Description for the destination volume. + destination_volume_parameters.share_name: |- - (Optional) - The type of content matcher that will be applied to the server output, compared to the content string when the check is run. - Default value is CONTAINS_STRING. - Possible values are: CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX, MATCHES_JSON_PATH, NOT_MATCHES_JSON_PATH. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - display_name: |- + Share name for destination volume. If not specified, name of source volume's share name will be used. + destination_volume_parameters.storage_pool: |- - (Required) - A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced. - http_check: |- + Name of an existing storage pool for the destination volume with format: projects/{{project}}/locations/{{location}}/storagePools/{{poolId}} + destination_volume_parameters.volume_id: |- - (Optional) - Contains information needed to make an HTTP or HTTPS check. - Structure is documented below. - http_check.accepted_response_status_codes: |- + Name for the destination volume to be created. If not specified, the name of the source volume will be used. + effective_labels: for all of the labels present on the resource. + force_stopping: |- + - (Optional) Only replications with mirror_state=MIRRORED can be stopped. A replication in mirror_state=TRANSFERRING + currently receives an update and stopping the update might be undesirable. Set this parameter to true + to stop anyway. All data transferred to the destination will be discarded and content of destination + volume will remain at the state of the last successful update. Default is false. + healthy: |- - - (Optional) - If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299. - Structure is documented below. - http_check.auth_info: |- + Condition of the relationship. Can be one of the following: + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/replications/{{name}}' + labels: |- - (Optional) - The authentication information. Optional when creating an HTTP check; defaults to empty. - Structure is documented below. - http_check.body: |- + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" } + location: |- - - (Optional) - The request body associated with the HTTP POST request. If contentType is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the requestMethod is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. "foo=bar" in URL-encoded form is "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". - http_check.content_type: |- + (Required) + Name of region for this resource. The resource needs to be created in the region of the destination volume. + mirror_state: |- - - (Optional) - The content type to use for the check. - Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. - http_check.headers: |- + Indicates the state of the mirror between source and destination volumes. Depending on the amount of data + in your source volume, PREPARING phase can take hours or days. mirrorState = MIRRORED indicates your baseline + transfer ended and destination volume became accessible read-only. TRANSFERRING means a MIRRORED volume + currently receives an update. Updated every 5 minutes. + name: |- - - (Optional) - The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. - http_check.mask_headers: |- + (Required) + The name of the replication. Needs to be unique per location. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + replication_enabled: |- + - (Optional) Set to false to stop/break the mirror. Stopping the mirror makes the destination volume read-write + and act independently from the source volume. + Set to true to enable/resume the mirror. WARNING: Resuming a mirror overwrites any changes + done to the destination volume with the content of the source volume. + replication_schedule: |- - - (Optional) - Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to True then the headers will be obscured with ******. - http_check.path: |- + (Required) + Specifies the replication interval. + Possible values are: EVERY_10_MINUTES, HOURLY, DAILY. + role: |- - - (Optional) - The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with "/", a "/" will be prepended automatically. Optional (defaults to "/"). - http_check.port: |- + Reverting a replication can swap source and destination volume roles. This field indicates if the location hosts + the source or destination volume. For resume and revert and resume operations it is critical to understand + which volume is the source volume, since it will overwrite changes done to the destination volume. + source_volume: |- - - (Optional) - The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). - http_check.request_method: |- + Full resource name of source volume with format: projects/{{project}}/locations/{{location}}/volumes/{{volumeId}} + state: |- - - (Optional) - The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. - Default value is GET. - Possible values are: METHOD_UNSPECIFIED, GET, POST. - http_check.use_ssl: |- + Indicates the state of replication resource. State of the mirror itself is indicated in mirrorState. + state_details: |- - - (Optional) - If true, use HTTPS instead of HTTP to run the check. - http_check.validate_ssl: |- + State details of the replication resource. + terraform_labels: |- - - (Optional) - Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitoredResource is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. - id: '- an identifier for the resource with format {{name}}' - json_path_matcher.json_matcher: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + transfer_stats: |- - - (Optional) - Options to perform JSONPath content matching. - Default value is EXACT_MATCH. - Possible values are: EXACT_MATCH, REGEX_MATCH. - json_path_matcher.json_path: |- + Replication transfer statistics. All statistics are updated every 5 minutes. + Structure is documented below. + transfer_stats.lag_duration: |- - - (Required) - JSONPath within the response output pointing to the expected ContentMatcher::content to match against. - monitored_resource: |- + (Output) + The elapsed time since the creation of the snapshot on the source volume that was last replicated + to the destination volume. Lag time represents the difference in age of the destination volume + data in relation to the source volume data. + transfer_stats.last_transfer_bytes: |- - - (Optional) - The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - Structure is documented below. - monitored_resource.labels: |- + (Output) + Size of last completed transfer in bytes. + transfer_stats.last_transfer_duration: |- - - (Required) - Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels "project_id", "instance_id", and "zone". - monitored_resource.type: |- + (Output) + Time taken during last completed transfer. + transfer_stats.last_transfer_end_time: |- - - (Required) - The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types (https://cloud.google.com/monitoring/api/resources) and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). - name: |- + (Output) + Time when last transfer completed. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + transfer_stats.last_transfer_error: |- - - A unique resource name for this UptimeCheckConfig. The format is projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]. - period: |- + (Output) + A message describing the cause of the last transfer failure. + transfer_stats.total_transfer_duration: |- - - (Optional) - How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - resource_group: |- + (Output) + Total time taken so far during current transfer. + transfer_stats.transfer_bytes: |- - - (Optional) - The group resource associated with the configuration. - Structure is documented below. - resource_group.group_id: |- + (Output) + Number of bytes transferred so far in current transfer. + transfer_stats.update_time: |- - - (Optional) - The group of resources being monitored. Should be the name of a group - resource_group.resource_type: |- + (Output) + Time when progress was updated last. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + update: '- Default is 20 minutes.' + volume_name: |- - - (Optional) - The resource type of the group members. - Possible values are: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER. - selected_regions: |- + (Required) + The name of the existing source volume. + wait_for_mirror: |- + - (Optional) Replication resource state is independent of mirror_state. With enough data, it can take many hours + for mirror_state to reach MIRRORED. If you want Terraform to wait for the mirror to finish on + create/stop/resume operations, set this parameter to true. Default is false. + importStatements: [] + google_netapp_volume_snapshot: + subCategory: Google Cloud NetApp Volumes + description: NetApp Volumes helps you manage your data usage with snapshots that can quickly restore lost data. + name: google_netapp_volume_snapshot + title: "" + examples: + - name: test_snapshot + manifest: |- + { + "depends_on": [ + "${google_netapp_volume.default}" + ], + "location": "${google_netapp_volume.default.location}", + "name": "testvolumesnap", + "volume_name": "${google_netapp_volume.default.name}" + } + references: + location: google_netapp_volume.default.location + volume_name: google_netapp_volume.default.name + dependencies: + google_netapp_storage_pool.default: |- + { + "capacity_gib": 2048, + "location": "us-west2", + "name": "test-pool", + "network": "${data.google_compute_network.default.id}", + "service_level": "PREMIUM" + } + google_netapp_volume.default: |- + { + "capacity_gib": 100, + "location": "${google_netapp_storage_pool.default.location}", + "name": "test-volume", + "protocols": [ + "NFSV3" + ], + "share_name": "test-volume", + "storage_pool": "${google_netapp_storage_pool.default.name}" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- - (Optional) - The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions. - tcp_check: |- + Description for the snapshot. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/snapshots/{{name}}' + labels: |- - (Optional) - Contains information needed to make a TCP check. - Structure is documented below. - tcp_check.port: |- + Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + location: |- - (Required) - The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) to construct the full URL. - timeout: |- + Name of the snapshot location. Snapshots are child resources of volumes and live in the same location. + name: |- - (Required) - The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + The name of the snapshot. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' - uptime_check_id: |- + used_bytes: |- - - The id of the uptime check + Storage used to store blocks unique to this snapshot. + volume_name: |- + - + (Required) + The name of the volume to create the snapshot in. importStatements: [] google_network_connectivity_hub: subCategory: NetworkConnectivity @@ -80670,6 +98108,9 @@ resources: - (Optional) An optional description of the hub. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/hubs/{{name}}' labels: |- - @@ -80689,6 +98130,9 @@ resources: state: |- - Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. unique_id: |- - Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id. @@ -80697,12 +98141,397 @@ resources: - Output only. The time the hub was last updated. importStatements: [] + google_network_connectivity_policy_based_route: + subCategory: Network Connectivity + description: Policy-based Routes are more powerful routes that route L4 network traffic based on not just destination IP, but also source IP, protocol and more. + name: google_network_connectivity_policy_based_route + title: "" + examples: + - name: default + manifest: |- + { + "filter": [ + { + "protocol_version": "IPV4" + } + ], + "name": "my-pbr", + "network": "${google_compute_network.my_network.id}", + "next_hop_other_routes": "DEFAULT_ROUTING" + } + references: + network: google_compute_network.my_network.id + dependencies: + google_compute_network.my_network: |- + { + "auto_create_subnetworks": false, + "name": "my-network" + } + - name: default + manifest: |- + { + "description": "My routing policy", + "filter": [ + { + "dest_range": "0.0.0.0/0", + "ip_protocol": "UDP", + "protocol_version": "IPV4", + "src_range": "10.0.0.0/24" + } + ], + "labels": { + "env": "default" + }, + "name": "my-pbr", + "network": "${google_compute_network.my_network.id}", + "next_hop_ilb_ip": "${google_compute_global_address.ilb.address}", + "priority": 2302, + "virtual_machine": [ + { + "tags": [ + "restricted" + ] + } + ] + } + references: + network: google_compute_network.my_network.id + next_hop_ilb_ip: google_compute_global_address.ilb.address + dependencies: + google_compute_global_address.ilb: |- + { + "name": "my-ilb" + } + google_compute_network.my_network: |- + { + "auto_create_subnetworks": false, + "name": "my-network" + } + argumentDocs: + create: '- Default is 30 minutes.' + create_time: |- + - + Time when the policy-based route was created. + delete: '- Default is 30 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + filter: |- + - + (Required) + The filter to match L4 traffic. + Structure is documented below. + filter.description: |- + - + (Optional) + An optional description of this resource. + filter.dest_range: |- + - + (Optional) + The destination IP range of outgoing packets that this policy-based route applies to. Default is "0.0.0.0/0" if protocol version is IPv4. + filter.effective_labels: for all of the labels present on the resource. + filter.interconnect_attachment: |- + - + (Optional) + The interconnect attachments that this policy-based route applies to. + Structure is documented below. + filter.ip_protocol: |- + - + (Optional) + The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'. + filter.labels: |- + - + (Optional) + User-defined labels. + filter.next_hop_ilb_ip: |- + - + (Optional) + The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets. + filter.next_hop_other_routes: |- + - + (Optional) + Other routes that will be referenced to determine the next hop of the packet. + Possible values are: DEFAULT_ROUTING. + filter.priority: |- + - + (Optional) + The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive. + filter.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + filter.protocol_version: |- + - + (Required) + Internet protocol versions this policy-based route applies to. + Possible values are: IPV4. + filter.src_range: |- + - + (Optional) + The source IP range of outgoing packets that this policy-based route applies to. Default is "0.0.0.0/0" if protocol version is IPv4. + filter.virtual_machine: |- + - + (Optional) + VM instances to which this policy-based route applies to. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/policyBasedRoutes/{{name}}' + interconnect_attachment.region: |- + - + (Required) + Cloud region to install this policy-based route on for Interconnect attachments. Use all to install it on all Interconnect attachments. + kind: |- + - + Type of this resource. + name: |- + - + (Required) + The name of the policy based route. + network: |- + - + (Required) + Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + update_time: |- + - + Time when the policy-based route was created. + virtual_machine.tags: |- + - + (Required) + A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR. + warnings: |- + - + If potential misconfigurations are detected for this route, this field will be populated with warning messages. + Structure is documented below. + warnings.code: |- + - + (Output) + A warning code, if applicable. + warnings.data: |- + - + (Output) + Metadata about this warning in key: value format. The key should provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement. + warnings.warning_message: |- + - + (Output) + A human-readable description of the warning code. + importStatements: [] + google_network_connectivity_service_connection_policy: + subCategory: Network Connectivity + description: Manage Service Connection Policies. + name: google_network_connectivity_service_connection_policy + title: "" + examples: + - name: default + manifest: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "my-network-connectivity-policy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "limit": 2, + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "my-basic-service-class" + } + references: + network: google_compute_network.producer_net.id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "producer-net" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "producer-subnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + argumentDocs: + create: '- Default is 30 minutes.' + create_time: |- + - + The timestamp when the resource was created. + delete: '- Default is 30 minutes.' + description: |- + - + (Optional) + Free-text description of the resource. + effective_labels: for all of the labels present on the resource. + error.code: |- + - + (Optional) + The status code, which should be an enum value of [google.rpc.Code][]. + error.details: |- + - + (Output) + A list of messages that carry the error details. + error.message: |- + - + (Optional) + A developer-facing error message. + error_info.domain: |- + - + (Optional) + The logical grouping to which the "reason" belongs. + error_info.metadata: |- + - + (Optional) + Additional structured details about this error. + error_info.reason: |- + - + (Optional) + The reason of the error. + etag: |- + - + The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}' + infrastructure: |- + - + The type of underlying resources used to create the connection. + labels: |- + - + (Optional) + User-defined labels. + location: |- + - + (Required) + The location of the ServiceConnectionPolicy. + name: |- + - + (Required) + The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names + network: |- + - + (Required) + The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + psc_config: |- + - + (Optional) + Configuration used for Private Service Connect connections. Used when Infrastructure is PSC. + Structure is documented below. + psc_config.limit: |- + - + (Optional) + Max number of PSC connections for this policy. + psc_config.subnetworks: |- + - + (Required) + IDs of the subnetworks or fully qualified identifiers for the subnetworks + psc_connections: |- + - + Information about each Private Service Connect connection. + Structure is documented below. + psc_connections.consumer_address: |- + - + (Optional) + The resource reference of the consumer address. + psc_connections.consumer_forwarding_rule: |- + - + (Optional) + The resource reference of the PSC Forwarding Rule within the consumer VPC. + psc_connections.consumer_target_project: |- + - + (Optional) + The project where the PSC connection is created. + psc_connections.error: |- + - + (Optional) + The most recent error during operating this connection. + Structure is documented below. + psc_connections.error_info: |- + - + (Optional) + The error info for the latest error during operating this connection. + Structure is documented below. + psc_connections.error_type: |- + - + (Optional) + The error type indicates whether the error is consumer facing, producer + facing or system internal. + Possible values are: CONNECTION_ERROR_TYPE_UNSPECIFIED, ERROR_INTERNAL, ERROR_CONSUMER_SIDE, ERROR_PRODUCER_SIDE. + psc_connections.gce_operation: |- + - + (Optional) + The last Compute Engine operation to setup PSC connection. + psc_connections.psc_connection_id: |- + - + (Optional) + The PSC connection id of the PSC forwarding rule. + psc_connections.state: |- + - + (Optional) + The state of the PSC connection. + Possible values are: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, FAILED. + service_class: |- + - + (Required) + The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass. + It is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + update_time: |- + - + The timestamp when the resource was updated. + importStatements: [] google_network_connectivity_spoke: subCategory: NetworkConnectivity description: The NetworkConnectivity Spoke resource name: google_network_connectivity_spoke title: "" examples: + - name: primary + manifest: |- + { + "description": "A sample spoke with a linked routher appliance instance", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_vpc_network": [ + { + "exclude_export_ranges": [ + "198.51.100.0/24", + "10.10.0.0/16" + ], + "uri": "${google_compute_network.network.self_link}" + } + ], + "location": "global", + "name": "name" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + linked_vpc_network.uri: google_compute_network.network.self_link + dependencies: + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "network" + } + google_network_connectivity_hub.basic_hub: |- + { + "description": "A sample hub", + "labels": { + "label-two": "value-one" + }, + "name": "hub" + } - name: primary manifest: |- { @@ -80782,6 +98611,9 @@ resources: - Output only. The time the spoke was created. delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. hub: |- - (Required) @@ -80807,6 +98639,10 @@ resources: - (Optional) The URIs of linked Router appliance resources + instances.linked_vpc_network: |- + - + (Optional) + VPC network that is associated with the spoke. instances.linked_vpn_tunnels: |- - (Optional) @@ -80835,6 +98671,14 @@ resources: - (Required) A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. + linked_vpc_network.exclude_export_ranges: |- + - + (Optional) + IP ranges encompassing the subnets to be excluded from peering. + linked_vpc_network.uri: |- + - + (Required) + The URI of the VPC network resource. linked_vpn_tunnels.site_to_site_data_transfer: |- - (Required) @@ -80854,6 +98698,9 @@ resources: state: |- - Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. unique_id: |- - Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id. @@ -80876,6 +98723,9 @@ resources: "instance": "${google_compute_instance.destination.id}" } ], + "labels": { + "env": "test" + }, "name": "conn-test-instances", "protocol": "TCP", "source": [ @@ -81018,6 +98868,7 @@ resources: (Optional) The user-supplied description of the Connectivity Test. Maximum of 512 characters. + destination.effective_labels: for all of the labels present on the resource. destination.instance: |- - (Optional) @@ -81060,6 +98911,9 @@ resources: Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/connectivityTests/{{name}}' name: |- - @@ -81117,6 +98971,10 @@ resources: Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID: + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_network_security_address_group: @@ -81178,6 +99036,7 @@ resources: - (Optional) Free-text description of the resource. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/addressGroups/{{name}}' items: |- - @@ -81201,6 +99060,10 @@ resources: - (Optional) The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. type: |- - (Required) @@ -81213,6 +99076,47 @@ resources: A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". importStatements: [] + google_network_security_address_group_iam_policy: + subCategory: Network security + description: Collection of resources to manage IAM policy for Network security ProjectAddressGroup + name: google_network_security_address_group_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_network_security_address_group.default.location}", + "name": "${google_network_security_address_group.default.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "" + } + references: + location: google_network_security_address_group.default.location + name: google_network_security_address_group.default.name + policy_data: data.google_iam_policy.admin.policy_data + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_network_security_address_group_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the projectaddressgroup are preserved.' + google_network_security_address_group_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the projectaddressgroup are preserved.' + google_network_security_address_group_iam_policy: ': Authoritative. Sets the IAM policy for the projectaddressgroup and replaces any existing policy already attached.' + location: |- + - (Required) The location of the gateway security policy. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_network_security_address_group_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_network_security_address_group_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_network_security_authorization_policy: subCategory: Network security description: AuthorizationPolicy is a resource that specifies how a server should authorize incoming connections. @@ -81325,6 +99229,9 @@ resources: - (Required) List of destination ports to match. At least one port should match. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. http_header_match.header_name: |- - (Required) @@ -81338,6 +99245,8 @@ resources: - (Optional) Set of label tags associated with the AuthorizationPolicy resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -81378,6 +99287,10 @@ resources: (Optional) List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -81468,6 +99381,9 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. grpc_endpoint.target_uri: |- - (Required) @@ -81477,6 +99393,8 @@ resources: - (Optional) Set of label tags associated with the ClientTlsPolicy resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -81508,11 +99426,83 @@ resources: - (Optional) Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com". + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - Time the ClientTlsPolicy was updated in UTC. importStatements: [] + google_network_security_firewall_endpoint: + subCategory: Network security + description: A Firewall endpoint is a Cloud Firewall resource that enables layer 7 advanced protection capabilities, such as intrusion prevention, in your network. + name: google_network_security_firewall_endpoint + title: "" + examples: + - name: default + manifest: |- + { + "labels": { + "foo": "bar" + }, + "location": "us-central1-a", + "name": "my-firewall-endpoint", + "parent": "organizations/123456789", + "provider": "${google-beta}" + } + references: + provider: google-beta + argumentDocs: + associated_networks: |- + - + List of networks that are associated with this endpoint in the local zone. + This is a projection of the FirewallEndpointAssociations pointing at this + endpoint. A network will only appear in this list after traffic routing is + fully configured. Format: projects/{project}/global/networks/{name}. + create: '- Default is 60 minutes.' + create_time: |- + - + Time the firewall endpoint was created in UTC. + delete: '- Default is 60 minutes.' + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/firewallEndpoints/{{name}}' + labels: |- + - + (Optional) + A map of key/value label pairs to assign to the resource. + location: |- + - + (Required) + The location (zone) of the firewall endpoint. + name: |- + - + (Required) + The name of the firewall endpoint resource. + parent: |- + - + (Required) + The name of the parent this firewall endpoint belongs to. + Format: organizations/{organization_id}. + reconciling: |- + - + Whether reconciling is in progress, recommended per https://google.aip.dev/128. + self_link: |- + - + Server-defined URL of this resource. + state: |- + - + The current state of the endpoint. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 60 minutes.' + update_time: |- + - + Time the firewall endpoint was updated in UTC. + importStatements: [] google_network_security_gateway_security_policy: subCategory: Network security description: The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata. @@ -81815,6 +99805,227 @@ resources: A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". importStatements: [] + google_network_security_security_profile: + subCategory: Network security + description: A security profile defines the behavior associated to a profile type. + name: google_network_security_security_profile + title: "" + examples: + - name: default + manifest: |- + { + "description": "my description", + "labels": { + "foo": "bar" + }, + "name": "my-security-profile", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "type": "THREAT_PREVENTION" + } + references: + provider: google-beta + - name: default + manifest: |- + { + "description": "my description", + "name": "my-security-profile", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "threat_prevention_profile": [ + { + "severity_overrides": [ + { + "action": "ALLOW", + "severity": "INFORMATIONAL" + }, + { + "action": "DENY", + "severity": "HIGH" + } + ], + "threat_overrides": [ + { + "action": "ALLOW", + "threat_id": "280647" + } + ] + } + ], + "type": "THREAT_PREVENTION" + } + references: + provider: google-beta + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the security profile was created in UTC. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of the security profile. The Max length is 512 characters. + effective_labels: for all of the labels present on the resource. + etag: |- + - + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfiles/{{name}}' + labels: |- + - + (Optional) + A map of key/value label pairs to assign to the resource. + location: |- + - + (Optional) + The location of the security profile. + The default value is global. + name: |- + - + (Required) + The name of the security profile resource. + parent: |- + - + (Optional) + The name of the parent this security profile belongs to. + Format: organizations/{organization_id}. + self_link: |- + - + Server-defined URL of this resource. + severity_overrides.action: |- + - + (Required) + Threat action override. + Possible values are: ALERT, ALLOW, DEFAULT_ACTION, DENY. + severity_overrides.severity: |- + - + (Required) + Severity level to match. + Possible values are: CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + threat_overrides.action: |- + - + (Required) + Threat action. + Possible values are: ALERT, ALLOW, DEFAULT_ACTION, DENY. + threat_overrides.threat_id: |- + - + (Required) + Vendor-specific ID of a threat to override. + threat_overrides.type: |- + - + (Output) + Type of threat. + threat_prevention_profile: |- + - + (Optional) + The threat prevention configuration for the security profile. + Structure is documented below. + threat_prevention_profile.severity_overrides: |- + - + (Optional) + The configuration for overriding threats actions by severity match. + Structure is documented below. + threat_prevention_profile.threat_overrides: |- + - + (Optional) + The configuration for overriding threats actions by threat id match. + If a threat is matched both by configuration provided in severity overrides + and threat overrides, the threat overrides action is applied. + Structure is documented below. + type: |- + - + (Required) + The type of security profile. + Possible values are: THREAT_PREVENTION. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the security profile was updated in UTC. + importStatements: [] + google_network_security_security_profile_group: + subCategory: Network security + description: A security profile group defines a container for security profiles. + name: google_network_security_security_profile_group + title: "" + examples: + - name: default + manifest: |- + { + "description": "my description", + "labels": { + "foo": "bar" + }, + "name": "sec-profile-group", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "threat_prevention_profile": "${google_network_security_security_profile.security_profile.id}" + } + references: + provider: google-beta + threat_prevention_profile: google_network_security_security_profile.security_profile.id + dependencies: + google_network_security_security_profile.security_profile: |- + { + "location": "global", + "name": "sec-profile", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "type": "THREAT_PREVENTION" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the security profile group was created in UTC. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of the profile. The Max length is 512 characters. + effective_labels: for all of the labels present on the resource. + etag: |- + - + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfileGroups/{{name}}' + labels: |- + - + (Optional) + A map of key/value label pairs to assign to the resource. + location: |- + - + (Optional) + The location of the security profile group. + The default value is global. + name: |- + - + (Required) + The name of the security profile group resource. + parent: |- + - + (Optional) + The name of the parent this security profile group belongs to. + Format: organizations/{organization_id}. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + threat_prevention_profile: |- + - + (Optional) + Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the security profile group was updated in UTC. + importStatements: [] google_network_security_server_tls_policy: subCategory: Network security description: ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. @@ -81912,6 +100123,51 @@ resources: } references: provider: google-beta + - name: default + manifest: |- + { + "allow_open": "false", + "description": "my description", + "labels": { + "foo": "bar" + }, + "location": "global", + "mtls_policy": [ + { + "client_validation_mode": "REJECT_INVALID", + "client_validation_trust_config": "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}" + } + ], + "name": "my-server-tls-policy", + "provider": "${google-beta}" + } + references: + provider: google-beta + dependencies: + google_certificate_manager_trust_config.default: |- + { + "description": "sample trust config description", + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "my-trust-config", + "provider": "${google-beta}", + "trust_stores": [ + { + "intermediate_cas": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ], + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ] + } + ] + } argumentDocs: allow_open: |- - @@ -81943,6 +100199,9 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. grpc_endpoint.target_uri: |- - (Required) @@ -81952,6 +100211,8 @@ resources: - (Optional) Set of label tags associated with the ServerTlsPolicy resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -82004,6 +100265,10 @@ resources: (Optional) gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -82283,7 +100548,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret-name" @@ -82300,11 +100567,16 @@ resources: - (Optional) A human-readable description of the resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/edgeCacheKeysets/{{name}}' labels: |- - (Optional) Set of label tags associated with the EdgeCache resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - (Required) @@ -82340,6 +100612,10 @@ resources: The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). Representations or encodings of the public key other than this will be rejected with an error. Note: This property is sensitive and will not be displayed in the plan. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 90 minutes.' validation_shared_keys: |- - @@ -82464,7 +100740,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret-name" @@ -82494,12 +100772,15 @@ resources: (Required) The Secret Manager secret version of the secret access key used by your origin. This is the resource name of the secret version in the format projects/*/secrets/*/versions/* where the * values are replaced by the project, secret, and version you require. - create: '- Default is 60 minutes.' - delete: '- Default is 60 minutes.' + create: '- Default is 120 minutes.' + delete: '- Default is 120 minutes.' description: |- - (Optional) A human-readable description of the resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. failover_origin: |- - (Optional) @@ -82535,6 +100816,8 @@ resources: - (Optional) Set of label tags associated with the EdgeCache resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. max_attempts: |- - (Optional) @@ -82613,6 +100896,10 @@ resources: retryConditions apply to this origin, and not subsequent failoverOrigin(s), which may specify their own retryConditions and maxAttempts. Valid values are: + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. timeout: |- - (Optional) @@ -82645,7 +100932,7 @@ resources: The responseTimeout starts after the connection has been established. This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. If the response headers have already been written to the connection, the response will be truncated and logged. - update: '- Default is 60 minutes.' + update: '- Default is 120 minutes.' url_rewrite.host_rewrite: |- - (Optional) @@ -83178,7 +101465,9 @@ resources: { "replication": [ { - "automatic": true + "auto": [ + {} + ] } ], "secret_id": "secret-name" @@ -83359,8 +101648,11 @@ resources: - (Required) Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). - create: '- Default is 30 minutes.' - delete: '- Default is 30 minutes.' + create: '- Default is 60 minutes.' + delete: '- Default is 60 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. header_action.request_header_to_add: |- - (Optional) @@ -83623,7 +101915,11 @@ resources: The query parameter in which to find the token. The name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. Defaults to edge-cache-token. - update: '- Default is 30 minutes.' + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 60 minutes.' url_redirect.description: |- - (Optional) @@ -83660,6 +101956,8 @@ resources: - (Optional) Set of label tags associated with the EdgeCache resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. url_redirect.log_config: |- - (Optional) @@ -83799,6 +102097,9 @@ resources: - Time the TcpRoute was created in UTC. delete: '- Default is 30 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. endpoint_matcher: |- - (Required) @@ -83844,6 +102145,8 @@ resources: - (Optional) Set of label tags associated with the TcpRoute resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. metadata_labels.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -83860,6 +102163,10 @@ resources: - (Required) Name of the EndpointPolicy resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. traffic_port_selector.ports: |- - (Required) @@ -83939,8 +102246,8 @@ resources: "name": "my-certificate", "self_managed": [ { - "pem_certificate": "${file(\"test-fixtures/certificatemanager/cert.pem\")}", - "pem_private_key": "${file(\"test-fixtures/certificatemanager/private-key.pem\")}" + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" } ] } @@ -84018,8 +102325,8 @@ resources: "name": "my-certificate", "self_managed": [ { - "pem_certificate": "${file(\"test-fixtures/certificatemanager/cert.pem\")}", - "pem_private_key": "${file(\"test-fixtures/certificatemanager/private-key.pem\")}" + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" } ] } @@ -84097,8 +102404,8 @@ resources: "name": "my-certificate", "self_managed": [ { - "pem_certificate": "${file(\"test-fixtures/certificatemanager/cert.pem\")}", - "pem_private_key": "${file(\"test-fixtures/certificatemanager/private-key.pem\")}" + "pem_certificate": "${file(\"test-fixtures/cert.pem\")}", + "pem_private_key": "${file(\"test-fixtures/private-key.pem\")}" } ] } @@ -84165,6 +102472,9 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. gateway_security_policy: |- - (Optional) @@ -84176,6 +102486,8 @@ resources: - (Optional) Set of label tags associated with the Gateway resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -84221,6 +102533,10 @@ resources: The relative resource name identifying the subnetwork in which this SWG is allocated. For example: projects/*/regions/us-central1/subnetworks/network-1. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. type: |- - (Required) @@ -84446,6 +102762,9 @@ resources: - (Optional) Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. fault_injection_policy.abort: |- - (Optional) @@ -84513,6 +102832,8 @@ resources: - (Optional) Set of label tags associated with the GrpcRoute resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. retry_policy.meshes: |- - (Optional) @@ -84547,6 +102868,10 @@ resources: self_link: |- - Server-defined URL of this resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -84977,6 +103302,8 @@ resources: - (Optional) Set of label tags associated with the HttpRoute resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. cors_policy.max_age: |- - (Optional) @@ -85014,6 +103341,9 @@ resources: If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. fault_injection_policy.abort: |- - (Optional) @@ -85216,6 +103546,10 @@ resources: self_link: |- - Server-defined URL of this resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -85270,6 +103604,9 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/meshes/{{name}}' interception_port: |- - @@ -85283,6 +103620,8 @@ resources: - (Optional) Set of label tags associated with the Mesh resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - (Required) @@ -85293,6 +103632,10 @@ resources: self_link: |- - Server-defined URL of this resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -85345,11 +103688,16 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/serviceBindings/{{name}}' labels: |- - (Optional) Set of label tags associated with the ServiceBinding resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - (Required) @@ -85362,6 +103710,11 @@ resources: (Required) The full Service Directory Service name of the format projects//locations//namespaces//services/ + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 10 minutes.' update_time: |- - Time the ServiceBinding was updated in UTC. @@ -85627,6 +103980,8 @@ resources: - (Optional) Set of label tags associated with the TcpRoute resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. destinations.meshes: |- - (Optional) @@ -85647,6 +104002,9 @@ resources: If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/global/tcpRoutes/{{name}}' matches.address: |- - @@ -85681,6 +104039,10 @@ resources: self_link: |- - Server-defined URL of this resource. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -86050,6 +104412,20 @@ resources: } ] } + - name: instance + manifest: |- + { + "desired_state": "STOPPED", + "location": "us-west1-a", + "machine_type": "e2-medium", + "name": "notebooks-instance", + "vm_image": [ + { + "image_family": "tf-latest-cpu", + "project": "deeplearning-platform-release" + } + ] + } - name: instance manifest: |- { @@ -86092,10 +104468,13 @@ resources: { "boot_disk_size_gb": 110, "boot_disk_type": "PD_SSD", + "desired_state": "ACTIVE", + "disk_encryption": "CMEK", "install_gpu_driver": true, "instance_owners": [ "my@service-account.com" ], + "kms_key": "my-crypto-key", "labels": { "k": "val" }, @@ -86109,6 +104488,12 @@ resources: "no_proxy_access": true, "no_public_ip": true, "service_account": "my@service-account.com", + "service_account_scopes": [ + "https://www.googleapis.com/auth/bigquery", + "https://www.googleapis.com/auth/devstorage.read_write", + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email" + ], "subnet": "${data.google_compute_subnetwork.my_subnetwork.id}", "vm_image": [ { @@ -86184,11 +104569,13 @@ resources: Possible disk types for notebook instances. Possible values are: DISK_TYPE_UNSPECIFIED, PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. delete: '- Default is 20 minutes.' + desired_state: '- (Optional) Desired state of the Notebook Instance. Set this field to ACTIVE to start the Instance, and STOPPED to stop the Instance.' disk_encryption: |- - (Optional) Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values are: DISK_ENCRYPTION_UNSPECIFIED, GMEK, CMEK. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}}' install_gpu_driver: |- - @@ -86336,6 +104723,10 @@ resources: - (Optional) The Compute Engine tags to add to instance. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -86528,6 +104919,9 @@ resources: "runtime_owner": "admin@hashicorptest.com" } ], + "labels": { + "k": "val" + }, "location": "us-central1", "name": "notebooks-runtime-kernel", "software_config": [ @@ -86569,6 +104963,9 @@ resources: "runtime_owner": "admin@hashicorptest.com" } ], + "labels": { + "k": "val" + }, "location": "us-central1", "name": "notebooks-runtime-script", "software_config": [ @@ -86717,6 +105114,7 @@ resources: Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT. delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. encryption_config.kms_key: |- - (Optional) @@ -86768,6 +105166,15 @@ resources: - (Optional) The tag of the container image. If not specified, this defaults to the latest tag. + labels: |- + - + (Optional) + The labels to associate with this runtime. Label keys must + contain 1 to 63 characters, and must conform to [RFC 1035] + (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + empty, but, if present, must contain 1 to 63 characters, and must + conform to RFC 1035. No + more than 32 labels can be associated with a cluster. location: |- - (Required) @@ -86870,6 +105277,10 @@ resources: state: |- - The state of this runtime. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' virtual_machine: |- - @@ -87041,13 +105452,10 @@ resources: ], "name": "custom.disableGkeAutoUpgrade", "parent": "organizations/123456789", - "provider": "${google-beta}", "resource_types": [ "container.googleapis.com/NodePool" ] } - references: - provider: google-beta - name: constraint manifest: |- { @@ -87061,19 +105469,15 @@ resources: ], "name": "custom.disableGkeAutoUpgrade", "parent": "organizations/123456789", - "provider": "${google-beta}", "resource_types": [ "container.googleapis.com/NodePool" ] } - references: - provider: google-beta dependencies: google_org_policy_policy.bool: |- { "name": "organizations/123456789/policies/${google_org_policy_custom_constraint.constraint.name}", "parent": "organizations/123456789", - "provider": "${google-beta}", "spec": [ { "rules": [ @@ -87231,6 +105635,48 @@ resources: "org_id": "123456789", "project_id": "id" } + - name: primary + manifest: |- + { + "dry_run_spec": [ + { + "inherit_from_parent": false, + "reset": false, + "rules": [ + { + "enforce": "FALSE" + } + ] + } + ], + "name": "organizations/123456789/policies/${google_org_policy_custom_constraint.constraint.name}", + "parent": "organizations/123456789", + "spec": [ + { + "rules": [ + { + "enforce": "FALSE" + } + ] + } + ] + } + dependencies: + google_org_policy_custom_constraint.constraint: |- + { + "action_type": "ALLOW", + "condition": "resource.management.autoUpgrade == false", + "description": "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.", + "display_name": "Disable GKE auto upgrade", + "method_types": [ + "CREATE" + ], + "name": "custom.disableGkeAutoUpgrade", + "parent": "organizations/123456789", + "resource_types": [ + "container.googleapis.com/NodePool" + ] + } argumentDocs: condition.description: |- - @@ -87250,6 +105696,31 @@ resources: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + dry_run_spec: |- + - + (Optional) + Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. + dry_run_spec.etag: |- + - + An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a CreatePolicy request. When the policyis returned from either aGetPolicyor aListPoliciesrequest, thisetagindicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from aGetEffectivePolicyrequest, theetag` will be unset. + dry_run_spec.inherit_from_parent: |- + - + (Optional) + Determines the inheritance behavior for this policy. If inherit_from_parent is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + dry_run_spec.reset: |- + - + (Optional) + Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false. + dry_run_spec.rules: |- + - + (Optional) + In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set enforced to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + dry_run_spec.update_time: |- + - + Output only. The time stamp this was previously updated. This represents the last time a call to CreatePolicy or UpdatePolicy was made for that policy. + etag: |- + - + Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. id: '- an identifier for the resource with format {{parent}}/policies/{{name}}' name: |- - @@ -87262,7 +105733,7 @@ resources: rules.allow_all: |- - (Optional) - Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints. + Setting this to "TRUE" means that all values are allowed. This field can be set only in policies for list constraints. rules.condition: |- - (Optional) @@ -87270,15 +105741,15 @@ resources: rules.deny_all: |- - (Optional) - Setting this to true means that all values are denied. This field can be set only in Policies for list constraints. + Setting this to "TRUE" means that all values are denied. This field can be set only in policies for list constraints. rules.enforce: |- - (Optional) - If true, then the Policy is enforced. If false, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. + If "TRUE", then the policy is enforced. If "FALSE", then any configuration is acceptable. This field can be set only in policies for boolean constraints. rules.values: |- - (Optional) - List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. + List of values to be used for this policy rule. This field can be set only in policies for list constraints. spec: |- - (Optional) @@ -88230,6 +106701,7 @@ resources: importStatements: [] google_os_config_os_policy_assignment: subCategory: OS Config + description: OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances. name: google_os_config_os_policy_assignment title: "" examples: @@ -88939,6 +107411,9 @@ resources: "CRITICAL", "SECURITY", "UPDATE" + ], + "excludes": [ + "5012170" ] } ], @@ -88968,6 +107443,7 @@ resources: "week_day_of_month": [ { "day_of_week": "TUESDAY", + "day_offset": 3, "week_ordinal": -1 } ] @@ -89311,6 +107787,10 @@ resources: (Required) A day of the week. Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + week_day_of_month.day_offset: |- + - + (Optional) + Represents the number of days before or after the given week day of month that the patch deployment is scheduled for. week_day_of_month.week_ordinal: |- - (Required) @@ -89756,6 +108236,7 @@ resources: Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. elliptic_curve.signature_algorithm: |- - (Required) @@ -89974,6 +108455,10 @@ resources: (Optional) The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. tier: |- - (Required) @@ -90668,47 +109153,6 @@ resources: - (Optional) The key may be used to encipher other keys. - base_key_usage.key_usage_options: |- - - - (Output) - Describes high-level ways in which a key may be used. - Structure is documented below. - base_key_usage.key_usage_options.cert_sign: |- - - - (Output) - The key may be used to sign certificates. - base_key_usage.key_usage_options.content_commitment: |- - - - (Output) - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - base_key_usage.key_usage_options.crl_sign: |- - - - (Output) - The key may be used sign certificate revocation lists. - base_key_usage.key_usage_options.data_encipherment: |- - - - (Output) - The key may be used to encipher data. - base_key_usage.key_usage_options.decipher_only: |- - - - (Output) - The key may be used to decipher only. - base_key_usage.key_usage_options.digital_signature: |- - - - (Output) - The key may be used for digital signatures. - base_key_usage.key_usage_options.encipher_only: |- - - - (Output) - The key may be used to encipher only. - base_key_usage.key_usage_options.key_agreement: |- - - - (Output) - The key may be used in a key agreement protocol. - base_key_usage.key_usage_options.key_encipherment: |- - - - (Output) - The key may be used to encipher other keys. ca_options.is_ca: |- - (Optional) @@ -90758,11 +109202,6 @@ resources: (Output) The hash of the x.509 certificate. Structure is documented below. - certificate_description.config_values: |- - - - (Output, Deprecated) - Describes some of the technical fields in a certificate. - Structure is documented below. certificate_description.crl_distribution_points: |- - (Output) @@ -90815,26 +109254,6 @@ resources: (Required) Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below. - config_values.key_usage: |- - - - (Output) - Indicates the intended use for keys that correspond to a certificate. - Structure is documented below. - config_values.key_usage.base_key_usage: |- - - - (Output) - Describes high-level ways in which a key may be used. - Structure is documented below. - config_values.key_usage.extended_key_usage: |- - - - (Output) - Describes high-level ways in which a key may be used. - Structure is documented below. - config_values.key_usage.unknown_extended_key_usages: |- - - - (Output) - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - Structure is documented below. create: '- Default is 20 minutes.' create_time: |- - @@ -90854,6 +109273,7 @@ resources: (Output) The value of this X.509 extension. delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. extended_key_usage.client_auth: |- - (Optional) @@ -90990,10 +109410,6 @@ resources: pem_certificate_chain: |- - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246. - pem_certificates: |- - - - (Deprecated) - Required. Expected to be in leaf-to-root order according to RFC 5246. pem_csr: |- - (Optional) @@ -91124,15 +109540,10 @@ resources: - (Output) Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. - unknown_extended_key_usages.obect_id: |- - - - (Output) - Required. Describes how some of the technical fields in a certificate should be populated. - Structure is documented below. - unknown_extended_key_usages.obect_id.object_id_path: |- + terraform_labels: |- - - (Output) - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + The combination of labels configured directly on the resource + and default labels configured on the provider. unknown_extended_key_usages.object_id_path: |- - (Required) @@ -91491,8 +109902,8 @@ resources: ], "deletion_protection": "true", "depends_on": [ - "${google_kms_crypto_key_iam_binding.privateca_sa_keyuser_signerverifier}", - "${google_kms_crypto_key_iam_binding.privateca_sa_keyuser_viewer}" + "${google_kms_crypto_key_iam_member.privateca_sa_keyuser_signerverifier}", + "${google_kms_crypto_key_iam_member.privateca_sa_keyuser_viewer}" ], "key_spec": [ { @@ -91503,20 +109914,16 @@ resources: "pool": "ca-pool" } dependencies: - google_kms_crypto_key_iam_binding.privateca_sa_keyuser_signerverifier: |- + google_kms_crypto_key_iam_member.privateca_sa_keyuser_signerverifier: |- { "crypto_key_id": "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key", - "members": [ - "serviceAccount:${google_project_service_identity.privateca_sa.email}" - ], + "member": "serviceAccount:${google_project_service_identity.privateca_sa.email}", "role": "roles/cloudkms.signerVerifier" } - google_kms_crypto_key_iam_binding.privateca_sa_keyuser_viewer: |- + google_kms_crypto_key_iam_member.privateca_sa_keyuser_viewer: |- { "crypto_key_id": "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key", - "members": [ - "serviceAccount:${google_project_service_identity.privateca_sa.email}" - ], + "member": "serviceAccount:${google_project_service_identity.privateca_sa.email}", "role": "roles/viewer" } google_project_service_identity.privateca_sa: |- @@ -91635,6 +110042,9 @@ resources: A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. extended_key_usage.client_auth: |- - (Optional) @@ -91682,6 +110092,7 @@ resources: - (Optional) Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. key_spec.desired_state: '- (Optional) Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA.' + key_spec.effective_labels: for all of the labels present on the resource. key_spec.gcs_bucket: |- - (Optional) @@ -91915,6 +110326,10 @@ resources: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself. Structure is documented below. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. unknown_extended_key_usages.object_id_path: |- - (Required) @@ -92154,6 +110569,9 @@ resources: - Output only. The time at which this CertificateTemplate was created. delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. extended_key_usage.client_auth: |- - (Optional) @@ -92271,6 +110689,9 @@ resources: - (Optional) Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. unknown_extended_key_usages.object_id_path: |- - (Required) @@ -92374,6 +110795,9 @@ resources: for more details. create: '- Default is 10 minutes.' delete: '- Default is 10 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. folder_id: |- - (Optional) The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be @@ -92381,7 +110805,10 @@ resources: created under the specified folder. Changing this forces the project to be migrated to the newly specified folder. id: '- an identifier for the resource with format projects/{{project}}' - labels: '- (Optional) A set of key/value label pairs to assign to the project.' + labels: |- + - (Optional) A set of key/value label pairs to assign to the project. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. name: '- (Required) The display name of the project.' number: '- The numeric identifier of the project.' org_id: |- @@ -92395,6 +110822,9 @@ resources: skip_delete: |- - (Optional) If true, the Terraform resource can be deleted without deleting the Project via the Google API. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. update: '- Default is 10 minutes.' importStatements: [] google_project_access_approval_settings: @@ -92510,7 +110940,7 @@ resources: enrolled_services.project: |- - (Optional, Deprecated) - Deprecated in favor of project_id + Project id. id: '- an identifier for the resource with format projects/{{project_id}}/accessApprovalSettings' invalid_key_version: |- - @@ -92585,7 +111015,7 @@ resources: name: '- The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.' permissions: (Required) The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified. project: |- - - (Optional) The project that the service account will be created in. + - (Optional) The project that the custom role will be created in. Defaults to the provider project configuration. role_id: '- (Required) The camel case role id to use for this role. Cannot contain - characters.' stage: |- @@ -93090,7 +111520,7 @@ resources: manifest: |- { "definition": "{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n", - "name": "example", + "name": "example-schema", "type": "AVRO" } - name: example @@ -93121,7 +111551,11 @@ resources: (Optional) The definition of the schema. This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. + that is a valid schema definition of the type specified in type. Changes + to the definition commit new schema revisions. + A schema can only have up to 20 revisions, so updates that fail with an + error indicating that the limit has been reached require manually + deleting old revisions. delete: '- Default is 20 minutes.' id: '- an identifier for the resource with format projects/{{project}}/schemas/{{name}}' name: |- @@ -93139,6 +111573,43 @@ resources: Possible values are: TYPE_UNSPECIFIED, PROTOCOL_BUFFER, AVRO. update: '- Default is 20 minutes.' importStatements: [] + google_pubsub_schema_iam_policy: + subCategory: Cloud Pub/Sub + description: Collection of resources to manage IAM policy for Cloud Pub/Sub Schema + name: google_pubsub_schema_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_pubsub_schema.example.project}", + "schema": "${google_pubsub_schema.example.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + project: google_pubsub_schema.example.project + schema: google_pubsub_schema.example.name + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_pubsub_schema_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.' + google_pubsub_schema_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.' + google_pubsub_schema_iam_policy: ': Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_pubsub_schema_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_pubsub_schema_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + schema: '- (Required) Used to find the parent resource to bind the IAM policy to' + importStatements: [] google_pubsub_subscription: subCategory: Cloud Pub/Sub description: A named resource representing the stream of messages from a single, specific topic, to be delivered to the subscribing application. @@ -93161,10 +111632,10 @@ resources: "push_endpoint": "https://example.com/push" } ], - "topic": "${google_pubsub_topic.example.name}" + "topic": "${google_pubsub_topic.example.id}" } references: - topic: google_pubsub_topic.example.name + topic: google_pubsub_topic.example.id dependencies: google_pubsub_topic.example: |- { @@ -93191,10 +111662,10 @@ resources: "minimum_backoff": "10s" } ], - "topic": "${google_pubsub_topic.example.name}" + "topic": "${google_pubsub_topic.example.id}" } references: - topic: google_pubsub_topic.example.name + topic: google_pubsub_topic.example.id dependencies: google_pubsub_topic.example: |- { @@ -93203,48 +111674,79 @@ resources: - name: example manifest: |- { + "dead_letter_policy": [ + { + "dead_letter_topic": "${google_pubsub_topic.example_dead_letter.id}", + "max_delivery_attempts": 10 + } + ], "name": "example-subscription", - "project": "subscription-project", - "topic": "${google_pubsub_topic.example.name}" + "topic": "${google_pubsub_topic.example.id}" } references: - topic: google_pubsub_topic.example.name + dead_letter_policy.dead_letter_topic: google_pubsub_topic.example_dead_letter.id + topic: google_pubsub_topic.example.id dependencies: google_pubsub_topic.example: |- { - "name": "example-topic", - "project": "topic-project" + "name": "example-topic" + } + google_pubsub_topic.example_dead_letter: |- + { + "name": "example-topic-dead-letter" } - name: example manifest: |- { - "dead_letter_policy": [ + "bigquery_config": [ { - "dead_letter_topic": "${google_pubsub_topic.example_dead_letter.id}", - "max_delivery_attempts": 10 + "table": "${google_bigquery_table.test.project}.${google_bigquery_table.test.dataset_id}.${google_bigquery_table.test.table_id}" } ], + "depends_on": [ + "${google_project_iam_member.viewer}", + "${google_project_iam_member.editor}" + ], "name": "example-subscription", - "topic": "${google_pubsub_topic.example.name}" + "topic": "${google_pubsub_topic.example.id}" } references: - dead_letter_policy.dead_letter_topic: google_pubsub_topic.example_dead_letter.id - topic: google_pubsub_topic.example.name + topic: google_pubsub_topic.example.id dependencies: - google_pubsub_topic.example: |- + google_bigquery_dataset.test: |- { - "name": "example-topic" + "dataset_id": "example_dataset" } - google_pubsub_topic.example_dead_letter: |- + google_bigquery_table.test: |- { - "name": "example-topic-dead-letter" + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n", + "table_id": "example_table" + } + google_project_iam_member.editor: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", + "project": "${data.google_project.project.project_id}", + "role": "roles/bigquery.dataEditor" + } + google_project_iam_member.viewer: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", + "project": "${data.google_project.project.project_id}", + "role": "roles/bigquery.metadataViewer" + } + google_pubsub_topic.example: |- + { + "name": "example-topic" } - name: example manifest: |- { "bigquery_config": [ { - "table": "${google_bigquery_table.test.project}.${google_bigquery_table.test.dataset_id}.${google_bigquery_table.test.table_id}" + "table": "${google_bigquery_table.test.project}.${google_bigquery_table.test.dataset_id}.${google_bigquery_table.test.table_id}", + "use_table_schema": true } ], "depends_on": [ @@ -93252,10 +111754,10 @@ resources: "${google_project_iam_member.editor}" ], "name": "example-subscription", - "topic": "${google_pubsub_topic.example.name}" + "topic": "${google_pubsub_topic.example.id}" } references: - topic: google_pubsub_topic.example.name + topic: google_pubsub_topic.example.id dependencies: google_bigquery_dataset.test: |- { @@ -93284,6 +111786,89 @@ resources: { "name": "example-topic" } + - name: example + manifest: |- + { + "cloud_storage_config": [ + { + "bucket": "${google_storage_bucket.example.name}", + "filename_prefix": "pre-", + "filename_suffix": "-", + "max_bytes": 1000, + "max_duration": "300s" + } + ], + "depends_on": [ + "${google_storage_bucket.example}", + "${google_storage_bucket_iam_member.admin}" + ], + "name": "example-subscription", + "topic": "${google_pubsub_topic.example.id}" + } + references: + cloud_storage_config.bucket: google_storage_bucket.example.name + topic: google_pubsub_topic.example.id + dependencies: + google_pubsub_topic.example: |- + { + "name": "example-topic" + } + google_storage_bucket.example: |- + { + "location": "US", + "name": "example-bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.admin: |- + { + "bucket": "${google_storage_bucket.example.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", + "role": "roles/storage.admin" + } + - name: example + manifest: |- + { + "cloud_storage_config": [ + { + "avro_config": [ + { + "write_metadata": true + } + ], + "bucket": "${google_storage_bucket.example.name}", + "filename_prefix": "pre-", + "filename_suffix": "-", + "max_bytes": 1000, + "max_duration": "300s" + } + ], + "depends_on": [ + "${google_storage_bucket.example}", + "${google_storage_bucket_iam_member.admin}" + ], + "name": "example-subscription", + "topic": "${google_pubsub_topic.example.id}" + } + references: + cloud_storage_config.bucket: google_storage_bucket.example.name + topic: google_pubsub_topic.example.id + dependencies: + google_pubsub_topic.example: |- + { + "name": "example-topic" + } + google_storage_bucket.example: |- + { + "location": "US", + "name": "example-bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.admin: |- + { + "bucket": "${google_storage_bucket.example.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", + "role": "roles/storage.admin" + } argumentDocs: ack_deadline_seconds: |- - @@ -93303,31 +111888,81 @@ resources: for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. + avro_config.write_metadata: |- + - + (Optional) + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output. bigquery_config: |- - (Optional) If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. Structure is documented below. bigquery_config.drop_unknown_fields: |- - (Optional) - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + and any messages with extra fields are not written and remain in the subscription's backlog. bigquery_config.table: |- - (Required) The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} + bigquery_config.use_table_schema: |- + - + (Optional) + When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. bigquery_config.use_topic_schema: |- - (Optional) When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. bigquery_config.write_metadata: |- - (Optional) When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + cloud_storage_config: |- + - + (Optional) + If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + Structure is documented below. + cloud_storage_config.avro_config: |- + - + (Optional) + If set, message data will be written to Cloud Storage in Avro format. + Structure is documented below. + cloud_storage_config.bucket: |- + - + (Required) + User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like "gs://". + cloud_storage_config.filename_prefix: |- + - + (Optional) + User-provided prefix for Cloud Storage filename. + cloud_storage_config.filename_suffix: |- + - + (Optional) + User-provided suffix for Cloud Storage filename. Must not end in "/". + cloud_storage_config.max_bytes: |- + - + (Optional) + The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + The maxBytes limit may be exceeded in cases where messages are larger than the limit. + cloud_storage_config.max_duration: |- + - + (Optional) + The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + May not exceed the subscription's acknowledgement deadline. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + cloud_storage_config.state: |- + - + (Output) + An output-only field that indicates whether or not the subscription can receive messages. create: '- Default is 20 minutes.' dead_letter_policy: |- - @@ -93364,6 +111999,7 @@ resources: This field will be honored on a best effort basis. If this parameter is 0, a default value of 5 is used. delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. enable_exactly_once_delivery: |- - (Optional) @@ -93514,10 +112150,16 @@ resources: (Optional) The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. topic: |- - (Required) - A reference to a Topic resource. + A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + (as in the id property of a google_pubsub_topic), or just a topic name if + the topic is in the same project as the subscription. update: '- Default is 20 minutes.' importStatements: [] google_pubsub_subscription_iam_policy: @@ -93624,6 +112266,7 @@ resources: argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/topics/{{name}}' kms_key_name: |- - @@ -93646,7 +112289,8 @@ resources: For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. + The rotation period has the format of a decimal number, followed by the + letter s (seconds). Cannot be more than 31 days or less than 10 minutes. message_storage_policy: |- - (Optional) @@ -93688,6 +112332,10 @@ resources: validated against. Format is projects/{project}/schemas/{schema}. The value of this field will be deleted-schema if the schema has been deleted. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_pubsub_topic_iam_policy: @@ -93786,6 +112434,35 @@ resources: } ] } + - name: primary + manifest: |- + { + "display_name": "display-name-one", + "labels": { + "label-one": "value-one" + }, + "project": "my-project-name", + "testing_options": [ + { + "testing_challenge": "NOCAPTCHA", + "testing_score": 0.5 + } + ], + "waf_settings": [ + { + "waf_feature": "CHALLENGE_PAGE", + "waf_service": "CA" + } + ], + "web_settings": [ + { + "allow_all_domains": true, + "allowed_domains": [], + "challenge_security_preference": "USABILITY", + "integration_type": "INVISIBLE" + } + ] + } - name: primary manifest: |- { @@ -93853,6 +112530,9 @@ resources: - (Required) Human-readable display name of this key. Modifiable by user. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/keys/{{name}}' ios_settings: |- - @@ -93872,11 +112552,14 @@ resources: See Creating and managing labels. name: |- - - The resource name for the Key in the format "projects/{project}/keys/{key}". + The resource id for the Key, which is the same as the Site Key itself. project: |- - (Optional) The project for the resource + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. testing_options: |- - (Optional) @@ -93890,6 +112573,18 @@ resources: (Optional) All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive. update: '- Default is 20 minutes.' + waf_settings: |- + - + (Optional) + Settings specific to keys that can be used for WAF (Web Application Firewall). + waf_settings.waf_feature: |- + - + (Required) + Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS + waf_settings.waf_service: |- + - + (Required) + The WAF service that uses this key. Possible values: CA, FASTLY web_settings: |- - (Optional) @@ -93915,6 +112610,198 @@ resources: (Required) Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE importStatements: [] + google_redis_cluster: + subCategory: Memorystore (Redis) + description: A Google Cloud Redis Cluster instance. + name: google_redis_cluster + title: "" + examples: + - name: cluster-ha + manifest: |- + { + "authorization_mode": "AUTH_MODE_DISABLED", + "depends_on": [ + "${google_network_connectivity_service_connection_policy.default}" + ], + "lifecycle": [ + { + "prevent_destroy": true + } + ], + "name": "ha-cluster", + "psc_configs": [ + { + "network": "${google_compute_network.producer_net.id}" + } + ], + "region": "us-central1", + "replica_count": 1, + "shard_count": 3, + "transit_encryption_mode": "TRANSIT_ENCRYPTION_MODE_DISABLED" + } + references: + psc_configs.network: google_compute_network.producer_net.id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "mynetwork" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.248/29", + "name": "mysubnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + google_network_connectivity_service_connection_policy.default: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "mypolicy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } + argumentDocs: + create: '- Default is 60 minutes.' + create_time: |- + - + The timestamp associated with the cluster creation request. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 30 minutes.' + discovery_endpoints: |- + - + Output only. Endpoints created on each given network, + for Redis clients to connect to the cluster. + Currently only one endpoint is supported. + Structure is documented below. + discovery_endpoints.address: |- + - + (Optional) + Output only. Network address of the exposed Redis endpoint used by clients to connect to the service. + discovery_endpoints.port: |- + - + (Optional) + Output only. The port number of the exposed Redis endpoint. + discovery_endpoints.psc_config: |- + - + (Optional) + Output only. Customer configuration for where the endpoint + is created and accessed from. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/clusters/{{name}}' + name: |- + - + (Required) + Unique name of the resource in this scope including project and location using the form: + projects/{projectId}/locations/{locationId}/clusters/{clusterId} + psc_config.network: |- + - + (Optional) + The consumer network where the network address of the discovery + endpoint will be reserved, in the form of + projects/{network_project_id}/global/networks/{network_id}. + psc_configs: |- + - + (Required) + Required. Each PscConfig configures the consumer network where two + network addresses will be designated to the cluster for client access. + Currently, only one PscConfig is supported. + Structure is documented below. + psc_configs.authorization_mode: |- + - + (Optional) + Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. + Default value is AUTH_MODE_DISABLED. + Possible values are: AUTH_MODE_UNSPECIFIED, AUTH_MODE_IAM_AUTH, AUTH_MODE_DISABLED. + psc_configs.network: |- + - + (Required) + Required. The consumer network where the network address of + the discovery endpoint will be reserved, in the form of + projects/{network_project_id_or_number}/global/networks/{network_id}. + psc_configs.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + psc_configs.region: |- + - + (Optional) + The name of the region of the Redis cluster. + psc_configs.replica_count: |- + - + (Optional) + Optional. The number of replica nodes per shard. + psc_configs.transit_encryption_mode: |- + - + (Optional) + Optional. The in-transit encryption for the Redis cluster. + If not provided, encryption is disabled for the cluster. + Default value is TRANSIT_ENCRYPTION_MODE_DISABLED. + Possible values are: TRANSIT_ENCRYPTION_MODE_UNSPECIFIED, TRANSIT_ENCRYPTION_MODE_DISABLED, TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION. + psc_connections: |- + - + Output only. PSC connections for discovery of the cluster topology and accessing the cluster. + Structure is documented below. + psc_connections.address: |- + - + (Optional) + Output only. The IP allocated on the consumer network for the PSC forwarding rule. + psc_connections.forwarding_rule: |- + - + (Optional) + Output only. The URI of the consumer side forwarding rule. Example: projects/{projectNumOrId}/regions/us-east1/forwardingRules/{resourceId}. + psc_connections.network: |- + - + (Optional) + The consumer network where the IP address resides, in the form of projects/{projectId}/global/networks/{network_id}. + psc_connections.project_id: |- + - + (Optional) + Output only. The consumer projectId where the forwarding rule is created from. + psc_connections.psc_connection_id: |- + - + (Optional) + Output only. The PSC connection id of the forwarding rule connected to the service attachment. + shard_count: |- + - + (Required) + Required. Number of shards for the Redis cluster. + size_gb: |- + - + Output only. Redis memory size in GB for the entire cluster. + state: |- + - + The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED + state_info: |- + - + Output only. Additional information about the current state of the cluster. + Structure is documented below. + state_info.update_info: |- + - + (Optional) + A nested object resource + Structure is documented below. + state_info.update_info.target_replica_count: |- + - + (Optional) + Target number of replica nodes per shard. + state_info.update_info.target_shard_count: |- + - + (Optional) + Target number of shards for redis cluster. + uid: |- + - + System assigned, unique identifier for the cluster. + update: '- Default is 120 minutes.' + importStatements: [] google_redis_instance: subCategory: Memorystore (Redis) description: A Google Cloud Redis instance. @@ -93924,6 +112811,11 @@ resources: - name: cache manifest: |- { + "lifecycle": [ + { + "prevent_destroy": true + } + ], "memory_size_gb": 1, "name": "memory-cache" } @@ -93937,6 +112829,11 @@ resources: "my_key": "my_val", "other_key": "other_val" }, + "lifecycle": [ + { + "prevent_destroy": true + } + ], "location_id": "us-central1-a", "maintenance_policy": [ { @@ -93967,6 +112864,11 @@ resources: manifest: |- { "alternative_location_id": "us-central1-f", + "lifecycle": [ + { + "prevent_destroy": true + } + ], "location_id": "us-central1-a", "memory_size_gb": 1, "name": "ha-memory-cache-persis", @@ -93982,12 +112884,17 @@ resources: manifest: |- { "alternative_location_id": "us-central1-f", - "authorized_network": "${data.google_compute_network.redis-network.id}", + "authorized_network": "${google_compute_network.redis-network.id}", "connect_mode": "PRIVATE_SERVICE_ACCESS", "depends_on": [ "${google_service_networking_connection.private_service_connection}" ], "display_name": "Terraform Test Instance", + "lifecycle": [ + { + "prevent_destroy": true + } + ], "location_id": "us-central1-a", "memory_size_gb": 1, "name": "private-cache", @@ -93995,19 +112902,23 @@ resources: "tier": "STANDARD_HA" } references: - authorized_network: data.google_compute_network.redis-network.id + authorized_network: google_compute_network.redis-network.id dependencies: google_compute_global_address.service_range: |- { "address_type": "INTERNAL", "name": "address", - "network": "${data.google_compute_network.redis-network.id}", + "network": "${google_compute_network.redis-network.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.redis-network: |- + { + "name": "redis-test-network" + } google_service_networking_connection.private_service_connection: |- { - "network": "${data.google_compute_network.redis-network.id}", + "network": "${google_compute_network.redis-network.id}", "reserved_peering_ranges": [ "${google_compute_global_address.service_range.name}" ], @@ -94023,6 +112934,11 @@ resources: "my_key": "my_val", "other_key": "other_val" }, + "lifecycle": [ + { + "prevent_destroy": true + } + ], "location_id": "us-central1-a", "memory_size_gb": 5, "name": "mrr-memory-cache", @@ -94045,6 +112961,11 @@ resources: "my_key": "my_val", "other_key": "other_val" }, + "lifecycle": [ + { + "prevent_destroy": true + } + ], "location_id": "us-central1-a", "memory_size_gb": 1, "name": "cmek-memory-cache", @@ -94123,6 +113044,9 @@ resources: - (Optional) An arbitrary and optional user-provided name for the instance. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. host: |- - Hostname or IP address of the exposed Redis endpoint used by clients @@ -94132,6 +113056,8 @@ resources: - (Optional) Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location_id: |- - (Optional) @@ -94348,6 +113274,10 @@ resources: (Optional) Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. tier: |- - (Optional) @@ -94551,6 +113481,292 @@ resources: accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z". importStatements: [] + google_scc_event_threat_detection_custom_module: + subCategory: Security Command Center (SCC) + description: Represents an instance of an Event Threat Detection custom module, including its full module name, display name, enablement state, andlast updated time. + name: google_scc_event_threat_detection_custom_module + title: "" + examples: + - name: example + manifest: |- + { + "config": "${jsonencode({\n \"metadata\": {\n \"severity\": \"LOW\",\n \"description\": \"Flagged by Forcepoint as malicious\",\n \"recommendation\": \"Contact the owner of the relevant project.\"\n },\n \"ips\": [\n \"192.0.2.1\",\n \"192.0.2.0/24\"\n ]\n })}", + "description": "My Event Threat Detection Custom Module", + "display_name": "basic_custom_module", + "enablement_state": "ENABLED", + "organization": "123456789", + "type": "CONFIGURABLE_BAD_IP" + } + argumentDocs: + config: |- + - + (Required) + Config for the module. For the resident module, its config value is defined at this level. + For the inherited module, its config value is inherited from the ancestor module. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + The human readable name to be displayed for the module. + enablement_state: |- + - + (Required) + The state of enablement for the module at the given level of the hierarchy. + Possible values are: ENABLED, DISABLED. + id: '- an identifier for the resource with format organizations/{{organization}}/eventThreatDetectionSettings/customModules/{{name}}' + last_editor: |- + - + The editor that last updated the custom module + name: |- + - + The resource name of the Event Threat Detection custom module. + Its format is "organizations/{organization}/eventThreatDetectionSettings/customModules/{module}". + organization: |- + - + (Required) + Numerical ID of the parent organization. + type: |- + - + (Required) + Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP. + update: '- Default is 20 minutes.' + update_time: |- + - + The time at which the custom module was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] + google_scc_folder_custom_module: + subCategory: Security Command Center (SCC) + description: Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. + name: google_scc_folder_custom_module + title: "" + examples: + - name: example + manifest: |- + { + "custom_config": [ + { + "description": "The rotation period of the identified cryptokey resource exceeds 30 days.", + "predicate": [ + { + "expression": "resource.rotationPeriod \u003e duration(\"2592000s\")" + } + ], + "recommendation": "Set the rotation period to at most 30 days.", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "MEDIUM" + } + ], + "display_name": "basic_custom_module", + "enablement_state": "ENABLED", + "folder": "${google_folder.folder.folder_id}" + } + references: + folder: google_folder.folder.folder_id + dependencies: + google_folder.folder: |- + { + "display_name": "folder-name", + "parent": "organizations/123456789" + } + - name: example + manifest: |- + { + "custom_config": [ + { + "custom_output": [ + { + "properties": [ + { + "name": "duration", + "value_expression": [ + { + "description": "description of the expression", + "expression": "resource.rotationPeriod", + "location": "location of the expression", + "title": "Purpose of the expression" + } + ] + } + ] + } + ], + "description": "Description of the custom module", + "predicate": [ + { + "description": "description of the expression", + "expression": "resource.rotationPeriod \u003e duration(\"2592000s\")", + "location": "location of the expression", + "title": "Purpose of the expression" + } + ], + "recommendation": "Steps to resolve violation", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "LOW" + } + ], + "display_name": "full_custom_module", + "enablement_state": "ENABLED", + "folder": "${google_folder.folder.folder_id}" + } + references: + folder: google_folder.folder.folder_id + dependencies: + google_folder.folder: |- + { + "display_name": "folder-name", + "parent": "organizations/123456789" + } + argumentDocs: + ancestor_module: |- + - + If empty, indicates that the custom module was created in the organization, folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + create: '- Default is 20 minutes.' + custom_config: |- + - + (Required) + The user specified custom configuration for the module. + Structure is documented below. + custom_config.custom_output: |- + - + (Optional) + Custom output properties. + Structure is documented below. + custom_config.description: |- + - + (Optional) + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + custom_config.predicate: |- + - + (Required) + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + Structure is documented below. + custom_config.recommendation: |- + - + (Required) + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + custom_config.resource_selector: |- + - + (Required) + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + Structure is documented below. + custom_config.severity: |- + - + (Required) + The severity to assign to findings generated by the module. + Possible values are: CRITICAL, HIGH, MEDIUM, LOW. + custom_output.properties: |- + - + (Optional) + A list of custom output properties to add to the finding. + Structure is documented below. + custom_output.properties.name: |- + - + (Optional) + Name of the property for the custom output. + custom_output.properties.value_expression: |- + - + (Optional) + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + Structure is documented below. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + enablement_state: |- + - + (Required) + The enablement state of the custom module. + Possible values are: ENABLED, DISABLED. + folder: |- + - + (Required) + Numerical ID of the parent folder. + id: '- an identifier for the resource with format folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}' + last_editor: |- + - + The editor that last updated the custom module. + name: |- + - + The resource name of the custom module. Its format is "folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}". + The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + predicate.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + predicate.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + predicate.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + predicate.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + resource_selector.resource_types: |- + - + (Required) + The resource types to run the detector on. + update: '- Default is 20 minutes.' + update_time: |- + - + The time at which the custom module was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + value_expression.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + value_expression.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + value_expression.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + value_expression.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + importStatements: [] google_scc_mute_config: subCategory: Security Command Center (SCC) description: Mute Findings is a volume management feature in Security Command Center that lets you manually or programmatically hide irrelevant findings, and create filters to automatically silence existing and future findings based on criteria you specify. @@ -94575,118 +113791,543 @@ resources: description: |- - (Optional) - A description of the mute config. - filter: |- + A description of the mute config. + filter: |- + - + (Required) + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + id: '- an identifier for the resource with format {{name}}' + most_recent_editor: |- + - + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + mute_config_id: |- + - + (Required) + Unique identifier provided by the client within the parent scope. + name: |- + - + Name of the mute config. Its format is + organizations/{organization}/muteConfigs/{configId}, + folders/{folder}/muteConfigs/{configId}, + or projects/{project}/muteConfigs/{configId} + parent: |- + - + (Required) + Resource name of the new mute configs's parent. Its format is + "organizations/[organization_id]", "folders/[folder_id]", or + "projects/[project_id]". + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + importStatements: [] + google_scc_notification_config: + subCategory: Security Command Center (SCC) + description: A Cloud Security Command Center (Cloud SCC) notification configs. + name: google_scc_notification_config + title: "" + examples: + - name: custom_notification_config + manifest: |- + { + "config_id": "my-config", + "description": "My custom Cloud Security Command Center Finding Notification Configuration", + "organization": "123456789", + "pubsub_topic": "${google_pubsub_topic.scc_notification.id}", + "streaming_config": [ + { + "filter": "category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"" + } + ] + } + references: + pubsub_topic: google_pubsub_topic.scc_notification.id + dependencies: + google_pubsub_topic.scc_notification: |- + { + "name": "my-topic" + } + argumentDocs: + config_id: |- + - + (Required) + This must be unique within the organization. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{name}}' + name: |- + - + The resource name of this notification config, in the format + organizations/{{organization}}/notificationConfigs/{{config_id}}. + organization: |- + - + (Required) + The organization whose Cloud Security Command Center the Notification + Config lives in. + pubsub_topic: |- + - + (Required) + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + service_account: |- + - + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + streaming_config: |- + - + (Required) + The config for triggering streaming-based notifications. + Structure is documented below. + streaming_config.description: |- + - + (Optional) + The description of the notification config (max of 1024 characters). + streaming_config.filter: |- + - + (Required) + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + update: '- Default is 20 minutes.' + importStatements: [] + google_scc_organization_custom_module: + subCategory: Security Command Center (SCC) + description: Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. + name: google_scc_organization_custom_module + title: "" + examples: + - name: example + manifest: |- + { + "custom_config": [ + { + "description": "The rotation period of the identified cryptokey resource exceeds 30 days.", + "predicate": [ + { + "expression": "resource.rotationPeriod \u003e duration(\"2592000s\")" + } + ], + "recommendation": "Set the rotation period to at most 30 days.", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "MEDIUM" + } + ], + "display_name": "basic_custom_module", + "enablement_state": "ENABLED", + "organization": "123456789" + } + - name: example + manifest: |- + { + "custom_config": [ + { + "custom_output": [ + { + "properties": [ + { + "name": "duration", + "value_expression": [ + { + "description": "description of the expression", + "expression": "resource.rotationPeriod", + "location": "location of the expression", + "title": "Purpose of the expression" + } + ] + } + ] + } + ], + "description": "Description of the custom module", + "predicate": [ + { + "description": "description of the expression", + "expression": "resource.rotationPeriod \u003e duration(\"2592000s\")", + "location": "location of the expression", + "title": "Purpose of the expression" + } + ], + "recommendation": "Steps to resolve violation", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "LOW" + } + ], + "display_name": "full_custom_module", + "enablement_state": "ENABLED", + "organization": "123456789" + } + argumentDocs: + ancestor_module: |- + - + If empty, indicates that the custom module was created in the organization, folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + create: '- Default is 20 minutes.' + custom_config: |- + - + (Required) + The user specified custom configuration for the module. + Structure is documented below. + custom_config.custom_output: |- + - + (Optional) + Custom output properties. + Structure is documented below. + custom_config.description: |- + - + (Optional) + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + custom_config.predicate: |- - (Required) - An expression that defines the filter to apply across create/update - events of findings. While creating a filter string, be mindful of - the scope in which the mute configuration is being created. E.g., - If a filter contains project = X but is created under the - project = Y scope, it might not match any findings. - id: '- an identifier for the resource with format {{name}}' - most_recent_editor: |- + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + Structure is documented below. + custom_config.recommendation: |- - - Email address of the user who last edited the mute config. This - field is set by the server and will be ignored if provided on - config creation or update. - mute_config_id: |- + (Required) + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + custom_config.resource_selector: |- - (Required) - Unique identifier provided by the client within the parent scope. + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + Structure is documented below. + custom_config.severity: |- + - + (Required) + The severity to assign to findings generated by the module. + Possible values are: CRITICAL, HIGH, MEDIUM, LOW. + custom_output.properties: |- + - + (Optional) + A list of custom output properties to add to the finding. + Structure is documented below. + custom_output.properties.name: |- + - + (Optional) + Name of the property for the custom output. + custom_output.properties.value_expression: |- + - + (Optional) + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + Structure is documented below. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + enablement_state: |- + - + (Required) + The enablement state of the custom module. + Possible values are: ENABLED, DISABLED. + id: '- an identifier for the resource with format organizations/{{organization}}/securityHealthAnalyticsSettings/customModules/{{name}}' + last_editor: |- + - + The editor that last updated the custom module. name: |- - - Name of the mute config. Its format is - organizations/{organization}/muteConfigs/{configId}, - folders/{folder}/muteConfigs/{configId}, - or projects/{project}/muteConfigs/{configId} - parent: |- + The resource name of the custom module. Its format is "organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}". + The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + organization: |- - (Required) - Resource name of the new mute configs's parent. Its format is - "organizations/[organization_id]", "folders/[folder_id]", or - "projects/[project_id]". + Numerical ID of the parent organization. + predicate.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + predicate.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + predicate.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + predicate.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + resource_selector.resource_types: |- + - + (Required) + The resource types to run the detector on. update: '- Default is 20 minutes.' update_time: |- - - Output only. The most recent time at which the mute config was - updated. This field is set by the server and will be ignored if - provided on config creation or update. + The time at which the custom module was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + value_expression.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + value_expression.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + value_expression.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + value_expression.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. importStatements: [] - google_scc_notification_config: + google_scc_project_custom_module: subCategory: Security Command Center (SCC) - description: A Cloud Security Command Center (Cloud SCC) notification configs. - name: google_scc_notification_config + description: Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. + name: google_scc_project_custom_module title: "" examples: - - name: custom_notification_config + - name: example manifest: |- { - "config_id": "my-config", - "description": "My custom Cloud Security Command Center Finding Notification Configuration", - "organization": "123456789", - "pubsub_topic": "${google_pubsub_topic.scc_notification.id}", - "streaming_config": [ + "custom_config": [ { - "filter": "category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"" + "description": "The rotation period of the identified cryptokey resource exceeds 30 days.", + "predicate": [ + { + "expression": "resource.rotationPeriod \u003e duration(\"2592000s\")" + } + ], + "recommendation": "Set the rotation period to at most 30 days.", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "MEDIUM" } - ] + ], + "display_name": "basic_custom_module", + "enablement_state": "ENABLED" } - references: - pubsub_topic: google_pubsub_topic.scc_notification.id - dependencies: - google_pubsub_topic.scc_notification: |- + - name: example + manifest: |- + { + "custom_config": [ { - "name": "my-topic" + "custom_output": [ + { + "properties": [ + { + "name": "duration", + "value_expression": [ + { + "description": "description of the expression", + "expression": "resource.rotationPeriod", + "location": "location of the expression", + "title": "Purpose of the expression" + } + ] + } + ] + } + ], + "description": "Description of the custom module", + "predicate": [ + { + "description": "description of the expression", + "expression": "resource.rotationPeriod \u003e duration(\"2592000s\")", + "location": "location of the expression", + "title": "Purpose of the expression" + } + ], + "recommendation": "Steps to resolve violation", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "LOW" } + ], + "display_name": "full_custom_module", + "enablement_state": "ENABLED" + } argumentDocs: - config_id: |- + ancestor_module: |- - - (Required) - This must be unique within the organization. + If empty, indicates that the custom module was created in the organization,folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format {{name}}' - name: |- + custom_config: |- - - The resource name of this notification config, in the format - organizations/{{organization}}/notificationConfigs/{{config_id}}. - organization: |- + (Required) + The user specified custom configuration for the module. + Structure is documented below. + custom_config.custom_output: |- + - + (Optional) + Custom output properties. + Structure is documented below. + custom_config.description: |- + - + (Optional) + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + custom_config.predicate: |- - (Required) - The organization whose Cloud Security Command Center the Notification - Config lives in. - pubsub_topic: |- + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + Structure is documented below. + custom_config.recommendation: |- - (Required) - The Pub/Sub topic to send notifications to. Its format is - "projects/[project_id]/topics/[topic]". - service_account: |- + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + custom_config.resource_selector: |- - - The service account that needs "pubsub.topics.publish" permission to - publish to the Pub/Sub topic. - streaming_config: |- + (Required) + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + Structure is documented below. + custom_config.severity: |- - (Required) - The config for triggering streaming-based notifications. + The severity to assign to findings generated by the module. + Possible values are: CRITICAL, HIGH, MEDIUM, LOW. + custom_output.properties: |- + - + (Optional) + A list of custom output properties to add to the finding. Structure is documented below. - streaming_config.description: |- + custom_output.properties.name: |- - (Optional) - The description of the notification config (max of 1024 characters). - streaming_config.filter: |- + Name of the property for the custom output. + custom_output.properties.value_expression: |- + - + (Optional) + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + Structure is documented below. + delete: '- Default is 20 minutes.' + display_name: |- - (Required) - Expression that defines the filter to apply across create/update - events of assets or findings as specified by the event type. The - expression is a list of zero or more restrictions combined via - logical operators AND and OR. Parentheses are supported, and OR - has higher precedence than AND. - Restrictions have the form and may have - a - character in front of them to indicate negation. The fields - map to those defined in the corresponding resource. - The supported operators are: + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + enablement_state: |- + - + (Required) + The enablement state of the custom module. + Possible values are: ENABLED, DISABLED. + id: '- an identifier for the resource with format projects/{{project}}/securityHealthAnalyticsSettings/customModules/{{name}}' + last_editor: |- + - + The editor that last updated the custom module. + name: |- + - + The resource name of the custom module. Its format is "projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}". + The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + predicate.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + predicate.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + predicate.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + predicate.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + resource_selector.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + resource_selector.resource_types: |- + - + (Required) + The resource types to run the detector on. update: '- Default is 20 minutes.' + update_time: |- + - + The time at which the custom module was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + value_expression.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + value_expression.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + value_expression.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + value_expression.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. importStatements: [] google_scc_source: subCategory: Security Command Center (SCC) @@ -94790,16 +114431,93 @@ resources: ], "secret_id": "secret" } + - name: secret-with-annotations + manifest: |- + { + "annotations": { + "key1": "someval", + "key2": "someval2", + "key3": "someval3", + "key4": "someval4", + "key5": "someval5" + }, + "labels": { + "label": "my-label" + }, + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "secret" + } + - name: secret-with-automatic-cmek + manifest: |- + { + "depends_on": [ + "${google_kms_crypto_key_iam_member.kms-secret-binding}" + ], + "replication": [ + { + "auto": [ + { + "customer_managed_encryption": [ + { + "kms_key_name": "kms-key" + } + ] + } + ] + } + ], + "secret_id": "secret" + } + dependencies: + google_kms_crypto_key_iam_member.kms-secret-binding: |- + { + "crypto_key_id": "kms-key", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } argumentDocs: + auto.customer_managed_encryption: |- + - + (Optional) + The customer-managed encryption configuration of the Secret. + If no configuration is provided, Google-managed default + encryption is used. + Structure is documented below. + auto.customer_managed_encryption.kms_key_name: |- + - + (Required) + The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. create: '- Default is 20 minutes.' create_time: |- - The time at which the Secret was created. + customer_managed_encryption.annotations: |- + - + (Optional) + Custom metadata about the secret. + Annotations are distinct from various forms of labels. Annotations exist to allow + client tools to store their own state information without requiring a database. + Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + symbols. + The total size of annotation keys and values must be less than 16KiB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + customer_managed_encryption.effective_annotations: for all of the annotations present on the resource. + customer_managed_encryption.effective_labels: for all of the labels present on the resource. customer_managed_encryption.expire_time: |- - (Optional) Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Only one of expire_time or ttl can be provided. customer_managed_encryption.kms_key_name: |- - (Required) @@ -94833,7 +114551,24 @@ resources: (Optional) The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + Only one of ttl or expire_time can be provided. + customer_managed_encryption.version_aliases: |- + - + (Optional) + Mapping from version alias to version name. + A version alias is a string with a maximum length of 63 characters and can contain + uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + characters. An alias string must start with a letter and cannot be the string + 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/secrets/{{secret_id}}' name: |- - @@ -94845,10 +114580,11 @@ resources: The replication policy of the secret data attached to the Secret. It cannot be changed after the Secret has been created. Structure is documented below. - replication.automatic: |- + replication.auto: |- - (Optional) The Secret will automatically be replicated without any restrictions. + Structure is documented below. replication.user_managed: |- - (Optional) @@ -94868,6 +114604,10 @@ resources: - (Required) This must be unique within the project. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. topics.name: |- - (Required) @@ -94947,7 +114687,90 @@ resources: }, "replication": [ { - "automatic": true + "auto": [ + {} + ] + } + ], + "secret_id": "secret-version" + } + - name: secret-version-deletion-policy + manifest: |- + { + "deletion_policy": "ABANDON", + "secret": "${google_secret_manager_secret.secret-basic.id}", + "secret_data": "secret-data" + } + references: + secret: google_secret_manager_secret.secret-basic.id + dependencies: + google_secret_manager_secret.secret-basic: |- + { + "replication": [ + { + "user_managed": [ + { + "replicas": [ + { + "location": "us-central1" + } + ] + } + ] + } + ], + "secret_id": "secret-version" + } + - name: secret-version-deletion-policy + manifest: |- + { + "deletion_policy": "DISABLE", + "secret": "${google_secret_manager_secret.secret-basic.id}", + "secret_data": "secret-data" + } + references: + secret: google_secret_manager_secret.secret-basic.id + dependencies: + google_secret_manager_secret.secret-basic: |- + { + "replication": [ + { + "user_managed": [ + { + "replicas": [ + { + "location": "us-central1" + } + ] + } + ] + } + ], + "secret_id": "secret-version" + } + - name: secret-version-base64 + manifest: |- + { + "is_secret_data_base64": true, + "secret": "${google_secret_manager_secret.secret-basic.id}", + "secret_data": "${filebase64(\"secret-data.pfx\")}" + } + references: + secret: google_secret_manager_secret.secret-basic.id + dependencies: + google_secret_manager_secret.secret-basic: |- + { + "replication": [ + { + "user_managed": [ + { + "replicas": [ + { + "location": "us-central1" + } + ] + } + ] } ], "secret_id": "secret-version" @@ -94958,6 +114781,10 @@ resources: - The time at which the Secret was created. delete: '- Default is 20 minutes.' + deletion_policy: |- + - (Optional) The deletion policy for the secret version. Setting ABANDON allows the resource + to be abandoned rather than deleted. Setting DISABLE allows the resource to be + disabled rather than deleted. Default is DELETE. Possible values are: destroy_time: |- - The time at which the Secret was destroyed. Only present if state is DESTROYED. @@ -94966,6 +114793,7 @@ resources: (Optional) The current state of the SecretVersion. id: '- an identifier for the resource with format {{name}}' + is_secret_data_base64: '- (Optional) If set to ''true'', the secret data is expected to be base64-encoded string and would be sent as is.' name: |- - The resource name of the SecretVersion. Format: @@ -94979,10 +114807,283 @@ resources: (Required) The secret data. Must be no larger than 64KiB. Note: This property is sensitive and will not be displayed in the plan. + update: '- Default is 20 minutes.' version: |- - The version of the Secret. importStatements: [] + google_secure_source_manager_instance: + subCategory: Secure Source Manager + description: Instances are deployed to an available Google Cloud region and are accessible via their web interface. + name: google_secure_source_manager_instance + title: "" + examples: + - name: default + manifest: |- + { + "instance_id": "my-instance", + "labels": { + "foo": "bar" + }, + "location": "us-central1" + } + - name: default + manifest: |- + { + "depends_on": [ + "${google_kms_crypto_key_iam_member.crypto_key_binding}" + ], + "instance_id": "my-instance", + "kms_key": "${google_kms_crypto_key.crypto_key.id}", + "location": "us-central1" + } + references: + kms_key: google_kms_crypto_key.crypto_key.id + dependencies: + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "my-key" + } + google_kms_crypto_key_iam_member.crypto_key_binding: |- + { + "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.key_ring: |- + { + "location": "us-central1", + "name": "my-keyring" + } + - name: default + manifest: |- + { + "depends_on": [ + "${google_privateca_certificate_authority.root_ca}", + "${time_sleep.wait_60_seconds}" + ], + "instance_id": "my-instance", + "location": "us-central1", + "private_config": [ + { + "ca_pool": "${google_privateca_ca_pool.ca_pool.id}", + "is_private": true + } + ] + } + references: + private_config.ca_pool: google_privateca_ca_pool.ca_pool.id + dependencies: + google_privateca_ca_pool.ca_pool: |- + { + "location": "us-central1", + "name": "ca-pool", + "publishing_options": [ + { + "publish_ca_cert": true, + "publish_crl": true + } + ], + "tier": "ENTERPRISE" + } + google_privateca_ca_pool_iam_binding.ca_pool_binding: |- + { + "ca_pool": "${google_privateca_ca_pool.ca_pool.id}", + "members": [ + "serviceAccount:service-${data.google_project.project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com" + ], + "role": "roles/privateca.certificateRequester" + } + google_privateca_certificate_authority.root_ca: |- + { + "certificate_authority_id": "root-ca", + "config": [ + { + "subject_config": [ + { + "subject": [ + { + "common_name": "my-certificate-authority", + "organization": "google" + } + ] + } + ], + "x509_config": [ + { + "ca_options": [ + { + "is_ca": true + } + ], + "key_usage": [ + { + "base_key_usage": [ + { + "cert_sign": true, + "crl_sign": true + } + ], + "extended_key_usage": [ + { + "server_auth": true + } + ] + } + ] + } + ] + } + ], + "deletion_protection": false, + "ignore_active_certificates_on_deletion": true, + "key_spec": [ + { + "algorithm": "RSA_PKCS1_4096_SHA256" + } + ], + "location": "us-central1", + "pool": "${google_privateca_ca_pool.ca_pool.name}", + "skip_grace_period": true + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_privateca_ca_pool_iam_binding.ca_pool_binding}" + ] + } + argumentDocs: + create: '- Default is 60 minutes.' + create_time: |- + - + Time the Instance was created in UTC. + delete: '- Default is 60 minutes.' + effective_labels: for all of the labels present on the resource. + host_config: |- + - + A list of hostnames for this instance. + Structure is documented below. + host_config.api: |- + - + (Output) + API hostname. + host_config.git_http: |- + - + (Output) + Git HTTP hostname. + host_config.git_ssh: |- + - + (Output) + Git SSH hostname. + host_config.html: |- + - + (Output) + HTML hostname. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance_id}}' + instance_id: |- + - + (Required) + The name for the Instance. + kms_key: |- + - + (Optional) + Customer-managed encryption key name, in the format projects//locations//keyRings//cryptoKeys/. + labels: |- + - + (Optional) + Labels as key value pairs. + location: |- + - + (Required) + The location for the Instance. + name: |- + - + The resource name for the Instance. + private_config: |- + - + (Optional) + Private settings for private instance. + Structure is documented below. + private_config.ca_pool: |- + - + (Required) + CA pool resource, resource must in the format of projects/{project}/locations/{location}/caPools/{ca_pool}. + private_config.http_service_attachment: |- + - + (Output) + Service Attachment for HTTP, resource is in the format of projects/{project}/regions/{region}/serviceAttachments/{service_attachment}. + private_config.is_private: |- + - + (Required) + 'Indicate if it's private instance.' + private_config.ssh_service_attachment: |- + - + (Output) + Service Attachment for SSH, resource is in the format of projects/{project}/regions/{region}/serviceAttachments/{service_attachment}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + state: |- + - + The current state of the Instance. + state_note: |- + - + Provides information about the current instance state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 60 minutes.' + update_time: |- + - + Time the Instance was updated in UTC. + importStatements: [] + google_secure_source_manager_instance_iam_policy: + subCategory: Secure Source Manager + description: Collection of resources to manage IAM policy for Secure Source Manager Instance + name: google_secure_source_manager_instance_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "instance_id": "${google_secure_source_manager_instance.default.instance_id}", + "location": "${google_secure_source_manager_instance.default.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_secure_source_manager_instance.default.project}" + } + references: + instance_id: google_secure_source_manager_instance.default.instance_id + location: google_secure_source_manager_instance.default.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_secure_source_manager_instance.default.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_secure_source_manager_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.' + google_secure_source_manager_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.' + google_secure_source_manager_instance_iam_policy: ': Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.' + instance_id: |- + - (Required) The name for the Instance. + Used to find the parent resource to bind the IAM policy to + location: |- + - (Required) The location for the Instance. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_secure_source_manager_instance_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_secure_source_manager_instance_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_security_scanner_scan_config: subCategory: Cloud Security Scanner description: A ScanConfig resource contains the configurations to launch a scan. @@ -95112,6 +115213,608 @@ resources: Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE. importStatements: [] + google_securityposture_posture: + subCategory: Security Posture + description: A Posture represents a collection of policy set including its name, state, description and policy sets. + name: google_securityposture_posture + title: "" + examples: + - name: posture1 + manifest: |- + { + "description": "a new posture", + "location": "global", + "parent": "organizations/123456789", + "policy_sets": [ + { + "description": "set of org policies", + "policies": [ + { + "constraint": [ + { + "org_policy_constraint": [ + { + "canned_constraint_id": "storage.uniformBucketLevelAccess", + "policy_rules": [ + { + "condition": [ + { + "description": "condition description", + "expression": "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')", + "title": "a CEL condition" + } + ], + "enforce": true + } + ] + } + ] + } + ], + "policy_id": "canned_org_policy" + }, + { + "constraint": [ + { + "org_policy_constraint_custom": [ + { + "custom_constraint": [ + { + "action_type": "ALLOW", + "condition": "resource.management.autoUpgrade == false", + "description": "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.", + "display_name": "Disable GKE auto upgrade", + "method_types": [ + "CREATE", + "UPDATE" + ], + "name": "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade", + "resource_types": [ + "container.googleapis.com/NodePool" + ] + } + ], + "policy_rules": [ + { + "condition": [ + { + "description": "condition description", + "expression": "resource.matchTagId('tagKeys/key_id','tagValues/value_id')", + "title": "a CEL condition" + } + ], + "enforce": true + } + ] + } + ] + } + ], + "policy_id": "custom_org_policy" + } + ], + "policy_set_id": "org_policy_set" + }, + { + "description": "set of sha policies", + "policies": [ + { + "constraint": [ + { + "security_health_analytics_module": [ + { + "module_enablement_state": "ENABLED", + "module_name": "BIGQUERY_TABLE_CMEK_DISABLED" + } + ] + } + ], + "description": "enable BIGQUERY_TABLE_CMEK_DISABLED", + "policy_id": "sha_builtin_module" + }, + { + "constraint": [ + { + "security_health_analytics_custom_module": [ + { + "config": [ + { + "custom_output": [ + { + "properties": [ + { + "name": "duration", + "value_expression": [ + { + "expression": "resource.rotationPeriod" + } + ] + } + ] + } + ], + "description": "Custom Module", + "predicate": [ + { + "expression": "resource.rotationPeriod \u003e duration('2592000s')" + } + ], + "recommendation": "Testing custom modules", + "resource_selector": [ + { + "resource_types": [ + "cloudkms.googleapis.com/CryptoKey" + ] + } + ], + "severity": "LOW" + } + ], + "display_name": "custom_SHA_policy", + "module_enablement_state": "ENABLED" + } + ] + } + ], + "policy_id": "sha_custom_module" + } + ], + "policy_set_id": "sha_policy_set" + } + ], + "posture_id": "posture_1", + "state": "ACTIVE" + } + argumentDocs: + compliance_standards.control: |- + - + (Optional) + Mapping of security controls for the policy. + compliance_standards.standard: |- + - + (Optional) + Mapping of compliance standards for the policy. + condition.description: |- + - + (Optional) + Description of the expression + condition.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + condition.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a file name and a position in the file + condition.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. + config.custom_output: |- + - + (Optional) + Custom output properties. A set of optional name-value pairs that define custom source properties to + return with each finding that is generated by the custom module. The custom + source properties that are defined here are included in the finding JSON + under sourceProperties. + Structure is documented below. + config.description: |- + - + (Optional) + Text that describes the vulnerability or misconfiguration that the custom + module detects. + config.predicate: |- + - + (Required) + The CEL expression to evaluate to produce findings.When the expression + evaluates to true against a resource, a finding is generated. + Structure is documented below. + config.recommendation: |- + - + (Optional) + An explanation of the recommended steps that security teams can take to + resolve the detected issue + config.resource_selector: |- + - + (Required) + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + Structure is documented below. + config.severity: |- + - + (Required) + The severity to assign to findings generated by the module. + Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW. + constraint.org_policy_constraint: |- + - + (Optional) + Organization policy canned constraint definition. + Structure is documented below. + constraint.org_policy_constraint_custom: |- + - + (Optional) + Organization policy custom constraint policy definition. + Structure is documented below. + constraint.security_health_analytics_custom_module: |- + - + (Optional) + Definition of Security Health Analytics Custom Module. + Structure is documented below. + constraint.security_health_analytics_module: |- + - + (Optional) + Security Health Analytics built-in detector definition. + Structure is documented below. + create: '- Default is 20 minutes.' + create_time: |- + - + Time the Posture was created in UTC. + custom_constraint.action_type: |- + - + (Required) + The action to take if the condition is met. + Possible values are: ALLOW, DENY. + custom_constraint.condition: |- + - + (Required) + A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. + custom_constraint.description: |- + - + (Optional) + A human-friendly description of the constraint to display as an error message when the policy is violated. + custom_constraint.display_name: |- + - + (Optional) + A human-friendly name for the constraint. + custom_constraint.method_types: |- + - + (Required) + A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. + custom_constraint.name: |- + - + (Required) + Immutable. The name of the custom constraint. This is unique within the organization. + custom_constraint.resource_types: |- + - + (Required) + Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool. + custom_output.properties: |- + - + (Optional) + A list of custom output properties to add to the finding. + Structure is documented below. + custom_output.properties.name: |- + - + (Required) + Name of the property for the custom output. + custom_output.properties.value_expression: |- + - + (Optional) + The CEL expression for the custom output. A resource property can be + specified to return the value of the property or a text string enclosed + in quotation marks. + Structure is documented below. + delete: '- Default is 20 minutes.' + etag: |- + - + For Resource freshness validation (https://google.aip.dev/154) + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/postures/{{posture_id}}' + location: |- + - + (Required) + Location of the resource, eg: global. + name: |- + - + Name of the posture. + org_policy_constraint.canned_constraint_id: |- + - + (Required) + Organization policy canned constraint Id + org_policy_constraint.policy_rules: |- + - + (Required) + Definition of policy rules + Structure is documented below. + org_policy_constraint_custom.custom_constraint: |- + - + (Optional) + Organization policy custom constraint definition. + Structure is documented below. + org_policy_constraint_custom.policy_rules: |- + - + (Required) + Definition of policy rules + Structure is documented below. + parent: |- + - + (Required) + The parent of the resource, an organization. Format should be organizations/{organization_id}. + policies.compliance_standards: |- + - + (Optional) + Mapping for policy to security standards and controls. + Structure is documented below. + policies.constraint: |- + - + (Required) + Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule + Structure is documented below. + policies.description: |- + - + (Optional) + Description of the policy. + policies.policy_id: |- + - + (Required) + ID of the policy. + policy_rules.allow_all: |- + - + (Optional) + Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + policy_rules.condition: |- + - + (Optional) + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + Structure is documented below. + policy_rules.deny_all: |- + - + (Optional) + Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + policy_rules.enforce: |- + - + (Optional) + If true, then the policy is enforced. If false, then any configuration is acceptable. + This field can be set only in policies for boolean constraints. + policy_rules.values: |- + - + (Optional) + List of values to be used for this policy rule. This field can be set only in policies for list constraints. + Structure is documented below. + policy_sets: |- + - + (Required) + List of policy sets for the posture. + Structure is documented below. + policy_sets.description: |- + - + (Optional) + Description of the policy set. + policy_sets.policies: |- + - + (Required) + List of security policy + Structure is documented below. + policy_sets.policy_set_id: |- + - + (Required) + ID of the policy set. + posture_id: |- + - + (Required) + Id of the posture. It is an immutable field. + predicate.description: |- + - + (Optional) + Description of the expression + predicate.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + predicate.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a file name and a position in the file + predicate.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. + reconciling: |- + - + If set, there are currently changes in flight to the posture. + resource_selector.description: |- + - + (Optional) + Description of the posture. + resource_selector.resource_types: |- + - + (Required) + The resource types to run the detector on. + revision_id: |- + - + Revision_id of the posture. + security_health_analytics_custom_module.config: |- + - + (Required) + Custom module details. + Structure is documented below. + security_health_analytics_custom_module.display_name: |- + - + (Optional) + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. + security_health_analytics_custom_module.id: |- + - + (Output) + A server generated id of custom module. + security_health_analytics_custom_module.module_enablement_state: |- + - + (Optional) + The state of enablement for the module at its level of the resource hierarchy. + Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED. + security_health_analytics_module.module_enablement_state: |- + - + (Optional) + The state of enablement for the module at its level of the resource hierarchy. + Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED. + security_health_analytics_module.module_name: |- + - + (Required) + The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED. + state: |- + - + (Required) + State of the posture. Update to state field should not be triggered along with + with other field updates. + Possible values are: DEPRECATED, DRAFT, ACTIVE. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the Posture was updated in UTC. + value_expression.description: |- + - + (Optional) + Description of the expression + value_expression.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + value_expression.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a file name and a position in the file + value_expression.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. + values.allowed_values: |- + - + (Optional) + List of values allowed at this resource. + values.denied_values: |- + - + (Optional) + List of values denied at this resource. + importStatements: [] + google_securityposture_posture_deployment: + subCategory: Security Posture + description: Represents a deployment of a security posture on a resource. + name: google_securityposture_posture_deployment + title: "" + examples: + - name: postureDeployment + manifest: |- + { + "description": "a new posture deployment", + "location": "global", + "parent": "organizations/123456789", + "posture_deployment_id": "posture_deployment_1", + "posture_id": "${google_securityposture_posture.posture1.name}", + "posture_revision_id": "${google_securityposture_posture.posture1.revision_id}", + "target_resource": "projects/1111111111111" + } + references: + posture_id: google_securityposture_posture.posture1.name + posture_revision_id: google_securityposture_posture.posture1.revision_id + dependencies: + google_securityposture_posture.posture1: |- + { + "description": "a new posture", + "location": "global", + "parent": "organizations/123456789", + "policy_sets": [ + { + "description": "set of org policies", + "policies": [ + { + "constraint": [ + { + "org_policy_constraint": [ + { + "canned_constraint_id": "storage.uniformBucketLevelAccess", + "policy_rules": [ + { + "enforce": true + } + ] + } + ] + } + ], + "policy_id": "policy_1" + } + ], + "policy_set_id": "org_policy_set" + } + ], + "posture_id": "posture_1", + "state": "ACTIVE" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the posture deployment was created in UTC. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Description of the posture deployment. + desired_posture_id: |- + - + This is an output only optional field which will be filled in case when + PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. + It denotes the desired posture to be deployed. + desired_posture_revision_id: |- + - + This is an output only optional field which will be filled in case when + PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. + It denotes the desired posture revision_id to be deployed. + etag: |- + - + For Resource freshness validation (https://google.aip.dev/154) + failure_message: |- + - + This is a output only optional field which will be filled in case where + PostureDeployment enters a failure state like UPDATE_FAILED or + CREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's + CREATE/UPDATE/DELETE methods. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}' + location: |- + - + (Required) + The location of the resource, eg. global`. + name: |- + - + Name of the posture deployment instance. + parent: |- + - + (Required) + The parent of the resource, an organization. Format should be organizations/{organization_id}. + posture_deployment_id: |- + - + (Required) + ID of the posture deployment. + posture_id: |- + - + (Required) + Relative name of the posture which needs to be deployed. It should be in the format: + organizations/{organization_id}/locations/{location}/postures/{posture_id} + posture_revision_id: |- + - + (Required) + Revision_id the posture which needs to be deployed. + reconciling: |- + - + If set, there are currently changes in flight to the posture deployment. + state: |- + - + State of the posture deployment. A posture deployment can be in the following terminal states: + ACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED. + target_resource: |- + - + (Required) + The resource on which the posture should be deployed. This can be in one of the following formats: + projects/{project_number}, + folders/{folder_number}, + organizations/{organization_id} + update: '- Default is 20 minutes.' + update_time: |- + - + Time the posture deployment was updated in UTC. + importStatements: [] google_service_account: subCategory: Cloud Platform description: Allows management of a Google Cloud Platform service account. @@ -95131,6 +115834,7 @@ resources: must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created. create: '- Default is 5 minutes.' + create_ignore_already_exists: '- (Optional) If set to true, skip service account creation if a service account with the same email already exists.' description: |- - (Optional) A text description of the service account. Must be less than or equal to 256 UTF-8 bytes. @@ -95419,6 +116123,7 @@ resources: argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format {{name}}' labels: |- - @@ -95444,6 +116149,10 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] google_service_directory_namespace_iam_policy: @@ -95605,6 +116314,7 @@ resources: "peering": "${google_service_networking_connection.default.peering}" } argumentDocs: + deletion_policy: '- (Optional) The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. This will enable a successful terraform destroy when destroying CloudSQL instances. Use with care as it can lead to dangling resources.' network: '- (Required) Name of VPC network connected with service producers using VPC peering.' peering: '- (Computed) The name of the VPC Network Peering connection that was created by the service producer.' reserved_peering_ranges: |- @@ -95980,7 +116690,22 @@ resources: } references: policy_data: data.google_iam_policy.admin.policy_data + - name: database + manifest: |- + { + "database": "your-database-name", + "instance": "your-instance-name", + "policy_data": "${data.google_iam_policy.admin.policy_data}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' database: '- (Required) The name of the Spanner database.' etag: '- (Computed) The etag of the database''s IAM policy.' google_spanner_database_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.' @@ -96027,6 +116752,31 @@ resources: }, "processing_units": 200 } + - name: example + manifest: |- + { + "autoscaling_config": [ + { + "autoscaling_limits": [ + { + "max_processing_units": 3000, + "min_processing_units": 2000 + } + ], + "autoscaling_targets": [ + { + "high_priority_cpu_utilization_percent": 75, + "storage_utilization_percent": 90 + } + ] + } + ], + "config": "regional-us-central1", + "display_name": "Test Spanner Instance", + "labels": { + "foo": "bar" + } + } - name: example manifest: |- { @@ -96038,6 +116788,63 @@ resources: "num_nodes": 2 } argumentDocs: + autoscaling_config: |- + - + (Optional) + The autoscaling configuration. Autoscaling is enabled if this field is set. + When autoscaling is enabled, num_nodes and processing_units are treated as, + OUTPUT_ONLY fields and reflect the current compute capacity allocated to + the instance. + Structure is documented below. + autoscaling_config.autoscaling_limits: |- + - + (Optional) + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. Users can define the minimum and + maximum compute capacity allocated to the instance, and the autoscaler will + only scale within that range. Users can either use nodes or processing + units to specify the limits, but should use the same unit to set both the + min_limit and max_limit. + Structure is documented below. + autoscaling_config.autoscaling_targets: |- + - + (Optional) + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + Structure is documented below. + autoscaling_limits.max_nodes: |- + - + (Optional) + Specifies maximum number of nodes allocated to the instance. If set, this number + should be greater than or equal to min_nodes. + autoscaling_limits.max_processing_units: |- + - + (Optional) + Specifies maximum number of processing units allocated to the instance. + If set, this number should be multiples of 1000 and be greater than or equal to + min_processing_units. + autoscaling_limits.min_nodes: |- + - + (Optional) + Specifies number of nodes allocated to the instance. If set, this number + should be greater than or equal to 1. + autoscaling_limits.min_processing_units: |- + - + (Optional) + Specifies minimum number of processing units allocated to the instance. + If set, this number should be multiples of 1000. + autoscaling_targets.high_priority_cpu_utilization_percent: |- + - + (Optional) + Specifies the target high priority cpu utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization).. + autoscaling_targets.storage_utilization_percent: |- + - + (Optional) + Specifies the target storage utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization). config: |- - (Required) @@ -96054,6 +116861,7 @@ resources: (Required) The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. + effective_labels: for all of the labels present on the resource. force_destroy: |- - (Optional) When deleting a spanner instance, this boolean option will delete all backups of this instance. This must be set to true if you created a backup manually in the console. @@ -96085,6 +116893,10 @@ resources: state: |- - Instance status: CREATING or READY. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. tf-: will be selected. update: '- Default is 20 minutes.' importStatements: [] @@ -96373,7 +117185,39 @@ resources: } ] } + - name: main + manifest: |- + { + "database_version": "MYSQL_8_0", + "name": "psc-enabled-main-instance", + "settings": [ + { + "availability_type": "REGIONAL", + "backup_configuration": [ + { + "binary_log_enabled": true, + "enabled": true + } + ], + "ip_configuration": [ + { + "ipv4_enabled": false, + "psc_config": [ + { + "allowed_consumer_projects": [ + "allowed-consumer-project-name" + ], + "psc_enabled": true + } + ] + } + ], + "tier": "db-f1-micro" + } + ] + } argumentDocs: + ALLOW_UNENCRYPTED_AND_ENCRYPTED: when require_ssl=false and ENCRYPTED_ONLY otherwise. OUTGOING: address is the source address of connections originating from the instance, if supported. PRIMARY: address is an address that can accept incoming connections. PRIVATE: 'address is an address for an instance which has been configured to use private networking see: Private IP.' @@ -96385,6 +117229,7 @@ resources: clone.allocated_ip_range: '- (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the cloned instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?.' clone.database_names: '- (Optional) (SQL Server only, use with point_in_time) Clone only the specified databases from the source instance. Clone all databases if empty.' clone.point_in_time: '- (Optional) The timestamp of the point in time that should be restored.' + clone.preferred_zone: '- (Optional) (Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance. clone-unavailable-instance' clone.source_instance_name: '- (Required) Name of the source instance which will be cloned.' connection_name: |- - The connection name of the instance to be used in @@ -96404,6 +117249,7 @@ resources: deletion_protection: |- - (Optional) Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply command that deletes the instance will fail. Defaults to true. + dsn_name: '- The DNS name of the instance. See Connect to an instance using Private Service Connect for more details.' encryption_key_name: |- - (Optional) The full path to the encryption key used for the CMEK disk encryption. Setting @@ -96442,6 +117288,7 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + psc_service_attachment_link: '- the URI that points to the service attachment of the instance.' public_ip_address: |- - The first public (PRIMARY) IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 @@ -96478,7 +117325,7 @@ resources: - (Optional) Time in ms between replication heartbeats. replica_configuration.password: '- (Optional) Password for the replication connection.' - replica_configuration.sslCipher: '- (Optional) Permissible ciphers for use in SSL encryption.' + replica_configuration.ssl_cipher: '- (Optional) Permissible ciphers for use in SSL encryption.' replica_configuration.username: '- (Optional) Username for replication connection.' replica_configuration.verify_server_certificate: |- - (Optional) True if the master's common name @@ -96539,9 +117386,7 @@ resources: settings.backup_configuration.transaction_log_retention_days: '- (Optional) The number of days of transaction logs we retain for point in time restore, from 1-7. For PostgreSQL Enterprise Plus instances, the number of days of retained transaction logs can be set from 1 to 35.' settings.collation: '- (Optional) The name of server instance collation.' settings.connector_enforcement: '- (Optional) Specifies if connections must use Cloud SQL connectors.' - settings.data_cache_config.data_cache_enabled: |- - - (Optional) Whether data cache is enabled for the instance. Defaults to false - Can only be used with MYSQL. + settings.data_cache_config.data_cache_enabled: '- (Optional) Whether data cache is enabled for the instance. Defaults to false. Can be used with MYSQL and PostgreSQL only.' settings.deletion_protection_enabled: . settings.deny_maintenance_period.end_date: '- (Required) "deny maintenance period" end date. If the year of the end date is empty, the year of the start date also must be empty. In this case, it means the no maintenance interval recurs every year. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01' settings.deny_maintenance_period.start_date: '- (Required) "deny maintenance period" start date. If the year of the start date is empty, the year of the end date also must be empty. In this case, it means the deny maintenance period recurs every year. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01' @@ -96557,6 +117402,7 @@ resources: settings.insights_config.record_application_tags: '- True if Query Insights will record application tags from query when enabled.' settings.insights_config.record_client_address: '- True if Query Insights will record client address when enabled.' settings.ip_configuration.allocated_ip_range: '- (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?.' + settings.ip_configuration.allowed_consumer_projects: '- (Optional) List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).' settings.ip_configuration.enable_private_path_for_google_cloud_services: '- (Optional) Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.' settings.ip_configuration.expiration_time: |- - (Optional) The RFC 3339 @@ -96572,7 +117418,9 @@ resources: Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set. - settings.ip_configuration.require_ssl: '- (Optional) Whether SSL connections over IP are enforced or not.' + settings.ip_configuration.psc_enabled: '- (Optional) Whether PSC connectivity is enabled for this instance.' + settings.ip_configuration.require_ssl: '- (Optional) Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode.' + settings.ip_configuration.ssl_mode: '- (Optional) Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl.' settings.ip_configuration.value: |- - (Required) A CIDR notation IPv4 or IPv6 address that is allowed to access this instance. Must be set even if other two attributes are not for @@ -96608,6 +117456,7 @@ resources: settings.version: |- - Used to make sure changes to the settings block are atomic. + ssl_mode: field. update: '- Default is 30 minutes.' importStatements: [] google_sql_source_representation_instance: @@ -96667,7 +117516,7 @@ resources: host: |- - (Required) - The externally accessible IPv4 address for the source database server. + The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. id: '- an identifier for the resource with format projects/{{project}}/instances/{{name}}' name: |- - @@ -96780,7 +117629,7 @@ resources: { "byte_length": 4 } - - name: users + - name: iam_user manifest: |- { "instance": "${google_sql_database_instance.main.name}", @@ -96792,7 +117641,67 @@ resources: dependencies: google_sql_database_instance.main: |- { - "database_version": "POSTGRES_9_6", + "database_version": "POSTGRES_15", + "name": "main-instance-${random_id.db_name_suffix.hex}", + "settings": [ + { + "database_flags": [ + { + "name": "cloudsql.iam_authentication", + "value": "on" + } + ], + "tier": "db-f1-micro" + } + ] + } + random_id.db_name_suffix: |- + { + "byte_length": 4 + } + - name: iam_service_account_user + manifest: |- + { + "instance": "${google_sql_database_instance.main.name}", + "name": "${trimsuffix(google_service_account.service_account.email, \".gserviceaccount.com\")}", + "type": "CLOUD_IAM_SERVICE_ACCOUNT" + } + references: + instance: google_sql_database_instance.main.name + dependencies: + google_sql_database_instance.main: |- + { + "database_version": "POSTGRES_15", + "name": "main-instance-${random_id.db_name_suffix.hex}", + "settings": [ + { + "database_flags": [ + { + "name": "cloudsql.iam_authentication", + "value": "on" + } + ], + "tier": "db-f1-micro" + } + ] + } + random_id.db_name_suffix: |- + { + "byte_length": 4 + } + - name: iam_group_user + manifest: |- + { + "instance": "${google_sql_database_instance.main.name}", + "name": "iam_group@example.com", + "type": "CLOUD_IAM_GROUP" + } + references: + instance: google_sql_database_instance.main.name + dependencies: + google_sql_database_instance.main: |- + { + "database_version": "MYSQL_8_0", "name": "main-instance-${random_id.db_name_suffix.hex}", "settings": [ { @@ -96845,7 +117754,7 @@ resources: type: |- - (Optional) The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". update: '- Default is 10 minutes.' importStatements: [] google_storage_bucket: @@ -96932,6 +117841,7 @@ resources: action.type: '- The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.' autoclass: '- (Optional) The bucket''s Autoclass configuration. Structure is documented below.' autoclass.enabled: '- (Required) While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object''s access pattern.' + autoclass.terminal_storage_class: '- (Optional) The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.' condition.age: '- (Optional) Minimum age of an object in days to satisfy this condition.' condition.created_before: '- (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when an object is created before midnight of the specified date in UTC.' condition.custom_time_before: '- (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.' @@ -96940,6 +117850,7 @@ resources: condition.matches_prefix: '- (Optional) One or more matching name prefixes to satisfy this condition.' condition.matches_storage_class: '- (Optional) Storage Class of objects to satisfy this condition. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, DURABLE_REDUCED_AVAILABILITY.' condition.matches_suffix: '- (Optional) One or more matching name suffixes to satisfy this condition.' + condition.no_age: '- (Optional) While set true, age value will be omitted. Note Required to set true when age is unset in the config file.' condition.noncurrent_time_before: '- (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.' condition.num_newer_versions: '- (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.' condition.with_state: '- (Optional) Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".' @@ -96952,6 +117863,7 @@ resources: custom_placement_config: '- (Optional) The bucket''s custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty. Structure is documented below.' custom_placement_config.data_locations: '- (Required) The list of individual regions that comprise a dual-region bucket. See Cloud Storage bucket locations for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.' default_event_based_hold: '- (Optional) Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.' + enable_object_retention: '- (Optional, Default: false) Enables object retention on a storage bucket.' encryption: '- (Optional) The bucket''s encryption configuration. Structure is documented below.' encryption.default_kms_key_name: |- : The id of a Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. @@ -96981,6 +117893,7 @@ resources: retention_policy: '- (Optional) Configuration of the bucket''s data retention policy for how long objects in the bucket should be retained. Structure is documented below.' retention_policy.is_locked: '- (Optional) If set to true, the bucket will be locked and permanently restrict edits to the bucket''s retention policy. Caution: Locking a bucket is an irreversible action.' retention_policy.retention_period: '- (Required) The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 2,147,483,647 seconds.' + rpo: '- (Optional) The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. "DEFAULT" sets default replication. "ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only. See Turbo Replication for more information. If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets. NOTE If used with single-region bucket, It will throw an error.' self_link: '- The URI of the created resource.' storage_class: '- (Optional, Default: ''STANDARD'') The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' uniform_bucket_level_access: '- (Optional, Default: false) Enables Uniform bucket-level access access to a bucket.' @@ -97180,6 +118093,9 @@ resources: output_name: |- - (Computed) The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated. + retention: '- (Optional) The object retention settings for the object. The retention settings allow an object to be retained until a provided date. Structure is documented below.' + retention.mode: '- (Required) The retention policy mode. Either Locked or Unlocked.' + retention.retain_until_time: '- (Required) The time to retain the object until in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.' self_link: '- (Computed) A url reference to this object.' source: |- - (Optional) A path to the data you want to upload. Must be defined @@ -97340,6 +118256,197 @@ resources: - 'The last modification time of the HMAC key metadata in RFC 3339 format.' importStatements: [] + google_storage_insights_report_config: + subCategory: Cloud Storage Insights + description: Represents an inventory report configuration. + name: google_storage_insights_report_config + title: "" + examples: + - name: config + manifest: |- + { + "csv_options": [ + { + "delimiter": ",", + "header_required": false, + "record_separator": "\n" + } + ], + "depends_on": [ + "${google_storage_bucket_iam_member.admin}" + ], + "display_name": "Test Report Config", + "frequency_options": [ + { + "end_date": [ + { + "day": 15, + "month": 4, + "year": 2050 + } + ], + "frequency": "WEEKLY", + "start_date": [ + { + "day": 15, + "month": 3, + "year": 2050 + } + ] + } + ], + "location": "us-central1", + "object_metadata_report_options": [ + { + "metadata_fields": [ + "bucket", + "name", + "project" + ], + "storage_destination_options": [ + { + "bucket": "${google_storage_bucket.report_bucket.name}", + "destination_path": "test-insights-reports" + } + ], + "storage_filters": [ + { + "bucket": "${google_storage_bucket.report_bucket.name}" + } + ] + } + ] + } + references: + object_metadata_report_options.storage_destination_options.bucket: google_storage_bucket.report_bucket.name + object_metadata_report_options.storage_filters.bucket: google_storage_bucket.report_bucket.name + dependencies: + google_storage_bucket.report_bucket: |- + { + "force_destroy": true, + "location": "us-central1", + "name": "my-bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.admin: |- + { + "bucket": "${google_storage_bucket.report_bucket.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com", + "role": "roles/storage.admin" + } + argumentDocs: + create: '- Default is 20 minutes.' + csv_options: |- + - + (Required) + Options for configuring the format of the inventory report CSV file. + Structure is documented below. + csv_options.delimiter: |- + - + (Optional) + The delimiter used to separate the fields in the inventory report CSV file. + csv_options.display_name: |- + - + (Optional) + The editable display name of the inventory report configuration. Has a limit of 256 characters. Can be empty. + csv_options.frequency_options: |- + - + (Optional) + Options for configuring how inventory reports are generated. + Structure is documented below. + csv_options.header_required: |- + - + (Optional) + The boolean that indicates whether or not headers are included in the inventory report CSV file. + csv_options.object_metadata_report_options: |- + - + (Optional) + Options for including metadata in an inventory report. + Structure is documented below. + csv_options.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + csv_options.record_separator: |- + - + (Optional) + The character used to separate the records in the inventory report CSV file. + delete: '- Default is 20 minutes.' + end_date.day: |- + - + (Required) + The day of the month to stop generating inventory reports. + end_date.month: |- + - + (Required) + The month to stop generating inventory reports. + end_date.year: |- + - + (Required) + The year to stop generating inventory reports + frequency_options.end_date: |- + - + (Required) + The date to stop generating inventory reports. For example, {"day": 15, "month": 9, "year": 2022}. + Structure is documented below. + frequency_options.frequency: |- + - + (Required) + The frequency in which inventory reports are generated. Values are DAILY or WEEKLY. + Possible values are: DAILY, WEEKLY. + frequency_options.start_date: |- + - + (Required) + The date to start generating inventory reports. For example, {"day": 15, "month": 8, "year": 2022}. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/reportConfigs/{{name}}' + location: |- + - + (Required) + The location of the ReportConfig. The source and destination buckets specified in the ReportConfig + must be in the same location. + name: |- + - + The UUID of the inventory report configuration. + object_metadata_report_options.metadata_fields: |- + - + (Required) + The metadata fields included in an inventory report. + object_metadata_report_options.storage_destination_options: |- + - + (Required) + Options for where the inventory reports are stored. + Structure is documented below. + object_metadata_report_options.storage_filters: |- + - + (Optional) + A nested object resource + Structure is documented below. + start_date.day: |- + - + (Required) + The day of the month to start generating inventory reports. + start_date.month: |- + - + (Required) + The month to start generating inventory reports. + start_date.year: |- + - + (Required) + The year to start generating inventory reports + storage_destination_options.bucket: |- + - + (Required) + The destination bucket that stores the generated inventory reports. + storage_destination_options.destination_path: |- + - + (Optional) + The path within the destination bucket to store generated inventory reports. + storage_filters.bucket: |- + - + (Optional) + The filter to use when specifying which bucket to generate inventory reports for. + update: '- Default is 20 minutes.' + importStatements: [] google_storage_notification: subCategory: Cloud Storage description: Creates a new notification configuration on a specified bucket. @@ -97693,6 +118800,7 @@ resources: "role": "roles/storage.admin" } argumentDocs: + '{{project_id}}/{{name}}': ', where name is a numeric value.' aws_access_key.access_key_id: '- (Required) AWS Key ID.' aws_access_key.secret_access_key: '- (Required) AWS Secret Access Key.' aws_s3_data_source.aws_access_key: '- (Optional) AWS credentials block.' @@ -97707,13 +118815,17 @@ resources: creation_time: '- When the Transfer Job was created.' deletion_time: '- When the Transfer Job was deleted.' description: '- (Required) Unique description to identify the Transfer Job.' + event_stream: '- (Optional) Specifies the Event-driven transfer options. Event-driven transfers listen to an event stream to transfer updated files. Structure documented below Either event_stream or schedule must be set.' + event_stream.event_stream_expiration_time: '- (Optional) Specifies the data and time at which Storage Transfer Service stops listening for events from this stream. After this time, any transfers in progress will complete, but no new transfers are initiated.A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' + event_stream.event_stream_start_time: '- (Optional) Specifies the date and time that Storage Transfer Service starts listening for events from this stream. If no start time is specified or start time is in the past, Storage Transfer Service starts listening immediately. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' + event_stream.name: '- (Required) Specifies a unique name of the resource such as AWS SQS ARN in the form ''arn:aws:sqs:region:account_id:queue_name'', or Pub/Sub subscription resource name in the form ''projects/{project}/subscriptions/{sub}''.' gcs_data_sink.bucket_name: '- (Required) Google Cloud Storage bucket name.' gcs_data_sink.path: '- (Optional) Root path to transfer objects. Must be an empty string or full path name that ends with a ''/''. This field is treated as an object prefix. As such, it should generally not begin with a ''/''.' gcs_data_source.bucket_name: '- (Required) Google Cloud Storage bucket name.' gcs_data_source.path: '- (Optional) Root path to transfer objects. Must be an empty string or full path name that ends with a ''/''. This field is treated as an object prefix. As such, it should generally not begin with a ''/''.' http_data_source.list_url: '- (Required) The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.' last_modification_time: '- When the Transfer Job was last modified.' - name: '- The name of the Transfer Job.' + name: '- (Optional) The name of the Transfer Job. This name must start with "transferJobs/" prefix and end with a letter or a number, and should be no more than 128 characters ( transferJobs/^(?!OPI)[A-Za-z0-9-._~]*[A-Za-z0-9]$ ). For transfers involving PosixFilesystem, this name must start with transferJobs/OPI specifically ( transferJobs/OPI^[A-Za-z0-9-._~]*[A-Za-z0-9]$ ). For all other transfer types, this name must not start with transferJobs/OPI. Default the provider will assign a random unique name with transferJobs/{{name}} format, where name is a numeric value.' notification_config: '- (Optional) Notification configuration. This is not supported for transfers involving PosixFilesystem. Structure documented below.' notification_config.event_types: '- (Optional) Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", "TRANSFER_OPERATION_ABORTED".' notification_config.payload_format: '- (Required) The desired format of the notification message payloads. One of "NONE" or "JSON".' @@ -97731,7 +118843,7 @@ resources: project: |- - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used. - schedule: '- (Required) Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run. Structure documented below.' + schedule: '- (Optional) Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run. Structure documented below. Either schedule or event_stream must be set.' schedule.repeat_interval: '- (Optional) Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' schedule.schedule_end_date: '- (Optional) The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once. Structure documented below.' schedule.schedule_start_date: '- (Required) The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day. Structure documented below.' @@ -97765,7 +118877,7 @@ resources: importStatements: [] google_tags_location_tag_binding: subCategory: Tags - description: A LocationTagBinding represents a connection between a TagValue and a Regional cloud resources. + description: A LocationTagBinding represents a connection between a TagValue and a non-global cloud resource. name: google_tags_location_tag_binding title: "" examples: @@ -97828,7 +118940,7 @@ resources: location: |- - (Required) - Location of the resource. + Location of the target resource. name: |- - The generated id for the TagBinding. This is a string of the form: tagBindings/{parent}/{tag-value-name} @@ -98106,13 +119218,17 @@ resources: { "address_type": "INTERNAL", "name": "my-global-address", - "network": "${data.google_compute_network.network.id}", + "network": "${google_compute_network.network.id}", "prefix_length": 16, "purpose": "VPC_PEERING" } + google_compute_network.network: |- + { + "name": "tpu-node-network" + } google_service_networking_connection.private_service_connection: |- { - "network": "${data.google_compute_network.network.id}", + "network": "${google_compute_network.network.id}", "reserved_peering_ranges": [ "${google_compute_global_address.service_range.name}" ], @@ -98140,11 +119256,16 @@ resources: - (Optional) The user-supplied description of the TPU. Maximum of 512 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. id: '- an identifier for the resource with format projects/{{project}}/locations/{{zone}}/nodes/{{name}}' labels: |- - (Optional) Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - (Required) @@ -98190,16 +119311,357 @@ resources: permissions to that data. tensorflow_version: |- - - (Required) - The version of Tensorflow running in the Node. - update: '- Default is 20 minutes.' - use_service_networking: |- + (Required) + The version of Tensorflow running in the Node. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + use_service_networking: |- + - + (Optional) + Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. + zone: |- + - + (Optional) + The GCP location for the TPU. If it is not provided, the provider zone is used. + importStatements: [] + google_tpu_v2_vm: + subCategory: Cloud TPU v2 + description: A Cloud TPU VM instance. + name: google_tpu_v2_vm + title: "" + examples: + - name: tpu + manifest: |- + { + "name": "test-tpu", + "provider": "${google-beta}", + "runtime_version": "tpu-vm-tf-2.13.0", + "zone": "us-central1-c" + } + references: + provider: google-beta + - name: tpu + manifest: |- + { + "accelerator_config": [ + { + "topology": "2x2", + "type": "V2" + } + ], + "cidr_block": "10.0.0.0/29", + "data_disks": [ + { + "mode": "READ_ONLY", + "source_disk": "${google_compute_disk.disk.id}" + } + ], + "depends_on": [ + "${time_sleep.wait_60_seconds}" + ], + "description": "Text description of the TPU.", + "labels": { + "foo": "bar" + }, + "metadata": { + "foo": "bar" + }, + "name": "test-tpu", + "network_config": [ + { + "can_ip_forward": true, + "enable_external_ips": true, + "network": "${google_compute_network.network.id}", + "subnetwork": "${google_compute_subnetwork.subnet.id}" + } + ], + "provider": "${google-beta}", + "runtime_version": "tpu-vm-tf-2.13.0", + "scheduling_config": [ + { + "preemptible": true + } + ], + "service_account": [ + { + "email": "${google_service_account.sa.email}", + "scope": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + ], + "shielded_instance_config": [ + { + "enable_secure_boot": true + } + ], + "tags": [ + "foo" + ], + "zone": "us-central1-c" + } + references: + data_disks.source_disk: google_compute_disk.disk.id + network_config.network: google_compute_network.network.id + network_config.subnetwork: google_compute_subnetwork.subnet.id + provider: google-beta + service_account.email: google_service_account.sa.email + dependencies: + google_compute_disk.disk: |- + { + "image": "debian-cloud/debian-11", + "name": "tpu-disk", + "provider": "${google-beta}", + "size": 10, + "type": "pd-ssd", + "zone": "us-central1-c" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "tpu-net", + "provider": "${google-beta}" + } + google_compute_subnetwork.subnet: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "tpu-subnet", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_service_account.sa: |- + { + "account_id": "tpu-sa", + "display_name": "Test TPU VM", + "provider": "${google-beta}" + } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_service_account.sa}" + ] + } + argumentDocs: + accelerator_config: |- + - + (Optional) + The AccleratorConfig for the TPU Node. accelerator_config cannot be used at the same time + as accelerator_type. If neither is specified, accelerator_type defaults to 'v2-8'. + Structure is documented below. + accelerator_config.topology: |- + - + (Required) + Topology of TPU in chips. + accelerator_config.type: |- + - + (Required) + Type of TPU. + Possible values are: V2, V3, V4. + accelerator_type: |- + - + (Optional) + TPU accelerator type for the TPU. accelerator_type cannot be used at the same time as + accelerator_config. If neither is specified, accelerator_type defaults to 'v2-8'. + access_config.external_ip: |- + - + (Output) + An external IP address associated with the TPU worker. + api_version: |- + - + The API version that created this Node. + cidr_block: |- + - + (Optional) + The CIDR block that the TPU node will use when selecting an IP address. This CIDR block must + be a /29 block; the Compute Engine networks API forbids a smaller block, and using a larger + block would be wasteful (a node can only consume one IP address). Errors will occur if the + CIDR block has already been used for a currently existing TPU node, the CIDR block conflicts + with any subnetworks in the user's provided network, or the provided network is peered with + another network that is using that CIDR block. + create: '- Default is 20 minutes.' + data_disks: |- + - + (Optional) + The additional data disks for the Node. + Structure is documented below. + data_disks.mode: |- + - + (Optional) + The mode in which to attach this disk. If not specified, the default is READ_WRITE + mode. Only applicable to dataDisks. + Default value is READ_WRITE. + Possible values are: READ_WRITE, READ_ONLY. + data_disks.source_disk: |- + - + (Required) + Specifies the full path to an existing disk. For example: + "projects/my-project/zones/us-central1-c/disks/my-disk". + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Text description of the TPU. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + health: |- + - + The health status of the TPU node. + health_description: |- + - + If this field is populated, it contains a description of why the TPU Node is unhealthy. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{zone}}/nodes/{{name}}' + labels: |- + - + (Optional) + Resource labels to represent user-provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + metadata: |- + - + (Optional) + Custom metadata to apply to the TPU Node. Can set startup-script and shutdown-script. + multislice_node: |- + - + Whether the Node belongs to a Multislice group. + name: |- + - + (Required) + The immutable name of the TPU. + network_config: |- + - + (Optional) + Network configurations for the TPU node. + Structure is documented below. + network_config.can_ip_forward: |- + - + (Optional) + Allows the TPU node to send and receive packets with non-matching destination or source + IPs. This is required if you plan to use the TPU workers to forward routes. + network_config.enable_external_ips: |- + - + (Optional) + Indicates that external IP addresses would be associated with the TPU workers. If set to + false, the specified subnetwork or network should have Private Google Access enabled. + network_config.network: |- + - + (Optional) + The name of the network for the TPU node. It must be a preexisting Google Compute Engine + network. If both network and subnetwork are specified, the given subnetwork must belong + to the given network. If network is not specified, it will be looked up from the + subnetwork if one is provided, or otherwise use "default". + network_config.subnetwork: |- + - + (Optional) + The name of the subnetwork for the TPU node. It must be a preexisting Google Compute + Engine subnetwork. If both network and subnetwork are specified, the given subnetwork + must belong to the given network. If subnetwork is not specified, the subnetwork with the + same name as the network will be used. + network_endpoints: |- + - + The network endpoints where TPU workers can be accessed and sent work. It is recommended that + runtime clients of the node reach out to the 0th entry in this map first. + Structure is documented below. + network_endpoints.access_config: |- + - + (Output) + The access config for the TPU worker. + Structure is documented below. + network_endpoints.ip_address: |- + - + (Output) + The internal IP address of this network endpoint. + network_endpoints.port: |- + - + (Output) + The port of this network endpoint. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + queued_resource: |- + - + The qualified name of the QueuedResource that requested this Node. + runtime_version: |- + - + (Required) + Runtime version for the TPU. + scheduling_config: |- + - + (Optional) + The scheduling options for this node. + Structure is documented below. + scheduling_config.preemptible: |- + - + (Optional) + Defines whether the node is preemptible. + scheduling_config.reserved: |- + - + (Optional) + Whether the node is created under a reservation. + service_account: |- + - + (Optional) + The Google Cloud Platform Service Account to be used by the TPU node VMs. If None is + specified, the default compute service account will be used. + Structure is documented below. + service_account.email: |- + - + (Optional) + Email address of the service account. If empty, default Compute service account will be used. + service_account.scope: |- + - + (Optional) + The list of scopes to be made available for this service account. If empty, access to all + Cloud APIs will be allowed. + shielded_instance_config: |- + - + (Optional) + Shielded Instance options. + Structure is documented below. + shielded_instance_config.enable_secure_boot: |- + - + (Required) + Defines whether the instance has Secure Boot enabled. + state: |- + - + The current state for the TPU Node. + symptoms: |- + - + The Symptoms that have occurred to the TPU Node. + Structure is documented below. + symptoms.create_time: |- + - + (Output) + Timestamp when the Symptom is created. + symptoms.details: |- + - + (Output) + Detailed information of the current Symptom. + symptoms.symptom_type: |- + - + (Output) + Type of the Symptom. + symptoms.worker_id: |- + - + (Output) + A string used to uniquely distinguish a worker within a TPU node. + tags: |- - (Optional) - Whether the VPC peering for the node is set up through Service Networking API. - The VPC Peering should be set up before provisioning the node. If this field is set, - cidr_block field should not be specified. If the network that you want to peer the - TPU Node to is a Shared VPC network, the node must be created with this this field enabled. + Tags to apply to the TPU Node. Tags are used to identify valid sources or targets for network firewalls. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' zone: |- - (Optional) @@ -98215,6 +119677,9 @@ resources: manifest: |- { "display_name": "terraform", + "labels": { + "env": "test" + }, "metadata_schema_uri": "gs://google-cloud-aiplatform/schema/dataset/metadata/image_1.0.0.yaml", "region": "us-central1" } @@ -98228,6 +119693,7 @@ resources: - (Required) The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters. + effective_labels: for all of the labels present on the resource. encryption_spec: |- - (Optional) @@ -98257,6 +119723,10 @@ resources: - (Optional) The region of the dataset. eg us-central1 + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -98286,7 +119756,7 @@ resources: }, "location": "us-central1", "name": "endpoint-name", - "network": "projects/${data.google_project.project.number}/global/networks/${data.google_compute_network.vertex_network.name}", + "network": "projects/${data.google_project.project.number}/global/networks/${google_compute_network.vertex_network.name}", "region": "us-central1" } dependencies: @@ -98294,10 +119764,14 @@ resources: { "address_type": "INTERNAL", "name": "address-name", - "network": "${data.google_compute_network.vertex_network.id}", + "network": "${google_compute_network.vertex_network.id}", "prefix_length": 24, "purpose": "VPC_PEERING" } + google_compute_network.vertex_network: |- + { + "name": "network-name" + } google_kms_crypto_key_iam_member.crypto_key: |- { "crypto_key_id": "kms-name", @@ -98306,7 +119780,7 @@ resources: } google_service_networking_connection.vertex_vpc_connection: |- { - "network": "${data.google_compute_network.vertex_network.id}", + "network": "${google_compute_network.vertex_network.id}", "reserved_peering_ranges": [ "${google_compute_global_address.vertex_range.name}" ], @@ -98415,6 +119889,9 @@ resources: - (Required) Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. encryption_spec: |- - (Optional) @@ -98432,6 +119909,8 @@ resources: - (Optional) The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Required) @@ -98482,11 +119961,805 @@ resources: - (Optional) The region for the resource + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - Output only. Timestamp when this Endpoint was last updated. importStatements: [] + google_vertex_ai_endpoint_iam_policy: + subCategory: Vertex AI + description: Collection of resources to manage IAM policy for Vertex AI Endpoint + name: google_vertex_ai_endpoint_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "endpoint": "${google_vertex_ai_endpoint.endpoint.name}", + "location": "${google_vertex_ai_endpoint.endpoint.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_vertex_ai_endpoint.endpoint.project}" + } + references: + endpoint: google_vertex_ai_endpoint.endpoint.name + location: google_vertex_ai_endpoint.endpoint.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_vertex_ai_endpoint.endpoint.project + argumentDocs: + endpoint: '- (Required) Used to find the parent resource to bind the IAM policy to' + etag: '- (Computed) The etag of the IAM policy.' + google_vertex_ai_endpoint_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the endpoint are preserved.' + google_vertex_ai_endpoint_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the endpoint are preserved.' + google_vertex_ai_endpoint_iam_policy: ': Authoritative. Sets the IAM policy for the endpoint and replaces any existing policy already attached.' + location: '- (Required) The location for the resource Used to find the parent resource to bind the IAM policy to' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_vertex_ai_endpoint_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + region: |- + - (Optional) The region for the resource Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no + region is specified, it is taken from the provider configuration. + role: |- + - (Required) The role that should be applied. Only one + google_vertex_ai_endpoint_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_vertex_ai_feature_group: + subCategory: Vertex AI + description: Vertex AI Feature Group. + name: google_vertex_ai_feature_group + title: "" + examples: + - name: feature_group + manifest: |- + { + "big_query": [ + { + "big_query_source": [ + { + "input_uri": "bq://${google_bigquery_table.sample_table.project}.${google_bigquery_table.sample_table.dataset_id}.${google_bigquery_table.sample_table.table_id}" + } + ], + "entity_id_columns": [ + "feature_id" + ] + } + ], + "description": "A sample feature group", + "labels": { + "label-one": "value-one" + }, + "name": "example_feature_group", + "region": "us-central1" + } + dependencies: + google_bigquery_dataset.sample_dataset: |- + { + "dataset_id": "job_load_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_table.sample_table: |- + { + "dataset_id": "${google_bigquery_dataset.sample_dataset.dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "job_load_table" + } + argumentDocs: + big_query: |- + - + (Optional) + Indicates that features for this group come from BigQuery Table/View. By default treats the source as a sparse time series source, which is required to have an entityId and a feature_timestamp column in the source. + Structure is documented below. + big_query.big_query_source: |- + - + (Required) + The BigQuery source URI that points to either a BigQuery Table or View. + Structure is documented below. + big_query.entity_id_columns: |- + - + (Optional) + Columns to construct entityId / row keys. Currently only supports 1 entity_id_column. If not provided defaults to entityId. + big_query_source.input_uri: |- + - + (Required) + BigQuery URI to a table, up to 2000 characters long. For example: bq://projectId.bqDatasetId.bqTableId. + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp of when the FeatureGroup was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the FeatureGroup. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- + - + Used to perform consistent read-modify-write updates. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/featureGroups/{{name}}' + labels: |- + - + (Optional) + The labels with user-defined metadata to organize your FeatureGroup. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + name: |- + - + (Optional) + The resource name of the Feature Group. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + The region of feature group. eg us-central1 + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp of when the FeatureGroup was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + importStatements: [] + google_vertex_ai_feature_group_feature: + subCategory: Vertex AI + description: Vertex AI Feature Group Feature is feature metadata information. + name: google_vertex_ai_feature_group_feature + title: "" + examples: + - name: feature_group_feature + manifest: |- + { + "description": "A sample feature", + "feature_group": "${google_vertex_ai_feature_group.sample_feature_group.name}", + "labels": { + "label-one": "value-one" + }, + "name": "example_feature", + "region": "us-central1" + } + references: + feature_group: google_vertex_ai_feature_group.sample_feature_group.name + dependencies: + google_bigquery_dataset.sample_dataset: |- + { + "dataset_id": "job_load_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_table.sample_table: |- + { + "dataset_id": "${google_bigquery_dataset.sample_dataset.dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "job_load_table" + } + google_vertex_ai_feature_group.sample_feature_group: |- + { + "big_query": [ + { + "big_query_source": [ + { + "input_uri": "bq://${google_bigquery_table.sample_table.project}.${google_bigquery_table.sample_table.dataset_id}.${google_bigquery_table.sample_table.table_id}" + } + ], + "entity_id_columns": [ + "feature_id" + ] + } + ], + "description": "A sample feature group", + "labels": { + "label-one": "value-one" + }, + "name": "example_feature_group", + "region": "us-central1" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp of when the FeatureGroup was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the FeatureGroup. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + feature_group: |- + - + (Required) + The name of the Feature Group. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/featureGroups/{{feature_group}}/features/{{name}}' + labels: |- + - + (Optional) + The labels with user-defined metadata to organize your FeatureGroup. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + name: |- + - + (Required) + The resource name of the Feature Group Feature. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Required) + The region for the resource. It should be the same as the feature group's region. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp of when the FeatureGroup was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + version_column_name: |- + - + (Optional) + The name of the BigQuery Table/View column hosting data for this version. If no value is provided, will use featureId. + importStatements: [] + google_vertex_ai_feature_online_store: + subCategory: Vertex AI + description: Vertex AI Feature Online Store provides a centralized repository for serving ML features and embedding indexes at low latency. + name: google_vertex_ai_feature_online_store + title: "" + examples: + - name: feature_online_store + manifest: |- + { + "bigtable": [ + { + "auto_scaling": [ + { + "cpu_utilization_target": 50, + "max_node_count": 3, + "min_node_count": 1 + } + ] + } + ], + "labels": { + "foo": "bar" + }, + "name": "example_feature_online_store", + "region": "us-central1" + } + - name: featureonlinestore + manifest: |- + { + "dedicated_serving_endpoint": [ + { + "private_service_connect_config": [ + { + "enable_private_service_connect": true, + "project_allowlist": [ + "${data.google_project.project.number}" + ] + } + ] + } + ], + "labels": { + "foo": "bar" + }, + "name": "example_feature_online_store_optimized", + "optimized": [ + {} + ], + "provider": "${google-beta}", + "region": "us-central1" + } + references: + provider: google-beta + - name: featureonlinestore + manifest: |- + { + "bigtable": [ + { + "auto_scaling": [ + { + "cpu_utilization_target": 80, + "max_node_count": 2, + "min_node_count": 1 + } + ] + } + ], + "embedding_management": [ + { + "enabled": true + } + ], + "force_destroy": true, + "labels": { + "foo": "bar" + }, + "name": "example_feature_online_store_beta_bigtable", + "provider": "${google-beta}", + "region": "us-central1" + } + references: + provider: google-beta + argumentDocs: + bigtable: |- + - + (Optional) + Settings for Cloud Bigtable instance that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore. + Structure is documented below. + bigtable.auto_scaling: |- + - + (Required) + Autoscaling config applied to Bigtable Instance. + Structure is documented below. + bigtable.auto_scaling.cpu_utilization_target: |- + - + (Optional) + A percentage of the cluster's CPU capacity. Can be from 10% to 80%. When a cluster's CPU utilization exceeds the target that you have set, Bigtable immediately adds nodes to the cluster. When CPU utilization is substantially lower than the target, Bigtable removes nodes. If not set will default to 50%. + bigtable.auto_scaling.max_node_count: |- + - + (Required) + The maximum number of nodes to scale up to. Must be greater than or equal to minNodeCount, and less than or equal to 10 times of 'minNodeCount'. + bigtable.auto_scaling.min_node_count: |- + - + (Required) + The minimum number of nodes to scale down to. Must be greater than or equal to 1. + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp of when the feature online store was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + dedicated_serving_endpoint: |- + - + (Optional, Beta) + The dedicated serving endpoint for this FeatureOnlineStore, which is different from common vertex service endpoint. Only need to set when you choose Optimized storage type or enable EmbeddingManagement. Will use public endpoint by default. + Structure is documented below. + dedicated_serving_endpoint.private_service_connect_config: |- + - + (Optional) + Private service connect config. + Structure is documented below. + dedicated_serving_endpoint.public_endpoint_domain_name: |- + - + (Output) + Domain name to use for this FeatureOnlineStore + dedicated_serving_endpoint.service_attachment: |- + - + (Output) + Name of the service attachment resource. Applicable only if private service connect is enabled and after FeatureViewSync is created. + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + embedding_management: |- + - + (Optional, Beta) + The settings for embedding management in FeatureOnlineStore. Embedding management can only be used with BigTable. + Structure is documented below. + embedding_management.enabled: |- + - + (Optional) + Enable embedding management. + etag: |- + - + Used to perform consistent read-modify-write updates. + force_destroy: '- (Optional) If set to true, any FeatureViews and Features for this FeatureOnlineStore will also be deleted.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/featureOnlineStores/{{name}}' + labels: |- + - + (Optional) + The labels with user-defined metadata to organize your feature online stores. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + name: |- + - + (Required) + The resource name of the Feature Online Store. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. + optimized: |- + - + (Optional, Beta) + Settings for the Optimized store that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore + private_service_connect_config.enable_private_service_connect: |- + - + (Required) + If set to true, customers will use private service connection to send request. Otherwise, the connection will set to public endpoint. + private_service_connect_config.project_allowlist: |- + - + (Optional) + A list of Projects from which the forwarding rule will target the service attachment. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + The region of feature online store. eg us-central1 + state: |- + - + The state of the Feature Online Store. See the possible states in this link. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp of when the feature online store was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + importStatements: [] + google_vertex_ai_feature_online_store_featureview: + subCategory: Vertex AI + description: FeatureView is representation of values that the FeatureOnlineStore will serve based on its syncConfig. + name: google_vertex_ai_feature_online_store_featureview + title: "" + examples: + - name: featureview + manifest: |- + { + "big_query_source": [ + { + "entity_id_columns": [ + "test_entity_column" + ], + "uri": "bq://${google_bigquery_table.tf-test-table.project}.${google_bigquery_table.tf-test-table.dataset_id}.${google_bigquery_table.tf-test-table.table_id}" + } + ], + "feature_online_store": "${google_vertex_ai_feature_online_store.featureonlinestore.name}", + "name": "example_feature_view", + "region": "us-central1", + "sync_config": [ + { + "cron": "0 0 * * *" + } + ] + } + references: + feature_online_store: google_vertex_ai_feature_online_store.featureonlinestore.name + dependencies: + google_bigquery_dataset.tf-test-dataset: |- + { + "dataset_id": "example_feature_view", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_table.tf-test-table: |- + { + "dataset_id": "${google_bigquery_dataset.tf-test-dataset.dataset_id}", + "deletion_protection": false, + "schema": " [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n", + "table_id": "example_feature_view" + } + google_vertex_ai_feature_online_store.featureonlinestore: |- + { + "bigtable": [ + { + "auto_scaling": [ + { + "cpu_utilization_target": 80, + "max_node_count": 2, + "min_node_count": 1 + } + ] + } + ], + "labels": { + "foo": "bar" + }, + "name": "example_feature_view", + "region": "us-central1" + } + - name: featureview_featureregistry + manifest: |- + { + "feature_online_store": "${google_vertex_ai_feature_online_store.featureonlinestore.name}", + "feature_registry_source": [ + { + "feature_groups": [ + { + "feature_group_id": "${google_vertex_ai_feature_group.sample_feature_group.name}", + "feature_ids": [ + "${google_vertex_ai_feature_group_feature.sample_feature.name}" + ] + } + ] + } + ], + "name": "example_feature_view_feature_registry", + "region": "us-central1", + "sync_config": [ + { + "cron": "0 0 * * *" + } + ] + } + references: + feature_online_store: google_vertex_ai_feature_online_store.featureonlinestore.name + feature_registry_source.feature_groups.feature_group_id: google_vertex_ai_feature_group.sample_feature_group.name + dependencies: + google_bigquery_dataset.sample_dataset: |- + { + "dataset_id": "example_feature_view_feature_registry", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_table.sample_table: |- + { + "dataset_id": "${google_bigquery_dataset.sample_dataset.dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "example_feature_view_feature_registry" + } + google_vertex_ai_feature_group.sample_feature_group: |- + { + "big_query": [ + { + "big_query_source": [ + { + "input_uri": "bq://${google_bigquery_table.sample_table.project}.${google_bigquery_table.sample_table.dataset_id}.${google_bigquery_table.sample_table.table_id}" + } + ], + "entity_id_columns": [ + "feature_id" + ] + } + ], + "description": "A sample feature group", + "labels": { + "label-one": "value-one" + }, + "name": "example_feature_view_feature_registry", + "region": "us-central1" + } + google_vertex_ai_feature_group_feature.sample_feature: |- + { + "description": "A sample feature", + "feature_group": "${google_vertex_ai_feature_group.sample_feature_group.name}", + "labels": { + "label-one": "value-one" + }, + "name": "example_feature_view_feature_registry", + "region": "us-central1" + } + google_vertex_ai_feature_online_store.featureonlinestore: |- + { + "bigtable": [ + { + "auto_scaling": [ + { + "cpu_utilization_target": 80, + "max_node_count": 2, + "min_node_count": 1 + } + ] + } + ], + "labels": { + "foo": "bar" + }, + "name": "example_feature_view_feature_registry", + "region": "us-central1" + } + - name: featureview_vector_search + manifest: |- + { + "big_query_source": [ + { + "entity_id_columns": [ + "test_entity_column" + ], + "uri": "bq://${google_bigquery_table.tf-test-table.project}.${google_bigquery_table.tf-test-table.dataset_id}.${google_bigquery_table.tf-test-table.table_id}" + } + ], + "feature_online_store": "${google_vertex_ai_feature_online_store.featureonlinestore.name}", + "name": "example_feature_view_vector_search", + "provider": "${google-beta}", + "region": "us-central1", + "sync_config": [ + { + "cron": "0 0 * * *" + } + ], + "vector_search_config": [ + { + "crowding_column": "test_crowding_column", + "distance_measure_type": "DOT_PRODUCT_DISTANCE", + "embedding_column": "embedding", + "embedding_dimension": "2", + "filter_columns": [ + "country" + ], + "tree_ah_config": [ + { + "leaf_node_embedding_count": "1000" + } + ] + } + ] + } + references: + feature_online_store: google_vertex_ai_feature_online_store.featureonlinestore.name + provider: google-beta + dependencies: + google_bigquery_dataset.tf-test-dataset: |- + { + "dataset_id": "example_feature_view_vector_search", + "description": "This is a test description", + "friendly_name": "test", + "location": "US", + "provider": "${google-beta}" + } + google_bigquery_table.tf-test-table: |- + { + "dataset_id": "${google_bigquery_dataset.tf-test-dataset.dataset_id}", + "deletion_protection": false, + "provider": "${google-beta}", + "schema": "[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n", + "table_id": "example_feature_view_vector_search" + } + google_vertex_ai_feature_online_store.featureonlinestore: |- + { + "bigtable": [ + { + "auto_scaling": [ + { + "cpu_utilization_target": 80, + "max_node_count": 2, + "min_node_count": 1 + } + ] + } + ], + "embedding_management": [ + { + "enabled": true + } + ], + "labels": { + "foo": "bar" + }, + "name": "example_feature_view_vector_search", + "provider": "${google-beta}", + "region": "us-central1" + } + argumentDocs: + big_query_source: |- + - + (Optional) + Configures how data is supposed to be extracted from a BigQuery source to be loaded onto the FeatureOnlineStore. + Structure is documented below. + big_query_source.entity_id_columns: |- + - + (Required) + Columns to construct entityId / row keys. Start by supporting 1 only. + big_query_source.uri: |- + - + (Required) + The BigQuery view URI that will be materialized on each sync trigger based on FeatureView.SyncConfig. + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp of when the featureOnlinestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. + feature_online_store: |- + - + (Required) + The name of the FeatureOnlineStore to use for the featureview. + feature_registry_source: |- + - + (Optional) + Configures the features from a Feature Registry source that need to be loaded onto the FeatureOnlineStore. + Structure is documented below. + feature_registry_source.feature_groups: |- + - + (Required) + List of features that need to be synced to Online Store. + Structure is documented below. + feature_registry_source.feature_groups.feature_group_id: |- + - + (Required) + Identifier of the feature group. + feature_registry_source.feature_groups.feature_ids: |- + - + (Required) + Identifiers of features under the feature group. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/featureOnlineStores/{{feature_online_store}}/featureViews/{{name}}' + labels: |- + - + (Optional) + A set of key/value label pairs to assign to this FeatureView. + name: |- + - + (Optional) + Name of the FeatureView. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Required) + The region for the resource. It should be the same as the featureonlinestore region. + sync_config: |- + - + (Optional) + Configures when data is to be synced/updated for this FeatureView. At the end of the sync the latest featureValues for each entityId of this FeatureView are made ready for online serving. + Structure is documented below. + sync_config.cron: |- + - + (Optional) + Cron schedule (https://en.wikipedia.org/wiki/Cron) to launch scheduled runs. + To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or "TZ=${IANA_TIME_ZONE}". + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + tree_ah_config.leaf_node_embedding_count: |- + - + (Optional) + Number of embeddings on each leaf node. The default value is 1000 if not set. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp of when the featureOnlinestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + vector_search_config: |- + - + (Optional, Beta) + Configuration for vector search. It contains the required configurations to create an index from source data, so that approximate nearest neighbor (a.k.a ANN) algorithms search can be performed during online serving. + Structure is documented below. + vector_search_config.brute_force_config: |- + - + (Optional) + Configuration options for using brute force search, which simply implements the standard linear search in the database for each query. It is primarily meant for benchmarking and to generate the ground truth for approximate search. + vector_search_config.crowding_column: |- + - + (Optional) + Column of crowding. This column contains crowding attribute which is a constraint on a neighbor list produced by nearest neighbor search requiring that no more than some value k' of the k neighbors returned have the same value of crowdingAttribute. + vector_search_config.distance_measure_type: |- + - + (Optional) + The distance measure used in nearest neighbor search. + For details on allowed values, see the API documentation. + Possible values are: SQUARED_L2_DISTANCE, COSINE_DISTANCE, DOT_PRODUCT_DISTANCE. + vector_search_config.embedding_column: |- + - + (Required) + Column of embedding. This column contains the source data to create index for vector search. + vector_search_config.embedding_dimension: |- + - + (Optional) + The number of dimensions of the input embedding. + vector_search_config.filter_columns: |- + - + (Optional) + Columns of features that are used to filter vector search results. + vector_search_config.tree_ah_config: |- + - + (Optional) + Configuration options for the tree-AH algorithm (Shallow tree + Asymmetric Hashing). Please refer to this paper for more details: https://arxiv.org/abs/1908.10396 + Structure is documented below. + importStatements: [] google_vertex_ai_featurestore: subCategory: Vertex AI description: A collection of DataItems and Annotations on them. @@ -98568,6 +120841,7 @@ resources: - The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. encryption_spec: |- - (Optional) @@ -98623,6 +120897,10 @@ resources: - (Required) The minimum number of nodes to scale down to. Must be greater than or equal to 1. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -98760,6 +121038,7 @@ resources: - (Optional) Optional. Description of the EntityType. + effective_labels: for all of the labels present on the resource. etag: |- - Used to perform consistent read-modify-write updates. @@ -98824,7 +121103,7 @@ resources: The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it. snapshot_analysis.monitoring_interval: |- - - (Optional, Beta) + (Optional, Beta, Deprecated) Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". snapshot_analysis.monitoring_interval_days: |- @@ -98836,6 +121115,10 @@ resources: - (Optional) Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -98949,6 +121232,7 @@ resources: - (Optional) Description of the feature. + effective_labels: for all of the labels present on the resource. entitytype: |- - (Required) @@ -98965,6 +121249,10 @@ resources: - (Optional) The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -99215,6 +121503,9 @@ resources: - (Required) The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. etag: |- - Used to perform consistent read-modify-write updates. @@ -99239,6 +121530,8 @@ resources: - (Optional) The labels with user-defined metadata to organize your Indexes. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. metadata: |- - (Optional) @@ -99251,7 +121544,7 @@ resources: Structure is documented below. metadata.contents_delta_uri: |- - - (Optional) + (Required) Allows inserting, updating or deleting the contents of the Matching Engine Index. The string must be a valid Cloud Storage directory path. If this field is set when calling IndexService.UpdateIndex, then no other @@ -99276,6 +121569,10 @@ resources: - (Optional) The region of the index. eg us-central1 + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. tree_ah_config.leaf_node_embedding_count: |- - (Optional) @@ -99307,7 +121604,7 @@ resources: "labels": { "label-one": "value-one" }, - "network": "projects/${data.google_project.project.number}/global/networks/${data.google_compute_network.vertex_network.name}", + "network": "projects/${data.google_project.project.number}/global/networks/${google_compute_network.vertex_network.name}", "region": "us-central1" } dependencies: @@ -99315,18 +121612,51 @@ resources: { "address_type": "INTERNAL", "name": "address-name", - "network": "${data.google_compute_network.vertex_network.id}", + "network": "${google_compute_network.vertex_network.id}", "prefix_length": 24, "purpose": "VPC_PEERING" } + google_compute_network.vertex_network: |- + { + "name": "network-name" + } google_service_networking_connection.vertex_vpc_connection: |- { - "network": "${data.google_compute_network.vertex_network.id}", + "network": "${google_compute_network.vertex_network.id}", "reserved_peering_ranges": [ "${google_compute_global_address.vertex_range.name}" ], "service": "servicenetworking.googleapis.com" } + - name: index_endpoint + manifest: |- + { + "description": "A sample vertex endpoint", + "display_name": "sample-endpoint", + "labels": { + "label-one": "value-one" + }, + "private_service_connect_config": [ + { + "enable_private_service_connect": true, + "project_allowlist": [ + "${data.google_project.project.number}" + ] + } + ], + "region": "us-central1" + } + - name: index_endpoint + manifest: |- + { + "description": "A sample vertex endpoint with an public endpoint", + "display_name": "sample-endpoint", + "labels": { + "label-one": "value-one" + }, + "public_endpoint_enabled": true, + "region": "us-central1" + } argumentDocs: create: '- Default is 20 minutes.' create_time: |- @@ -99341,6 +121671,9 @@ resources: - (Required) The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. etag: |- - Used to perform consistent read-modify-write updates. @@ -99349,6 +121682,8 @@ resources: - (Optional) The labels with user-defined metadata to organize your Indexes. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. name: |- - The resource name of the Index. @@ -99359,13 +121694,37 @@ resources: Private services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network. Format: projects/{project}/global/networks/{network}. Where {project} is a project number, as in 12345, and {network} is network name. + private_service_connect_config: |- + - + (Optional) + Optional. Configuration for private service connect. network and privateServiceConnectConfig are mutually exclusive. + Structure is documented below. + private_service_connect_config.enable_private_service_connect: |- + - + (Required) + If set to true, the IndexEndpoint is created without private service access. + private_service_connect_config.project_allowlist: |- + - + (Optional) + A list of Projects from which the forwarding rule will target the service attachment. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + public_endpoint_domain_name: |- + - + If publicEndpointEnabled is true, this field will be populated with the domain name to use for this index endpoint. + public_endpoint_enabled: |- + - + (Optional) + If true, the deployed index will be accessible through public endpoint. region: |- - (Optional) The region of the index endpoint. eg us-central1 + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -99488,6 +121847,7 @@ resources: - (Required) User provided name of this Tensorboard. + effective_labels: for all of the labels present on the resource. encryption_spec: |- - (Optional) @@ -99516,6 +121876,10 @@ resources: run_count: |- - The number of Runs stored in this Tensorboard. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - @@ -99537,20 +121901,17 @@ resources: "node_type_id": "standard-72" } ], - "parent": "${google_vmwareengine_private_cloud.cluster-pc.id}", - "provider": "${google-beta}" + "parent": "${google_vmwareengine_private_cloud.cluster-pc.id}" } references: parent: google_vmwareengine_private_cloud.cluster-pc.id - provider: google-beta dependencies: google_vmwareengine_network.cluster-nw: |- { "description": "PC network description.", - "location": "us-west1", - "name": "us-west1-default", - "provider": "${google-beta}", - "type": "LEGACY" + "location": "global", + "name": "pc-nw", + "type": "STANDARD" } google_vmwareengine_private_cloud.cluster-pc: |- { @@ -99573,8 +121934,7 @@ resources: "management_cidr": "192.168.30.0/24", "vmware_engine_network": "${google_vmwareengine_network.cluster-nw.id}" } - ], - "provider": "${google-beta}" + ] } - name: vmw-ext-cluster manifest: |- @@ -99587,20 +121947,17 @@ resources: "node_type_id": "standard-72" } ], - "parent": "${google_vmwareengine_private_cloud.cluster-pc.id}", - "provider": "${google-beta}" + "parent": "${google_vmwareengine_private_cloud.cluster-pc.id}" } references: parent: google_vmwareengine_private_cloud.cluster-pc.id - provider: google-beta dependencies: google_vmwareengine_network.cluster-nw: |- { "description": "PC network description.", - "location": "us-west1", - "name": "us-west1-default", - "provider": "${google-beta}", - "type": "LEGACY" + "location": "global", + "name": "pc-nw", + "type": "STANDARD" } google_vmwareengine_private_cloud.cluster-pc: |- { @@ -99624,8 +121981,7 @@ resources: "management_cidr": "192.168.30.0/24", "vmware_engine_network": "${google_vmwareengine_network.cluster-nw.id}" } - ], - "provider": "${google-beta}" + ] } argumentDocs: create: '- Default is 210 minutes.' @@ -99671,12 +122027,326 @@ resources: System-generated unique identifier for the resource. update: '- Default is 190 minutes.' importStatements: [] + google_vmwareengine_external_access_rule: + subCategory: Cloud VMware Engine + description: External access firewall rules for filtering incoming traffic destined to + name: google_vmwareengine_external_access_rule + title: "" + examples: + - name: vmw-engine-external-access-rule + manifest: |- + { + "action": "DENY", + "destination_ip_ranges": [ + { + "ip_address_range": "0.0.0.0/0" + } + ], + "destination_ports": [ + "433" + ], + "ip_protocol": "TCP", + "name": "sample-external-access-rule", + "parent": "${google_vmwareengine_network_policy.external-access-rule-np.id}", + "priority": 101, + "source_ip_ranges": [ + { + "ip_address_range": "0.0.0.0/0" + } + ], + "source_ports": [ + "80" + ] + } + references: + parent: google_vmwareengine_network_policy.external-access-rule-np.id + dependencies: + google_vmwareengine_network.external-access-rule-nw: |- + { + "description": "PC network description.", + "location": "global", + "name": "sample-nw", + "type": "STANDARD" + } + google_vmwareengine_network_policy.external-access-rule-np: |- + { + "edge_services_cidr": "192.168.30.0/26", + "location": "us-west1", + "name": "sample-np", + "vmware_engine_network": "${google_vmwareengine_network.external-access-rule-nw.id}" + } + - name: vmw-engine-external-access-rule + manifest: |- + { + "action": "ALLOW", + "description": "Sample Description", + "destination_ip_ranges": [ + { + "external_address": "${google_vmwareengine_external_address.external-access-rule-ea.id}" + } + ], + "destination_ports": [ + "433" + ], + "ip_protocol": "tcp", + "name": "sample-external-access-rule", + "parent": "${google_vmwareengine_network_policy.external-access-rule-np.id}", + "priority": 101, + "source_ip_ranges": [ + { + "ip_address_range": "0.0.0.0/0" + } + ], + "source_ports": [ + "80" + ] + } + references: + destination_ip_ranges.external_address: google_vmwareengine_external_address.external-access-rule-ea.id + parent: google_vmwareengine_network_policy.external-access-rule-np.id + dependencies: + google_vmwareengine_external_address.external-access-rule-ea: |- + { + "internal_ip": "192.168.0.65", + "name": "sample-ea", + "parent": "${google_vmwareengine_private_cloud.external-access-rule-pc.id}" + } + google_vmwareengine_network.external-access-rule-nw: |- + { + "description": "PC network description.", + "location": "global", + "name": "sample-nw", + "type": "STANDARD" + } + google_vmwareengine_network_policy.external-access-rule-np: |- + { + "edge_services_cidr": "192.168.30.0/26", + "location": "us-west1", + "name": "sample-np", + "vmware_engine_network": "${google_vmwareengine_network.external-access-rule-nw.id}" + } + google_vmwareengine_private_cloud.external-access-rule-pc: |- + { + "description": "Sample test PC.", + "location": "us-west1-a", + "management_cluster": [ + { + "cluster_id": "sample-mgmt-cluster", + "node_type_configs": [ + { + "node_count": 3, + "node_type_id": "standard-72" + } + ] + } + ], + "name": "sample-pc", + "network_config": [ + { + "management_cidr": "192.168.50.0/24", + "vmware_engine_network": "${google_vmwareengine_network.external-access-rule-nw.id}" + } + ] + } + argumentDocs: + action: |- + - + (Required) + The action that the external access rule performs. + Possible values are: ALLOW, DENY. + create: '- Default is 20 minutes.' + create_time: |- + - + Creation time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + destination_ip_ranges: |- + - + (Required) + If destination ranges are specified, the external access rule applies only to + traffic that has a destination IP address in these ranges. + Structure is documented below. + destination_ip_ranges.description: |- + - + (Optional) + User-provided description for the external access rule. + destination_ip_ranges.external_address: |- + - + (Optional) + The name of an ExternalAddress resource. + destination_ip_ranges.ip_address_range: |- + - + (Optional) + An IP address range in the CIDR format. + destination_ports: |- + - + (Required) + A list of destination ports to which the external access rule applies. + id: '- an identifier for the resource with format {{parent}}/externalAccessRules/{{name}}' + ip_protocol: |- + - + (Required) + The IP protocol to which the external access rule applies. + name: |- + - + (Required) + The ID of the external access rule. + parent: |- + - + (Required) + The resource name of the network policy. + Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. + For example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy + priority: |- + - + (Required) + External access rule priority, which determines the external access rule to use when multiple rules apply. + source_ip_ranges: |- + - + (Required) + If source ranges are specified, the external access rule applies only to + traffic that has a source IP address in these ranges. + Structure is documented below. + source_ip_ranges.ip_address: |- + - + (Optional) + A single IP address. + source_ip_ranges.ip_address_range: |- + - + (Optional) + An IP address range in the CIDR format. + source_ports: |- + - + (Required) + A list of source ports to which the external access rule applies. + state: |- + - + State of the Cluster. + uid: |- + - + System-generated unique identifier for the resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Last updated time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] + google_vmwareengine_external_address: + subCategory: Cloud VMware Engine + description: An allocated external IP address and its corresponding internal IP address in a private cloud. + name: google_vmwareengine_external_address + title: "" + examples: + - name: vmw-engine-external-address + manifest: |- + { + "depends_on": [ + "${google_vmwareengine_network_policy.external-address-np}" + ], + "description": "Sample description.", + "internal_ip": "192.168.0.66", + "name": "sample-external-address", + "parent": "${google_vmwareengine_private_cloud.external-address-pc.id}" + } + references: + parent: google_vmwareengine_private_cloud.external-address-pc.id + dependencies: + google_vmwareengine_network.external-address-nw: |- + { + "description": "PC network description.", + "location": "global", + "name": "pc-nw", + "type": "STANDARD" + } + google_vmwareengine_network_policy.external-address-np: |- + { + "edge_services_cidr": "192.168.30.0/26", + "location": "", + "name": "sample-np", + "vmware_engine_network": "${google_vmwareengine_network.external-address-nw.id}" + } + google_vmwareengine_private_cloud.external-address-pc: |- + { + "description": "Sample test PC.", + "location": "-a", + "management_cluster": [ + { + "cluster_id": "sample-mgmt-cluster", + "node_type_configs": [ + { + "node_count": 3, + "node_type_id": "standard-72" + } + ] + } + ], + "name": "sample-pc", + "network_config": [ + { + "management_cidr": "192.168.50.0/24", + "vmware_engine_network": "${google_vmwareengine_network.external-address-nw.id}" + } + ] + } + argumentDocs: + create: '- Default is 40 minutes.' + create_time: |- + - + Creation time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + User-provided description for this resource. + external_ip: |- + - + The external IP address of a workload VM. + id: '- an identifier for the resource with format {{parent}}/externalAddresses/{{name}}' + internal_ip: |- + - + (Required) + The internal IP address of a workload VM. + name: |- + - + (Required) + The ID of the external IP Address. + parent: |- + - + (Required) + The resource name of the private cloud to create a new external address in. + Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. + For example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud + state: |- + - + State of the resource. + uid: |- + - + System-generated unique identifier for the resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Last updated time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_vmwareengine_network: subCategory: Cloud VMware Engine description: Provides connectivity for VMware Engine private clouds. name: google_vmwareengine_network title: "" examples: + - name: vmw-engine-network + manifest: |- + { + "description": "VMwareEngine standard network sample", + "location": "global", + "name": "standard-nw", + "type": "STANDARD" + } - name: vmw-engine-network manifest: |- { @@ -99684,20 +122354,17 @@ resources: "location": "us-west1", "name": "us-west1-default", "project": "${google_project_service.acceptance.project}", - "provider": "${google-beta}", "type": "LEGACY" } references: project: google_project_service.acceptance.project - provider: google-beta dependencies: google_project.acceptance: |- { "billing_account": "000000-0000000-0000000-000000", "name": "vmw-proj", "org_id": "123456789", - "project_id": "vmw-proj", - "provider": "${google-beta}" + "project_id": "vmw-proj" } google_project_service.acceptance: |- { @@ -99705,7 +122372,6 @@ resources: "${time_sleep.wait_60_seconds}" ], "project": "${google_project.acceptance.project_id}", - "provider": "${google-beta}", "service": "vmwareengine.googleapis.com" } time_sleep.wait_60_seconds: |- @@ -99741,7 +122407,7 @@ resources: - (Required) VMware Engine network type. - Possible values are: LEGACY. + Possible values are: LEGACY, STANDARD. uid: |- - System-generated unique identifier for the resource. @@ -99761,9 +122427,273 @@ resources: (Output) Type of VPC network (INTRANET, INTERNET, or GOOGLE_CLOUD) importStatements: [] + google_vmwareengine_network_peering: + subCategory: Cloud VMware Engine + description: Represents a network peering resource. + name: google_vmwareengine_network_peering + title: "" + examples: + - name: vmw-engine-network-peering + manifest: |- + { + "description": "Sample description", + "export_custom_routes": false, + "export_custom_routes_with_public_ip": false, + "import_custom_routes": false, + "import_custom_routes_with_public_ip": false, + "name": "sample-network-peering", + "peer_network": "${google_vmwareengine_network.network-peering-peer-nw.id}", + "peer_network_type": "VMWARE_ENGINE_NETWORK", + "vmware_engine_network": "${google_vmwareengine_network.network-peering-nw.id}" + } + references: + peer_network: google_vmwareengine_network.network-peering-peer-nw.id + vmware_engine_network: google_vmwareengine_network.network-peering-nw.id + dependencies: + google_vmwareengine_network.network-peering-nw: |- + { + "location": "global", + "name": "default-np-nw", + "type": "STANDARD" + } + google_vmwareengine_network.network-peering-peer-nw: |- + { + "location": "global", + "name": "peer-np-nw", + "type": "STANDARD" + } + - name: vmw-engine-network-peering + manifest: |- + { + "description": "Sample description", + "name": "sample-network-peering", + "peer_network": "${google_compute_network.network-peering-vpc.id}", + "peer_network_type": "STANDARD", + "vmware_engine_network": "${google_vmwareengine_network.network-peering-standard-nw.id}" + } + references: + peer_network: google_compute_network.network-peering-vpc.id + vmware_engine_network: google_vmwareengine_network.network-peering-standard-nw.id + dependencies: + google_compute_network.network-peering-vpc: |- + { + "name": "default-vpc" + } + google_vmwareengine_network.network-peering-standard-nw: |- + { + "location": "global", + "name": "default-standard-nw-np", + "type": "STANDARD" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Creation time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + User-provided description for this network peering. + export_custom_routes: |- + - + (Optional) + True if custom routes are exported to the peered network; false otherwise. + export_custom_routes_with_public_ip: |- + - + (Optional) + True if all subnet routes with a public IP address range are exported; false otherwise. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/networkPeerings/{{name}}' + import_custom_routes: |- + - + (Optional) + True if custom routes are imported from the peered network; false otherwise. + import_custom_routes_with_public_ip: |- + - + (Optional) + True if custom routes are imported from the peered network; false otherwise. + name: |- + - + (Required) + The ID of the Network Peering. + peer_network: |- + - + (Required) + The relative resource name of the network to peer with a standard VMware Engine network. + The provided network can be a consumer VPC network or another standard VMware Engine network. + peer_network_type: |- + - + (Required) + The type of the network to peer with the VMware Engine network. + Possible values are: STANDARD, VMWARE_ENGINE_NETWORK, PRIVATE_SERVICES_ACCESS, NETAPP_CLOUD_VOLUMES, THIRD_PARTY_SERVICE, DELL_POWERSCALE. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + state: |- + - + State of the network peering. + This field has a value of 'ACTIVE' when there's a matching configuration in the peer network. + New values may be added to this enum when appropriate. + state_details: |- + - + Details about the current state of the network peering. + uid: |- + - + System-generated unique identifier for the resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Last updated time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + vmware_engine_network: |- + - + (Required) + The relative resource name of the VMware Engine network. Specify the name in the following form: + projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project} + can either be a project number or a project ID. + vmware_engine_network_canonical: |- + - + The canonical name of the VMware Engine network in the form: + projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} + importStatements: [] + google_vmwareengine_network_policy: + subCategory: Cloud VMware Engine + description: Represents a network policy resource. + name: google_vmwareengine_network_policy + title: "" + examples: + - name: vmw-engine-network-policy + manifest: |- + { + "edge_services_cidr": "192.168.30.0/26", + "location": "us-west1", + "name": "sample-network-policy", + "vmware_engine_network": "${google_vmwareengine_network.network-policy-nw.id}" + } + references: + vmware_engine_network: google_vmwareengine_network.network-policy-nw.id + dependencies: + google_vmwareengine_network.network-policy-nw: |- + { + "description": "VMwareEngine standard network sample", + "location": "global", + "name": "standard-nw", + "type": "STANDARD" + } + - name: vmw-engine-network-policy + manifest: |- + { + "description": "Sample Network Policy", + "edge_services_cidr": "192.168.30.0/26", + "external_ip": [ + { + "enabled": true + } + ], + "internet_access": [ + { + "enabled": true + } + ], + "location": "us-west1", + "name": "sample-network-policy-full", + "vmware_engine_network": "${google_vmwareengine_network.network-policy-nw.id}" + } + references: + vmware_engine_network: google_vmwareengine_network.network-policy-nw.id + dependencies: + google_vmwareengine_network.network-policy-nw: |- + { + "description": "VMwareEngine standard network sample", + "location": "global", + "name": "standard-full-nw", + "type": "STANDARD" + } + argumentDocs: + create: '- Default is 60 minutes.' + create_time: |- + - + Creation time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 60 minutes.' + description: |- + - + (Optional) + User-provided description for this network policy. + edge_services_cidr: |- + - + (Required) + IP address range in CIDR notation used to create internet access and external IP access. + An RFC 1918 CIDR block, with a "/26" prefix, is required. The range cannot overlap with any + prefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network. + external_ip: |- + - + (Optional) + Network service that allows External IP addresses to be assigned to VMware workloads. + This service can only be enabled when internetAccess is also enabled. + Structure is documented below. + external_ip.enabled: |- + - + (Optional) + True if the service is enabled; false otherwise. + external_ip.state: |- + - + (Output) + State of the service. New values may be added to this enum when appropriate. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}' + internet_access: |- + - + (Optional) + Network service that allows VMware workloads to access the internet. + Structure is documented below. + internet_access.enabled: |- + - + (Optional) + True if the service is enabled; false otherwise. + internet_access.state: |- + - + (Output) + State of the service. New values may be added to this enum when appropriate. + location: |- + - + (Required) + The resource name of the location (region) to create the new network policy in. + Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. + For example: projects/my-project/locations/us-central1 + name: |- + - + (Required) + The ID of the Network Policy. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + uid: |- + - + System-generated unique identifier for the resource. + update: '- Default is 60 minutes.' + update_time: |- + - + Last updated time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + vmware_engine_network: |- + - + (Required) + The relative resource name of the VMware Engine network. Specify the name in the following form: + projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project} + can either be a project number or a project ID. + vmware_engine_network_canonical: |- + - + The canonical name of the VMware Engine network in the form: + projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} + importStatements: [] google_vmwareengine_private_cloud: subCategory: Cloud VMware Engine - description: / Represents a private cloud resource. + description: Represents a private cloud resource. name: google_vmwareengine_private_cloud title: "" examples: @@ -99789,20 +122719,17 @@ resources: "management_cidr": "192.168.30.0/24", "vmware_engine_network": "${google_vmwareengine_network.pc-nw.id}" } - ], - "provider": "${google-beta}" + ] } references: network_config.vmware_engine_network: google_vmwareengine_network.pc-nw.id - provider: google-beta dependencies: google_vmwareengine_network.pc-nw: |- { "description": "PC network description.", - "location": "us-west1", - "name": "us-west1-default", - "provider": "${google-beta}", - "type": "LEGACY" + "location": "global", + "name": "pc-nw", + "type": "STANDARD" } - name: vmw-engine-pc manifest: |- @@ -99815,7 +122742,7 @@ resources: "node_type_configs": [ { "custom_core_count": 32, - "node_count": 3, + "node_count": 1, "node_type_id": "standard-72" } ] @@ -99828,22 +122755,20 @@ resources: "vmware_engine_network": "${google_vmwareengine_network.pc-nw.id}" } ], - "provider": "${google-beta}" + "type": "TIME_LIMITED" } references: network_config.vmware_engine_network: google_vmwareengine_network.pc-nw.id - provider: google-beta dependencies: google_vmwareengine_network.pc-nw: |- { "description": "PC network description.", - "location": "us-west1", - "name": "us-west1-default", - "provider": "${google-beta}", - "type": "LEGACY" + "location": "global", + "name": "pc-nw", + "type": "STANDARD" } argumentDocs: - create: '- Default is 210 minutes.' + create: '- Default is 240 minutes.' delete: '- Default is 150 minutes.' hcx: |- - @@ -99895,6 +122820,10 @@ resources: (Required) Network configuration in the consumer project with which the peering has to be done. Structure is documented below. + network_config.dns_server_ip: |- + - + (Output) + DNS Server IP of the Private Cloud. network_config.management_cidr: |- - (Required) @@ -99934,6 +122863,11 @@ resources: node_type_configs.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + node_type_configs.type: |- + - + (Optional) + Initial type of the private cloud. + Possible values are: STANDARD, TIME_LIMITED. nsx: |- - Details about a NSX Manager appliance. @@ -99984,6 +122918,117 @@ resources: (Optional) Version of the appliance. importStatements: [] + google_vmwareengine_subnet: + subCategory: Cloud VMware Engine + description: Subnet in a private cloud. + name: google_vmwareengine_subnet + title: "" + examples: + - name: vmw-engine-subnet + manifest: |- + { + "ip_cidr_range": "192.168.100.0/26", + "name": "service-1", + "parent": "${google_vmwareengine_private_cloud.subnet-pc.id}" + } + references: + parent: google_vmwareengine_private_cloud.subnet-pc.id + dependencies: + google_vmwareengine_network.subnet-nw: |- + { + "description": "PC network description.", + "location": "global", + "name": "pc-nw", + "type": "STANDARD" + } + google_vmwareengine_private_cloud.subnet-pc: |- + { + "description": "Sample test PC.", + "location": "us-west1-a", + "management_cluster": [ + { + "cluster_id": "sample-mgmt-cluster", + "node_type_configs": [ + { + "node_count": 3, + "node_type_id": "standard-72" + } + ] + } + ], + "name": "sample-pc", + "network_config": [ + { + "management_cidr": "192.168.50.0/24", + "vmware_engine_network": "${google_vmwareengine_network.subnet-nw.id}" + } + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Creation time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + dhcp_address_ranges: |- + - + DHCP address ranges. + Structure is documented below. + dhcp_address_ranges.first_address: |- + - + (Output) + The first IP address of the range. + dhcp_address_ranges.last_address: |- + - + (Output) + The last IP address of the range. + gateway_id: |- + - + The canonical identifier of the logical router that this subnet is attached to. + gateway_ip: |- + - + The IP address of the gateway of this subnet. Must fall within the IP prefix defined above. + id: '- an identifier for the resource with format {{parent}}/subnets/{{name}}' + ip_cidr_range: |- + - + (Required) + The IP address range of the subnet in CIDR format. + name: |- + - + (Required) + The ID of the subnet. For userDefined subnets, this name should be in the format of "service-n", + where n ranges from 1 to 5. + parent: |- + - + (Required) + The resource name of the private cloud to create a new subnet in. + Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. + For example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud + standard_config: |- + - + Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud. + If false, the subnet cannot be modified through Google Cloud, only through NSX-T directly. + state: |- + - + State of the subnet. + type: |- + - + The type of the subnet. + uid: |- + - + System-generated unique identifier for the resource. + update: '- Default is 20 minutes.' + update_time: |- + - + Last updated time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + vlan_id: |- + - + VLAN ID of the VLAN on which the subnet is configured. + importStatements: [] google_vpc_access_connector: subCategory: Serverless VPC Access description: Serverless VPC Access connector resource. @@ -100090,6 +123135,516 @@ resources: (Optional) Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. importStatements: [] + google_workbench_instance: + subCategory: Vertex AI Workbench + description: A Workbench instance. + name: google_workbench_instance + title: "" + examples: + - name: instance + manifest: |- + { + "location": "us-west1-a", + "name": "workbench-instance" + } + - name: instance + manifest: |- + { + "gce_setup": [ + { + "container_image": [ + { + "repository": "us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cu113.py310", + "tag": "latest" + } + ] + } + ], + "location": "us-west1-a", + "name": "workbench-instance" + } + - name: instance + manifest: |- + { + "gce_setup": [ + { + "accelerator_configs": [ + { + "core_count": 1, + "type": "NVIDIA_TESLA_T4" + } + ], + "machine_type": "n1-standard-1", + "vm_image": [ + { + "family": "tf-latest-gpu", + "project": "deeplearning-platform-release" + } + ] + } + ], + "location": "us-central1-a", + "name": "workbench-instance" + } + - name: instance + manifest: |- + { + "desired_state": "STOPPED", + "gce_setup": [ + { + "machine_type": "e2-standard-4", + "metadata": { + "terraform": "true" + }, + "service_accounts": [ + { + "email": "my@service-account.com" + } + ], + "shielded_instance_config": [ + { + "enable_integrity_monitoring": false, + "enable_secure_boot": false, + "enable_vtpm": false + } + ] + } + ], + "instance_owners": [ + "my@service-account.com" + ], + "labels": { + "k": "val" + }, + "location": "us-central1-a", + "name": "workbench-instance" + } + - name: instance + manifest: |- + { + "desired_state": "ACTIVE", + "disable_proxy_access": "true", + "gce_setup": [ + { + "accelerator_configs": [ + { + "core_count": 1, + "type": "NVIDIA_TESLA_T4" + } + ], + "boot_disk": [ + { + "disk_encryption": "CMEK", + "disk_size_gb": 310, + "disk_type": "PD_SSD", + "kms_key": "my-crypto-key" + } + ], + "data_disks": [ + { + "disk_encryption": "CMEK", + "disk_size_gb": 330, + "disk_type": "PD_SSD", + "kms_key": "my-crypto-key" + } + ], + "disable_public_ip": false, + "enable_ip_forwarding": true, + "machine_type": "n1-standard-4", + "metadata": { + "terraform": "true" + }, + "network_interfaces": [ + { + "network": "${google_compute_network.my_network.id}", + "nic_type": "GVNIC", + "subnet": "${google_compute_subnetwork.my_subnetwork.id}" + } + ], + "service_accounts": [ + { + "email": "my@service-account.com" + } + ], + "shielded_instance_config": [ + { + "enable_integrity_monitoring": true, + "enable_secure_boot": true, + "enable_vtpm": true + } + ], + "tags": [ + "abc", + "def" + ] + } + ], + "instance_owners": [ + "my@service-account.com" + ], + "labels": { + "k": "val" + }, + "location": "us-central1-a", + "name": "workbench-instance" + } + references: + gce_setup.network_interfaces.network: google_compute_network.my_network.id + gce_setup.network_interfaces.subnet: google_compute_subnetwork.my_subnetwork.id + dependencies: + google_compute_network.my_network: |- + { + "auto_create_subnetworks": false, + "name": "wbi-test-default" + } + google_compute_subnetwork.my_subnetwork: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "wbi-test-default", + "network": "${google_compute_network.my_network.id}", + "region": "us-central1" + } + argumentDocs: + accelerator_configs.core_count: |- + - + (Optional) + Optional. Count of cores of this accelerator. + accelerator_configs.type: |- + - + (Optional) + Optional. Type of this accelerator. + Possible values are: NVIDIA_TESLA_P100, NVIDIA_TESLA_V100, NVIDIA_TESLA_P4, NVIDIA_TESLA_T4, NVIDIA_TESLA_A100, NVIDIA_A100_80GB, NVIDIA_L4, NVIDIA_TESLA_T4_VWS, NVIDIA_TESLA_P100_VWS, NVIDIA_TESLA_P4_VWS. + boot_disk.disk_encryption: |- + - + (Optional) + Optional. Input only. Disk encryption method used on the boot and + data disks, defaults to GMEK. + Possible values are: GMEK, CMEK. + boot_disk.disk_size_gb: |- + - + (Optional) + Optional. The size of the boot disk in GB attached to this instance, + up to a maximum of 64000 GB (64 TB). If not specified, this defaults to the + recommended value of 150GB. + boot_disk.disk_type: |- + - + (Optional) + Optional. Indicates the type of the disk. + Possible values are: PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. + boot_disk.kms_key: |- + - + (Optional) + 'Optional. The KMS key used to encrypt the disks, only + applicable if disk_encryption is CMEK. Format: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id} + Learn more about using your own encryption keys.' + container_image.repository: |- + - + (Required) + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName} + container_image.tag: |- + - + (Optional) + The tag of the container image. If not specified, this defaults to the latest tag. + create: '- Default is 10 minutes.' + create_time: |- + - + An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. + The milliseconds portion (".SSS") is optional. + creator: |- + - + Output only. Email address of entity that sent original CreateInstance request. + data_disks.disk_encryption: |- + - + (Optional) + Optional. Input only. Disk encryption method used on the boot + and data disks, defaults to GMEK. + Possible values are: GMEK, CMEK. + data_disks.disk_size_gb: |- + - + (Optional) + Optional. The size of the disk in GB attached to this VM instance, + up to a maximum of 64000 GB (64 TB). If not specified, this defaults to + 100. + data_disks.disk_type: |- + - + (Optional) + Optional. Input only. Indicates the type of the disk. + Possible values are: PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. + data_disks.kms_key: |- + - + (Optional) + 'Optional. The KMS key used to encrypt the disks, + only applicable if disk_encryption is CMEK. Format: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id} + Learn more about using your own encryption keys.' + delete: '- Default is 20 minutes.' + desired_state: '- (Optional) Desired state of the Workbench Instance. Set this field to ACTIVE to start the Instance, and STOPPED to stop the Instance.' + disable_proxy_access: |- + - + (Optional) + Optional. If true, the workbench instance will not register with the proxy. + effective_labels: for all of the labels present on the resource. + gce_setup: |- + - + (Optional) + The definition of how to configure a VM instance outside of Resources and Identity. + Structure is documented below. + gce_setup.accelerator_configs: |- + - + (Optional) + The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has + enough vCPUs and memory to support the . + Currently supports only one accelerator configuration. + Structure is documented below. + gce_setup.boot_disk: |- + - + (Optional) + The definition of a boot disk. + Structure is documented below. + gce_setup.container_image: |- + - + (Optional) + Use a container image to start the workbench instance. + Structure is documented below. + gce_setup.data_disks: |- + - + (Optional) + Data disks attached to the VM instance. Currently supports only one data disk. + Structure is documented below. + gce_setup.disable_public_ip: |- + - + (Optional) + Optional. If true, no external IP will be assigned to this VM instance. + gce_setup.enable_ip_forwarding: |- + - + (Optional) + Optional. Flag to enable ip forwarding or not, default false/off. + https://cloud.google.com/vpc/docs/using-routes#canipforward + gce_setup.machine_type: |- + - + (Optional) + Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource + gce_setup.metadata: |- + - + (Optional) + Optional. Custom metadata to apply to this instance. + gce_setup.network_interfaces: |- + - + (Optional) + The network interfaces for the VM. Supports only one interface. + Structure is documented below. + gce_setup.service_accounts: |- + - + (Optional) + The service account that serves as an identity for the VM instance. Currently supports only one service account. + Structure is documented below. + gce_setup.shielded_instance_config: |- + - + (Optional) + A set of Shielded Instance options. See Images using supported Shielded + VM features. + Not all combinations are valid. + Structure is documented below. + gce_setup.tags: |- + - + (Optional) + Optional. The Compute Engine tags to add to instance (see Tagging + instances). + gce_setup.vm_image: |- + - + (Optional) + Definition of a custom Compute Engine virtual machine image for starting + a workbench instance with the environment installed directly on the VM. + Structure is documented below. + health_info: |- + - + 'Output only. Additional information about instance health. Example: + healthInfo": { "docker_proxy_agent_status": "1", "docker_status": "1", "jupyterlab_api_status": + "-1", "jupyterlab_status": "-1", "updated": "2020-10-18 09:40:03.573409" }' + health_state: |- + - + Output only. Instance health_state. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}}' + instance_id: |- + - + (Optional) + Required. User-defined unique ID of this instance. + instance_owners: |- + - + (Optional) + 'Optional. Input only. The owner of this instance after creation. Format: + alias@example.com Currently supports one owner only. If not specified, all of + the service account users of your VM instance''s service account can use the instance.' + labels: |- + - + (Optional) + Optional. Labels to apply to this instance. These can be later modified + by the UpdateInstance method. + location: |- + - + (Required) + Part of parent. See documentation of projectsId. + name: |- + - + (Required) + The name of this workbench instance. Format: projects/{project_id}/locations/{location}/instances/{instance_id} + network_interfaces.network: |- + - + (Optional) + Optional. The name of the VPC that this VM instance is in. + network_interfaces.nic_type: |- + - + (Optional) + Optional. The type of vNIC to be used on this interface. This + may be gVNIC or VirtioNet. + Possible values are: VIRTIO_NET, GVNIC. + network_interfaces.subnet: |- + - + (Optional) + Optional. The name of the subnet that this VM instance is in. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + proxy_uri: |- + - + Output only. The proxy endpoint that is used to access the Jupyter notebook. + service_accounts.email: |- + - + (Optional) + Optional. Email address of the service account. + service_accounts.scopes: |- + - + (Output) + Output only. The list of scopes to be made available for this + service account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform + shielded_instance_config.enable_integrity_monitoring: |- + - + (Optional) + Optional. Defines whether the VM instance has integrity monitoring + enabled. Enables monitoring and attestation of the boot integrity of the VM + instance. The attestation is performed against the integrity policy baseline. + This baseline is initially derived from the implicitly trusted boot image + when the VM instance is created. Enabled by default. + shielded_instance_config.enable_secure_boot: |- + - + (Optional) + Optional. Defines whether the VM instance has Secure Boot enabled. + Secure Boot helps ensure that the system only runs authentic software by verifying + the digital signature of all boot components, and halting the boot process + if signature verification fails. Disabled by default. + shielded_instance_config.enable_vtpm: |- + - + (Optional) + Optional. Defines whether the VM instance has the vTPM enabled. + Enabled by default. + state: |- + - + Output only. The state of this instance. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. + The milliseconds portion (".SSS") is optional. + upgrade_history: |- + - + Output only. The upgrade history of this instance. + Structure is documented below. + upgrade_history.action: |- + - + (Optional) + Optional. Action. Rolloback or Upgrade. + upgrade_history.container_image: |- + - + (Optional) + Optional. The container image before this instance upgrade. + upgrade_history.create_time: |- + - + (Optional) + An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. + The milliseconds portion (".SSS") is optional. + upgrade_history.framework: |- + - + (Optional) + Optional. The framework of this workbench instance. + upgrade_history.snapshot: |- + - + (Optional) + Optional. The snapshot of the boot disk of this workbench instance before upgrade. + upgrade_history.state: |- + - + (Output) + Output only. The state of this instance upgrade history entry. + upgrade_history.target_version: |- + - + (Optional) + Optional. Target VM Version, like m63. + upgrade_history.version: |- + - + (Optional) + Optional. The version of the workbench instance before this upgrade. + upgrade_history.vm_image: |- + - + (Optional) + Optional. The VM image before this instance upgrade. + vm_image.family: |- + - + (Optional) + Optional. Use this VM image family to find the image; the newest + image in this family will be used. + vm_image.name: |- + - + (Optional) + Optional. Use VM image name to find the image. + vm_image.project: |- + - + (Optional) + The name of the Google Cloud project that this VM image belongs to. + Format: {project_id} + importStatements: [] + google_workbench_instance_iam_policy: + subCategory: Vertex AI Workbench + description: Collection of resources to manage IAM policy for Vertex AI Workbench Instance + name: google_workbench_instance_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_workbench_instance.instance.location}", + "name": "${google_workbench_instance.instance.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_workbench_instance.instance.project}" + } + references: + location: google_workbench_instance.instance.location + name: google_workbench_instance.instance.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_workbench_instance.instance.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_workbench_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.' + google_workbench_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.' + google_workbench_instance_iam_policy: ': Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.' + location: '- (Required) Part of parent. See documentation of projectsId. Used to find the parent resource to bind the IAM policy to' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_workbench_instance_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_workbench_instance_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_workflows_workflow: subCategory: Workflows description: Workflow program to be executed by Workflows. @@ -100099,11 +123654,18 @@ resources: - name: example manifest: |- { + "call_log_level": "LOG_ERRORS_ONLY", "description": "Magic", + "labels": { + "env": "test" + }, "name": "workflow", "region": "us-central1", "service_account": "${google_service_account.test_account.id}", - "source_contents": "# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n" + "source_contents": "# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n", + "user_env_vars": { + "url": "https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam" + } } references: service_account: google_service_account.test_account.id @@ -100114,6 +123676,13 @@ resources: "display_name": "Test Service Account" } argumentDocs: + call_log_level: |- + - + (Optional) + Describes the level of platform logging to apply to calls and call responses during + executions of this workflow. If both the workflow and the execution specify a logging level, + the execution level takes precedence. + Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. create: '- Default is 20 minutes.' create_time: |- - @@ -100128,6 +123697,7 @@ resources: - (Optional) Description of the workflow provided by the user. Must be at most 1000 unicode characters long. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}}' labels: |- - @@ -100163,14 +123733,22 @@ resources: source_contents: |- - (Optional) - Workflow code to be executed. The size limit is 32KB. + Workflow code to be executed. The size limit is 128KB. state: |- - State of the workflow deployment. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. update: '- Default is 20 minutes.' update_time: |- - The timestamp of when the workflow was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + user_env_vars: |- + - + (Optional) + User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS". importStatements: [] google_workstations_workstation: subCategory: Cloud Workstations @@ -100184,6 +123762,9 @@ resources: "annotations": { "label-one": "value-one" }, + "env": { + "name": "foo" + }, "labels": { "label": "key" }, @@ -100249,6 +123830,8 @@ resources: - (Optional) Client-specified annotations. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. create: '- Default is 30 minutes.' create_time: |- - @@ -100258,6 +123841,16 @@ resources: - (Optional) Human-readable name for this resource. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + env: |- + - + (Optional) + 'Client-specified environment variables passed to the workstation container's entrypoint.' host: |- - Host to which clients can send HTTPS traffic that will be received by the workstation. @@ -100268,6 +123861,8 @@ resources: - (Optional) Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Required) @@ -100281,6 +123876,10 @@ resources: state: |- - Current state of the workstation. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. uid: |- - A system-assigned unique identified for this resource. @@ -100377,11 +123976,57 @@ resources: "provider": "${google-beta}", "region": "us-central1" } + - name: default + manifest: |- + { + "annotations": { + "label-one": "value-one" + }, + "domain_config": [ + { + "domain": "workstations.example.com" + } + ], + "labels": { + "label": "key" + }, + "location": "us-central1", + "network": "${google_compute_network.default.id}", + "private_cluster_config": [ + { + "enable_private_endpoint": true + } + ], + "provider": "${google-beta}", + "subnetwork": "${google_compute_subnetwork.default.id}", + "workstation_cluster_id": "workstation-cluster-custom-domain" + } + references: + network: google_compute_network.default.id + provider: google-beta + subnetwork: google_compute_subnetwork.default.id + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "workstation-cluster-custom-domain", + "provider": "${google-beta}" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/24", + "name": "workstation-cluster-custom-domain", + "network": "${google_compute_network.default.name}", + "provider": "${google-beta}", + "region": "us-central1" + } argumentDocs: annotations: |- - (Optional) Client-specified annotations. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. conditions: |- - Status conditions describing the current resource state. @@ -100411,6 +124056,21 @@ resources: - (Optional) Human-readable name for this resource. + domain_config: |- + - + (Optional) + Configuration options for a custom domain. + Structure is documented below. + domain_config.domain: |- + - + (Required) + Domain used by Workstations for HTTP ingress. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. etag: |- - Checksum computed by the server. @@ -100420,6 +124080,8 @@ resources: - (Optional) Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Optional) @@ -100437,6 +124099,11 @@ resources: (Optional) Configuration for private cluster. Structure is documented below. + private_cluster_config.allowed_projects: |- + - + (Optional) + Additional project IDs that are allowed to attach to the workstation cluster's service attachment. + By default, the workstation cluster's project and the VPC host project (if different) are allowed. private_cluster_config.cluster_hostname: |- - (Output) @@ -100461,6 +124128,10 @@ resources: (Required) Name of the Compute Engine subnetwork in which instances associated with this cluster will be created. Must be part of the subnetwork specified for this cluster. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. uid: |- - The system-generated UID of the resource. @@ -100479,20 +124150,31 @@ resources: - name: default manifest: |- { + "annotations": { + "label-one": "value-one" + }, "host": [ { "gce_instance": [ { "boot_disk_size_gb": 35, "disable_public_ip_addresses": true, + "disable_ssh": false, "machine_type": "e2-standard-4" } ] } ], "idle_timeout": "600s", + "labels": { + "label": "key" + }, "location": "us-central1", "provider": "${google-beta}", + "replica_zones": [ + "us-central1-a", + "us-central1-b" + ], "running_timeout": "21600s", "workstation_cluster_id": "${google_workstations_workstation_cluster.default.workstation_cluster_id}", "workstation_config_id": "workstation-config" @@ -100547,7 +124229,8 @@ resources: { "boot_disk_size_gb": 35, "disable_public_ip_addresses": true, - "machine_type": "e2-standard-4" + "enable_nested_virtualization": true, + "machine_type": "n1-standard-4" } ] } @@ -100788,7 +124471,7 @@ resources: "accelerators": [ { "count": "1", - "type": "nvidia-tesla-p100" + "type": "nvidia-tesla-t4" } ], "boot_disk_size_gb": 35, @@ -100931,6 +124614,8 @@ resources: - (Optional) Client-specified annotations. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. conditions: |- - Status conditions describing the current resource state. @@ -100989,10 +124674,24 @@ resources: - Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. delete: '- Default is 30 minutes.' + disable_tcp_connections: |- + - + (Optional) + Disables support for plain TCP connections in the workstation. By default the service supports TCP connections via a websocket relay. Setting this option to true disables that relay, which prevents the usage of services that require plain tcp connections, such as ssh. When enabled, all communication must occur over https or wss. display_name: |- - (Optional) Human-readable name for this resource. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + enable_audit_agent: |- + - + (Optional) + Whether to enable Linux auditd logging on the workstation. When enabled, a service account must also be specified that has logging.buckets.write permission on the project. Operating system audit logging is distinct from Cloud Audit Logs. encryption_key: |- - (Optional) @@ -101063,6 +124762,15 @@ resources: - (Optional) Whether instances have no public IP address. + host.gce_instance.disable_ssh: |- + - + (Optional) + Whether to disable SSH access to the VM. + host.gce_instance.enable_nested_virtualization: |- + - + (Optional) + Whether to enable nested virtualization on the Compute Engine VMs backing the Workstations. + See https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters.workstationConfigs#GceInstance.FIELDS.enable_nested_virtualization host.gce_instance.machine_type: |- - (Optional) @@ -101075,6 +124783,10 @@ resources: - (Optional) Email address of the service account that will be used on VM instances used to support this config. This service account must have permission to pull the specified container image. If not set, VMs will run without a service account, in which case the image must be publicly accessible. + host.gce_instance.service_account_scopes: |- + - + (Optional) + Scopes to grant to the service_account. Various scopes are automatically added based on feature usage. When specified, users of workstations under this configuration must have iam.serviceAccounts.actAs on the service account. host.gce_instance.shielded_instance_config: |- - (Optional) @@ -101094,6 +124806,8 @@ resources: - (Optional) Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - (Required) @@ -101118,6 +124832,24 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + readiness_checks: |- + - + (Optional) + Readiness checks to be performed on a workstation. + Structure is documented below. + readiness_checks.path: |- + - + (Required) + Path to which the request should be sent. + readiness_checks.port: |- + - + (Required) + Port to which the request should be sent. + replica_zones: |- + - + (Optional) + Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, ['us-central1-a', 'us-central1-f']. + If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. running_timeout: |- - (Optional) @@ -101135,6 +124867,10 @@ resources: - (Optional) Whether the instance has the vTPM enabled. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. uid: |- - The system-generated UID of the resource. diff --git a/config/provider.go b/config/provider.go index 9fe44aca7..d67c9ed00 100644 --- a/config/provider.go +++ b/config/provider.go @@ -35,7 +35,6 @@ import ( "github.com/upbound/provider-gcp/config/bigtable" composer "github.com/upbound/provider-gcp/config/cloudcomposer" "github.com/upbound/provider-gcp/config/cloudfunctions" - "github.com/upbound/provider-gcp/config/cloudiot" "github.com/upbound/provider-gcp/config/cloudplatform" "github.com/upbound/provider-gcp/config/cloudrun" "github.com/upbound/provider-gcp/config/cloudscheduler" @@ -203,7 +202,6 @@ func GetProvider(_ context.Context, generationProvider bool) (*tjconfig.Provider bigtable.Configure, composer.Configure, cloudfunctions.Configure, - cloudiot.Configure, cloudplatform.Configure, cloudrun.Configure, cloudscheduler.Configure, diff --git a/config/pubsub/config.go b/config/pubsub/config.go index 2c8f8fa39..9fe811b3f 100644 --- a/config/pubsub/config.go +++ b/config/pubsub/config.go @@ -31,6 +31,7 @@ func Configure(p *config.Provider) { Type: "Topic", } r.Sensitive.AdditionalConnectionDetailsFn = pubsubConnectionDetails + delete(r.References, "cloud_storage_config.bucket") }) p.AddResourceConfigurator("google_pubsub_subscription_iam_member", func(r *config.Resource) { diff --git a/config/schema.json b/config/schema.json index 599ed8afd..a156c7d9e 100644 --- a/config/schema.json +++ b/config/schema.json @@ -1 +1 @@ -{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/google":{"provider":{"version":0,"block":{"attributes":{"access_approval_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_context_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_token":{"type":"string","description_kind":"plain","optional":true},"active_directory_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"alloydb_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apigee_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apikeys_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"app_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"artifact_registry_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"assured_workloads_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"beyondcorp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"big_query_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_analytics_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_connection_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_data_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_datapolicy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_reservation_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigtable_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_project":{"type":"string","description_kind":"plain","optional":true},"binary_authorization_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"certificate_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_asset_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_worker_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_functions_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_identity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_ids_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_iot_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_scheduler_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_tasks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudbuildv2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddeploy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudfunctions2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"composer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"compute_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_analysis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_attached_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_aws_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_azure_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true},"data_catalog_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_fusion_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_loss_prevention_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"database_migration_service_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataplex_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_metastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastream_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"deployment_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_cx_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dns_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_warehouse_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"essential_contacts_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"eventarc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"filestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebaserules_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"game_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_backup_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"healthcare_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_beta_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_credentials_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_workforce_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iap_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"identity_platform_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account_delegates":{"type":["list","string"],"description_kind":"plain","optional":true},"kms_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"logging_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"looker_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memcache_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"ml_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"monitoring_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_connectivity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_security_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"notebooks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"org_policy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_config_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_login_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privateca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_ca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_lite_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"recaptcha_enterprise_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"redis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"request_reason":{"type":"string","description_kind":"plain","optional":true},"request_timeout":{"type":"string","description_kind":"plain","optional":true},"resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"resource_manager_v3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"secret_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_networking_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_usage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"source_repo_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"spanner_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"sql_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_location_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tpu_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"user_project_override":{"type":"bool","description_kind":"plain","optional":true},"vertex_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vpc_access_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workflows_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"zone":{"type":"string","description_kind":"plain","optional":true}},"block_types":{"batching":{"nesting_mode":"list","block":{"attributes":{"enable_batching":{"type":"bool","description_kind":"plain","optional":true},"send_after":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"resource_schemas":{"google_access_context_manager_access_level":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true},"require_verified_chrome_os":{"type":"bool","description":"If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.","description_kind":"plain","optional":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_level_condition":{"version":0,"block":{"attributes":{"access_level":{"type":"string","description":"The name of the Access Level to add this condition to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_levels":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"access_levels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1}},"description":"The desired Access Levels that should replace all existing Access Levels in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the AccessPolicy. Format: {policy_id}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of this AccessPolicy in the Cloud Resource Hierarchy.\nFormat: organizations/{organization_id}","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description":"Folder or project on which this policy is applicable.\nFormat: folders/{{folder_id}} or projects/{{project_id}}","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Does not affect behavior.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_authorized_orgs_desc":{"version":0,"block":{"attributes":{"asset_type":{"type":"string","description":"The type of entities that need to use the authorization relationship during\nevaluation, such as a device. Valid values are \"ASSET_TYPE_DEVICE\" and\n\"ASSET_TYPE_CREDENTIAL_STRENGTH\". Possible values: [\"ASSET_TYPE_DEVICE\", \"ASSET_TYPE_CREDENTIAL_STRENGTH\"]","description_kind":"plain","optional":true},"authorization_direction":{"type":"string","description":"The direction of the authorization relationship between this organization\nand the organizations listed in the \"orgs\" field. The valid values for this\nfield include the following:\n\nAUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic\nin the organizations listed in the 'orgs' field.\n\nAUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the 'orgs'\nfield to evaluate the traffic in this organization.\n\nFor the authorization relationship to take effect, all of the organizations\nmust authorize and specify the appropriate relationship direction. For\nexample, if organization A authorized organization B and C to evaluate its\ntraffic, by specifying \"AUTHORIZATION_DIRECTION_TO\" as the authorization\ndirection, organizations B and C must specify\n\"AUTHORIZATION_DIRECTION_FROM\" as the authorization direction in their\n\"AuthorizedOrgsDesc\" resource. Possible values: [\"AUTHORIZATION_DIRECTION_TO\", \"AUTHORIZATION_DIRECTION_FROM\"]","description_kind":"plain","optional":true},"authorization_type":{"type":"string","description":"A granular control type for authorization levels. Valid value is \"AUTHORIZATION_TYPE_TRUST\". Possible values: [\"AUTHORIZATION_TYPE_TRUST\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the 'AuthorizedOrgsDesc'. Format:\n'accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}'.\nThe 'authorized_orgs_desc' component must begin with a letter, followed by\nalphanumeric characters or '_'.\nAfter you create an 'AuthorizedOrgsDesc', you cannot change its 'name'.","description_kind":"plain","required":true},"orgs":{"type":["list","string"],"description":"The list of organization ids in this AuthorizedOrgsDesc.\nFormat: 'organizations/\u003corg_number\u003e'\nExample: 'organizations/123456'","description_kind":"plain","optional":true},"parent":{"type":"string","description":"Required. Resource name for the access policy which owns this 'AuthorizedOrgsDesc'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_egress_policy":{"version":0,"block":{"attributes":{"egress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_gcp_user_access_binding":{"version":0,"block":{"attributes":{"access_levels":{"type":["list","string"],"description":"Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"","description_kind":"plain","required":true},"group_key":{"type":"string","description":"Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\"","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","description_kind":"plain","computed":true},"organization_id":{"type":"string","description":"Required. ID of the parent organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["list","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["list","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["list","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["list","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeters":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"service_perimeters":{"nesting_mode":"set","block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["list","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["list","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["list","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["list","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1}},"description":"The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain":{"version":0,"block":{"attributes":{"admin":{"type":"string","description":"The name of delegated administrator account used to perform Active Directory operations.\nIf not specified, setupadmin will be used.","description_kind":"plain","optional":true},"authorized_networks":{"type":["set","string"],"description":"The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks.\nIf CIDR subnets overlap between networks, domain creation will fail.","description_kind":"plain","optional":true},"domain_name":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"fqdn":{"type":"string","description":"The fully-qualified domain name of the exposed domain used by clients to connect to the service.\nSimilar to what would be chosen for an Active Directory set up on an internal network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels that can contain user-provided metadata","description_kind":"plain","optional":true},"locations":{"type":["list","string"],"description":"Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/]\ne.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique name of the domain using the format: 'projects/{project}/locations/global/domains/{domainName}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger.\nRanges must be unique and non-overlapping with existing subnets in authorizedNetworks","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain_trust":{"version":0,"block":{"attributes":{"domain":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selective_authentication":{"type":"bool","description":"Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.","description_kind":"plain","optional":true},"target_dns_ip_addresses":{"type":["set","string"],"description":"The target DNS server IP addresses which can resolve the remote domain involved in the trust.","description_kind":"plain","required":true},"target_domain_name":{"type":"string","description":"The fully qualified target domain name which will be in trust with the current domain.","description_kind":"plain","required":true},"trust_direction":{"type":"string","description":"The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values: [\"INBOUND\", \"OUTBOUND\", \"BIDIRECTIONAL\"]","description_kind":"plain","required":true},"trust_handshake_secret":{"type":"string","description":"The trust secret used for the handshake with the target domain. This will not be stored.","description_kind":"plain","required":true,"sensitive":true},"trust_type":{"type":"string","description":"The type of trust represented by the trust resource. Possible values: [\"FOREST\", \"EXTERNAL\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_backup":{"version":0,"block":{"attributes":{"backup_id":{"type":"string","description":"The ID of the alloydb backup.","description_kind":"plain","required":true},"cluster_name":{"type":"string","description":"The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Backup was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the backup.","description_kind":"plain","optional":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb backup.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb backup should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If true, indicates that the service is actively updating the resource. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the backup.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Backup was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_cluster":{"version":0,"block":{"attributes":{"backup_source":{"type":["list",["object",{"backup_name":"string"}]],"description":"Cluster created from backup.","description_kind":"plain","computed":true},"cluster_id":{"type":"string","description":"The ID of the alloydb cluster.","description_kind":"plain","required":true},"continuous_backup_info":{"type":["list",["object",{"earliest_restorable_time":"string","enabled_time":"string","encryption_info":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"schedule":["list","string"]}]],"description":"ContinuousBackupInfo describes the continuous backup properties of a cluster.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Cluster.","description_kind":"plain","optional":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb cluster.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb cluster should reside.","description_kind":"plain","required":true},"migration_source":{"type":["list",["object",{"host_port":"string","reference_id":"string","source_type":"string"}]],"description":"Cluster created via DMS migration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster resource.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"list","block":{"attributes":{"backup_window":{"type":"string","description":"The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether automated backups are enabled.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to backups created using this configuration.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.","description_kind":"plain","optional":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"quantity_based_retention":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of backups to retain.","description_kind":"plain","optional":true}},"description":"Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"time_based_retention":{"nesting_mode":"list","block":{"attributes":{"retention_period":{"type":"string","description":"The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"block_types":{"start_times":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).","description_kind":"plain"},"min_items":1}},"description":"Weekly schedule for the Backup.","description_kind":"plain"},"max_items":1}},"description":"The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.","description_kind":"plain"},"max_items":1},"continuous_backup_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether continuous backup recovery is enabled. If not set, defaults to true.","description_kind":"plain","optional":true},"recovery_window_days":{"type":"number","description":"The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1}},"description":"The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","optional":true}},"description":"Initial user to setup during cluster creation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_instance":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"]","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"database_flags":{"type":["map","string"],"description":"Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Instance.","description_kind":"plain","optional":true},"gce_zone":{"type":"string","description":"The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The ID of the alloydb instance.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the 'depends_on' meta-data attribute. Possible values: [\"PRIMARY\", \"READ_POOL\"]","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb instance.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance resource.","description_kind":"plain","computed":true},"reconciling":{"type":"bool","description":"Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the alloydb instance.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","optional":true,"computed":true}},"description":"Configurations for the machines that host the underlying database engine.","description_kind":"plain"},"max_items":1},"read_pool_config":{"nesting_mode":"list","block":{"attributes":{"node_count":{"type":"number","description":"Read capacity, i.e. number of nodes in a read pool instance.","description_kind":"plain","optional":true}},"description":"Read pool specific config.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_addons_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"advanced_api_ops_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"api_security_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"connectors_platform_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"integration_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"monetization_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1}},"description":"Addon configurations of the Apigee organization.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_endpoint_attachment":{"version":0,"block":{"attributes":{"connection_state":{"type":"string","description":"State of the endpoint attachment connection to the service attachment.","description_kind":"plain","computed":true},"endpoint_attachment_id":{"type":"string","description":"ID of the endpoint attachment.","description_kind":"plain","required":true},"host":{"type":"string","description":"Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the endpoint attachment.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Endpoint Attachment in the following format:\norganizations/{organization}/endpointAttachments/{endpointAttachment}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"service_attachment":{"type":"string","description":"Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_keystore":{"version":0,"block":{"attributes":{"aliases":{"type":["list","string"],"description":"Aliases in this keystore.","description_kind":"plain","computed":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created keystore.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_references":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Optional. A human-readable description of this reference.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"refers":{"type":"string","description":"Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup":{"version":0,"block":{"attributes":{"hostnames":{"type":["list","string"],"description":"Hostnames of the environment group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment group.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup_attachment":{"version":0,"block":{"attributes":{"envgroup_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'.","description_kind":"plain","required":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment":{"version":0,"block":{"attributes":{"api_proxy_type":{"type":"string","description":"Optional. API Proxy type supported by the environment. The type can be set when creating\nthe Environment and cannot be changed. Possible values: [\"API_PROXY_TYPE_UNSPECIFIED\", \"PROGRAMMABLE\", \"CONFIGURABLE\"]","description_kind":"plain","optional":true,"computed":true},"deployment_type":{"type":"string","description":"Optional. Deployment type supported by the environment. The deployment type can be\nset when creating the environment and cannot be changed. When you enable archive\ndeployment, you will be prevented from performing a subset of actions within the\nenvironment, including:\nManaging the deployment of API proxy or shared flow revisions;\nCreating, updating, or deleting resource files;\nCreating, updating, or deleting target servers. Possible values: [\"DEPLOYMENT_TYPE_UNSPECIFIED\", \"PROXY\", \"ARCHIVE\"]","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the environment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"node_config":{"nesting_mode":"list","block":{"attributes":{"current_aggregate_node_count":{"type":"string","description":"The current total number of gateway nodes that each environment currently has across\nall instances.","description_kind":"plain","computed":true},"max_node_count":{"type":"string","description":"The maximum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended maximum number of nodes for that gateway.","description_kind":"plain","optional":true},"min_node_count":{"type":"string","description":"The minimum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended minimum number of nodes for that gateway.","description_kind":"plain","optional":true}},"description":"NodeConfig for setting the min/max number of nodes associated with the environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_iam_binding":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_member":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apigee_flowhook":{"version":0,"block":{"attributes":{"continue_on_error":{"type":"bool","description":"Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the flow hook.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"flow_hook_point":{"type":"string","description":"Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the environment","description_kind":"plain","required":true},"sharedflow":{"type":"string","description":"Id of the Sharedflow attaching to a flowhook point.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance":{"version":0,"block":{"attributes":{"consumer_accept_list":{"type":["list","string"],"description":"Optional. Customer accept list represents the list of projects (id/number) on customer\nside that can privately connect to the service attachment. It is an optional field\nwhich the customers can provide during the instance creation. By default, the customer\nproject associated with the Apigee organization will be included to the list.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the instance.","description_kind":"plain","optional":true},"disk_encryption_key_name":{"type":"string","description":"Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_range":{"type":"string","description":"IP range represents the customer-provided CIDR block of length 22 that will be used for\nthe Apigee instance creation. This optional range, if provided, should be freely\navailable as part of larger named range the customer has allocated to the Service\nNetworking peering. If this is not provided, Apigee will automatically request for any\navailable /22 CIDR block from Service Networking. The customer should use this CIDR block\nfor configuring their firewall needs to allow traffic from Apigee.\nInput format: \"a.b.c.d/22\"","description_kind":"plain","optional":true},"location":{"type":"string","description":"Required. Compute Engine location where the instance resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource ID of the instance.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"peering_cidr_range":{"type":"string","description":"The size of the CIDR block range that will be reserved by the instance. For valid values,\nsee [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"string","description":"Output only. Port number of the exposed Apigee endpoint.","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Output only. Resource name of the service attachment created for the instance in\nthe format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately\nforward traffic to this service attachment using the PSC endpoints.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance_attachment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organisations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_key_cert_file":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"cert":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Private Key content, omit if uploading to truststore","description_kind":"plain","optional":true,"sensitive":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"certs_info":{"nesting_mode":"list","block":{"block_types":{"cert_info":{"nesting_mode":"list","block":{"attributes":{"basic_constraints":{"type":"string","description":"X.509 basic constraints extension.","description_kind":"plain","optional":true,"computed":true},"expiry_date":{"type":"string","description":"X.509 notAfter validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"is_valid":{"type":"string","description":"Flag that specifies whether the certificate is valid. \nFlag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"X.509 issuer.","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":"string","description":"Public key component of the X.509 subject public key info.","description_kind":"plain","optional":true,"computed":true},"serial_number":{"type":"string","description":"X.509 serial number.","description_kind":"plain","optional":true,"computed":true},"sig_alg_name":{"type":"string","description":"X.509 signatureAlgorithm.","description_kind":"plain","optional":true,"computed":true},"subject":{"type":"string","description":"X.509 subject.","description_kind":"plain","optional":true,"computed":true},"subject_alternative_names":{"type":["list","string"],"description":"X.509 subject alternative names (SANs) extension.","description_kind":"plain","optional":true,"computed":true},"valid_from":{"type":"string","description":"X.509 notBefore validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"X.509 version.","description_kind":"plain","optional":true,"computed":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Chain of certificates under this alias.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_pkcs12":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"file":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"filehash":{"type":"string","description":"Hash of the pkcs file","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_self_signed_cert":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias for the key/certificate pair. Values must match the regular expression [\\w\\s-.]{1,255}.\nThis must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either\nthis parameter or the JSON body.","description_kind":"plain","required":true},"cert_validity_in_days":{"type":"number","description":"Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.","description_kind":"plain","optional":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The Apigee environment name","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"string","description":"Key size. Default and maximum value is 2048 bits.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"The Apigee keystore name associated in an Apigee environment","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee environment","description_kind":"plain","required":true},"sig_alg":{"type":"string","description":"Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA","description_kind":"plain","required":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"Common name of the organization. Maximum length is 64 characters.","description_kind":"plain","optional":true},"country_code":{"type":"string","description":"Two-letter country code. Example, IN for India, US for United States of America.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address. Max 255 characters.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"City or town name. Maximum length is 128 characters.","description_kind":"plain","optional":true},"org":{"type":"string","description":"Organization name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"org_unit":{"type":"string","description":"Organization team name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State or district name. Maximum length is 128 characters.","description_kind":"plain","optional":true}},"description":"Subject details.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alternative_dns_names":{"nesting_mode":"list","block":{"attributes":{"subject_alternative_name":{"type":"string","description":"Subject Alternative Name","description_kind":"plain","optional":true}},"description":"List of alternative host names. Maximum length is 255 characters for each value.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_nat_address":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The allocated NAT IP address.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource ID of the NAT address.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the NAT IP address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_organization":{"version":0,"block":{"attributes":{"analytics_region":{"type":"string","description":"Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).","description_kind":"plain","optional":true},"apigee_project_id":{"type":"string","description":"Output only. Project ID of the Apigee Tenant Project.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"Compute Engine network used for Service Networking to be peered with Apigee runtime instances.\nSee [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).\nValid only when 'RuntimeType' is set to CLOUD. The value can be updated only when there are no runtime instances. For example: \"default\".","description_kind":"plain","optional":true},"billing_type":{"type":"string","description":"Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).","description_kind":"plain","optional":true,"computed":true},"ca_certificate":{"type":"string","description":"Output only. Base64-encoded public certificate for the root CA of the Apigee organization.\nValid only when 'RuntimeType' is CLOUD. A base64-encoded string.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the Apigee organization.","description_kind":"plain","optional":true},"disable_vpc_peering":{"type":"bool","description":"Flag that specifies whether the VPC Peering through Private Google Access should be\ndisabled between the consumer network and Apigee. Required if an 'authorizedNetwork'\non the consumer project is not provided, in which case the flag should be set to 'true'.\nValid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation\nof any Apigee runtime instance and can be updated only when there are no runtime instances.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Apigee organization.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Name of the Apigee organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID associated with the Apigee organization.","description_kind":"plain","required":true},"retention":{"type":"string","description":"Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType\nis not EVALUATION). It controls how long Organization data will be retained after the initial delete\noperation completes. During this period, the Organization may be restored to its last known state.\nAfter this period, the Organization will no longer be able to be restored. Default value: \"DELETION_RETENTION_UNSPECIFIED\" Possible values: [\"DELETION_RETENTION_UNSPECIFIED\", \"MINIMUM\"]","description_kind":"plain","optional":true},"runtime_database_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.\nUpdate is not allowed after the organization is created.\nIf not specified, a Google-Managed encryption key will be used.\nValid only when 'RuntimeType' is CLOUD. For example: 'projects/foo/locations/us/keyRings/bar/cryptoKeys/baz'.","description_kind":"plain","optional":true},"runtime_type":{"type":"string","description":"Runtime type of the Apigee organization based on the Apigee subscription purchased. Default value: \"CLOUD\" Possible values: [\"CLOUD\", \"HYBRID\"]","description_kind":"plain","optional":true},"subscription_type":{"type":"string","description":"Output only. Subscription type of the Apigee organization.\nValid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"block_types":{"property":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the property.","description_kind":"plain","optional":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Properties defined in the Apigee organization profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this shared flow.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the shared flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the shared flow.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this shared flow.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow_deployment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance","description_kind":"plain","required":true},"revision":{"type":"string","description":"Revision of the Sharedflow to be deployed.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.","description_kind":"plain","optional":true},"sharedflow_id":{"type":"string","description":"Id of the Sharedflow to be deployed.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sync_authorization":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.\nUsed internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identities":{"type":["list","string"],"description":"Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'.\n\nThe 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.\n\nThe service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apikeys_key":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human-readable display name of this API key. Modifiable by user.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_string":{"type":"string","description":"Output only. An encrypted and signed value held by this key. This field can be accessed only through the `GetKeyString` method.","description_kind":"plain","computed":true,"sensitive":true},"name":{"type":"string","description":"The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. Unique id in UUID4 format.","description_kind":"plain","computed":true}},"block_types":{"restrictions":{"nesting_mode":"list","block":{"block_types":{"android_key_restrictions":{"nesting_mode":"list","block":{"block_types":{"allowed_applications":{"nesting_mode":"list","block":{"attributes":{"package_name":{"type":"string","description":"The package name of the application.","description_kind":"plain","required":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.","description_kind":"plain","required":true}},"description":"A list of Android applications that are allowed to make API calls with this key.","description_kind":"plain"},"min_items":1}},"description":"The Android apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"api_targets":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.","description_kind":"plain","required":true}},"description":"A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.","description_kind":"plain"}},"browser_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_referrers":{"type":["list","string"],"description":"A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The HTTP referrers (websites) that are allowed to use the key.","description_kind":"plain"},"max_items":1},"ios_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_bundle_ids":{"type":["list","string"],"description":"A list of bundle IDs that are allowed when making API calls with this key.","description_kind":"plain","required":true}},"description":"The iOS apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"server_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_ips":{"type":["list","string"],"description":"A list of the caller IP addresses that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The IP addresses of callers that are allowed to use the key.","description_kind":"plain"},"max_items":1}},"description":"Key restrictions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"Identifier of the app.","description_kind":"plain","computed":true},"auth_domain":{"type":"string","description":"The domain to authenticate users with when using App Engine's User API.","description_kind":"plain","optional":true,"computed":true},"code_bucket":{"type":"string","description":"The GCS bucket code is being stored in for this app.","description_kind":"plain","computed":true},"database_type":{"type":"string","description_kind":"plain","optional":true,"computed":true},"default_bucket":{"type":"string","description":"The GCS bucket content is being stored in for this app.","description_kind":"plain","computed":true},"default_hostname":{"type":"string","description":"The default hostname for this app.","description_kind":"plain","computed":true},"gcr_domain":{"type":"string","description":"The GCR domain used for storing managed Docker images for this app.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location_id":{"type":"string","description":"The location to serve the app from.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique name of the app.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID to create the application under.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"The serving status of the app.","description_kind":"plain","optional":true,"computed":true},"url_dispatch_rule":{"type":["list",["object",{"domain":"string","path":"string","service":"string"}]],"description":"A list of dispatch rule blocks. Each block has a domain, path, and service field.","description_kind":"plain","computed":true}},"block_types":{"feature_settings":{"nesting_mode":"list","block":{"attributes":{"split_health_checks":{"type":"bool","description_kind":"plain","required":true}},"description":"A block of optional settings to configure specific App Engine features:","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Adapted for use with the app","description_kind":"plain","optional":true},"oauth2_client_id":{"type":"string","description":"OAuth2 client ID to use for the authentication flow.","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"Hex-encoded SHA-256 hash of the client secret.","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application_url_dispatch_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dispatch_rules":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\".\nDefaults to matching all domains: \"*\".","description_kind":"plain","optional":true},"path":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true},"service":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true}},"description":"Rules to match an HTTP request and dispatch that request to a service.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_domain_mapping":{"version":0,"block":{"attributes":{"domain_name":{"type":"string","description":"Relative name of the domain serving the application. Example: example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.","description_kind":"plain","computed":true},"override_strategy":{"type":"string","description":"Whether the domain creation should override any existing mappings for this domain.\nBy default, overrides are rejected. Default value: \"STRICT\" Possible values: [\"STRICT\", \"OVERRIDE\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_records":{"type":["list",["object",{"name":"string","rrdata":"string","type":"string"}]],"description":"The resource records required to configure this domain mapping. These records must be added to the domain's DNS\nconfiguration in order to serve the application via this domain mapping.","description_kind":"plain","computed":true}},"block_types":{"ssl_settings":{"nesting_mode":"list","block":{"attributes":{"certificate_id":{"type":"string","description":"ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will\nremove SSL support.\nBy default, a managed certificate is automatically created for every domain mapping. To omit SSL support\nor to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be\nauthorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource.\nExample: 12345.","description_kind":"plain","optional":true,"computed":true},"pending_managed_certificate_id":{"type":"string","description":"ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new\nmanaged certificate has been successfully provisioned, the previous SSL state will be preserved. Once the\nprovisioning process completes, the 'certificateId' field will reflect the new managed certificate and this\nfield will be left empty. To remove SSL support while there is still a pending managed certificate, clear the\n'certificateId' field with an update request.","description_kind":"plain","computed":true},"ssl_management_type":{"type":"string","description":"SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned.\nIf 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: [\"AUTOMATIC\", \"MANUAL\"]","description_kind":"plain","required":true}},"description":"SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_firewall_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to take if this rule matches. Possible values: [\"UNSPECIFIED_ACTION\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional string description of this rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"A positive integer that defines the order of rule evaluation.\nRules with the lowest priority are evaluated first.\n\nA default rule at priority Int32.MaxValue matches all IPv4 and\nIPv6 traffic when no previous rule matches. Only the action of\nthis rule can be modified by the user.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_range":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_flexible_app_version":{"version":0,"block":{"attributes":{"beta_settings":{"type":["map","string"],"description":"Metadata settings that are supplied to this version to enable beta runtime features.","description_kind":"plain","optional":true},"default_expiration":{"type":"string","description":"Duration that static files should be cached by web proxies and browsers.\nOnly applicable if the corresponding StaticFilesHandler does not specify its own expiration time.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nManualScaling: B1, B2, B4, B8, B4_1G\nDefaults to F1 for AutomaticScaling and B1 for ManualScaling.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"nobuild_files_regex":{"type":"string","description":"Files that match this pattern will not be built into this version. Only applicable for Go runtimes.","description_kind":"plain","optional":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true,"computed":true},"runtime_channel":{"type":"string","description":"The channel of the runtime to use. Only available for some runtimes.","description_kind":"plain","optional":true},"runtime_main_executable_path":{"type":"string","description":"The path or name of the app's main executable.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource. Can contain numbers, letters, and hyphens.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as\ndefault if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: \"SERVING\" Possible values: [\"SERVING\", \"STOPPED\"]","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens.\nReserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"api_config":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Action to take when users access resources that require authentication. Default value: \"AUTH_FAIL_ACTION_REDIRECT\" Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Level of login required to access this resource. Default value: \"LOGIN_OPTIONAL\" Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"script":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL to serve the endpoint at.","description_kind":"plain","optional":true}},"description":"Serving configuration for Google Cloud Endpoints.","description_kind":"plain"},"max_items":1},"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The time period that the Autoscaler should wait before it starts collecting information from a new instance.\nThis prevents the autoscaler from collecting information when the instance is initializing,\nduring which the collected usage would not be reliable. Default: 120s","description_kind":"plain","optional":true},"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true,"computed":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"max_total_instances":{"type":"number","description":"Maximum number of instances that should be started to handle requests for this version. Default: 20","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"min_total_instances":{"type":"number","description":"Minimum number of running instances that should be maintained for this version. Default: 2","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"aggregation_window_length":{"type":"string","description":"Period of time over which CPU utilization is calculated.","description_kind":"plain","optional":true},"target_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1.","description_kind":"plain","required":true}},"description":"Target scaling by CPU usage.","description_kind":"plain"},"min_items":1,"max_items":1},"disk_utilization":{"nesting_mode":"list","block":{"attributes":{"target_read_bytes_per_second":{"type":"number","description":"Target bytes read per second.","description_kind":"plain","optional":true},"target_read_ops_per_second":{"type":"number","description":"Target ops read per seconds.","description_kind":"plain","optional":true},"target_write_bytes_per_second":{"type":"number","description":"Target bytes written per second.","description_kind":"plain","optional":true},"target_write_ops_per_second":{"type":"number","description":"Target ops written per second.","description_kind":"plain","optional":true}},"description":"Target scaling by disk usage.","description_kind":"plain"},"max_items":1},"network_utilization":{"nesting_mode":"list","block":{"attributes":{"target_received_bytes_per_second":{"type":"number","description":"Target bytes received per second.","description_kind":"plain","optional":true},"target_received_packets_per_second":{"type":"number","description":"Target packets received per second.","description_kind":"plain","optional":true},"target_sent_bytes_per_second":{"type":"number","description":"Target bytes sent per second.","description_kind":"plain","optional":true},"target_sent_packets_per_second":{"type":"number","description":"Target packets sent per second.","description_kind":"plain","optional":true}},"description":"Target scaling by network usage.","description_kind":"plain"},"max_items":1},"request_utilization":{"nesting_mode":"list","block":{"attributes":{"target_concurrent_requests":{"type":"number","description":"Target number of concurrent requests.","description_kind":"plain","optional":true},"target_request_count_per_second":{"type":"string","description":"Target requests per second.","description_kind":"plain","optional":true}},"description":"Target scaling by request utilization.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"cloud_build_options":{"nesting_mode":"list","block":{"attributes":{"app_yaml_path":{"type":"string","description":"Path to the yaml file used in deployment, used to determine runtime configuration details.","description_kind":"plain","required":true},"cloud_build_timeout":{"type":"string","description":"The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly.","description_kind":"plain"},"max_items":1},"container":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest.\nExamples: \"gcr.io/my-project/image:tag\" or \"gcr.io/my-project/image@digest\"","description_kind":"plain","required":true}},"description":"The Docker image for the container that runs the version.","description_kind":"plain"},"max_items":1},"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"endpoints_api_service":{"nesting_mode":"list","block":{"attributes":{"config_id":{"type":"string","description":"Endpoints service configuration ID as specified by the Service Management API. For example \"2016-09-19r1\".\n\nBy default, the rollout strategy for Endpoints is \"FIXED\". This means that Endpoints starts up with a particular configuration ID.\nWhen a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID\nand is required in this case.\n\nEndpoints also has a rollout strategy called \"MANAGED\". When using this, Endpoints fetches the latest configuration and does not need\nthe configuration ID. In this case, configId must be omitted.","description_kind":"plain","optional":true},"disable_trace_sampling":{"type":"bool","description":"Enable or disable trace sampling. By default, this is set to false for enabled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Endpoints service name which is the name of the \"service\" resource in the Service Management API.\nFor example \"myapi.endpoints.myproject.cloud.goog\"","description_kind":"plain","required":true},"rollout_strategy":{"type":"string","description":"Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: \"FIXED\" Possible values: [\"FIXED\", \"MANAGED\"]","description_kind":"plain","optional":true}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are\nuploaded as static data and are only served to end users; they cannot be read by the application. If enabled,\nuploads are charged against both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".\nDefault is '0s'","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory.\nThe path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files.\nStatic file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"liveness_check":{"nesting_mode":"list","block":{"attributes":{"check_interval":{"type":"string","description":"Interval between health checks.","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"initial_delay":{"type":"string","description":"The initial delay before starting to execute the checks. Default: \"300s\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before considering the VM healthy. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances.","description_kind":"plain"},"min_items":1,"max_items":1},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"forwarded_ports":{"type":["list","string"],"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain","optional":true},"instance_tag":{"type":"string","description":"Tag to apply to the instance during creation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path.","description_kind":"plain","required":true},"session_affinity":{"type":"bool","description":"Enable session affinity.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path.\n\nIf the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range.\nIf the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network.\nIf the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork.\nIf specified, the subnetwork must exist in the same region as the App Engine flexible environment application.","description_kind":"plain","optional":true}},"description":"Extra network settings","description_kind":"plain"},"max_items":1},"readiness_check":{"nesting_mode":"list","block":{"attributes":{"app_start_timeout":{"type":"string","description":"A maximum time limit on application initialization, measured from moment the application successfully\nreplies to a healthcheck until it is ready to serve traffic. Default: \"300s\"","description_kind":"plain","optional":true},"check_interval":{"type":"string","description":"Interval between health checks. Default: \"5s\".","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before removing traffic. Default: 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before receiving traffic. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation.","description_kind":"plain"},"min_items":1,"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"Number of CPU cores needed.","description_kind":"plain","optional":true},"disk_gb":{"type":"number","description":"Disk size (GB) needed.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) needed.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Unique name for the volume.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Volume size in gigabytes.","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"Underlying volume type, e.g. 'tmpfs'.","description_kind":"plain","required":true}},"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain"}}},"description":"Machine resources for a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_app_engine_service_network_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"network_settings":{"nesting_mode":"list","block":{"attributes":{"ingress_traffic_allowed":{"type":"string","description":"The ingress settings for version or service. Default value: \"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\" Possible values: [\"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\", \"INGRESS_TRAFFIC_ALLOWED_ALL\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB\"]","description_kind":"plain","optional":true}},"description":"Ingress settings for this service. Will apply to all versions.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_service_split_traffic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"migrate_traffic":{"type":"bool","description":"If set to true traffic will be migrated to this version.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"split":{"nesting_mode":"list","block":{"attributes":{"allocations":{"type":["map","string"],"description":"Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.","description_kind":"plain","required":true},"shard_by":{"type":"string","description":"Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: [\"UNSPECIFIED\", \"COOKIE\", \"IP\", \"RANDOM\"]","description_kind":"plain","optional":true}},"description":"Mapping that defines fractional HTTP traffic diversion to different versions within the service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_standard_app_version":{"version":0,"block":{"attributes":{"app_engine_apis":{"type":"bool","description":"Allows App Engine second generation runtimes to access the legacy bundled services.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nBasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8\nDefaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"threadsafe":{"type":"bool","description":"Whether multiple requests can be dispatched to this version at once.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"standard_scheduler_settings":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances to run for this version. Set to zero to disable minInstances configuration.","description_kind":"plain","optional":true},"target_cpu_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true},"target_throughput_utilization":{"type":"number","description":"Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true}},"description":"Scheduler settings for standard environment.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"basic_scaling":{"nesting_mode":"list","block":{"attributes":{"idle_timeout":{"type":"string","description":"Duration of time after the last request that an instance must wait before the instance is shut down.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum number of instances to create for this version. Must be in the range [1.0, 200.0].","description_kind":"plain","required":true}},"description":"Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"min_items":1,"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"min_items":1,"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as\nstatic data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged\nagainst both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"libraries":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the library. Example \"django\".","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the library to select, or \"latest\".","description_kind":"plain","optional":true}},"description":"Configuration for third-party Python runtime libraries that are required by the application.","description_kind":"plain"}},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"egress_setting":{"type":"string","description":"The egress setting for the connector, controlling what traffic is diverted through it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"docker_config":{"nesting_mode":"list","block":{"attributes":{"immutable_tags":{"type":"bool","description":"The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.","description_kind":"plain","optional":true}},"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain"},"max_items":1},"maven_config":{"nesting_mode":"list","block":{"attributes":{"allow_snapshot_overwrites":{"type":"bool","description":"The repository with this flag will allow publishing the same\nsnapshot versions.","description_kind":"plain","optional":true},"version_policy":{"type":"string","description":"Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"]","description_kind":"plain","optional":true}},"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain"},"max_items":1},"remote_repository_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the remote source.","description_kind":"plain","optional":true}},"block_types":{"docker_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Docker remote repository.","description_kind":"plain"},"max_items":1},"maven_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Maven remote repository.","description_kind":"plain"},"max_items":1},"npm_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"]","description_kind":"plain","optional":true}},"description":"Specific settings for an Npm remote repository.","description_kind":"plain"},"max_items":1},"python_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Python remote repository.","description_kind":"plain"},"max_items":1}},"description":"Configuration specific for a Remote Repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_repository_config":{"nesting_mode":"list","block":{"block_types":{"upstream_policies":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The user-provided ID of the upstream policy.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"Entries with a greater priority value take precedence in the pull order.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repository/repo1\".","description_kind":"plain","optional":true}},"description":"Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.","description_kind":"plain"}}},"description":"Configuration specific for a Virtual Repository.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_assured_workloads_workload":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"Required. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, 'billingAccounts/012345-567890-ABCDEF`.","description_kind":"plain","required":true},"compliance_regime":{"type":"string","description":"Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Immutable. The Workload creation timestamp.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels applied to the workload.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workload.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for the resource","description_kind":"plain","required":true},"provisioned_resources_parent":{"type":"string","description":"Input only. The parent resource for the resources managed by this Assured Workload. May be either an organization or a folder. Must be the same or a child of the Workload parent. If not specified all resources are created under the Workload parent. Formats: folders/{folder_id}, organizations/{organization_id}","description_kind":"plain","optional":true},"resources":{"type":["list",["object",{"resource_id":"number","resource_type":"string"}]],"description":"Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.","description_kind":"plain","computed":true}},"block_types":{"kms_settings":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.","description_kind":"plain","required":true},"rotation_period":{"type":"string","description":"Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.","description_kind":"plain","required":true}},"description":"Input only. Settings used to create a CMEK crypto key. When set a project with a KMS CMEK key is provisioned. This field is mandatory for a subset of Compliance Regimes.","description_kind":"plain"},"max_items":1},"resource_settings":{"nesting_mode":"list","block":{"attributes":{"resource_id":{"type":"string","description":"Resource identifier. For a project this represents project_number. If the project is already taken, the workload creation will fail.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER","description_kind":"plain","optional":true}},"description":"Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","optional":true}},"block_types":{"application_endpoint":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Hostname or IP address of the remote application endpoint.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port of the remote application endpoint.","description_kind":"plain","required":true}},"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain"},"min_items":1,"max_items":1},"gateway":{"nesting_mode":"list","block":{"attributes":{"app_gateway":{"type":"string","description":"AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.","description_kind":"plain","required":true},"ingress_port":{"type":"number","description":"Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of hosting used by the gateway. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1\nfor a list of possible values.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description":"Gateway used by the AppConnection.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true}},"block_types":{"principal_info":{"nesting_mode":"list","block":{"block_types":{"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Email address of the service account.","description_kind":"plain","required":true}},"description":"ServiceAccount represents a GCP service account.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":0,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","optional":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the data exchange.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the data exchange.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the data exchange.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_count":{"type":"number","description":"Number of listings contained in the data exchange.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this data exchange.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the data exchange, for example:\n\"projects/myproject/locations/US/dataExchanges/123\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the data exchange.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"Categories of the listing. Up to two categories are allowed.","description_kind":"plain","optional":true},"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (\u0026) and can't start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the listing.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the listing.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description":"The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"location":{"type":"string","description":"The name of the location this data exchange listing.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the listing. e.g. \"projects/myproject/locations/US/dataExchanges/123/listings/456\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the listing.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_access":{"type":"string","description":"Email or URL of the request access of the listing. Subscribers can use this reference to request access.","description_kind":"plain","optional":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset":{"type":"string","description":"Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123","description_kind":"plain","required":true}},"description":"Shared dataset i.e. BigQuery dataset source.","description_kind":"plain"},"min_items":1,"max_items":1},"data_provider":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the data provider.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the data provider.","description_kind":"plain","optional":true}},"description":"Details of the data provider who owns the source data.","description_kind":"plain"},"max_items":1},"publisher":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the listing publisher.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the listing publisher.","description_kind":"plain","optional":true}},"description":"Details of the publisher who owns the listing and who can share the source data.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_capacity_commitment":{"version":0,"block":{"attributes":{"capacity_commitment_id":{"type":"string","description":"The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is\nempty. This field must only contain lower case alphanumeric characters or dashes. The first and last character\ncannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split\nor merged.","description_kind":"plain","optional":true},"commitment_end_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"commitment_start_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true},"enforce_single_admin_project_per_org":{"type":"string","description":"If true, fail the request if another project in the organization has a capacity commitment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123","description_kind":"plain","computed":true},"plan":{"type":"string","description":"Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"renewal_plan":{"type":"string","description":"The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable some commitment plans.","description_kind":"plain","optional":true},"slot_count":{"type":"number","description":"Number of slots in this commitment.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the commitment","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description":"Optional connection id that should be assigned to the created connection.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A descriptive description for the connection","description_kind":"plain","optional":true},"friendly_name":{"type":"string","description":"A descriptive name for the connection","description_kind":"plain","optional":true},"has_credential":{"type":"bool","description":"True if the connection has credential assigned.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the connection in the form of:\n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"block_types":{"access_role":{"nesting_mode":"list","block":{"attributes":{"iam_role_id":{"type":"string","description":"The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.","description_kind":"plain","required":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role.","description_kind":"plain","computed":true}},"description":"Authentication using Google owned service account to assume into customer's AWS IAM Role.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to Amazon Web Services.","description_kind":"plain"},"max_items":1},"azure":{"nesting_mode":"list","block":{"attributes":{"application":{"type":"string","description":"The name of the Azure Active Directory Application.","description_kind":"plain","computed":true},"client_id":{"type":"string","description":"The client id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"customer_tenant_id":{"type":"string","description":"The id of customer's directory that host the data.","description_kind":"plain","required":true},"federated_application_client_id":{"type":"string","description":"The Azure Application (client) ID where the federated credentials will be hosted.","description_kind":"plain","optional":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"redirect_uri":{"type":"string","description":"The URL user will be redirected to after granting consent during connection setup.","description_kind":"plain","computed":true}},"description":"Container for connection properties specific to Azure.","description_kind":"plain"},"max_items":1},"cloud_resource":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"description":"Container for connection properties for delegation of access to GCP resources.","description_kind":"plain"},"max_items":1},"cloud_spanner":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Cloud Spanner database in the form 'project/instance/database'","description_kind":"plain","required":true},"use_parallelism":{"type":"bool","description":"If parallelism should be used when reading from Cloud Spanner","description_kind":"plain","optional":true},"use_serverless_analytics":{"type":"bool","description":"If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics","description_kind":"plain","optional":true}},"description":"Connection properties specific to Cloud Spanner","description_kind":"plain"},"max_items":1},"cloud_sql":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"Cloud SQL instance ID in the form project:location:instance.","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of the Cloud SQL database. Possible values: [\"DATABASE_TYPE_UNSPECIFIED\", \"POSTGRES\", \"MYSQL\"]","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password for database.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"Username for database.","description_kind":"plain","required":true}},"description":"Cloud SQL properties.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to the Cloud SQL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection_iam_binding":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_member":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_data_transfer_config":{"version":0,"block":{"attributes":{"data_refresh_window_days":{"type":"number","description":"The number of days to look back to automatically refresh the data.\nFor example, if dataRefreshWindowDays = 10, then every day BigQuery\nreingests data for [today-10, today-1], rather than ingesting data for\njust [today-1]. Only valid if the data source supports the feature.\nSet the value to 0 to use the default value.","description_kind":"plain","optional":true},"data_source_id":{"type":"string","description":"The data source id. Cannot be changed once the transfer config is created.","description_kind":"plain","required":true},"destination_dataset_id":{"type":"string","description":"The BigQuery target dataset id.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"When set to true, no runs are scheduled for a given transfer.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The user specified display name for the transfer config.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the transfer config. Transfer config names have the\nform projects/{projectId}/locations/{location}/transferConfigs/{configId}.\nWhere configId is usually a uuid, but this is not required.\nThe name is ignored when creating a transfer config.","description_kind":"plain","computed":true},"notification_pubsub_topic":{"type":"string","description":"Pub/Sub topic where notifications will be sent after transfer runs\nassociated with this transfer config finish.","description_kind":"plain","optional":true},"params":{"type":["map","string"],"description":"Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer'\nsection for each data source. For example the parameters for Cloud Storage transfers are listed here:\nhttps://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq\n\n**NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Data transfer schedule. If the data source does not support a custom\nschedule, this should be empty. If it is empty, the default value for\nthe data source will be used. The specified times are in UTC. Examples\nof valid format: 1st,3rd monday of month 15:30, every wed,fri of jan,\njun 13:15, and first sunday of quarter 00:00. See more explanation\nabout the format here:\nhttps://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format\nNOTE: the granularity should be at least 8 hours, or less frequent.","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"Service account email. If this field is set, transfer config will\nbe created with this service account credentials. It requires that\nrequesting user calling this API has permissions to act as this service account.","description_kind":"plain","optional":true}},"block_types":{"email_preferences":{"nesting_mode":"list","block":{"attributes":{"enable_failure_email":{"type":"bool","description":"If true, email notifications will be sent on transfer run failures.","description_kind":"plain","required":true}},"description":"Email notifications will be sent according to these preferences to the\nemail address of the user who owns this transfer config.","description_kind":"plain"},"max_items":1},"schedule_options":{"nesting_mode":"list","block":{"attributes":{"disable_auto_scheduling":{"type":"bool","description":"If true, automatic scheduling of data transfer runs for this\nconfiguration will be disabled. The runs can be started on ad-hoc\nbasis using transferConfigs.startManualRuns API. When automatic\nscheduling is disabled, the TransferConfig.schedule field will\nbe ignored.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Defines time to stop scheduling transfer runs. A transfer run cannot be\nscheduled at or after the end time. The end time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Specifies time to start scheduling transfer runs. The first run will be\nscheduled at or after the start time according to a recurrence pattern\ndefined in the schedule string. The start time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true}},"description":"Options customizing the data transfer schedule.","description_kind":"plain"},"max_items":1},"sensitive_params":{"nesting_mode":"list","block":{"attributes":{"secret_access_key":{"type":"string","description":"The Secret Access Key of the AWS account transferring data from.","description_kind":"plain","required":true,"sensitive":true}},"description":"Different parameters are configured primarily using the the 'params' field on this\nresource. This block contains the parameters which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key\nin the 'params' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description":"User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.","description_kind":"plain","required":true},"data_policy_type":{"type":"string","description":"The enrollment level of the service. Possible values: [\"COLUMN_LEVEL_SECURITY_POLICY\", \"DATA_MASKING_POLICY\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location of the data policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description":"Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_masking_policy":{"nesting_mode":"list","block":{"attributes":{"predefined_expression":{"type":"string","description":"The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: [\"SHA256\", \"ALWAYS_NULL\", \"DEFAULT_MASKING_VALUE\", \"LAST_FOUR_CHARACTERS\", \"FIRST_FOUR_CHARACTERS\", \"EMAIL_MASK\", \"DATE_YEAR_MASK\"]","description_kind":"plain","required":true}},"description":"The data masking policy that specifies the data masking rule to use.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_binding":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_member":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","optional":true,"computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","optional":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","optional":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","optional":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets","description_kind":"plain","optional":true,"computed":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","optional":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access":{"nesting_mode":"set","block":{"attributes":{"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain"}},"default_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.","description_kind":"plain","required":true}},"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_dataset_access":{"version":0,"block":{"attributes":{"api_updated_member":{"type":"bool","description":"If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles are\nsupported. Predefined roles that have equivalent basic roles are\nswapped by the API to their basic counterparts, and will show a diff\npost-create. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_job":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description":"The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"job_timeout_ms":{"type":"string","description":"Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.","description_kind":"plain","optional":true},"job_type":{"type":"string","description":"The type of the job.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location of the job. The default value is US.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"error_result":["list",["object",{"location":"string","message":"string","reason":"string"}]],"errors":["list",["object",{"location":"string","message":"string","reason":"string"}]],"state":"string"}]],"description":"The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.","description_kind":"plain","computed":true},"user_email":{"type":"string","description":"Email address of the user who ran the job.","description_kind":"plain","computed":true}},"block_types":{"copy":{"nesting_mode":"list","block":{"attributes":{"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table.","description_kind":"plain"},"max_items":1},"source_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Source tables to copy.","description_kind":"plain"},"min_items":1}},"description":"Copies a table.","description_kind":"plain"},"max_items":1},"extract":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.","description_kind":"plain","optional":true},"destination_format":{"type":"string","description":"The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.","description_kind":"plain","optional":true,"computed":true},"destination_uris":{"type":["list","string"],"description":"A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.","description_kind":"plain","required":true},"field_delimiter":{"type":"string","description":"When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','","description_kind":"plain","optional":true,"computed":true},"print_header":{"type":"bool","description":"Whether to print out a header row in the results. Default is true.","description_kind":"plain","optional":true},"use_avro_logical_types":{"type":"bool","description":"Whether to use logical types when extracting to AVRO format.","description_kind":"plain","optional":true}},"block_types":{"source_model":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this model.","description_kind":"plain","required":true},"model_id":{"type":"string","description":"The ID of the model.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this model.","description_kind":"plain","required":true}},"description":"A reference to the model being exported.","description_kind":"plain"},"max_items":1},"source_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"A reference to the table being exported.","description_kind":"plain"},"max_items":1}},"description":"Configures an extract job.","description_kind":"plain"},"max_items":1},"load":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.","description_kind":"plain","optional":true},"autodetect":{"type":"bool","description":"Indicates if we should automatically infer the options and schema for CSV and JSON sources.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').","description_kind":"plain","optional":true,"computed":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.","description_kind":"plain","optional":true},"null_marker":{"type":"string","description":"Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.","description_kind":"plain","optional":true},"projection_fields":{"type":["list","string"],"description":"If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.","description_kind":"plain","optional":true,"computed":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N \u003e 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.","description_kind":"plain","required":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table to load the data into.","description_kind":"plain"},"min_items":1,"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Parquet Options for load and make external tables.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.","description_kind":"plain","optional":true},"field":{"type":"string","description":"If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.","description_kind":"plain","required":true}},"description":"Time-based partitioning specification for the destination table.","description_kind":"plain"},"max_items":1}},"description":"Configures a load job.","description_kind":"plain"},"max_items":1},"query":{"nesting_mode":"list","block":{"attributes":{"allow_large_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"flatten_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.","description_kind":"plain","optional":true},"maximum_billing_tier":{"type":"number","description":"Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"maximum_bytes_billed":{"type":"string","description":"Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"parameter_mode":{"type":"string","description":"Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.","description_kind":"plain","required":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.","description_kind":"plain","optional":true},"use_query_cache":{"type":"bool","description":"Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"default_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset. Can be specified '{{dataset_id}}' if 'project_id' is also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}' if not.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.","description_kind":"plain"},"max_items":1},"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.","description_kind":"plain"},"max_items":1},"script_options":{"nesting_mode":"list","block":{"attributes":{"key_result_statement":{"type":"string","description":"Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"]","description_kind":"plain","optional":true},"statement_byte_budget":{"type":"string","description":"Limit on the number of bytes billed per statement. Exceeding this budget results in an error.","description_kind":"plain","optional":true},"statement_timeout_ms":{"type":"string","description":"Timeout period for each statement in a script.","description_kind":"plain","optional":true}},"description":"Options controlling the execution of scripts.","description_kind":"plain"},"max_items":1},"user_defined_function_resources":{"nesting_mode":"list","block":{"attributes":{"inline_code":{"type":"string","description":"An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"A code resource to load from a Google Cloud Storage URI (gs://bucket/path).","description_kind":"plain","optional":true}},"description":"Describes user-defined function resources used in the query.","description_kind":"plain"}}},"description":"Configures a query job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation":{"version":0,"block":{"attributes":{"concurrency":{"type":"number","description":"Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_idle_slots":{"type":"bool","description":"If false, any query using this reservation will use idle slots from other reservations within\nthe same admin project. If true, a query using this reservation will execute with the slot\ncapacity specified above at most.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"multi_region_auxiliary":{"type":"bool","description":"Applicable only for reservations located within one of the BigQuery multi-regions (US or EU).\nIf set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the reservation. This field must only contain alphanumeric characters or dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"slot_capacity":{"type":"number","description":"Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the\nunit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false.","description_kind":"plain","required":true}},"block_types":{"autoscale":{"nesting_mode":"list","block":{"attributes":{"current_slots":{"type":"number","description":"The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots].","description_kind":"plain","computed":true},"max_slots":{"type":"number","description":"Number of slots to be scaled when needed.","description_kind":"plain","optional":true}},"description":"The configuration parameters for the auto scaling feature.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation_assignment":{"version":0,"block":{"attributes":{"assignee":{"type":"string","description":"The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_type":{"type":"string","description":"Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The resource name of the assignment.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reservation":{"type":"string","description":"The reservation for the resource","description_kind":"plain","required":true},"state":{"type":"string","description":"Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_routine":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this routine was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The ID of the dataset containing this routine","description_kind":"plain","required":true},"definition_body":{"type":"string","description":"The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the routine if defined.","description_kind":"plain","optional":true},"determinism_level":{"type":"string","description":"The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_libraries":{"type":["list","string"],"description":"Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\"]","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this routine was modified, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"return_table_type":{"type":"string","description":"Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.","description_kind":"plain","optional":true},"return_type":{"type":"string","description":"A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~\u003e**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"routine_id":{"type":"string","description":"The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters.","description_kind":"plain","required":true},"routine_type":{"type":"string","description":"The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"]","description_kind":"plain","optional":true}},"block_types":{"arguments":{"nesting_mode":"list","block":{"attributes":{"argument_kind":{"type":"string","description":"Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"]","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~\u003e**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"mode":{"type":"string","description":"Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this argument. Can be absent for function return argument.","description_kind":"plain","optional":true}},"description":"Input/output argument of a function or a stored procedure.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_table":{"version":0,"block":{"attributes":{"clustering":{"type":["list","string"],"description":"Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.","description_kind":"plain","optional":true},"creation_time":{"type":"number","description":"The time when this table was created, in milliseconds since the epoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The dataset ID to create the table in. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The field description.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"expiration_time":{"type":"number","description":"The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.","description_kind":"plain","optional":true,"computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the table.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this table was last modified, in milliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_bytes":{"type":"number","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_long_term_bytes":{"type":"number","description":"The number of bytes in the table that are considered \"long-term storage\".","description_kind":"plain","computed":true},"num_rows":{"type":"number","description":"The number of rows of data in this table, excluding any data in the streaming buffer.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description":"A JSON schema for the table.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"table_id":{"type":"string","description":"A unique ID for the resource. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"type":{"type":"string","description":"Describes the table type.","description_kind":"plain","computed":true}},"block_types":{"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"The self link or full name of the kms key version used to encrypt this table.","description_kind":"plain","computed":true}},"description":"Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.","description_kind":"plain"},"max_items":1},"external_data_configuration":{"nesting_mode":"list","block":{"attributes":{"autodetect":{"type":"bool","description":"Let BigQuery try to autodetect the schema and format of the table.","description_kind":"plain","required":true},"compression":{"type":"string","description":"The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"{{project}}.{{location}}.{{connection_id}}\" or \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\".","description_kind":"plain","optional":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when reading data.","description_kind":"plain","optional":true},"metadata_cache_mode":{"type":"string","description":"Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.","description_kind":"plain","optional":true},"object_metadata":{"type":"string","description":"Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.","description_kind":"plain","optional":true},"reference_file_schema_uri":{"type":"string","description":"When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":" Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"A list of the fully-qualified URIs that point to your data in Google Cloud.","description_kind":"plain","required":true}},"block_types":{"avro_options":{"nesting_mode":"list","block":{"attributes":{"use_avro_logical_types":{"type":"bool","description":"If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).","description_kind":"plain","required":true}},"description":"Additional options if source_format is set to \"AVRO\"","description_kind":"plain"},"max_items":1},"csv_options":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Indicates if BigQuery should accept rows that are missing trailing optional columns.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. The API-side default is \", specified in Terraform escaped as \\\". Due to limitations with Terraform default values, this value is required to be explicitly set.","description_kind":"plain","required":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when reading the data.","description_kind":"plain","optional":true}},"description":"Additional properties to set if source_format is set to \"CSV\".","description_kind":"plain"},"max_items":1},"google_sheets_options":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20\"","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.","description_kind":"plain","optional":true}},"description":"Additional options if source_format is set to \"GOOGLE_SHEETS\".","description_kind":"plain"},"max_items":1},"hive_partitioning_options":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"When set, what mode of hive partitioning to use when reading data.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"source_uri_prefix":{"type":"string","description":"When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.","description_kind":"plain","optional":true}},"description":"When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to JSON.\"","description_kind":"plain"},"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"Indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to PARQUET.\"","description_kind":"plain"},"max_items":1}},"description":"Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.","description_kind":"plain"},"max_items":1},"materialized_view":{"nesting_mode":"list","block":{"attributes":{"enable_refresh":{"type":"bool","description":"Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.","description_kind":"plain","optional":true},"query":{"type":"string","description":"A query whose result is persisted.","description_kind":"plain","required":true},"refresh_interval_ms":{"type":"number","description":"Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a materialized view.","description_kind":"plain"},"max_items":1},"range_partitioning":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The field used to determine how to create a range-based partition.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"end":{"type":"number","description":"End of the range partitioning, exclusive.","description_kind":"plain","required":true},"interval":{"type":"number","description":"The width of each range within the partition.","description_kind":"plain","required":true},"start":{"type":"number","description":"Start of the range partitioning, inclusive.","description_kind":"plain","required":true}},"description":"Information required to partition based on ranges. Structure is documented below.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If specified, configures range-based partitioning for this table.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"number","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true,"computed":true},"field":{"type":"string","description":"The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.","description_kind":"plain","required":true}},"description":"If specified, configures time-based partitioning for this table.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"query":{"type":"string","description":"A query that BigQuery executes when the view is referenced.","description_kind":"plain","required":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a view.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_app_profile":{"version":0,"block":{"attributes":{"app_profile_id":{"type":"string","description":"The unique name of the app profile in the form '[_a-zA-Z0-9][-_.a-zA-Z0-9]*'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Long form description of the use case for this app profile.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"If true, ignore safety checks when deleting/updating the app profile.","description_kind":"plain","optional":true},"instance":{"type":"string","description":"The name of the instance to create the app profile within.","description_kind":"plain","optional":true},"multi_cluster_routing_cluster_ids":{"type":["list","string"],"description":"The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.","description_kind":"plain","optional":true},"multi_cluster_routing_use_any":{"type":"bool","description":"If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique name of the requested app profile. Values are of the form 'projects/\u003cproject\u003e/instances/\u003cinstance\u003e/appProfiles/\u003cappProfileId\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"single_cluster_routing":{"nesting_mode":"list","block":{"attributes":{"allow_transactional_writes":{"type":"bool","description":"If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.","description_kind":"plain","optional":true},"cluster_id":{"type":"string","description":"The cluster to which read/write requests should be routed.","description_kind":"plain","required":true}},"description":"Use a single-cluster routing policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_gc_policy":{"version":0,"block":{"attributes":{"column_family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"deletion_policy":{"type":"string","description":"The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"gc_rules":{"type":"string","description":"Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"block_types":{"max_age":{"nesting_mode":"list","block":{"attributes":{"days":{"type":"number","description":"Number of days before applying GC policy.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"duration":{"type":"string","description":"Duration before applying GC policy","description_kind":"plain","optional":true,"computed":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.","description_kind":"plain"},"max_items":1},"max_version":{"nesting_mode":"list","block":{"attributes":{"number":{"type":"number","description":"Number of version before applying the GC policy.","description_kind":"plain","required":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance":{"version":1,"block":{"attributes":{"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable display name of the Bigtable instance. Defaults to the instance name.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".","description_kind":"plain","deprecated":true,"optional":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name (also called Instance Id in the Cloud Console) of the Cloud Bigtable instance. Must be 6-33 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.","description_kind":"plain","optional":true,"computed":true},"storage_type":{"type":"string","description":"The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"cpu_target":{"type":"number","description":"The target CPU utilization for autoscaling. Value must be between 10 and 80.","description_kind":"plain","required":true},"max_nodes":{"type":"number","description":"The maximum number of nodes for autoscaling.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for autoscaling.","description_kind":"plain","required":true},"storage_target":{"type":"number","description":"The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.","description_kind":"plain","optional":true,"computed":true}},"description":"A list of Autoscaling configurations. Only one element is used and allowed.","description_kind":"plain"},"max_items":1}},"description":"A block of cluster configuration options. This can be specified at least once.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table":{"version":0,"block":{"attributes":{"change_stream_retention":{"type":"string","description":"Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"string","description":"A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the table. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"split_keys":{"type":["list","string"],"description":"A list of predefined keys to split the table on. !\u003e Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource.","description_kind":"plain","optional":true}},"block_types":{"column_family":{"nesting_mode":"set","block":{"attributes":{"family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true}},"description":"A group of columns within a table which share a common configuration. This can be specified multiple times.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_table_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account_iam_binding":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_member":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_budget":{"version":1,"block":{"attributes":{"billing_account":{"type":"string","description":"ID of the billing account to set a budget on.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User data for display name in UI. Must be \u003c= 60 chars.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the budget. The resource name\nimplies the scope of a budget. Values are of the form\nbillingAccounts/{billingAccountId}/budgets/{budgetId}.","description_kind":"plain","computed":true}},"block_types":{"all_updates_rule":{"nesting_mode":"list","block":{"attributes":{"disable_default_iam_recipients":{"type":"bool","description":"Boolean. When set to true, disables default notifications sent\nwhen a threshold is exceeded. Default recipients are\nthose with Billing Account Administrators and Billing\nAccount Users IAM roles for the target account.","description_kind":"plain","optional":true},"monitoring_notification_channels":{"type":["list","string"],"description":"The full resource name of a monitoring notification\nchannel in the form\nprojects/{project_id}/notificationChannels/{channel_id}.\nA maximum of 5 channels are allowed.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of the Cloud Pub/Sub topic where budget related\nmessages will be published, in the form\nprojects/{project_id}/topics/{topic_id}. Updates are sent\nat regular intervals to the topic.","description_kind":"plain","optional":true},"schema_version":{"type":"string","description":"The schema version of the notification. Only \"1.0\" is\naccepted. It represents the JSON schema as defined in\nhttps://cloud.google.com/billing/docs/how-to/budgets#notification_format.","description_kind":"plain","optional":true}},"description":"Defines notifications that are sent on every update to the\nbilling account's spend, regardless of the thresholds defined\nusing threshold rules.","description_kind":"plain"},"max_items":1},"amount":{"nesting_mode":"list","block":{"attributes":{"last_period_amount":{"type":"bool","description":"Configures a budget amount that is automatically set to 100% of\nlast period's spend.\nBoolean. Set value to true to use. Do not set to false, instead\nuse the 'specified_amount' block.","description_kind":"plain","optional":true}},"block_types":{"specified_amount":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The 3-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true,"computed":true},"nanos":{"type":"number","description":"Number of nano (10^-9) units of the amount.\nThe value must be between -999,999,999 and +999,999,999\ninclusive. If units is positive, nanos must be positive or\nzero. If units is zero, nanos can be positive, zero, or\nnegative. If units is negative, nanos must be negative or\nzero. For example $-1.75 is represented as units=-1 and\nnanos=-750,000,000.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode\nis \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"A specified amount to use as the budget. currencyCode is\noptional. If specified, it must match the currency of the\nbilling account. The currencyCode is provided on output.","description_kind":"plain"},"max_items":1}},"description":"The budgeted amount for each usage period.","description_kind":"plain"},"min_items":1,"max_items":1},"budget_filter":{"nesting_mode":"list","block":{"attributes":{"calendar_period":{"type":"string","description":"A CalendarPeriod represents the abstract concept of a recurring time period that has a\ncanonical start. Grammatically, \"the start of the current CalendarPeriod\".\nAll calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8).\n\nExactly one of 'calendar_period', 'custom_period' must be provided. Possible values: [\"MONTH\", \"QUARTER\", \"YEAR\", \"CALENDAR_PERIOD_UNSPECIFIED\"]","description_kind":"plain","optional":true},"credit_types":{"type":["list","string"],"description":"Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS,\nthis is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values.\nIf creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true},"credit_types_treatment":{"type":"string","description":"Specifies how credits should be treated when determining spend\nfor threshold calculations. Default value: \"INCLUDE_ALL_CREDITS\" Possible values: [\"INCLUDE_ALL_CREDITS\", \"EXCLUDE_ALL_CREDITS\", \"INCLUDE_SPECIFIED_CREDITS\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A single label and value pair specifying that usage from only\nthis set of labeled resources should be included in the budget.","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["set","string"],"description":"A set of projects of the form projects/{project_number},\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include\nall usage for the billing account, regardless of which project\nthe usage occurred on.","description_kind":"plain","optional":true},"services":{"type":["list","string"],"description":"A set of services of the form services/{service_id},\nspecifying that usage from only this set of services should be\nincluded in the budget. If omitted, the report will include\nusage for all the services. The service names are available\nthrough the Catalog API:\nhttps://cloud.google.com/billing/v1/how-tos/catalog-api.","description_kind":"plain","optional":true,"computed":true},"subaccounts":{"type":["list","string"],"description":"A set of subaccounts of the form billingAccounts/{account_id},\nspecifying that usage from only this set of subaccounts should\nbe included in the budget. If a subaccount is set to the name of\nthe parent account, usage from the parent account will be included.\nIf the field is omitted, the report will include usage from the parent\naccount and all subaccounts, if they exist.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"Optional. The end date of the time period. Budgets with elapsed end date won't be processed.\nIf unset, specifies to track all usage incurred since the startDate.","description_kind":"plain"},"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"A start date is required. The start date must be after January 1, 2017.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies to track usage from any start date (required) to any end date (optional).\nThis time period is static, it does not recur.\n\nExactly one of 'calendar_period', 'custom_period' must be provided.","description_kind":"plain"},"max_items":1}},"description":"Filters that define which resources are used to compute the actual\nspend against the budget.","description_kind":"plain"},"max_items":1},"threshold_rules":{"nesting_mode":"list","block":{"attributes":{"spend_basis":{"type":"string","description":"The type of basis used to determine if spend has passed\nthe threshold. Default value: \"CURRENT_SPEND\" Possible values: [\"CURRENT_SPEND\", \"FORECASTED_SPEND\"]","description_kind":"plain","optional":true},"threshold_percent":{"type":"number","description":"Send an alert when this threshold is exceeded. This is a\n1.0-based percentage, so 0.5 = 50%. Must be \u003e= 0.","description_kind":"plain","required":true}},"description":"Rules that trigger alerts (notifications of thresholds being\ncrossed) when spend exceeds the specified percentages of the\nbudget.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_subaccount":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"master_billing_account":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment. This field may be updated. The field may be\ndisplayed in chooser dialogs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"attestation_authority_note":{"nesting_mode":"list","block":{"attributes":{"delegation_service_account_email":{"type":"string","description":"This field will contain the service account email address that\nthis Attestor will use as the principal when querying Container\nAnalysis. Attestor administrators must grant this service account\nthe IAM role needed to read attestations from the noteReference in\nContainer Analysis (containeranalysis.notes.occurrences.viewer).\nThis email address is fixed for the lifetime of the Attestor, but\ncallers should not make any other assumptions about the service\naccount email; future versions may use an email based on a\ndifferent naming pattern.","description_kind":"plain","computed":true},"note_reference":{"type":"string","description":"The resource name of a ATTESTATION_AUTHORITY Note, created by the\nuser. If the Note is in a different project from the Attestor, it\nshould be specified in the format 'projects/*/notes/*' (or the legacy\n'providers/*/notes/*'). This field may not be updated.\nAn attestation by this attestor is stored as a Container Analysis\nATTESTATION_AUTHORITY Occurrence that names a container image\nand that links to this Note.","description_kind":"plain","required":true}},"block_types":{"public_keys":{"nesting_mode":"list","block":{"attributes":{"ascii_armored_pgp_public_key":{"type":"string","description":"ASCII-armored representation of a PGP public key, as the\nentire output by the command\n'gpg --export --armor foo@example.com' (either LF or CRLF\nline endings). When using this field, id should be left\nblank. The BinAuthz API handlers will calculate the ID\nand fill it in automatically. BinAuthz computes this ID\nas the OpenPGP RFC4880 V4 fingerprint, represented as\nupper-case hex. If id is provided by the caller, it will\nbe overwritten by the API-calculated ID.","description_kind":"plain","optional":true},"comment":{"type":"string","description":"A descriptive comment. This field may be updated.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The ID of this public key. Signatures verified by BinAuthz\nmust include the ID of the public key that can be used to\nverify them, and that ID must match the contents of this\nfield exactly. Additional restrictions on this field can\nbe imposed based on which public key type is encapsulated.\nSee the documentation on publicKey cases below for details.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pkix_public_key":{"nesting_mode":"list","block":{"attributes":{"public_key_pem":{"type":"string","description":"A PEM-encoded public key, as described in\n'https://tools.ietf.org/html/rfc7468#section-13'","description_kind":"plain","optional":true},"signature_algorithm":{"type":"string","description":"The signature algorithm used to verify a message against\na signature using this key. These signature algorithm must\nmatch the structure and any object identifiers encoded in\npublicKeyPem (i.e. this algorithm must match that of the\npublic key).","description_kind":"plain","optional":true}},"description":"A raw PKIX SubjectPublicKeyInfo format public key.\n\nNOTE: id may be explicitly provided by the caller when using this\ntype of public key, but it MUST be a valid RFC3986 URI. If id is left\nblank, a default one will be computed based on the digest of the DER\nencoding of the public key.","description_kind":"plain"},"max_items":1}},"description":"Public keys that verify attestations signed by this attestor. This\nfield may be updated.\nIf this field is non-empty, one of the specified public keys must\nverify that an attestation was signed by this attestor for the\nimage specified in the admission request.\nIf this field is empty, this attestor always returns that no valid\nattestations exist.","description_kind":"plain"}}},"description":"A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_binding":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_member":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_binary_authorization_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment.","description_kind":"plain","optional":true},"global_policy_evaluation_mode":{"type":"string","description":"Controls the evaluation of a Google-maintained global admission policy\nfor common system-level images. Images not covered by the global\npolicy will be subject to the project admission policy. Possible values: [\"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"admission_whitelist_patterns":{"nesting_mode":"list","block":{"attributes":{"name_pattern":{"type":"string","description":"An image name pattern to whitelist, in the form\n'registry/path/to/image'. This supports a trailing * as a\nwildcard, but this is allowed only in text after the registry/\npart.","description_kind":"plain","required":true}},"description":"A whitelist of image patterns to exclude from admission rules. If an\nimage's name matches a whitelist pattern, the image's admission\nrequests will always be permitted regardless of your admission rules.","description_kind":"plain"}},"cluster_admission_rules":{"nesting_mode":"set","block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Per-cluster admission rules. An admission rule specifies either that\nall container images used in a pod creation request must be attested\nto by one or more attestors, that all pod creations will be allowed,\nor that all pod creations will be denied. There can be at most one\nadmission rule per cluster spec.\n\n\nIdentifier format: '{{location}}.{{clusterId}}'.\nA location is either a compute zone (e.g. 'us-central1-a') or a region\n(e.g. 'us-central1').","description_kind":"plain"}},"default_admission_rule":{"nesting_mode":"list","block":{"attributes":{"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Default admission rule for a cluster without a per-cluster admission\nrule.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Certificate resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate. Certificate names must be unique\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,\nserved from non-core Google data centers.\nCurrently allowed only for managed certificates.","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"authorization_attempt_info":{"type":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"description":"Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.","description_kind":"plain","computed":true},"dns_authorizations":{"type":["list","string"],"description":"Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"domains":{"type":["list","string"],"description":"The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution","description_kind":"plain","optional":true},"issuance_config":{"type":"string","description":"The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"provisioning_issue":{"type":["list",["object",{"details":"string","reason":"string"}]],"description":"Information about issues with provisioning this Managed Certificate.","description_kind":"plain","computed":true},"state":{"type":"string","description":"A state of this Managed Certificate.","description_kind":"plain","computed":true}},"description":"Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.","description_kind":"plain"},"max_items":1},"self_managed":{"nesting_mode":"list","block":{"attributes":{"certificate_pem":{"type":"string","description":"**Deprecated** The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true},"pem_certificate":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","optional":true},"pem_private_key":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","optional":true,"sensitive":true},"private_key_pem":{"type":"string","description":"**Deprecated** The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true}},"description":"Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_issuance_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a CertificateIssuanceConfig.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description":"Key algorithm to use when generating the private key. Possible values: [\"RSA_2048\", \"ECDSA_P256\"]","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"'Set of label tags associated with the CertificateIssuanceConfig resource.\n An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"1814400s\". Valid values are from 21 days (1814400s) to 30 days (2592000s)","description_kind":"plain","required":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate issuance config.\nCertificateIssuanceConfig names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rotation_window_percentage":{"type":"number","description":"It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate.\nMust be a number between 1-99, inclusive.\nYou must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after\nthe certificate has been issued and at least 7 days before it expires.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"certificate_authority_config":{"nesting_mode":"list","block":{"block_types":{"certificate_authority_service_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue a certificate.\nThe CA pool string has a relative resource path following the form\n\"projects/{project}/locations/{location}/caPools/{caPool}\".","description_kind":"plain","required":true}},"description":"Defines a CertificateAuthorityServiceConfig.","description_kind":"plain"},"max_items":1}},"description":"The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map_entry":{"version":0,"block":{"attributes":{"certificates":{"type":["list","string"],"description":"A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"hostname":{"type":"string","description":"A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map Entry.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"map":{"type":"string","description":"A map entry that is inputted into the cetrificate map","description_kind":"plain","required":true},"matcher":{"type":"string","description":"A predefined matcher for particular cases, other than SNI selection","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map Entry. Certificate Map Entry\nnames must be unique globally and match pattern\n'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"A serving state of this Certificate Map Entry.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_dns_authorization":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"dns_resource_record":{"type":["list",["object",{"data":"string","name":"string","type":"string"}]],"description":"The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the DNS Authorization resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_folder_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder this feed should be created in.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The ID of the folder where this feed has been created. Both [FOLDER_NUMBER]\nand folders/[FOLDER_NUMBER] are accepted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_organization_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The organization this feed should be created in.","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_project_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing. If not specified, the resource's\nproject will be used.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_group_config":{"type":"string","description":"The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the Group was last updated.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the Group.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group_membership":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Membership was created.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the Group to create this membership in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the membership.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the Membership was last updated.","description_kind":"plain","computed":true}},"block_types":{"preferred_member_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the member.","description_kind":"plain"},"max_items":1},"roles":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values: [\"OWNER\", \"MANAGER\", \"MEMBER\"]","description_kind":"plain","required":true}},"description":"The MembershipRoles that apply to the Membership.\nMust not contain duplicate MembershipRoles with the same name.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_ids_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC 3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the endpoint.","description_kind":"plain","optional":true},"endpoint_forwarding_rule":{"type":"string","description":"URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"Internal IP address of the endpoint's network entry point.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like \"src-net\") or the full URL to the network (like \"projects/{project_id}/global/networks/src-net\").","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The minimum alert severity level that is reported by the endpoint. Possible values: [\"INFORMATIONAL\", \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\"]","description_kind":"plain","required":true},"threat_exceptions":{"type":["list","string"],"description":"Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Last update timestamp in RFC 3339 text format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_domain_mapping":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"mapped_route_name":"string","observed_generation":"number","resource_records":["list",["object",{"name":"string","rrdata":"string","type":"string"}]]}]],"description":"The current status of the DomainMapping.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","required":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.\n\nMore info:\nhttps://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.\n\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids","description_kind":"plain","computed":true}},"description":"Metadata associated with this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"certificate_mode":{"type":"string","description":"The mode of the certificate. Default value: \"AUTOMATIC\" Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true},"force_override":{"type":"bool","description":"If set, the mapping will override any mapping set before this spec was set.\nIt is recommended that the user leaves this empty to receive an error\nwarning about a potential conflict and only set it once the respective UI\nhas given such a warning.","description_kind":"plain","optional":true},"route_name":{"type":"string","description":"The name of the Cloud Run Service that this DomainMapping applies to.\nThe route must exist.","description_kind":"plain","required":true}},"description":"The spec for this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service":{"version":1,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Service:\n\n- 'run.googleapis.com/binary-authorization-breakglass' sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).\n- 'run.googleapis.com/binary-authorization' sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/custom-audiences' sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)\n that can be used in the audience field of ID token for authenticated requests.\n- 'run.googleapis.com/description' sets a user defined description for the Service.\n- 'run.googleapis.com/ingress' sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)\n for the Service. For example, '\"run.googleapis.com/ingress\" = \"all\"'.\n- 'run.googleapis.com/launch-stage' sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)\n when a preview feature is used. For example, '\"run.googleapis.com/launch-stage\": \"BETA\"'","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Revision template:\n\n- 'autoscaling.knative.dev/maxScale' sets the [maximum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.\n- 'autoscaling.knative.dev/minScale' sets the [minimum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/cloudsql-instances' sets the [Cloud SQL\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.\n- 'run.googleapis.com/cpu-throttling' sets whether to throttle the CPU when the container is not actively serving\n requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.\n- 'run.googleapis.com/encryption-key-shutdown-hours' sets the number of hours to wait before an automatic shutdown\n server after CMEK key revocation is detected.\n- 'run.googleapis.com/encryption-key' sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)\n reference to encrypt the container with.\n- 'run.googleapis.com/execution-environment' sets the [execution\n environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)\n where the application will run.\n- 'run.googleapis.com/post-key-revocation-action-type' sets the\n [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)\n after CMEK key revocation.\n- 'run.googleapis.com/secrets' sets a list of key-value pairs to set as\n [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).\n- 'run.googleapis.com/sessionAffinity' sets whether to enable\n [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)\n for connections to the Revision.\n- 'run.googleapis.com/startup-cpu-boost' sets whether to allocate extra CPU to containers on startup.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.\n- 'run.googleapis.com/vpc-access-connector' sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)\n for the Revision.\n- 'run.googleapis.com/vpc-access-egress' sets the outbound traffic to send through the VPC connector for this resource.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number. It will default to the resource's project.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Optional metadata for this Revision, including labels and annotations.\nName will be generated by the Configuration. To set minimum instances\nfor this revision, use the \"autoscaling.knative.dev/minScale\" annotation\nkey. To set maximum instances for this revision, use the\n\"autoscaling.knative.dev/maxScale\" annotation key. To set Cloud SQL\nconnections for the revision, use the \"run.googleapis.com/cloudsql-instances\"\nannotation key.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"container_concurrency":{"type":"number","description":"ContainerConcurrency specifies the maximum allowed in-flight (concurrent)\nrequests per container of the Revision. Values are:\n- '0' thread-safe, the system should manage the max concurrency. This is\n the default value.\n- '1' not-thread-safe. Single concurrency\n- '2-N' thread-safe, max concurrency of N","description_kind":"plain","optional":true,"computed":true},"service_account_name":{"type":"string","description":"Email address of the IAM service account associated with the revision of the\nservice. The service account represents the identity of the running revision,\nand determines what permissions the revision has. If not provided, the revision\nwill use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"serving_state":{"type":"string","description":"ServingState holds a value describing the state the resources\nare in for this Revision.\nIt is expected\nthat the system will manipulate this based on routability and load.","description_kind":"plain","deprecated":true,"computed":true},"timeout_seconds":{"type":"number","description":"TimeoutSeconds holds the max duration the instance is allowed for responding to a request.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell.\nThe docker image's ENTRYPOINT is used if this is not provided.","description_kind":"plain","optional":true},"image":{"type":"string","description":"Docker image name. This is most often a reference to a container located\nin the container registry, such as gcr.io/cloudrun/hello","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container","description_kind":"plain","optional":true,"computed":true},"working_dir":{"type":"string","description":"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.","description_kind":"plain","deprecated":true,"optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Defaults to \"\".","description_kind":"plain","optional":true}},"block_types":{"value_from":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud Secret Manager secret version. Must be 'latest' for the latest\nversion or an integer for a specific version.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form: :projects/{project-id|project-number}/secrets/.\nIf multiple alias definitions are needed, they must be separated by commas.\nThe alias definitions must be set on the run.googleapis.com/secrets annotation.","description_kind":"plain","required":true}},"description":"Selects a key (version) of a secret in Secret Manager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Source for the environment variable's value. Only supports secret_key_ref.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"env_from":{"nesting_mode":"list","block":{"attributes":{"prefix":{"type":"string","description":"An optional identifier to prepend to each key in the ConfigMap.","description_kind":"plain","optional":true}},"block_types":{"config_map_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the ConfigMap must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1},"secret_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the Secret must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"List of sources to populate environment variables in the container.\nAll invalid keys will be reported as an event when the container is starting.\nWhen a key exists in multiple sources, the value associated with the last source will\ntake precedence. Values defined by an Env with a duplicate key will take\nprecedence.","description_kind":"plain","deprecated":true}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 3600.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 3600.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than period_seconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails.","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to \"8080\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" (HTTP/1) and \"h2c\" (HTTP/2 end-to-end). Defaults to \"http1\".","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Protocol for port. Must be \"TCP\". Defaults to \"TCP\".","description_kind":"plain","optional":true}},"description":"List of open ports in the container.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Limits describes the maximum amount of compute resources allowed.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"requests":{"type":["map","string"],"description":"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is\nexplicitly specified, otherwise to an implementation-defined value.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true}},"description":"Compute Resources required by this container. Used to set values such as max memory","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 240.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 240.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than periodSeconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TcpSocket specifies an action involving a TCP port.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container.\nAll other probes are disabled if a startup probe is provided, until it\nsucceeds. Container will not be added to service endpoints if the probe fails.","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must\nnot contain ':'.","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.\nOnly supports SecretVolumeSources.","description_kind":"plain"}}},"description":"Containers defines the unit of execution for this Revision.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Mode bits to use on created files by default. Must be a value between 0000\nand 0777. Defaults to 0644. Directories within the path are not affected by\nthis setting. This might be in conflict with other options that affect the\nfile mode, like fsGroup, and the result can be other mode bits set.","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret\nis assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form:\n{alias}:projects/{project-id|project-number}/secrets/{secret-name}.\nIf multiple alias definitions are needed, they must be separated by\ncommas.\nThe alias definitions must be set on the run.googleapis.com/secrets\nannotation.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Cloud Secret Manager secret version.\nCan be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true},"mode":{"type":"number","description":"Mode bits to use on this file, must be a value between 0000 and 0777. If\nnot specified, the volume defaultMode will be used. This might be in\nconflict with other options that affect the file mode, like fsGroup, and\nthe result can be other mode bits set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the\nsecret_name.\nIf specified, the key will be used as the version to fetch from Cloud\nSecret Manager and the path will be the name of the file exposed in the\nvolume. When items are defined, they must specify a key and a path.","description_kind":"plain"}}},"description":"The secret's value will be presented as the content of a file whose\nname is defined in the item path. If no items are defined, the name of\nthe file is the secret_name.","description_kind":"plain"},"max_items":1}},"description":"Volume represents a named volume in a container.","description_kind":"plain"}}},"description":"RevisionSpec holds the desired state of the Revision (from the client).","description_kind":"plain"},"max_items":1}},"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"latest_revision":{"type":"bool","description":"LatestRevision may be optionally provided to indicate that the latest ready\nRevision of the Configuration should be used for this traffic target. When\nprovided LatestRevision must be true if RevisionName is empty; it must be\nfalse when RevisionName is non-empty.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Percent specifies percent of the traffic to this Revision or Configuration.","description_kind":"plain","required":true},"revision_name":{"type":"string","description":"RevisionName of a specific revision to which to send this portion of traffic.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Tag is optionally used to expose a dedicated url for referencing this target exclusively.","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL displays the URL for accessing tagged traffic targets. URL is displayed in status,\nand is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,\nbut may not contain anything else (e.g. basic auth, url path, etc.)","description_kind":"plain","computed":true}},"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.","description_kind":"plain","optional":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter,\nor break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or\nhttps://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 ExecutionTemplate.","description_kind":"plain","optional":true},"parallelism":{"type":"number","description":"Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.","description_kind":"plain","optional":true,"computed":true},"task_count":{"type":"number","description":"Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/","description_kind":"plain","optional":true,"computed":true}},"block_types":{"template":{"nesting_mode":"list","block":{"attributes":{"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true,"computed":true},"max_retries":{"type":"number","description":"Number of retries allowed per Task, before marking this Task failed.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"timeout":{"type":"string","description":"Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.","description_kind":"plain","optional":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\nThis field is not supported in Cloud Run Job currently.","description_kind":"plain","deprecated":true},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\nThis field is not supported in Cloud Run Job currently.","description_kind":"plain","deprecated":true},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the single container that defines the unit of execution for this task.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","required":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"Describes the task(s) that will be created when executing an execution","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The template used to create executions for this Job.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.","description_kind":"plain","optional":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.","description_kind":"plain","optional":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of requests that each serving instance can receive.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"session_affinity":{"type":"bool","description":"Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","optional":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.","description_kind":"plain","optional":true}},"description":"TCPSocket specifies an action involving a TCP port. This field is not supported in liveness probe currently.","description_kind":"plain","deprecated":true},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true,"computed":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu_idle":{"type":"bool","description":"Determines whether CPU should be throttled or not outside of requests.","description_kind":"plain","optional":true},"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"startup_cpu_boost":{"type":"bool","description":"Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.","description_kind":"plain","optional":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the containers that define the unit of execution for this Service.","description_kind":"plain"}},"scaling":{"nesting_mode":"list","block":{"attributes":{"max_instance_count":{"type":"number","description":"Maximum number of serving instances that this resource should have.","description_kind":"plain","optional":true},"min_instance_count":{"type":"number","description":"Minimum number of serving instances that this resource should have.","description_kind":"plain","optional":true}},"description":"Scaling settings for this Revision.","description_kind":"plain"},"max_items":1},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","required":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","optional":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"The template used to create revisions for this Service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"percent":{"type":"number","description":"Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"Revision to which to send this portion of traffic, if traffic allocation is by revision.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Indicates a string to be part of the URI to exclusively reference this target.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"]","description_kind":"plain","optional":true}},"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_scheduler_job":{"version":0,"block":{"attributes":{"attempt_deadline":{"type":"string","description":"The deadline for job attempts. If the request handler does not respond by this deadline then the request is\ncancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in\nexecution logs. Cloud Scheduler will retry the job according to the RetryConfig.\nThe allowed duration for this deadline is:\n* For HTTP targets, between 15 seconds and 30 minutes.\n* For App Engine HTTP targets, between 15 seconds and 24 hours.\n* **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human-readable description for the job.\nThis string must not contain more than 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the job.","description_kind":"plain","required":true},"paused":{"type":"bool","description":"Sets the job to a paused state. Jobs default to being enabled when this property is not set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the scheduler job resides. If it is not provided, Terraform will use the provider default.","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Describes the schedule on which the job will be executed.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the job.","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting schedule.\nThe value of this field must be a time zone name from the tz database.","description_kind":"plain","optional":true}},"block_types":{"app_engine_http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST or PUT.\nIt will result in invalid argument error to set a body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"HTTP request headers.\nThis map contains the header field names and values.\nHeaders can be set when the job is created.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"relative_uri":{"type":"string","description":"The relative URI.\nThe relative URL must begin with \"/\" and must be a valid HTTP relative URL.\nIt can contain a path, query string arguments, and \\# fragments.\nIf the relative URL is empty, then the root path \"/\" will be used.\nNo spaces are allowed, and the maximum length allowed is 2083 characters","description_kind":"plain","required":true}},"block_types":{"app_engine_routing":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"App instance.\nBy default, the job is sent to an instance which is available when the job is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\nBy default, the job is sent to the service which is the default service when the job is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\nBy default, the job is sent to the version which is the default version when the job is attempted.","description_kind":"plain","optional":true}},"description":"App Engine Routing setting for the job.","description_kind":"plain"},"max_items":1}},"description":"App Engine HTTP target.\nIf the job providers a App Engine HTTP target the cron will\nsend a request to the service instance","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST, PUT, or PATCH.\nIt is an error to set body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"This map contains the header field names and values.\nRepeated headers are not supported, but a header value can contain commas.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The full URI path that the request will be sent to.","description_kind":"plain","required":true}},"block_types":{"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token. If not specified,\n\"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OAuth token.\nThis type of authorization should be used when sending requests to a GCP endpoint.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified,\nthe URI specified in target will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OpenID Connect token.\nThis type of authorization should be used when sending requests to third party endpoints or Cloud Run.","description_kind":"plain"},"max_items":1}},"description":"HTTP target.\nIf the job providers a http_target the cron will\nsend a request to the targeted url","description_kind":"plain"},"max_items":1},"pubsub_target":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Attributes for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.","description_kind":"plain","optional":true},"data":{"type":"string","description":"The message payload for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.\n\n A base64-encoded string.","description_kind":"plain","optional":true},"topic_name":{"type":"string","description":"The full resource name for the Cloud Pub/Sub topic to which\nmessages will be published when a job is delivered. ~\u003e**NOTE:**\nThe topic name must be in the same format as required by PubSub's\nPublishRequest.name, e.g. 'projects/my-project/topics/my-topic'.","description_kind":"plain","required":true}},"description":"Pub/Sub target\nIf the job providers a Pub/Sub target the cron will publish\na message to the provided topic","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_backoff_duration":{"type":"string","description":"The maximum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\nA job's retry interval starts at minBackoffDuration,\nthen doubles maxDoublings times, then increases linearly,\nand finally retries retries at intervals of maxBackoffDuration up to retryCount times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"The time limit for retrying a failed job, measured from time when an execution was first attempted.\nIf specified with retryCount, the job will be retried until both limits are reached.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"min_backoff_duration":{"type":"string","description":"The minimum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"retry_count":{"type":"number","description":"The number of attempts that the system will make to run a\njob using the exponential backoff procedure described by maxDoublings.\nValues greater than 5 and negative values are not allowed.","description_kind":"plain","optional":true,"computed":true}},"description":"By default, if a job does not complete successfully,\nmeaning that an acknowledgement is not received from the handler,\nthen it will be retried with exponential backoff according to the settings","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the queue","description_kind":"plain","required":true},"name":{"type":"string","description":"The queue name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"app_engine_routing_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The host that the task is sent to.","description_kind":"plain","computed":true},"instance":{"type":"string","description":"App instance.\n\nBy default, the task is sent to an instance which is available when the task is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\n\nBy default, the task is sent to the service which is the default service when the task is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\n\nBy default, the task is sent to the version which is the default version when the task is attempted.","description_kind":"plain","optional":true}},"description":"Overrides for task-level appEngineRouting. These settings apply only\nto App Engine tasks in this queue","description_kind":"plain"},"max_items":1},"rate_limits":{"nesting_mode":"list","block":{"attributes":{"max_burst_size":{"type":"number","description":"The max burst size.\n\nMax burst size limits how fast tasks in queue are processed when many tasks are\nin the queue and the rate is high. This field allows the queue to have a high\nrate so processing starts shortly after a task is enqueued, but still limits\nresource usage when many tasks are enqueued in a short period of time.","description_kind":"plain","computed":true},"max_concurrent_dispatches":{"type":"number","description":"The maximum number of concurrent tasks that Cloud Tasks allows to\nbe dispatched for this queue. After this threshold has been\nreached, Cloud Tasks stops dispatching tasks until the number of\nconcurrent requests decreases.","description_kind":"plain","optional":true,"computed":true},"max_dispatches_per_second":{"type":"number","description":"The maximum rate at which tasks are dispatched from this queue.\n\nIf unspecified when the queue is created, Cloud Tasks will pick the default.","description_kind":"plain","optional":true,"computed":true}},"description":"Rate limits for task dispatches.\n\nThe queue's actual dispatch rate is the result of:\n\n* Number of tasks in the queue\n* User-specified throttling: rateLimits, retryConfig, and the queue's state.\n* System throttling due to 429 (Too Many Requests) or 503 (Service\n Unavailable) responses from the worker, high error rates, or to\n smooth sudden large traffic spikes.","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_attempts":{"type":"number","description":"Number of attempts per task.\n\nCloud Tasks will attempt the task maxAttempts times (that is, if\nthe first attempt fails, then there will be maxAttempts - 1\nretries). Must be \u003e= -1.\n\nIf unspecified when the queue is created, Cloud Tasks will pick\nthe default.\n\n-1 indicates unlimited attempts.","description_kind":"plain","optional":true,"computed":true},"max_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\n\nA task's retry interval starts at minBackoff, then doubles maxDoublings times,\nthen increases linearly, and finally retries retries at intervals of maxBackoff\nup to maxAttempts times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"If positive, maxRetryDuration specifies the time limit for\nretrying a failed task, measured from when the task was first\nattempted. Once maxRetryDuration time has passed and the task has\nbeen attempted maxAttempts times, no further attempts will be\nmade and the task will be deleted.\n\nIf zero, then the task age is unlimited.","description_kind":"plain","optional":true,"computed":true},"min_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings that determine the retry behavior.","description_kind":"plain"},"max_items":1},"stackdriver_logging_config":{"nesting_mode":"list","block":{"attributes":{"sampling_ratio":{"type":"number","description":"Specifies the fraction of operations to write to Stackdriver Logging.\nThis field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the\ndefault and means that no operations are logged.","description_kind":"plain","required":true}},"description":"Configuration options for writing logs to Stackdriver Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_bitbucket_server_config":{"version":0,"block":{"attributes":{"api_key":{"type":"string","description":"Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true},"config_id":{"type":"string","description":"The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name.","description_kind":"plain","required":true},"host_uri":{"type":"string","description":"Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed.\nIf you need to change it, please create another BitbucketServerConfig.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of this bitbucket server config.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the config.","description_kind":"plain","computed":true},"peered_network":{"type":"string","description":"The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection.\nThis should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty,\nno network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format\nprojects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username of the account Cloud Build will use on Bitbucket Server.","description_kind":"plain","required":true},"webhook_key":{"type":"string","description":"Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config.","description_kind":"plain","computed":true}},"block_types":{"connected_repositories":{"nesting_mode":"set","block":{"attributes":{"project_key":{"type":"string","description":"Identifier for the project storing the repository.","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Identifier for the repository.","description_kind":"plain","required":true}},"description":"Connected Bitbucket Server repositories for this config.","description_kind":"plain"}},"secrets":{"nesting_mode":"list","block":{"attributes":{"admin_access_token_version_name":{"type":"string","description":"The resource name for the admin access token's secret version.","description_kind":"plain","required":true},"read_access_token_version_name":{"type":"string","description":"The resource name for the read access token's secret version.","description_kind":"plain","required":true},"webhook_secret_version_name":{"type":"string","description":"Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true}},"description":"Secret Manager secrets needed by the config.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","optional":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","optional":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","optional":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","computed":true}},"block_types":{"approval_config":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.","description_kind":"plain","optional":true}},"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain"},"max_items":1},"bitbucket_server_trigger_config":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config_resource":{"type":"string","description":"The Bitbucket server config resource that this trigger config maps to.","description_kind":"plain","required":true},"project_key":{"type":"string","description":"Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.","description_kind":"plain","required":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Filter to match changes in pull requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the gitRef regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"Filter to match changes in refs like branches, tags.","description_kind":"plain"},"max_items":1}},"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain"},"max_items":1},"build":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.","description_kind":"plain","optional":true},"logs_bucket":{"type":"string","description":"Google Cloud Storage bucket where logs should be written.\nLogs file names will be of the format ${logsBucket}/log-${build_id}.txt.","description_kind":"plain","optional":true},"queue_ttl":{"type":"string","description":"TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a Build. These are not docker tags.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).","description_kind":"plain","optional":true}},"block_types":{"artifacts":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.","description_kind":"plain","optional":true}},"block_types":{"objects":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace.","description_kind":"plain","optional":true},"timing":{"type":["list",["object",{"end_time":"string","start_time":"string"}]],"description":"Output only. Stores timing information for pushing all artifact objects.","description_kind":"plain","computed":true}},"description":"A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"},"max_items":1}},"description":"Artifacts produced by the build that should be uploaded upon successful completion of all build steps.","description_kind":"plain"},"max_items":1},"available_secrets":{"nesting_mode":"list","block":{"block_types":{"secret_manager":{"nesting_mode":"list","block":{"attributes":{"env":{"type":"string","description":"Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.","description_kind":"plain","required":true},"version_name":{"type":"string","description":"Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*","description_kind":"plain","required":true}},"description":"Pairs a secret environment variable with a SecretVersion in Secret Manager.","description_kind":"plain"},"min_items":1}},"description":"Secrets and secret environment variables.","description_kind":"plain"},"max_items":1},"options":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.","description_kind":"plain","optional":true},"dynamic_substitutions":{"type":"bool","description":"Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"log_streaming_option":{"type":"string","description":"Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"]","description_kind":"plain","optional":true},"logging":{"type":"string","description":"Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"]","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Compute Engine machine type on which to run the build.","description_kind":"plain","optional":true},"requested_verify_option":{"type":"string","description":"Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"]","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.","description_kind":"plain","optional":true},"source_provenance_hash":{"type":["list","string"],"description":"Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"]","description_kind":"plain","optional":true},"substitution_option":{"type":"string","description":"Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"]","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.","description_kind":"plain","optional":true}},"description":"Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"Special options for this build.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Cloud KMS key name to use to decrypt these envs.","description_kind":"plain","required":true},"secret_env":{"type":["map","string"],"description":"Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.","description_kind":"plain","optional":true}},"description":"Secrets to decrypt using Cloud Key Management Service.","description_kind":"plain"}},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","required":true},"substitutions":{"type":["map","string"],"description":"Substitutions to use in a triggered build. Should only be used with triggers.run","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Location of the source in a Google Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source.","description_kind":"plain","required":true},"generation":{"type":"string","description":"Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used","description_kind":"plain","optional":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.","description_kind":"plain","required":true}},"description":"Location of the source in an archive file in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.","description_kind":"plain"},"max_items":1},"step":{"nesting_mode":"list","block":{"attributes":{"allow_exit_codes":{"type":["list","number"],"description":"Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.","description_kind":"plain","optional":true},"allow_failure":{"type":"bool","description":"Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.","description_kind":"plain","optional":true},"entrypoint":{"type":"string","description":"Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"id":{"type":"string","description":"Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.","description_kind":"plain","required":true},"script":{"type":"string","description":"A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.","description_kind":"plain","optional":true},"timing":{"type":"string","description":"Output only. Stores timing information for executing this\nbuild step.","description_kind":"plain","optional":true},"wait_for":{"type":["list","string"],"description":"The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.","description_kind":"plain","required":true}},"description":"List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"The operations to be performed on the workspace.","description_kind":"plain"},"min_items":1}},"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain"},"max_items":1},"git_file_source":{"nesting_mode":"list","block":{"attributes":{"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the file, with the repo root as the root of the path.","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true},"revision":{"type":"string","description":"The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true}},"description":"The file source describing the local or remote Build template.","description_kind":"plain"},"max_items":1},"github":{"nesting_mode":"list","block":{"attributes":{"enterprise_config_resource_name":{"type":"string","description":"The resource name of the github enterprise config that should be applied to this installation.\nFor example: \"projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}\"","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".","description_kind":"plain","optional":true},"owner":{"type":"string","description":"Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1}},"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain"},"max_items":1},"pubsub_config":{"nesting_mode":"list","block":{"attributes":{"service_account_email":{"type":"string","description":"Service account that will make the push request.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true},"subscription":{"type":"string","description":"Output only. Name of the subscription.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The name of the topic from which this subscription is receiving messages.","description_kind":"plain","required":true}},"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"repository_event_config":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The resource name of the Repo API resource.","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching Pull Requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching git pushes.","description_kind":"plain"},"max_items":1}},"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain"},"max_items":1},"source_to_build":{"nesting_mode":"list","block":{"attributes":{"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"The branch or tag to use. Must start with \"refs/\" (required).","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo.","description_kind":"plain","optional":true}},"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_template":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If\nomitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true,"computed":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository. If omitted, the name \"default\" is assumed.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true}},"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"webhook_config":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"Resource name for the secret required as a URL parameter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true}},"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuild_worker_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User specified annotations. See https://google.aip.dev/128#annotations for more details such as format and size limitations.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the request to create the `WorkerPool` was received.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Time at which the request to delete the `WorkerPool` was received.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-specified, human-readable name for the `WorkerPool`. If provided, this value must be 1-63 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"User-defined name of the `WorkerPool`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. `WorkerPool` state. Possible values: STATE_UNSPECIFIED, PENDING, APPROVED, REJECTED, CANCELLED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A unique identifier for the `WorkerPool`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the request to update the `WorkerPool` was received.","description_kind":"plain","computed":true}},"block_types":{"network_config":{"nesting_mode":"list","block":{"attributes":{"peered_network":{"type":"string","description":"Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)","description_kind":"plain","required":true},"peered_network_ip_range":{"type":"string","description":"Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.","description_kind":"plain","optional":true}},"description":"Network configuration for the `WorkerPool`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Size of the disk attached to the worker, in GB. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If `0` is specified, Cloud Build will use a standard disk size.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of a worker, such as `n1-standard-1`. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use `n1-standard-1`.","description_kind":"plain","optional":true},"no_external_ip":{"type":"bool","description":"If true, workers are created without any public address, which prevents network egress to public IPs.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration to be used for a creating workers in the `WorkerPool`.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Output only. Installation state of the Connection.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the connection, in the format `projects/{project}/locations/{location}/connections/{connection_id}`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the background.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"number","description":"GitHub App installation id.","description_kind":"plain","optional":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"number","description":"Id of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"number","description":"ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"The URL-friendly name of the GitHub App.","description_kind":"plain","optional":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"private_key_secret_version":{"type":"string","description":"SecretManager resource containing the private key of the GitHub App, formatted as `projects/*/secrets/*/versions/*`.","description_kind":"plain","optional":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"SecretManager resource containing the webhook secret of the GitHub App, formatted as `projects/*/secrets/*/versions/*`.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.","description_kind":"plain","optional":true,"computed":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the `host_uri`.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitLab Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as `projects/*/secrets/*/versions/*`.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the `api` scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the minimum `read_api` scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to gitlab.com or an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_repository":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the repository.","description_kind":"plain","required":true},"parent_connection":{"type":"string","description":"The connection for the resource","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"remote_uri":{"type":"string","description":"Required. Git Clone HTTPS URI.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.","description_kind":"plain","optional":true},"condition":{"type":["list",["object",{"pipeline_ready_condition":["list",["object",{"status":"bool","update_time":"string"}]],"targets_present_condition":["list",["object",{"missing_targets":["list","string"],"status":"bool","update_time":"string"}]],"targets_type_condition":["list",["object",{"error_details":"string","status":"bool"}]]}]],"description":"Output only. Information around the state of the Delivery Pipeline.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Time at which the pipeline was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the `DeliveryPipeline`. Max length is 255 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `DeliveryPipeline`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"suspended":{"type":"bool","description":"When suspended, no new releases or rollouts can be created, but in-progress ones will complete.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `DeliveryPipeline`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the pipeline was updated.","description_kind":"plain","computed":true}},"block_types":{"serial_pipeline":{"nesting_mode":"list","block":{"block_types":{"stages":{"nesting_mode":"list","block":{"attributes":{"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this stage's `Target`.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"The target_id to which this stage points. This field refers exclusively to the last segment of a target name. For example, this field would just be `my-target` (rather than `projects/project/locations/location/targets/my-target`). The location of the `Target` is inferred to be the same as the location of the `DeliveryPipeline` that contains this `Stage`.","description_kind":"plain","optional":true}},"block_types":{"deploy_parameters":{"nesting_mode":"list","block":{"attributes":{"match_target_labels":{"type":["map","string"],"description":"Optional. Deploy parameters are applied to targets with match labels. If unspecified, deploy parameters are applied to all targets (including child targets of a multi-target).","description_kind":"plain","optional":true},"values":{"type":["map","string"],"description":"Required. Values are deploy parameters in key-value pairs.","description_kind":"plain","required":true}},"description":"Optional. The deploy parameters to use for the target in this stage.","description_kind":"plain"}},"strategy":{"nesting_mode":"list","block":{"block_types":{"canary":{"nesting_mode":"list","block":{"block_types":{"canary_deployment":{"nesting_mode":"list","block":{"attributes":{"percentages":{"type":["list","number"],"description":"Required. The percentage based deployments that will occur as a part of a `Rollout`. List is expected in ascending order and each integer n is 0 \u003c= n \u003c 100.","description_kind":"plain","required":true},"verify":{"type":"bool","description":"Whether to run verify tests after each percentage deployment.","description_kind":"plain","optional":true}},"description":"Configures the progressive based deployment for a Target.","description_kind":"plain"},"max_items":1},"custom_canary_deployment":{"nesting_mode":"list","block":{"block_types":{"phase_configs":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"Required. Percentage deployment for the phase.","description_kind":"plain","required":true},"phase_id":{"type":"string","description":"Required. The ID to assign to the `Rollout` phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain","required":true},"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this phase. These are in addition to the profiles list specified in the `DeliveryPipeline` stage.","description_kind":"plain","optional":true},"verify":{"type":"bool","description":"Whether to run verify tests after the deployment.","description_kind":"plain","optional":true}},"description":"Required. Configuration for each phase in the canary deployment in the order executed.","description_kind":"plain"},"min_items":1}},"description":"Configures the progressive based deployment for a Target, but allows customizing at the phase level where a phase represents each of the percentage deployments.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"block_types":{"cloud_run":{"nesting_mode":"list","block":{"attributes":{"automatic_traffic_control":{"type":"bool","description":"Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments.","description_kind":"plain","optional":true}},"description":"Cloud Run runtime configuration.","description_kind":"plain"},"max_items":1},"kubernetes":{"nesting_mode":"list","block":{"block_types":{"gateway_service_mesh":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified HTTPRoute and Service.","description_kind":"plain","required":true},"http_route":{"type":"string","description":"Required. Name of the Gateway API HTTPRoute.","description_kind":"plain","required":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Gateway API service mesh configuration.","description_kind":"plain"},"max_items":1},"service_networking":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified Service.","description_kind":"plain","required":true},"disable_pod_overprovisioning":{"type":"bool","description":"Optional. Whether to disable Pod overprovisioning. If Pod overprovisioning is disabled then Cloud Deploy will limit the number of total Pods used for the deployment strategy to the number of Pods the Deployment has on the cluster.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Service networking configuration.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes runtime configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Runtime specific configurations for the deployment strategy. The runtime configuration is used to determine how Cloud Deploy will split traffic to enable a progressive deployment.","description_kind":"plain"},"max_items":1}},"description":"Canary deployment strategy provides progressive percentage based deployments to a Target.","description_kind":"plain"},"max_items":1},"standard":{"nesting_mode":"list","block":{"attributes":{"verify":{"type":"bool","description":"Whether to verify a deployment.","description_kind":"plain","optional":true}},"description":"Standard deployment strategy executes a single deploy and allows verifying the deployment.","description_kind":"plain"},"max_items":1}},"description":"Optional. The strategy to use for a `Rollout` to this stage.","description_kind":"plain"},"max_items":1}},"description":"Each stage specifies configuration for a `Target`. The ordering of this list defines the promotion flow.","description_kind":"plain"}}},"description":"SerialPipeline defines a sequential set of stages for a `DeliveryPipeline`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_target":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the `Target` was created.","description_kind":"plain","computed":true},"deploy_parameters":{"type":["map","string"],"description":"Optional. The deploy parameters to use for this target.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Optional. Description of the `Target`. Max length is 255 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `Target`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"require_approval":{"type":"bool","description":"Optional. Whether or not the `Target` requires approval.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"Output only. Resource id of the `Target`.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `Target`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the `Target` was updated.","description_kind":"plain","computed":true}},"block_types":{"anthos_cluster":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Information specifying an Anthos Cluster.","description_kind":"plain"},"max_items":1},"execution_configs":{"nesting_mode":"list","block":{"attributes":{"artifact_storage":{"type":"string","description":"Optional. Cloud Storage location in which to store execution outputs. This can either be a bucket (\"gs://my-bucket\") or a path within a bucket (\"gs://my-bucket/my-dir\"). If unspecified, a default bucket located in the same region will be used.","description_kind":"plain","optional":true,"computed":true},"execution_timeout":{"type":"string","description":"Optional. Execution timeout for a Cloud Build Execution. This must be between 10m and 24h in seconds format. If unspecified, a default timeout of 1h is used.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. Google service account to use for execution. If unspecified, the project execution service account (-compute@developer.gserviceaccount.com) is used.","description_kind":"plain","optional":true,"computed":true},"usages":{"type":["list","string"],"description":"Required. Usages when this configuration should be applied.","description_kind":"plain","required":true},"worker_pool":{"type":"string","description":"Optional. The resource name of the `WorkerPool`, with the format `projects/{project}/locations/{location}/workerPools/{worker_pool}`. If this optional field is unspecified, the default Cloud Build pool will be used.","description_kind":"plain","optional":true}},"description":"Configurations for all execution that relates to this `Target`. Each `ExecutionEnvironmentUsage` value may only be used in a single configuration; using the same value multiple times is an error. When one or more configurations are specified, they must include the `RENDER` and `DEPLOY` `ExecutionEnvironmentUsage` values. When no configurations are specified, execution will use the default specified in `DefaultPool`.","description_kind":"plain"}},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true}},"description":"Information specifying a GKE Cluster.","description_kind":"plain"},"max_items":1},"run":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Required. The location where the Cloud Run Service should be located. Format is `projects/{project}/locations/{location}`.","description_kind":"plain","required":true}},"description":"Information specifying a Cloud Run deployment target.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"block_types":{"build_config":{"nesting_mode":"list","block":{"attributes":{"build":{"type":"string","description":"The Cloud Build name of the latest successful\ndeployment of the function.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key.","description_kind":"plain","optional":true},"entry_point":{"type":"string","description":"The name of the function (as defined in source code) that will be executed.\nDefaults to the resource name suffix, if not specified. For backward\ncompatibility, if function with given name is not found, then the system\nwill try to use function named \"function\". For Node.js this is name of a\nfunction exported by the module specified in source_location.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"User-provided build-time environment variables for the function.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function.","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does\nNOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If omitted, the\nproject ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in a Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source","description_kind":"plain","optional":true},"generation":{"type":"number","description":"Google Cloud Storage generation for the object. If the generation\nis omitted, the latest generation will be used.","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the function source code.","description_kind":"plain"},"max_items":1}},"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain"},"max_items":1},"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"Required. The type of event to observe.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of a Pub/Sub topic in the same project that will be used\nas the transport topic for the event delivery.","description_kind":"plain","optional":true,"computed":true},"retry_policy":{"type":"string","description":"Describes the retry policy in case of function's execution failure.\nRetried execution is charged as any other execution. Possible values: [\"RETRY_POLICY_UNSPECIFIED\", \"RETRY_POLICY_DO_NOT_RETRY\", \"RETRY_POLICY_RETRY\"]","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"trigger":{"type":"string","description":"Output only. The resource name of the Eventarc trigger.","description_kind":"plain","computed":true},"trigger_region":{"type":"string","description":"The region that the trigger will be in. The trigger will only receive\nevents originating in this region. It can be the same\nregion as the function, a different region or multi-region, or the global\nregion. If not provided, defaults to the same region as the function.","description_kind":"plain","optional":true}},"block_types":{"event_filters":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"'Required. The name of a CloudEvents attribute.\nCurrently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes.\nDo not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of\nthe filter. If not specified, only events that have an exact key-value\npair specified in the filter are matched.\nThe only allowed value is 'match-path-pattern'.\n[See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute.\nIf the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value.","description_kind":"plain","required":true}},"description":"Criteria used to filter events.","description_kind":"plain"}}},"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain"},"max_items":1},"service_config":{"nesting_mode":"list","block":{"attributes":{"all_traffic_on_latest_revision":{"type":"bool","description":"Whether 100% of traffic is routed to the latest revision. Defaults to true.","description_kind":"plain","optional":true},"available_cpu":{"type":"string","description":"The number of CPUs used in a single container instance. Default value is calculated from available memory.","description_kind":"plain","optional":true,"computed":true},"available_memory":{"type":"string","description":"The amount of memory available for a function.\nDefaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is\nsupplied the value is interpreted as bytes.","description_kind":"plain","optional":true,"computed":true},"environment_variables":{"type":["map","string"],"description":"Environment variables that shall be available during function execution.","description_kind":"plain","optional":true},"gcf_uri":{"type":"string","description":"URIs of the Service deployed","description_kind":"plain","computed":true},"ingress_settings":{"type":"string","description":"Available ingress settings. Defaults to \"ALLOW_ALL\" if unspecified. Default value: \"ALLOW_ALL\" Possible values: [\"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", \"ALLOW_INTERNAL_AND_GCLB\"]","description_kind":"plain","optional":true},"max_instance_count":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true,"computed":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.","description_kind":"plain","optional":true,"computed":true},"min_instance_count":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Name of the service associated with a Function.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"timeout_seconds":{"type":"number","description":"The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the Service deployed.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The Serverless VPC Access connector that this cloud function can connect to.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"Available egress settings. Possible values: [\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\", \"PRIVATE_RANGES_ONLY\", \"ALL_TRAFFIC\"]","description_kind":"plain","optional":true}},"block_types":{"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration.","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}}},"description":"Describes the Service being deployed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","optional":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","optional":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","optional":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.","description_kind":"plain","optional":true,"computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","optional":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","optional":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs8\", \"nodejs10\", \"python37\", \"go111\".","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","optional":true,"computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","optional":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","optional":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","optional":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","optional":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"The type of event to observe. For example: \"google.storage.object.finalize\". See the documentation on calling Cloud Functions for a full reference of accepted triggers.","description_kind":"plain","required":true},"resource":{"type":"string","description":"The name or partial URI of the resource from which to observe events. For example, \"myBucket\" or \"projects/my-project/topics/my-topic\"","description_kind":"plain","required":true}},"block_types":{"failure_policy":{"nesting_mode":"list","block":{"attributes":{"retry":{"type":"bool","description":"Whether the function should be retried on failure. Defaults to false.","description_kind":"plain","required":true}},"description":"Specifies policy for failed executions","description_kind":"plain"},"max_items":1}},"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain"},"max_items":1},"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mount_path as \"/etc/secrets\" would mount the secret value files under the \"/etc/secrets\" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: \"/etc/secrets\" Restricted mount paths: \"/cloudsql\", \"/dev/log\", \"/pod\", \"/proc\", \"/var/log\".","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as \"/etc/secrets\" and path as \"/secret_foo\" would mount the secret value file at \"/etc/secrets/secret_foo\".","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is preferable to use \"latest\" version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the \"latest\" version of the secret will be made available in a file named after the secret under the mount point.","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}},"source_repository":{"nesting_mode":"list","block":{"attributes":{"deployed_url":{"type":"string","description":"The URL pointing to the hosted repository where the function was defined at the time of deployment.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The URL pointing to the hosted repository where the function is defined.","description_kind":"plain","required":true}},"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudiot_device":{"version":0,"block":{"attributes":{"blocked":{"type":"bool","description":"If a device is blocked, connections or requests from this device will fail.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"binary_data":"string","cloud_update_time":"string","device_ack_time":"string","version":"string"}]],"description":"The most recent device configuration, which is eventually sent from Cloud IoT Core to the device.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_config_ack_time":{"type":"string","description":"The last time a cloud-to-device config version acknowledgment was received from the device.","description_kind":"plain","computed":true},"last_config_send_time":{"type":"string","description":"The last time a cloud-to-device config version was sent to the device.","description_kind":"plain","computed":true},"last_error_status":{"type":["list",["object",{"details":["list",["map","string"]],"message":"string","number":"number"}]],"description":"The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub.","description_kind":"plain","computed":true},"last_error_time":{"type":"string","description":"The time the most recent error occurred, such as a failure to publish to Cloud Pub/Sub.","description_kind":"plain","computed":true},"last_event_time":{"type":"string","description":"The last time a telemetry event was received.","description_kind":"plain","computed":true},"last_heartbeat_time":{"type":"string","description":"The last time an MQTT PINGREQ was received.","description_kind":"plain","computed":true},"last_state_time":{"type":"string","description":"The last time a state event was received.","description_kind":"plain","computed":true},"log_level":{"type":"string","description":"The logging verbosity for device activity. Possible values: [\"NONE\", \"ERROR\", \"INFO\", \"DEBUG\"]","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs assigned to the device.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource.","description_kind":"plain","required":true},"num_id":{"type":"string","description":"A server-defined unique numeric ID for the device.\nThis is a more compact way to identify devices, and it is globally unique.","description_kind":"plain","computed":true},"registry":{"type":"string","description":"The name of the device registry where this device should be created.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"binary_data":"string","update_time":"string"}]],"description":"The state most recently received from the device.","description_kind":"plain","computed":true}},"block_types":{"credentials":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The time at which this credential becomes invalid.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the key. Possible values: [\"RSA_PEM\", \"RSA_X509_PEM\", \"ES256_PEM\", \"ES256_X509_PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"The key data.","description_kind":"plain","required":true}},"description":"A public key used to verify the signature of JSON Web Tokens (JWTs).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The credentials used to authenticate this device.","description_kind":"plain"},"max_items":3},"gateway_config":{"nesting_mode":"list","block":{"attributes":{"gateway_auth_method":{"type":"string","description":"Indicates whether the device is a gateway. Possible values: [\"ASSOCIATION_ONLY\", \"DEVICE_AUTH_TOKEN_ONLY\", \"ASSOCIATION_AND_DEVICE_AUTH_TOKEN\"]","description_kind":"plain","optional":true},"gateway_type":{"type":"string","description":"Indicates whether the device is a gateway. Default value: \"NON_GATEWAY\" Possible values: [\"GATEWAY\", \"NON_GATEWAY\"]","description_kind":"plain","optional":true},"last_accessed_gateway_id":{"type":"string","description":"The ID of the gateway the device accessed most recently.","description_kind":"plain","computed":true},"last_accessed_gateway_time":{"type":"string","description":"The most recent time at which the device accessed the gateway specified in last_accessed_gateway.","description_kind":"plain","computed":true}},"description":"Gateway-related configuration and state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudiot_registry":{"version":0,"block":{"attributes":{"http_config":{"type":["map","string"],"description":"Activate or deactivate HTTP.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"The default logging verbosity for activity from devices in this\nregistry. Specifies which events should be written to logs. For\nexample, if the LogLevel is ERROR, only events that terminate in\nerrors will be logged. LogLevel is inclusive; enabling INFO logging\nwill also enable ERROR logging. Default value: \"NONE\" Possible values: [\"NONE\", \"ERROR\", \"INFO\", \"DEBUG\"]","description_kind":"plain","optional":true},"mqtt_config":{"type":["map","string"],"description":"Activate or deactivate MQTT.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by device registry.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created registry should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"state_notification_config":{"type":["map","string"],"description":"A PubSub topic to publish device state updates.","description_kind":"plain","optional":true}},"block_types":{"credentials":{"nesting_mode":"list","block":{"attributes":{"public_key_certificate":{"type":["map","string"],"description":"A public key certificate format and data.","description_kind":"plain","required":true}},"description":"List of public key certificates to authenticate devices.","description_kind":"plain"},"max_items":10},"event_notification_configs":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic_name":{"type":"string","description":"PubSub topic name to publish device events.","description_kind":"plain","required":true},"subfolder_matches":{"type":"string","description":"If the subfolder name matches this string exactly, this\nconfiguration will be used. The string must not include the\nleading '/' character. If empty, all strings are matched. Empty\nvalue can only be used for the last 'event_notification_configs'\nitem.","description_kind":"plain","optional":true}},"description":"List of configurations for event notifications, such as PubSub topics\nto publish device events to.","description_kind":"plain"},"max_items":10},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudiot_registry_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudiot_registry_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudiot_registry_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"airflow_uri":{"type":"string","description":"The URI of the Apache Airflow Web UI hosted within this environment.","description_kind":"plain","computed":true},"dag_gcs_prefix":{"type":"string","description":"The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using '/'-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix.","description_kind":"plain","computed":true},"environment_size":{"type":"string","description":"The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"gke_cluster":{"type":"string","description":"The Kubernetes Engine cluster used to run this environment.","description_kind":"plain","computed":true},"node_count":{"type":"number","description":"The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"resilience_mode":{"type":"string","description":"Whether high resilience is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.1.15-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.","description_kind":"plain","required":true}},"description":"The configuration of Cloud SQL instance that is used by the Apache Airflow software. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated.","description_kind":"plain","required":true}},"description":"The encryption options for the Composer environment and its dependencies.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to 'start_time'.","description_kind":"plain","required":true},"recurrence":{"type":"string","description":"Maintenance window recurrence. Format is a subset of RFC-5545 (https://tools.ietf.org/html/rfc5545) 'RRULE'. The only allowed values for 'FREQ' field are 'FREQ=DAILY' and 'FREQ=WEEKLY;BYDAY=...'. Example values: 'FREQ=WEEKLY;BYDAY=TU,WE', 'FREQ=DAILY'.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Start time of the first recurrence of the maintenance window.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Composer maintenance window.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not master authorized networks is enabled.","description_kind":"plain","required":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"cidr_block must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"display_name is a field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.","description_kind":"plain"}}},"description":"Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The disk size in GB used for node VMs. Minimum size is 20GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"enable_ip_masq_agent":{"type":"bool","description":"Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent","description_kind":"plain","optional":true,"computed":true},"ip_allocation_policy":{"type":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"description":"Configuration for controlling how IPs are allocated in the GKE cluster. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. The network must belong to the environment's project. If unspecified, the \"default\" network ID in the environment's project is used. If a Custom Subnet Network is provided, subnetwork must also be provided.","description_kind":"plain","optional":true,"computed":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all node VMs. Cannot be updated. If empty, defaults to [\"https://www.googleapis.com/auth/cloud-platform\"]. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the \"default\" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The Compute Engine subnetwork to be used for machine communications, , specified as a self-link, relative resource name (e.g. \"projects/{project}/regions/{region}/subnetworks/{subnetwork}\"), or by name. If subnetwork is provided, network must also be provided and the subnetwork must belong to the enclosing environment's project and region.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with RFC1035. Cannot be updated.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine zone in which to deploy the VMs running the Apache Airflow software, specified as the zone name or relative resource name (e.g. \"projects/{project}/zones/{zone}\"). Must belong to the enclosing environment's project and region. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Kubernetes Engine cluster.","description_kind":"plain"},"max_items":1},"private_environment_config":{"nesting_mode":"list","block":{"attributes":{"cloud_composer_connection_subnetwork":{"type":"string","description":"When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_composer_network_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_sql_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"enable_private_endpoint":{"type":"bool","description":"If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true},"enable_privately_used_public_ips":{"type":"bool","description":"When enabled, IPs from public (non-RFC1918) ranges can be used for ip_allocation_policy.cluster_ipv4_cidr_block and ip_allocation_policy.service_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.","description_kind":"plain","optional":true,"computed":true},"web_server_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Private IP Cloud Composer environment.","description_kind":"plain"},"max_items":1},"recovery_config":{"nesting_mode":"list","block":{"block_types":{"scheduled_snapshots_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket.","description_kind":"plain","required":true},"snapshot_creation_schedule":{"type":"string","description":"Snapshot schedule, in the unix-cron format.","description_kind":"plain","optional":true},"snapshot_location":{"type":"string","description":"the URI of a bucket folder where to save the snapshot.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"A time zone for the schedule. This value is a time offset and does not take into account daylight saving time changes. Valid values are from UTC-12 to UTC+12. Examples: UTC, UTC-01, UTC+03.","description_kind":"plain","optional":true}},"description":"The configuration settings for scheduled snapshots.","description_kind":"plain"},"max_items":1}},"description":"The recovery configuration settings for the Cloud Composer environment","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"airflow_config_overrides":{"type":["map","string"],"description":"Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\". Section names must not contain hyphens (\"-\"), opening square brackets (\"[\"), or closing square brackets (\"]\"). The property name must not be empty and cannot contain \"=\" or \";\". Section and property names cannot contain characters: \".\" Apache Airflow configuration property names must be written in snake_case. Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are blacklisted, and cannot be overridden.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: AIRFLOW_HOME C_FORCE_ROOT CONTAINER_NAME DAGS_FOLDER GCP_PROJECT GCS_BUCKET GKE_CLUSTER_NAME SQL_DATABASE SQL_INSTANCE SQL_PASSWORD SQL_PROJECT SQL_REGION SQL_USER.","description_kind":"plain","optional":true},"image_version":{"type":"string","description":"The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression composer-([0-9]+(\\.[0-9]+\\.[0-9]+(-preview\\.[0-9]+)?)?|latest)-airflow-([0-9]+(\\.[0-9]+(\\.[0-9]+)?)?). The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major version number or 'latest'. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. See documentation for more details and version list.","description_kind":"plain","optional":true,"computed":true},"pypi_packages":{"type":["map","string"],"description":"Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\"). Values are the lowercase extras and version specifier (e.g. \"==1.12.0\", \"[devel,gcp_api]\", \"[devel]\u003e=1.8.2, \u003c1.9.2\"). To specify a package without pinning it to a version specifier, use the empty string as the value.","description_kind":"plain","optional":true},"python_version":{"type":"string","description":"The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '2'. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3.","description_kind":"plain","optional":true,"computed":true},"scheduler_count":{"type":"number","description":"The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration settings for software inside the environment.","description_kind":"plain"},"max_items":1},"web_server_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values.","description_kind":"plain","required":true}},"description":"The configuration settings for the Airflow web server App Engine instance. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"web_server_network_access_control":{"nesting_mode":"list","block":{"block_types":{"allowed_ip_range":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of this ip range.","description_kind":"plain","optional":true},"value":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: 192.168.1.1 or 192.168.0.0/16 or 2001:db8::/32 or 2001:0db8:0000:0042:0000:8a2e:0370:7334. IP range prefixes should be properly truncated. For example, 1.2.3.4/24 should be truncated to 1.2.3.0/24. Similarly, for IPv6, 2001:db8::1/32 should be truncated to 2001:db8::/32.","description_kind":"plain","required":true}},"description":"A collection of allowed IP ranges with descriptions.","description_kind":"plain"}}},"description":"The network-level access control policy for the Airflow web server. If unspecified, no network-level access restrictions will be applied. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"workloads_config":{"nesting_mode":"list","block":{"block_types":{"scheduler":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of schedulers.","description_kind":"plain","optional":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow scheduler replica","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true}},"description":"Configuration for resources used by Airflow schedulers.","description_kind":"plain"},"max_items":1},"web_server":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for Airflow web server.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true}},"description":"Configuration for resources used by Airflow web server.","description_kind":"plain"},"max_items":1},"worker":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true},"max_count":{"type":"number","description":"Maximum number of workers for autoscaling.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true},"min_count":{"type":"number","description":"Minimum number of workers for autoscaling.","description_kind":"plain","optional":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true}},"description":"Configuration for resources used by Airflow workers.","description_kind":"plain"},"max_items":1}},"description":"The workloads configuration settings for the GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain"},"max_items":1}},"description":"Configuration parameters for this environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"ipv6_endpoint_type":{"type":"string","description":"The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the address. This field\ncan only be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.","description_kind":"plain","optional":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"prefix_length":{"type":"number","description":"The prefix length if the resource represents an IP range.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The URL of the subnetwork in which to reserve the address. If an IP\naddress is specified, it must be within the subnetwork's IP range.\nThis field can only be used with INTERNAL type with\nGCE_ENDPOINT/DNS_RESOLVER purposes.","description_kind":"plain","optional":true,"computed":true},"users":{"type":["list","string"],"description":"The URLs of the resources that are using this address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_attached_disk":{"version":0,"block":{"attributes":{"device_name":{"type":"string","description":"Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine.","description_kind":"plain","optional":true,"computed":true},"disk":{"type":"string","description":"name or self_link of the disk that will be attached.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"name or self_link of the compute instance that the disk will be attached to. If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project that the referenced compute instance is a part of. If instance is referenced by its self_link the project defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone that the referenced compute instance is located within. If instance is referenced by its self_link the zone defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true},"zone":{"type":"string","description":"URL of the zone where the instance group resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy. Default value: \"ON\" Possible values: [\"OFF\", \"ONLY_UP\", \"ON\"]","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","required":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"request_coalescing":{"type":"bool","description":"If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.","description_kind":"plain","optional":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","optional":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"},"max_items":5},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys.\nDefault parameters are always included. '\u0026' and '=' will\nbe percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket_signed_url_key":{"version":0,"block":{"attributes":{"backend_bucket":{"type":"string","description":"The backend bucket this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","optional":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\"]","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].","description_kind":"plain","optional":true,"computed":true}},"description":"The set of backends that serve this BackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","required":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"}},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"locality_lb_policies":{"nesting_mode":"list","block":{"block_types":{"custom_policy":{"nesting_mode":"list","block":{"attributes":{"data":{"type":"string","description":"An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.","description_kind":"plain","required":true}},"description":"The configuration for a custom policy implemented by the user and\ndeployed with the client.","description_kind":"plain"},"max_items":1},"policy":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"]","description_kind":"plain","required":true}},"description":"The configuration for a built-in load balancing policy.","description_kind":"plain"},"max_items":1}},"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the load_balancing_scheme is set\nto INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"security_settings":{"nesting_mode":"list","block":{"attributes":{"client_tls_policy":{"type":"string","description":"ClientTlsPolicy is a resource that specifies how a client should authenticate\nconnections to backends of a service. This resource itself does not affect\nconfiguration unless it is attached to a backend service resource.","description_kind":"plain","required":true},"subject_alt_names":{"type":["list","string"],"description":"A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.","description_kind":"plain","required":true}},"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service_signed_url_key":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"The backend service this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"rsa_encrypted_key":{"type":"string","description":"Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_async_replication":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"primary_disk":{"type":"string","description":"Primary disk for asynchronous replication.","description_kind":"plain","required":true}},"block_types":{"secondary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Secondary disk for asynchronous replication.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output-only. Status of replication on the secondary disk.","description_kind":"plain","computed":true}},"description":"Secondary disk for asynchronous replication.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_external_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for the external VPN gateway resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redundancy_type":{"type":"string","description":"Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"interface":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.","description_kind":"plain","optional":true}},"description":"A list of interfaces on this external VPN gateway.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall":{"version":1,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"destination_ranges":{"type":["set","string"],"description":"If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.","description_kind":"plain","optional":true,"computed":true},"direction":{"type":"string","description":"Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","optional":true,"computed":true},"disabled":{"type":"bool","description":"Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the network to attach this firewall to.","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ranges":{"type":["set","string"],"description":"If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_service_accounts":{"type":["set","string"],"description":"If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_tags":{"type":["set","string"],"description":"If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["set","string"],"description":"A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.","description_kind":"plain","optional":true},"target_tags":{"type":["set","string"],"description":"A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.","description_kind":"plain","optional":true}},"block_types":{"allow":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.","description_kind":"plain"}},"deny":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"]","description_kind":"plain","required":true}},"description":"This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the firewall policy.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true},"short_name":{"type":"string","description":"User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_resources":{"type":["list","string"],"description":"A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"This field can only be used:\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By internal TCP/UDP load balancers, backend service-based network load\nbalancers, and internal and external protocol forwarding.\n\n\nSet this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule.\n\nThe 'ports', 'port_range', and\n'allPorts' fields are mutually exclusive.","description_kind":"plain","optional":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","optional":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","optional":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","optional":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","optional":true,"computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By backend service-based network load balancers, target pool-based\nnetwork load balancers, internal proxy load balancers, external proxy load\nbalancers, Traffic Director, external protocol forwarding, and Classic VPN.\nSome products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\n\nOnly packets addressed to ports in the specified range will be forwarded to\nthe backends configured with this forwarding rule.\n\nThe 'ports' and 'port_range' fields are mutually exclusive.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have\noverlapping 'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]'\npair, and cannot have overlapping 'portRange's.","description_kind":"plain","optional":true,"computed":true},"ports":{"type":["set","string"],"description":"This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By internal TCP/UDP load balancers, backend service-based network load\nbalancers, and internal protocol forwarding.\n\n\nYou can specify a list of up to five ports by number, separated by commas.\nThe ports can be contiguous or discontiguous. Only packets addressed to\nthese ports will be forwarded to the backends configured with this\nforwarding rule.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot share any values\ndefined in 'ports'.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]'\npair, and cannot share any values defined in 'ports'.\n\nThe 'ports' and 'port_range' fields are mutually exclusive.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","optional":true}},"block_types":{"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service Directory service to register the forwarding rule under.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The IP address or beginning of the address range represented by this\nresource. This can be supplied as an input to reserve a specific\naddress or omitted to allow GCP to choose a valid one for you.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of the address to reserve.\n\n* EXTERNAL indicates public/external single IP address.\n* INTERNAL indicates internal IP ranges belonging to some network. Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the IP range. The IP range\nmust be in RFC1918 space. The network cannot be deleted if there are\nany reserved IP ranges referring to it.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true},"prefix_length":{"type":"number","description":"The prefix length of the IP range. If not present, it means the\naddress field is a single IP address.\n\nThis field is not applicable to addresses with addressType=INTERNAL\nwhen purpose=PRIVATE_SERVICE_CONNECT","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. Possible values include:\n\n* VPC_PEERING - for peer networks\n\n* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By backend service-based network load balancers, target pool-based\nnetwork load balancers, internal proxy load balancers, external proxy load\nbalancers, Traffic Director, external protocol forwarding, and Classic VPN.\nSome products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\n\n* TargetHttpProxy: 80, 8080\n* TargetHttpsProxy: 443\n* TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995,\n 1883, 5222\n* TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995,\n 1883, 5222\n* TargetVpnGateway: 500, 4500","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","required":true}},"block_types":{"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that the label must match. The value has a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"global_network_endpoint_group":{"type":"string","description":"The global network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of the external endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Possible values: [\"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpn_interfaces":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID of this VPN gateway interface.","description_kind":"plain","optional":true},"interconnect_attachment":{"type":"string","description":"URL of the interconnect attachment resource. When the value\nof this field is present, the VPN Gateway will be used for\nIPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the\nspecified interconnect attachment resource.\n\nNot currently available publicly.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The external IP address for this VPN gateway interface.","description_kind":"plain","computed":true}},"description":"A list of interfaces on this VPN gateway.","description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_http_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_https_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description":"Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the image when restored onto a persistent disk (in GB).","description_kind":"plain","optional":true,"computed":true},"family":{"type":"string","description":"The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Image.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"URL of the source image used to create this image. In order to create an image, you must provide the full or partial\nURL of one of the following:\n\n* The selfLink URL\n* This property\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"URL of the source snapshot used to create this image.\n\nIn order to create an image, you must provide the full or partial URL of one of the following:\n\n* The selfLink URL\n* This property\n* The sourceImage URL\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable images.","description_kind":"plain"}},"image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud\nKMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service\naccount is used.","description_kind":"plain","optional":true}},"description":"Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image)","description_kind":"plain"},"max_items":1},"raw_disk":{"nesting_mode":"list","block":{"attributes":{"container_type":{"type":"string","description":"The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"]","description_kind":"plain","optional":true},"sha1":{"type":"string","description":"An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.","description_kind":"plain","required":true}},"description":"The parameters of the raw disk image.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"min_items":1,"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"},"min_items":1},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_from_template":{"version":0,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true,"computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","optional":true,"computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true,"computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true,"computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true,"computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true,"computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"scratch_disk":{"type":["list",["object",{"interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","optional":true,"computed":true},"source_instance_template":{"type":"string","description":"Name or self link of an instance template to create the instance based on.","description_kind":"plain","required":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true,"computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true,"computed":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true,"computed":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true,"computed":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"access_config":{"type":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain","optional":true,"computed":true},"alias_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"description":"An array of alias IP ranges for this network interface.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true,"computed":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true,"computed":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true,"computed":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true,"computed":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true,"computed":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true,"computed":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description":"An optional textual description of the instance group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"The list of instances in the group, in self_link format. When adding instances they must all be in the same network and zone as the instance group.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance group. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network the instance group is in. If this is different from the network where the instances are in, the creation fails. Defaults to the network where the instances are in (if neither network nor instances is specified, this field will be blank).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The number of instances in the group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that this instance group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"named_port":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name which the port will be mapped to.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number to map the name to.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. If neither is set, defaults to 1","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. If neither is set, defaults to 1.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_instance_group_named_port":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the instance group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for this named port. The name must be 1-63 characters\nlong, and comply with RFC1035.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number, which can be a value between 1 and 65535.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone of the instance group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description":"A special URI of the created resource that uniquely identifies this instance template.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect_attachment":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment","description_kind":"plain","optional":true},"bandwidth":{"type":"string","description":"Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"]","description_kind":"plain","optional":true,"computed":true},"candidate_subnets":{"type":["list","string"],"description":"Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.","description_kind":"plain","optional":true},"cloud_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_availability_domain":{"type":"string","description":"Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.","description_kind":"plain","optional":true,"computed":true},"encryption":{"type":"string","description":"Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"]","description_kind":"plain","optional":true},"google_reference_id":{"type":"string","description":"Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect":{"type":"string","description":"URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.","description_kind":"plain","optional":true},"ipsec_internal_addresses":{"type":["list","string"],"description":"URL of addresses that have been reserved for the interconnect attachment,\nUsed only for interconnect attachment that has the encryption option as\nIPSEC.\n\nThe addresses must be RFC 1918 IP address ranges. When creating HA VPN\ngateway over the interconnect attachment, if the attachment is configured\nto use an RFC 1918 IP address, then the VPN gateway's IP address will be\nallocated from the IP address range specified here.\n\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN gateway\ninterface 0 will be allocated from the IP address specified for this\ninterconnect attachment.\n\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on this\ninterconnect attachment, the HA VPN gateway's IP address will be\nallocated from regional external IP address pool.","description_kind":"plain","optional":true},"mtu":{"type":"string","description":"Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a\nlowercase letter, and all following characters must be a dash, lowercase\nletter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"pairing_key":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\"","description_kind":"plain","computed":true},"partner_asn":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.","description_kind":"plain","computed":true},"private_interconnect_info":{"type":["list",["object",{"tag8021q":"number"}]],"description":"Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the regional interconnect attachment resides.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of the cloud router to be used for dynamic routing. This router must be in\nthe same region as this InterconnectAttachment. The InterconnectAttachment will\nautomatically connect the Interconnect to the network \u0026 region within which the\nCloud Router is configured.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"state":{"type":"string","description":"[Output Only] The current state of this attachment's functionality.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"]","description_kind":"plain","optional":true,"computed":true},"vlan_tag8021q":{"type":"number","description":"The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_managed_ssl_certificate":{"version":0,"block":{"attributes":{"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subject_alternative_names":{"type":["list","string"],"description":"Domains associated with the certificate via Subject Alternative Name.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Enum field whose value is always 'MANAGED' - used to signal to the API\nwhich type this is. Default value: \"MANAGED\" Possible values: [\"MANAGED\"]","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"Domains for which a managed SSL certificate will be valid. Currently,\nthere can be up to 100 domains in this list.","description_kind":"plain","required":true}},"description":"Properties relevant to a managed certificate. These will be used if the\ncertificate is managed (as indicated by a value of 'MANAGED' in 'type').","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"auto_create_subnetworks":{"type":"bool","description":"When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.","description_kind":"plain","optional":true},"delete_default_routes_on_create":{"type":"bool","description":"If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. The resource must be\nrecreated to modify this field.","description_kind":"plain","optional":true},"enable_ula_internal_ipv6":{"type":"bool","description":"Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.","description_kind":"plain","optional":true},"gateway_ipv4":{"type":"string","description":"The gateway address for default routing out of the network. This value\nis selected by GCP.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description":"When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.","description_kind":"plain","optional":true,"computed":true},"mtu":{"type":"number","description":"Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_enforcement_order":{"type":"string","description":"Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone of network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoints":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group these endpoints are part of.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_endpoints":{"nesting_mode":"set","block":{"attributes":{"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone as the network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true}},"description":"The network endpoints to be added to the enclosing network endpoint group\n(NEG). Each endpoint specifies an IP address and port, along with\nadditional information depending on the NEG type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","optional":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","optional":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","required":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering_routes_config":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to import the custom routes to the peer network.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the primary network for the peering.","description_kind":"plain","required":true},"peering":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_group":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_size":{"type":"number","description":"The initial number of nodes in the node group. One of 'initial_size' or 'size' must be specified.","description_kind":"plain","optional":true},"maintenance_policy":{"type":"string","description":"Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_template":{"type":"string","description":"The URL of the node template to which this node group belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"The total number of nodes in the node group. One of 'initial_size' or 'size' must be specified.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where this node group is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.","description_kind":"plain","optional":true,"computed":true},"min_nodes":{"type":"number","description":"Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]","description_kind":"plain","optional":true,"computed":true}},"description":"If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"start_time":{"type":"string","description":"instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"contains properties for the timeframe of maintenance","description_kind":"plain"},"max_items":1},"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"]","description_kind":"plain","required":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number should be the same as the key of this project config in the project map.","description_kind":"plain","required":true}},"description":"A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"Share settings for the node group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_template":{"version":0,"block":{"attributes":{"cpu_overcommit_type":{"type":"string","description":"CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_affinity_labels":{"type":["map","string"],"description":"Labels to use for node affinity, which will be used in\ninstance scheduling.","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"node_type_flexibility":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"string","description":"Number of virtual CPUs to use.","description_kind":"plain","optional":true},"local_ssd":{"type":"string","description":"Use local SSD","description_kind":"plain","computed":true},"memory":{"type":"string","description":"Physical memory available to the node, defined in MB.","description_kind":"plain","optional":true}},"description":"Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.","description_kind":"plain"},"max_items":1},"server_binding":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"]","description_kind":"plain","required":true}},"description":"The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_packet_mirroring":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the packet mirroring rule","description_kind":"plain","required":true},"priority":{"type":"number","description":"Since only one rule can be active at a time, priority is\nused to break ties in the case of two rules that apply to\nthe same instances.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"collector_ilb":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the forwarding rule.","description_kind":"plain","required":true}},"description":"The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL)\nthat will be used as collector for mirrored traffic. The\nspecified forwarding rule must have is_mirroring_collector\nset to true.","description_kind":"plain"},"min_items":1,"max_items":1},"filter":{"nesting_mode":"list","block":{"attributes":{"cidr_ranges":{"type":["list","string"],"description":"IP CIDR ranges that apply as a filter on the source (ingress) or\ndestination (egress) IP in the IP header. Only IPv4 is supported.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"Direction of traffic to mirror. Default value: \"BOTH\" Possible values: [\"INGRESS\", \"EGRESS\", \"BOTH\"]","description_kind":"plain","optional":true},"ip_protocols":{"type":["list","string"],"description":"Possible IP protocols including tcp, udp, icmp and esp","description_kind":"plain","optional":true}},"description":"A filter for mirrored traffic. If unset, all traffic is mirrored.","description_kind":"plain"},"max_items":1},"mirrored_resources":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"All instances with these tags will be mirrored.","description_kind":"plain","optional":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the instances where this rule should be active.","description_kind":"plain","required":true}},"description":"All the listed instances will be mirrored. Specify at most 50.","description_kind":"plain"}},"subnetworks":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the subnetwork where this rule should be active.","description_kind":"plain","required":true}},"description":"All instances in one of these subnetworks will be mirrored.","description_kind":"plain"}}},"description":"A means of specifying which resources to mirror.","description_kind":"plain"},"min_items":1,"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The full self_link URL of the network where this rule is active.","description_kind":"plain","required":true}},"description":"Specifies the mirrored VPC network. Only packets in this network\nwill be mirrored. All mirrored VMs should have a NIC in the given\nnetwork. All mirrored subnetworks should belong to the given network.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The instance group manager this instance config is part of.","description_kind":"plain","required":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the containing instance group manager is located","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_default_network_tier":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The default network tier to be configured for the project. This field can take the following values: PREMIUM or STANDARD.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"A series of key value pairs.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata_item":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"The metadata key to set.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The value to set for the given metadata key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_advertised_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns_verification_ip":{"type":"string","description":"The IPv4 address to be used for reverse DNS verification.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_delegated_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"is_live_migration":{"type":"bool","description":"If true, the prefix will be live migrated.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"parent_prefix":{"type":"string","description":"The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A region where the prefix will reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy. Default value: \"ON\" Possible values: [\"OFF\", \"ONLY_UP\", \"ON\"]","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this RegionBackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to HealthCheck resources for health checking\nthis RegionBackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates what kind of load balancing this regional backend service\nwill be used for. A backend service created for one type of load\nbalancing cannot be used with the other(s). For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"INTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network to which this backend service belongs.\nThis field can only be specified when the load balancing scheme is set to INTERNAL.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"A named port on a backend instance group representing the port for\ncommunication to the backend VMs in that group. Required when the\nloadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED\nand the backends are instance groups. The named port must be defined on each\nbackend instance group. This parameter has no meaning if the backends are NEGs. API sets a\ndefault of \"http\" if not given.\nMust be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this RegionBackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"SSL\", \"TCP\", \"UDP\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created backend service should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"CLIENT_IP_NO_DESTINATION\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"CONNECTION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\n~\u003e**NOTE**: This field cannot be set for\nINTERNAL region backend services (default loadBalancingScheme),\nbut is required for non-INTERNAL backend service. The total\ncapacity_scaler for all backends must be non-zero.\n\nA setting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"failover":{"type":"bool","description":"This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.","description_kind":"plain","optional":true,"computed":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\nCannot be set for INTERNAL backend services.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. Cannot be set\nfor INTERNAL backend services.\n\nThis is used to calculate the capacity of the group. Can be\nused in either CONNECTION or UTILIZATION balancing modes. For\nCONNECTION mode, either maxConnections or\nmaxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. Cannot be set for INTERNAL backend\nservices.\n\nThis is used to calculate the capacity of the group.\nCan be used in either CONNECTION or UTILIZATION balancing modes.\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group. Cannot be set\nfor INTERNAL backend services.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. Either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].\nCannot be set for INTERNAL backend services.","description_kind":"plain","optional":true}},"description":"The set of backends that serve this RegionBackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the 'load_balancing_scheme' is set to INTERNAL_MANAGED\nand the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing.\nThis field only applies when all of the following are true -\n * 'load_balancing_scheme' is set to INTERNAL_MANAGED\n * 'protocol' is set to HTTP, HTTPS, or HTTP2\n * 'locality_lb_policy' is set to MAGLEV or RING_HASH","description_kind":"plain"},"max_items":1},"failover_policy":{"nesting_mode":"list","block":{"attributes":{"disable_connection_drain_on_failover":{"type":"bool","description":"On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"drop_traffic_if_unhealthy":{"type":"bool","description":"This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"failover_ratio":{"type":"number","description":"The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.","description_kind":"plain","optional":true}},"description":"Policy for failovers.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the 'load_balancing_scheme' is set\nto INTERNAL_MANAGED and the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_commitment":{"version":0,"block":{"attributes":{"auto_renew":{"type":"bool","description":"Specifies whether to enable automatic renewal for the commitment.\nThe default value is false if not specified.\nIf the field is set to true, the commitment will be automatically renewed for either\none or three years according to the terms of the existing commitment.","description_kind":"plain","optional":true,"computed":true},"category":{"type":"string","description":"The category of the commitment. Category MACHINE specifies commitments composed of\nmachine resources such as VCPU or MEMORY, listed in resources. Category LICENSE\nspecifies commitments composed of software licenses, listed in licenseResources.\nNote that only MACHINE commitments should have a Type specified. Possible values: [\"LICENSE\", \"MACHINE\"]","description_kind":"plain","optional":true,"computed":true},"commitment_id":{"type":"number","description":"Unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"end_timestamp":{"type":"string","description":"Commitment end time in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"plan":{"type":"string","description":"The plan for this commitment, which determines duration and discount rate.\nThe currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). Possible values: [\"TWELVE_MONTH\", \"THIRTY_SIX_MONTH\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where this commitment may be used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"start_timestamp":{"type":"string","description":"Commitment start time in RFC3339 text format.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the commitment with regards to eventual expiration\n(each commitment has an end date defined).","description_kind":"plain","computed":true},"status_message":{"type":"string","description":"A human-readable explanation of the status.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of commitment, which affects the discount rate and the eligible resources.\nThe type could be one of the following value: 'MEMORY_OPTIMIZED', 'ACCELERATOR_OPTIMIZED',\n'GENERAL_PURPOSE_N1', 'GENERAL_PURPOSE_N2', 'GENERAL_PURPOSE_N2D', 'GENERAL_PURPOSE_E2',\n'GENERAL_PURPOSE_T2D', 'GENERAL_PURPOSE_C3', 'COMPUTE_OPTIMIZED_C2', 'COMPUTE_OPTIMIZED_C2D' and\n'GRAPHICS_OPTIMIZED_G2'","description_kind":"plain","optional":true,"computed":true}},"block_types":{"license_resource":{"nesting_mode":"list","block":{"attributes":{"amount":{"type":"string","description":"The number of licenses purchased.","description_kind":"plain","optional":true},"cores_per_license":{"type":"string","description":"Specifies the core range of the instance for which this license applies.","description_kind":"plain","optional":true},"license":{"type":"string","description":"Any applicable license URI.","description_kind":"plain","required":true}},"description":"The license specification required as part of a license commitment.","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.","description_kind":"plain","optional":true},"amount":{"type":"string","description":"The amount of the resource purchased (in a type-dependent unit,\nsuch as bytes). For vCPUs, this can just be an integer. For memory,\nthis must be provided in MB. Memory must be a multiple of 256 MB,\nwith up to 6.5GB of memory per every vCPU.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of resource for which this commitment applies.\nPossible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.","description_kind":"plain","optional":true}},"description":"A list of commitment amounts for particular resources.\nNote that VCPU and MEMORY resource commitments must occur together.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the regional disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created health check should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n\n* Empty serviceName means the overall status of all services at the backend.\n* Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\n\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","optional":true,"computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true}},"block_types":{"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"instance_redistribution_type":{"type":"string","description":"The instance redistribution policy for regional managed instance groups. Valid values are: \"PROACTIVE\", \"NONE\". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.","description_kind":"plain","optional":true},"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for regional managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is only used for PSC.\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","optional":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_target_service":{"type":"string","description":"The target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the Serverless NEGs Reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field is only used for PSC.\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true}},"block_types":{"app_engine":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional serving service.\nThe service name must be 1-63 characters long, and comply with RFC1035.\nExample value: \"default\", \"my-service\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and version fields from a request URL.\nURL mask allows for routing to multiple App Engine services without\nhaving to create multiple Network Endpoint Groups and backend services.\n\nFor example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and\n\"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with\nURL mask \"-dot-appname.appspot.com/\". The URL mask will parse\nthem to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional serving version.\nThe version must be 1-63 characters long, and comply with RFC1035.\nExample value: \"v1\", \"v2\".","description_kind":"plain","optional":true}},"description":"Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_function":{"nesting_mode":"list","block":{"attributes":{"function":{"type":"string","description":"A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.","description_kind":"plain","optional":true}},"description":"Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_run":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.","description_kind":"plain","optional":true}},"description":"Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"region_network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true},"region_instance_group_manager":{"type":"string","description":"The region instance group manager this instance config is part of.","description_kind":"plain","required":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"A list of features enabled when the selected profile is CUSTOM. The\nmethod returns the set of features that can be specified in this\nlist. This field must be empty if the profile is not CUSTOM.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the regional SSL policy resides.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_https_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of RegionSslCertificate resources that are used to authenticate\nconnections between users and the load balancer. Currently, exactly\none SSL certificate must be specified.","description_kind":"plain","required":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the RegionBackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target TCP proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The full or partial URL of the defaultService resource to which traffic is directed if\nnone of the hostRules match. If defaultRouteAction is additionally specified, advanced\nrouting actions like URL Rewrites, etc. take effect prior to sending the request to the\nbackend. However, if defaultService is specified, defaultRouteAction cannot contain any\nweightedBackendServices. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService must be set.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the url map should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the RegionBackendService resource being mirrored to.\nThe backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.\nServerless NEG backends are not currently supported as a mirrored backend service.","description_kind":"plain","optional":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response before sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request before forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add the response before sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this HostRule. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"A reference to a RegionBackendService resource. This will be used if\nnone of the pathRules defined by this PathMatcher is matched by\nthe URL's path portion.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"A reference to expected RegionBackendService resource the given URL should be mapped to.","description_kind":"plain","required":true}},"description":"The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","optional":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"block_types":{"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Type of sharing for this shared-reservation Possible values: [\"LOCAL\", \"SPECIFIC_PROJECTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number, should be same as the key of this project config in the project map.","description_kind":"plain","optional":true}},"description":"A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"The share setting for reservations.","description_kind":"plain"},"max_items":1},"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of resources that are allocated.","description_kind":"plain","required":true},"in_use_count":{"type":"number","description":"How many instances are in use.","description_kind":"plain","computed":true}},"block_types":{"instance_properties":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The name of the machine type to reserve.","description_kind":"plain","required":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to\nthis instance.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.","description_kind":"plain","required":true}},"description":"Guest accelerator type and count.","description_kind":"plain"}},"local_ssds":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The size of the disk in base-2 GB.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"]","description_kind":"plain","optional":true}},"description":"The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.","description_kind":"plain"}}},"description":"The instance properties for the reservation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Reservation for instances with specific machine shapes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"disk_consistency_group_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable disk consistency on the resource policy.","description_kind":"plain","required":true}},"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain"},"max_items":1},"group_placement_policy":{"nesting_mode":"list","block":{"attributes":{"availability_domain_count":{"type":"number","description":"The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network","description_kind":"plain","optional":true},"collocation":{"type":"string","description":"Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"]","description_kind":"plain","optional":true},"vm_count":{"type":"number","description":"Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.","description_kind":"plain","optional":true}},"description":"Resource policy for instances used for placement configuration.","description_kind":"plain"},"max_items":1},"instance_schedule_policy":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The expiration time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","required":true}},"block_types":{"vm_start_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for starting instances.","description_kind":"plain"},"max_items":1},"vm_stop_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for stopping instances.","description_kind":"plain"},"max_items":1}},"description":"Resource policy for scheduling instance operations.","description_kind":"plain"},"max_items":1},"snapshot_schedule_policy":{"nesting_mode":"list","block":{"block_types":{"retention_policy":{"nesting_mode":"list","block":{"attributes":{"max_retention_days":{"type":"number","description":"Maximum age of the snapshot that is allowed to be kept.","description_kind":"plain","required":true},"on_source_disk_delete":{"type":"string","description":"Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"]","description_kind":"plain","optional":true}},"description":"Retention policy applied to snapshots created by this resource policy.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"days_in_cycle":{"type":"number","description":"Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"The policy will execute every nth day at the specified time.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"hours_in_cycle":{"type":"number","description":"The number of hours between snapshots.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT.\neg: 21:00","description_kind":"plain","required":true}},"description":"The policy will execute every nth hour starting at the specified time.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"block_types":{"day_of_weeks":{"nesting_mode":"set","block":{"attributes":{"day":{"type":"string","description":"The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.","description_kind":"plain","required":true}},"description":"May contain up to seven (one for each day of the week) snapshot times.","description_kind":"plain"},"min_items":1,"max_items":7}},"description":"Allows specifying a snapshot time for each day of the week.","description_kind":"plain"},"max_items":1}},"description":"Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.","description_kind":"plain"},"min_items":1,"max_items":1},"snapshot_properties":{"nesting_mode":"list","block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.","description_kind":"plain","optional":true},"guest_flush":{"type":"bool","description":"Whether to perform a 'guest aware' snapshot.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key-value pairs.","description_kind":"plain","optional":true},"storage_locations":{"type":["set","string"],"description":"Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional)","description_kind":"plain","optional":true}},"description":"Properties with which the snapshots are created, such as labels.","description_kind":"plain"},"max_items":1}},"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_route":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"dest_range":{"type":"string","description":"The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network that this route applies to.","description_kind":"plain","required":true},"next_hop_gateway":{"type":"string","description":"URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.","description_kind":"plain","optional":true},"next_hop_ilb":{"type":"string","description":"The IP address or URL to a forwarding rule of type\nloadBalancingScheme=INTERNAL that should handle matching\npackets.\n\nWith the GA provider you can only specify the forwarding\nrule as a partial or full URL. For example, the following\nare all valid values:\n* 10.128.0.56\n* https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule\n* regions/region/forwardingRules/forwardingRule\n\nWhen the beta provider, you can also specify the IP address\nof a forwarding rule from the same VPC or any peered VPC.\n\nNote that this can only be used when the destinationRange is\na public (non-RFC 1918) IP CIDR range.","description_kind":"plain","optional":true},"next_hop_instance":{"type":"string","description":"URL to an instance that should handle matching packets.\nYou can specify this as a full or partial URL. For example:\n* 'https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance'\n* 'projects/project/zones/zone/instances/instance'\n* 'zones/zone/instances/instance'\n* Just the instance name, with the zone in 'next_hop_instance_zone'.","description_kind":"plain","optional":true},"next_hop_instance_zone":{"type":"string","description":"The zone of the instance specified in next_hop_instance. Omit if next_hop_instance is specified as a URL.","description_kind":"plain","optional":true,"computed":true},"next_hop_ip":{"type":"string","description":"Network IP address of an instance that should handle matching packets.","description_kind":"plain","optional":true,"computed":true},"next_hop_network":{"type":"string","description":"URL to a Network that should handle matching packets.","description_kind":"plain","computed":true},"next_hop_vpn_tunnel":{"type":"string","description":"URL to a VpnTunnel that should handle matching packets.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A list of instance tags to which this route applies.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"bgp":{"nesting_mode":"list","block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS","description_kind":"plain","optional":true},"asn":{"type":"number","description":"Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.","description_kind":"plain","required":true},"keepalive_interval":{"type":"number","description":"The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}}},"description":"BGP information specific to this router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_interface":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"The name or resource link to the VLAN interconnect for this interface. Changing this forces a new interface to be created. Only one of interconnect_attachment, subnetwork or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"ip_range":{"type":"string","description":"The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the interface, required by GCE. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance. Changing this forces a new interface to be created.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which this interface's router belongs. If it is not provided, the provider project is used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"redundant_interface":{"type":"string","description":"The name of the interface that is redundant to this interface. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the router this interface will be attached to. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"subnetwork":{"type":"string","description":"The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. Changing this forces a new interface to be created. Only one of subnetwork, interconnect_attachment or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"vpn_tunnel":{"type":"string","description":"The name or resource link to the VPN tunnel this interface will be linked to. Changing this forces a new interface to be created. Only one of vpn_tunnel, interconnect_attachment or subnetwork can be specified.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","optional":true,"computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information\nsee the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","optional":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","optional":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","required":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","required":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","optional":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","optional":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","optional":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs.","description_kind":"plain","required":true},"filter":{"type":"string","description":"Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"]","description_kind":"plain","required":true}},"description":"Configuration for logging on NAT","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this rule.","description_kind":"plain","optional":true},"match":{"type":"string","description":"CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"","description_kind":"plain","required":true},"rule_number":{"type":"number","description":"An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.","description_kind":"plain","required":true}},"block_types":{"action":{"nesting_mode":"list","block":{"attributes":{"source_nat_active_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources used for this NAT rule.\nThese IP addresses must be valid static external IP addresses assigned to the project.\nThis field is used for public NAT.","description_kind":"plain","optional":true},"source_nat_drain_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained.\nThese IPs must be valid static external IPs that have been assigned to the NAT.\nThese IPs should be used for updating/patching a NAT rule only.\nThis field is used for public NAT.","description_kind":"plain","optional":true}},"description":"The action to be enforced for traffic that matches this rule.","description_kind":"plain"},"max_items":1}},"description":"A list of rules associated with this NAT.","description_kind":"plain"}},"subnetwork":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Self-link of subnetwork to NAT","description_kind":"plain","required":true},"secondary_ip_range_names":{"type":["set","string"],"description":"List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat","description_kind":"plain","optional":true},"source_ip_ranges_to_nat":{"type":["set","string"],"description":"List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.","description_kind":"plain","required":true}},"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_peer":{"version":0,"block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom\nmode, which can take one of the following options:\n\n* 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets.\n* 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets.\n* 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.","description_kind":"plain","optional":true},"advertised_route_priority":{"type":"number","description":"The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.","description_kind":"plain","optional":true},"enable_ipv6":{"type":"bool","description":"Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Name of the interface the BGP peer is associated with.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"management_type":{"type":"string","description":"The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of this BGP peer. The name must be 1-63 characters long,\nand comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_asn":{"type":"number","description":"Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.","description_kind":"plain","required":true},"peer_ip_address":{"type":"string","description":"IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.","description_kind":"plain","optional":true,"computed":true},"peer_ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this BgpPeer will be configured.","description_kind":"plain","required":true},"router_appliance_instance":{"type":"string","description":"The URI of the VM instance that is used as third-party router appliances\nsuch as Next Gen Firewalls, Virtual Routers, or Router Appliances.\nThe VM instance must be located in zones contained in the same region as\nthis Cloud Router. The VM instance is the peer side of the BGP session.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}},"bfd":{"nesting_mode":"list","block":{"attributes":{"min_receive_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.","description_kind":"plain","optional":true},"min_transmit_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.","description_kind":"plain","optional":true},"multiplier":{"type":"number","description":"The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.","description_kind":"plain","optional":true},"session_initialization_mode":{"type":"string","description":"The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"]","description_kind":"plain","required":true}},"description":"BFD configuration for the BGP peering.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"adaptive_protection_config":{"nesting_mode":"list","block":{"block_types":{"layer_7_ddos_defense_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"If set to true, enables CAAP for L7 DDoS detection.","description_kind":"plain","optional":true},"rule_visibility":{"type":"string","description":"Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".","description_kind":"plain","optional":true}},"description":"Layer 7 DDoS Defense Config of this security policy","description_kind":"plain"},"max_items":1}},"description":"Adaptive Protection Config of this security policy.","description_kind":"plain"},"max_items":1},"advanced_options_config":{"nesting_mode":"list","block":{"attributes":{"json_parsing":{"type":"string","description":"JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"json_custom_config":{"nesting_mode":"list","block":{"attributes":{"content_types":{"type":["set","string"],"description":"A list of custom Content-Type header values to apply the JSON parsing.","description_kind":"plain","required":true}},"description":"Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.","description_kind":"plain"},"max_items":1}},"description":"Advanced Options Config of this security policy.","description_kind":"plain"},"max_items":1},"recaptcha_options_config":{"nesting_mode":"list","block":{"attributes":{"redirect_site_key":{"type":"string","description":"A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.","description_kind":"plain","required":true}},"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain"},"max_items":1},"rule":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Action to take when match matches the request.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this rule. Max size is 64.","description_kind":"plain","optional":true},"preview":{"type":"bool","description":"When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"},"min_items":1}},"description":"Additional actions that are performed on headers.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["set","string"],"description":"Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).","description_kind":"plain","required":true}},"description":"The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.","description_kind":"plain","required":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.","description_kind":"plain","required":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1}},"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_service_attachment":{"version":0,"block":{"attributes":{"connected_endpoints":{"type":["list",["object",{"endpoint":"string","status":"string"}]],"description":"An array of the consumer forwarding rules connected to this service\nattachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference to use for this service attachment. Valid\nvalues include \"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\".","description_kind":"plain","required":true},"consumer_reject_lists":{"type":["list","string"],"description":"An array of projects that are not allowed to connect to this service\nattachment.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"domain_names":{"type":["list","string"],"description":"If specified, the domain name will be used during the integration between\nthe PSC connected endpoints and the Cloud DNS. For example, this is a\nvalid domain name: \"p.mycompany.com.\". Current max number of domain names\nsupported is 1.","description_kind":"plain","optional":true},"enable_proxy_protocol":{"type":"bool","description":"If true, enable the proxy protocol which is for supplying client TCP/IP\naddress data in TCP connections that traverse proxies on their way to\ndestination servers.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"nat_subnets":{"type":["list","string"],"description":"An array of subnets that is provided for NAT in this service attachment.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconcile_connections":{"type":"bool","description":"This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints.\n\nIf false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified .\nIf true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list.\n\nFor newly created service attachment, this boolean defaults to true.","description_kind":"plain","optional":true},"region":{"type":"string","description":"URL of the region where the resource resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target_service":{"type":"string","description":"The URL of a forwarding rule that represents the service identified by\nthis service attachment.","description_kind":"plain","required":true}},"block_types":{"consumer_accept_lists":{"nesting_mode":"list","block":{"attributes":{"connection_limit":{"type":"number","description":"The number of consumer forwarding rules the consumer project can\ncreate.","description_kind":"plain","required":true},"project_id_or_num":{"type":"string","description":"A project that is allowed to connect to this service attachment.","description_kind":"plain","required":true}},"description":"An array of projects that are allowed to connect to this service\nattachment.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_host_project":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC host project","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_service_project":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host_project":{"type":"string","description":"The ID of a host project to associate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC service project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","required":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain"},"max_items":1},"source_disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.","description_kind":"plain","optional":true},"external_ipv6_prefix":{"type":"string","description":"The range of external IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during updates of this resource.","description_kind":"plain","deprecated":true,"computed":true},"gateway_address":{"type":"string","description":"The gateway address for default routes to reach destination addresses\noutside this subnetwork.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.","description_kind":"plain","required":true},"ipv6_access_type":{"type":"string","description":"The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"ipv6_cidr_range":{"type":"string","description":"The range of internal IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially\ncreating the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this subnet belongs to.\nOnly networks that are in the distributed mode can have subnetworks.","description_kind":"plain","required":true},"private_ip_google_access":{"type":"bool","description":"When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.","description_kind":"plain","optional":true,"computed":true},"private_ipv6_google_access":{"type":"string","description":"The private IPv6 google access type for the VMs in this subnet.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY' or 'PRIVATE_SERVICE_CONNECT'.\nA subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing.\nA subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nIf unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.\nThe enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The GCP region for this subnetwork.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The role of subnetwork.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining.\n\nSubnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: [\"ACTIVE\", \"BACKUP\"]","description_kind":"plain","optional":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description":"An array of configurations for secondary IP ranges for VM instances\ncontained in this subnetwork. The primary IP of such VM must belong\nto the primary ipCidrRange of the subnetwork. The alias IPs may belong\nto either primary or secondary ranges.\n\n**Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid\nbreaking users during the 0.12 upgrade. To explicitly send a list\nof zero objects you must use the following syntax:\n'example=[]'\nFor more details about this behavior, see [this section](https://www.terraform.io/docs/configuration/attr-as-blocks.html#defining-a-fixed-object-collection-value).","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_interval":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"]","description_kind":"plain","optional":true},"filter_expr":{"type":"string","description":"Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.","description_kind":"plain","optional":true},"metadata":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"]","description_kind":"plain","optional":true},"metadata_fields":{"type":["set","string"],"description":"List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.","description_kind":"plain","optional":true}},"description":"Denotes the logging options for the subnetwork flow logs. If logging is enabled\nlogs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this\nsubnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_target_grpc_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource\nis created. The name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long\nand match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL with id for the resource.","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"URL to the UrlMap resource that defines the mapping from URL to\nthe BackendService. The protocol field in the BackendService\nmust be set to GRPC.","description_kind":"plain","optional":true},"validate_for_proxyless":{"type":"bool","description":"If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"quic_override":{"type":"string","description":"Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate\nconnections between users and the load balancer. At least one resource must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_instance":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The Compute instance VM handling traffic for this target instance.\nAccepts the instance self-link, relative path\n(e.g. 'projects/project/zones/zone/instances/instance') or name. If\nname is given, the zone will default to the given zone or\nthe provider-default zone and the project will default to the\nprovider-level project.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"nat_policy":{"type":"string","description":"NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description":"URL of the zone where the target instance resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_pool":{"version":0,"block":{"attributes":{"backup_pool":{"type":"string","description":"URL to the backup target pool. Must also set failover_ratio.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Textual description field.","description_kind":"plain","optional":true},"failover_ratio":{"type":"number","description":"Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).","description_kind":"plain","optional":true},"health_checks":{"type":["list","string"],"description":"List of zero or one health check name or self_link. Only legacy google_compute_http_health_check is supported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"List of instances in the pool. They can be given as URLs, or in the form of \"zone/name\". Note that the instances need not exist at the time of target pool creation, so there is no need to use the Terraform interpolators to create a dependency on the instances from the target pool.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by GCE. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Where the target pool resides. Defaults to project region.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_ssl_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resources that are used to authenticate\nconnections between users and the load balancer. At least one\nSSL certificate must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetSslProxy resource. If not set, the TargetSslProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given rules match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase\nletter, and all following characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions\nlike URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend.\nIf defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService\nis set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained. The default is set to false.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid hostnames, except * will\nmatch any string of ([a-z0-9-.]*). In that case, * must be the first character\nand must be followed in the pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of the URL if the\nhostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given paths match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket to use if any of the given paths match.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n* unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0] - -3 will match. - 0 will\nnot match. - 0.25 will not match. - -3someString will not match. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n - MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n - MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction\nis not set, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set\nto false, the URL scheme of the redirected request will remain the same as that\nof the request. This must only be set for UrlMaps used in TargetHttpProxys.\nSetting this true for TargetHttpsProxy is not permitted. Defaults to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. Only one of pathRedirect or prefixRedirect must be\nspecified. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained. Defaults to false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket link that should be matched by this test.","description_kind":"plain","required":true}},"description":"The list of expected URL mapping tests. Request to update this UrlMap will\nsucceed only if all of the test cases pass. You can specify a maximum of 100\ntests per UrlMap.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_tunnel":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"detailed_status":{"type":"string","description":"Detailed status message for the VPN tunnel.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ike_version":{"type":"number","description":"IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.","description_kind":"plain","optional":true},"local_traffic_selector":{"type":["set","string"],"description":"Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63\ncharacters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\nmust be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_external_gateway":{"type":"string","description":"URL of the peer side external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_external_gateway_interface":{"type":"number","description":"The interface ID of the external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_gcp_gateway":{"type":"string","description":"URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.\nIf provided, the VPN tunnel will automatically use the same vpn_gateway_interface\nID in the peer GCP VPN gateway.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"peer_ip":{"type":"string","description":"IP address of the peer VPN gateway. Only IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.","description_kind":"plain","optional":true,"computed":true},"remote_traffic_selector":{"type":["set","string"],"description":"Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of router resource to be used for dynamic routing.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.","description_kind":"plain","required":true,"sensitive":true},"shared_secret_hash":{"type":"string","description":"Hash of the shared secret.","description_kind":"plain","computed":true},"target_vpn_gateway":{"type":"string","description":"URL of the Target VPN gateway with which this VPN tunnel is\nassociated.","description_kind":"plain","optional":true},"tunnel_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"vpn_gateway":{"type":"string","description":"URL of the VPN gateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is created.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"vpn_gateway_interface":{"type":"number","description":"The interface ID of the VPN gateway with which this VPN tunnel is associated.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time this note was created.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"Time of expiration for this note. Leave empty if note does not expire.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The type of analysis this note describes","description_kind":"plain","computed":true},"long_description":{"type":"string","description":"A detailed description of the note","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the note.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"related_note_names":{"type":["set","string"],"description":"Names of other notes related to this note.","description_kind":"plain","optional":true},"short_description":{"type":"string","description":"A one sentence description of the note.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time this note was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation_authority":{"nesting_mode":"list","block":{"block_types":{"hint":{"nesting_mode":"list","block":{"attributes":{"human_readable_name":{"type":"string","description":"The human readable name of this Attestation Authority, for\nexample \"qa\".","description_kind":"plain","required":true}},"description":"This submessage provides human-readable hints about the purpose of\nthe AttestationAuthority. Because the name of a Note acts as its\nresource reference, it is important to disambiguate the canonical\nname of the Note (which might be a UUID for security purposes)\nfrom \"readable\" names more suitable for debug output. Note that\nthese hints should NOT be used to look up AttestationAuthorities\nin security sensitive contexts, such as when looking up\nAttestations to verify.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Note kind that represents a logical attestation \"role\" or \"authority\".\nFor example, an organization might have one AttestationAuthority for\n\"QA\" and one for \"build\". This Note is intended to act strictly as a\ngrouping mechanism for the attached Occurrences (Attestations). This\ngrouping mechanism also provides a security boundary, since IAM ACLs\ngate the ability for a principle to attach an Occurrence to a given\nNote. It also provides a single point of lookup to find all attached\nAttestation Occurrences, even if they don't all live in the same\nproject.","description_kind":"plain"},"min_items":1,"max_items":1},"related_url":{"nesting_mode":"set","block":{"attributes":{"label":{"type":"string","description":"Label to describe usage of the URL","description_kind":"plain","optional":true},"url":{"type":"string","description":"Specific URL associated with the resource.","description_kind":"plain","required":true}},"description":"URLs associated with this note and related metadata.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_analysis_occurrence":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The note kind which explicitly denotes which of the occurrence\ndetails are specified. This field can be used as a filter in list\nrequests.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the occurrence.","description_kind":"plain","computed":true},"note_name":{"type":"string","description":"The analysis note associated with this occurrence, in the form of\nprojects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a\nfilter in list requests.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remediation":{"type":"string","description":"A description of actions that can be taken to remedy the note.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"Required. Immutable. A URI that represents the resource for which\nthe occurrence applies. For example,\nhttps://gcr.io/project/image@sha256:123abc for a Docker image.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation":{"nesting_mode":"list","block":{"attributes":{"serialized_payload":{"type":"string","description":"The serialized payload that is verified by one or\nmore signatures. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"signatures":{"nesting_mode":"set","block":{"attributes":{"public_key_id":{"type":"string","description":"The identifier for the public key that verifies this\nsignature. MUST be an RFC3986 conformant\nURI. * When possible, the key id should be an\nimmutable reference, such as a cryptographic digest.\nExamples of valid values:\n\n* OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\n for more details on this scheme.\n * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'\n* RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"","description_kind":"plain","required":true},"signature":{"type":"string","description":"The content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be\nunambiguously provided with the Signature during\nverification. A wrapper message might provide the\npayload explicitly. Alternatively, a message might\nhave a canonical serialization that can always be\nunambiguously computed to derive the payload.","description_kind":"plain","optional":true}},"description":"One or more signatures over serializedPayload.\nVerifier implementations should consider this attestation\nmessage verified if at least one signature verifies\nserializedPayload. See Signature in common.proto for more\ndetails on signature structure and verification.","description_kind":"plain"},"min_items":1}},"description":"Occurrence that represents a single \"attestation\". The authenticity\nof an attestation can be verified using the attached signature.\nIf the verifier trusts the public key of the signer, then verifying\nthe signature is sufficient to establish trust. In this circumstance,\nthe authority to which this attestation is attached is primarily\nuseful for lookup (how to find this attestation if you already\nknow the authority and artifact to be verified) and intent (for\nwhich authority this attestation was intended to sign.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_attached_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","optional":true},"cluster_region":{"type":"string","description":"Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine what flags to send on delete.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"distribution":{"type":"string","description":"The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\".","description_kind":"plain","required":true},"errors":{"type":["list",["object",{"message":"string"}]],"description":"A set of errors found in the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_version":{"type":"string","description":"The Kubernetes version of the cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"platform_version":{"type":"string","description":"The platform version for the cluster (e.g. '1.23.0-gke.1').","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"attributes":{"admin_users":{"type":["list","string"],"description":"Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","required":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"logging_config":{"nesting_mode":"list","block":{"block_types":{"component_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"]","description_kind":"plain","optional":true}},"description":"The configuration of the logging components","description_kind":"plain"},"max_items":1}},"description":"Logging configuration.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"managed_prometheus_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Managed Collection.","description_kind":"plain","optional":true}},"description":"Enable Google Cloud Managed Service for Prometheus in the cluster.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration.","description_kind":"plain"},"max_items":1},"oidc_config":{"nesting_mode":"list","block":{"attributes":{"issuer_url":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'","description_kind":"plain","required":true},"jwks":{"type":"string","description":"OIDC verification keys in JWKS format (RFC 7517).","description_kind":"plain","optional":true}},"description":"OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM instance pofile to assign to each control plane replica.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"subnet_ids":{"type":["list","string"],"description":"The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling .","description_kind":"plain","required":true}},"block_types":{"aws_services_authentication":{"nesting_mode":"list","block":{"attributes":{"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.","description_kind":"plain","required":true},"role_session_name":{"type":"string","description":"Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`.","description_kind":"plain","optional":true,"computed":true}},"description":"Authentication configuration for management of AWS resources.","description_kind":"plain"},"min_items":1,"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain"},"min_items":1,"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"per_node_pool_sg_rules_disabled":{"type":"bool","description":"Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.","description_kind":"plain","optional":true},"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"vpc_id":{"type":"string","description":"The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The awsCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The lifecycle state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The subnet where the node pool node run.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version to run on this node pool (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the NodePool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the NodePool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM role assigned to nodes in the pool.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to nodes in this pool. The manager will automatically create security groups with minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. Key/value metadata to assign to each underlying AWS resource. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_metrics_collection":{"nesting_mode":"list","block":{"attributes":{"granularity":{"type":"string","description":"The frequency at which EC2 Auto Scaling sends aggregated data to AWS CloudWatch. The only valid value is \"1Minute\".","description_kind":"plain","required":true},"metrics":{"type":["list","string"],"description":"The metrics to enable. For a list of valid metrics, see https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html. If you specify granularity and don't specify any metrics, all metrics are enabled.","description_kind":"plain","optional":true}},"description":"Optional. Configuration related to CloudWatch metrics collection on the Auto Scaling group of the node pool. When unspecified, metrics collection is disabled.","description_kind":"plain"},"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Template for the root volume provisioned for node pool nodes. Volumes will be provisioned in the availability zone assigned to the node pool subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. The SSH configuration.","description_kind":"plain"},"max_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for the taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for the taint.","description_kind":"plain","required":true}},"description":"Optional. The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_client":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"Output only. The PEM encoded x509 certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this resource was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the client.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","optional":true},"azure_region":{"type":"string","description":"The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.","description_kind":"plain","required":true},"client":{"type":"string","description":"Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/\u003cproject-number\u003e/locations/\u003cregion\u003e/azureClients/\u003cclient-id\u003e`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"resource_group_id":{"type":"string","description":"The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions/*/resourceGroups/*`","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"azure_services_authentication":{"nesting_mode":"list","block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID for Authentication configuration.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID for Authentication configuration.","description_kind":"plain","required":true}},"description":"Azure authentication configuration for management of Azure resources","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the control plane VMs are deployed. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying control plane Azure resources.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.","description_kind":"plain","required":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-id\u003e/providers/Microsoft.KeyVault/vaults/\u003ckey-vault-id\u003e/keys/\u003ckey-name\u003e` Encryption will always take the latest version of the key and hence specific version is not supported.","description_kind":"plain","required":true}},"description":"Optional. Configuration related to application-layer secrets encryption.","description_kind":"plain"},"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"replica_placements":{"nesting_mode":"list","block":{"attributes":{"azure_availability_zone":{"type":"string","description":"For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.","description_kind":"plain","required":true},"subnet_id":{"type":"string","description":"For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true}},"description":"Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.","description_kind":"plain"}},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.","description_kind":"plain","required":true},"virtual_network_id":{"type":"string","description":"The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions/*/resourceGroups/*/providers/Microsoft.Network/virtualNetworks/*` This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","optional":true},"azure_availability_zone":{"type":"string","description":"Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to `1`.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The azureCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently pending changes to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the node pool VMs run. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the node pool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the node pool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying Azure resources for this node pool. This currently only includes Virtual Machine Scale Sets. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. See (/anthos/clusters/docs/azure/reference/supported-vms) for options. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each node pool machine. When unspecified, it defaults to a 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the node pool machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_cluster":{"version":1,"block":{"attributes":{"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","optional":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","optional":true,"computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","optional":true,"computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","optional":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","optional":true},"enable_binary_authorization":{"type":"bool","description":"Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.","description_kind":"plain","deprecated":true,"optional":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","optional":true,"computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","optional":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","optional":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","optional":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","optional":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true,"computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","optional":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","optional":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","optional":true,"computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","optional":true,"computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"cloudrun_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description_kind":"plain","optional":true}},"description":"The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.","description_kind":"plain"},"max_items":1},"config_connector_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The of the Config Connector addon.","description_kind":"plain"},"max_items":1},"dns_cache_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gce_persistent_disk_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to enabled; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"gcp_filestore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gcs_fuse_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gke_backup_agent_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"horizontal_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"http_load_balancing":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"network_policy_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.","description_kind":"plain"},"max_items":1}},"description":"The configuration for addons supported by GKE.","description_kind":"plain"},"max_items":1},"authenticator_groups_config":{"nesting_mode":"list","block":{"attributes":{"security_group":{"type":"string","description":"The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.","description_kind":"plain","required":true}},"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Binary Authorization for this cluster.","description_kind":"plain","deprecated":true,"optional":true},"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation.","description_kind":"plain","optional":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"cluster_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_provisioning_defaults":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The default image type used by NAP once a new node pool is being created.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["list","string"],"description":"Scopes that are used by NAP when creating node pools.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true}},"block_types":{"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.","description_kind":"plain","optional":true,"computed":true},"auto_upgrade":{"type":"bool","description":"Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.","description_kind":"plain","optional":true,"computed":true},"upgrade_options":{"type":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]],"description":"Specifies the Auto Upgrade knobs for the node pool.","description_kind":"plain","computed":true}},"description":"NodeManagement configuration for this NodePool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.","description_kind":"plain","optional":true},"max_unavailable":{"type":"number","description":"The maximum number of nodes that can be simultaneously unavailable during the upgrade process.","description_kind":"plain","optional":true},"strategy":{"type":"string","description":"Update strategy of the node pool.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Standard policy for the blue-green upgrade.","description_kind":"plain"},"max_items":1}},"description":"Settings for blue-green upgrade strategy.","description_kind":"plain"},"max_items":1}},"description":"Specifies the upgrade settings for NAP created node pools","description_kind":"plain"},"max_items":1}},"description":"Contains defaults for a node pool created by NAP.","description_kind":"plain"},"max_items":1},"resource_limits":{"nesting_mode":"list","block":{"attributes":{"maximum":{"type":"number","description":"Maximum amount of the resource in the cluster.","description_kind":"plain","optional":true},"minimum":{"type":"number","description":"Minimum amount of the resource in the cluster.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.","description_kind":"plain","required":true}},"description":"Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.","description_kind":"plain"}}},"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this cluster.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain"},"max_items":1},"cost_management_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.","description_kind":"plain","required":true}},"description":"Cost management configuration for the cluster.","description_kind":"plain"},"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_name":{"type":"string","description":"The key to use to encrypt/decrypt secrets.","description_kind":"plain","optional":true},"state":{"type":"string","description":"ENCRYPTED or DECRYPTED.","description_kind":"plain","required":true}},"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain"},"max_items":1},"default_snat_status":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.","description_kind":"plain","required":true}},"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain"},"max_items":1},"dns_config":{"nesting_mode":"list","block":{"attributes":{"cluster_dns":{"type":"string","description":"Which in-cluster DNS provider should be used.","description_kind":"plain","optional":true},"cluster_dns_domain":{"type":"string","description":"The suffix used for all cluster service records.","description_kind":"plain","optional":true},"cluster_dns_scope":{"type":"string","description":"The scope of access to cluster DNS records.","description_kind":"plain","optional":true}},"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain"},"max_items":1},"enable_k8s_beta_apis":{"nesting_mode":"list","block":{"attributes":{"enabled_apis":{"type":["set","string"],"description":"Enabled Kubernetes Beta APIs.","description_kind":"plain","required":true}},"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain"},"max_items":1},"gateway_api_config":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The Gateway API release channel to use for Gateway API.","description_kind":"plain","required":true}},"description":"Configuration for GKE Gateway API controller.","description_kind":"plain"},"max_items":1},"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"services_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set","description_kind":"plain","optional":true}},"block_types":{"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for cluster level pod cidr overprovision. Default is disabled=false.","description_kind":"plain"},"max_items":1}},"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain"},"max_items":1},"logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.","description_kind":"plain","required":true}},"description":"Logging configuration for the cluster.","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"daily_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description_kind":"plain","computed":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM”, where HH : [00-23] and MM : [00-59] GMT.","description_kind":"plain"},"max_items":1},"maintenance_exclusion":{"nesting_mode":"set","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"exclusion_name":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"block_types":{"exclusion_options":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"The scope of automatic upgrades to restrict in the exclusion window.","description_kind":"plain","required":true}},"description":"Maintenance exclusion related options.","description_kind":"plain"},"max_items":1}},"description":"Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.","description_kind":"plain"},"max_items":20},"recurring_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"recurrence":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window for recurring maintenance operations.","description_kind":"plain"},"max_items":1}},"description":"The maintenance policy to use for the cluster.","description_kind":"plain"},"max_items":1},"master_auth":{"nesting_mode":"list","block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"Base64 encoded private key used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true,"sensitive":true},"cluster_ca_certificate":{"type":"string","description":"Base64 encoded public certificate that is the root of trust for the cluster.","description_kind":"plain","computed":true}},"block_types":{"client_certificate_config":{"nesting_mode":"list","block":{"attributes":{"issue_client_certificate":{"type":"bool","description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain","required":true}},"description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"gcp_public_cidrs_access_enabled":{"type":"bool","description":"Whether master is accessbile via Google Compute Engine Public IP addresses.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"External networks that can access the Kubernetes cluster master through HTTPS.","description_kind":"plain"}}},"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain"},"max_items":1},"mesh_certificates":{"nesting_mode":"list","block":{"attributes":{"enable_certificates":{"type":"bool","description":"When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","required":true}},"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"managed_prometheus":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the managed collection is enabled.","description_kind":"plain","required":true}},"description":"Configuration for Google Cloud Managed Services for Prometheus.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration for the cluster.","description_kind":"plain"},"max_items":1},"network_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether network policy is enabled on the cluster.","description_kind":"plain","required":true},"provider":{"type":"string","description":"The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.","description_kind":"plain","optional":true}},"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true},"taint":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","required":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"node_pool":{"nesting_mode":"list","block":{"attributes":{"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true},"taint":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","required":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain"}},"node_pool_defaults":{"nesting_mode":"list","block":{"block_types":{"node_config_defaults":{"nesting_mode":"list","block":{"attributes":{"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true}},"description":"Subset of NodeConfig message that has defaults.","description_kind":"plain"},"max_items":1}},"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the notification config is enabled","description_kind":"plain","required":true},"topic":{"type":"string","description":"The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":["list","string"],"description":"Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT","description_kind":"plain","required":true}},"description":"Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent","description_kind":"plain"},"max_items":1}},"description":"Notification config for Cloud Pub/Sub","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain"},"max_items":1},"private_cluster_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_endpoint":{"type":"bool","description":"When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.","description_kind":"plain","optional":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.","description_kind":"plain","optional":true,"computed":true},"peering_name":{"type":"string","description":"The name of the peering between this cluster and the Google owned VPC.","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The internal IP address of this cluster's master endpoint.","description_kind":"plain","computed":true},"private_endpoint_subnetwork":{"type":"string","description":"Subnetwork in cluster's network where master's endpoint will be provisioned.","description_kind":"plain","optional":true},"public_endpoint":{"type":"string","description":"The external IP address of this cluster's master endpoint.","description_kind":"plain","computed":true}},"block_types":{"master_global_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the cluster master is accessible globally or not.","description_kind":"plain","required":true}},"description":"Controls cluster master global access settings.","description_kind":"plain"},"max_items":1}},"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain"},"max_items":1},"release_channel":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.","description_kind":"plain","required":true}},"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain"},"max_items":1},"resource_usage_export_config":{"nesting_mode":"list","block":{"attributes":{"enable_network_egress_metering":{"type":"bool","description":"Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.","description_kind":"plain","optional":true},"enable_resource_consumption_metering":{"type":"bool","description":"Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of a BigQuery Dataset.","description_kind":"plain","required":true}},"description":"Parameters for using BigQuery as the destination of resource usage export.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.","description_kind":"plain","optional":true,"computed":true},"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain"},"max_items":1},"service_external_ips_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, services with exterenal ips specified will be allowed.","description_kind":"plain","required":true}},"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vertical_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables vertical pod autoscaling.","description_kind":"plain","required":true}},"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain"},"max_items":1},"workload_identity_config":{"nesting_mode":"list","block":{"attributes":{"workload_pool":{"type":"string","description":"The workload pool to attach all Kubernetes service accounts to.","description_kind":"plain","optional":true}},"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_node_pool":{"version":1,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster to create the node pool for. Cluster must be present in location provided for zonal clusters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) of the cluster.","description_kind":"plain","optional":true,"computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which to create the node pool. If blank, the provider-configured project will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true},"taint":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","required":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_registry":{"version":0,"block":{"attributes":{"bucket_self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_entry":{"version":0,"block":{"attributes":{"bigquery_date_sharded_spec":{"type":["list",["object",{"dataset":"string","shard_count":"number","table_prefix":"string"}]],"description":"Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD.\nContext: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding.","description_kind":"plain","computed":true},"bigquery_table_spec":{"type":["list",["object",{"table_source_type":"string","table_spec":["list",["object",{"grouped_entry":"string"}]],"view_spec":["list",["object",{"view_query":"string"}]]}]],"description":"Specification that applies to a BigQuery table. This is only valid on entries of type TABLE.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Entry description, which can consist of several sentences or paragraphs that describe entry contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display information such as title and description. A short name to identify the entry,\nfor example, \"Analytics Data - Jan 2011\".","description_kind":"plain","optional":true},"entry_group":{"type":"string","description":"The name of the entry group this entry is in.","description_kind":"plain","required":true},"entry_id":{"type":"string","description":"The id of the entry to create.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integrated_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub.","description_kind":"plain","computed":true},"linked_resource":{"type":"string","description":"The resource this metadata entry refers to.\nFor Google Cloud Platform resources, linkedResource is the full name of the resource.\nFor example, the linkedResource for a table resource from BigQuery is:\n//bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId\nOutput only when Entry is of type in the EntryType enum. For entries with userSpecifiedType,\nthis field is optional and defaults to an empty string.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The Data Catalog resource name of the entry in URL format.\nExample: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}.\nNote that this Entry and its child resources may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"schema":{"type":"string","description":"Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema\nattached to it. See\nhttps://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema\nfor what fields this schema can contain.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the entry. Only used for Entries with types in the EntryType enum.\nCurrently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: [\"FILESET\"]","description_kind":"plain","optional":true},"user_specified_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog does not integrate with.\nuserSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers,\nand underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true},"user_specified_type":{"type":"string","description":"Entry type if it does not fit any of the input-allowed values listed in EntryType enum above.\nWhen creating an entry, users should check the enum values first, if nothing matches the entry\nto be created, then provide a custom value, for example \"my_special_type\".\nuserSpecifiedType strings must begin with a letter or underscore and can only contain letters,\nnumbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true}},"block_types":{"gcs_fileset_spec":{"nesting_mode":"list","block":{"attributes":{"file_patterns":{"type":["list","string"],"description":"Patterns to identify a set of files in Google Cloud Storage.\nSee [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames)\nfor more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns:\n\n* gs://bucket_name/dir/*: matches all files within bucket_name/dir directory.\n* gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories.\n* gs://bucket_name/file*: matches files prefixed by file in bucket_name\n* gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name\n* gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name\n* gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name\n* gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b\n* gs://another_bucket/a.txt: matches gs://another_bucket/a.txt","description_kind":"plain","required":true},"sample_gcs_file_specs":{"type":["list",["object",{"file_path":"string","size_bytes":"number"}]],"description":"Sample files contained in this fileset, not all files contained in this fileset are represented here.","description_kind":"plain","computed":true}},"description":"Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Entry group description, which can consist of several sentences or paragraphs that describe entry group contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A short name to identify the entry group, for example, \"analytics data - jan 2011\".","description_kind":"plain","optional":true},"entry_group_id":{"type":"string","description":"The id of the entry group to create. The id must begin with a letter or underscore,\ncontain only English letters, numbers and underscores, and be at most 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"EntryGroup location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag":{"version":0,"block":{"attributes":{"child_policy_tags":{"type":["list","string"],"description":"Resource names of child policy tags of this policy tag.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\"","description_kind":"plain","computed":true},"parent_policy_tag":{"type":"string","description":"Resource name of this policy tag's parent policy tag.\nIf empty, it means this policy tag is a top level policy tag.\nIf not set, defaults to an empty string.","description_kind":"plain","optional":true},"taxonomy":{"type":"string","description":"Taxonomy the policy tag is associated with","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag":{"version":0,"block":{"attributes":{"column":{"type":"string","description":"Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an\nindividual column based on that schema.\n\nFor attaching a tag to a nested column, use '.' to separate the column names. Example:\n'outer_column.inner_column'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag in URL format. Example:\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id}\nwhere tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to\nall entries in that group.","description_kind":"plain","optional":true},"template":{"type":"string","description":"The resource name of the tag template that this tag uses. Example:\nprojects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}\nThis field cannot be modified after creation.","description_kind":"plain","required":true},"template_displayname":{"type":"string","description":"The display name of the tag template.","description_kind":"plain","computed":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"bool_value":{"type":"bool","description":"Holds the value for a tag field with boolean type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of this field","description_kind":"plain","computed":true},"double_value":{"type":"number","description":"Holds the value for a tag field with double type.","description_kind":"plain","optional":true},"enum_value":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","optional":true},"field_name":{"type":"string","description_kind":"plain","required":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag. For example, a higher value can indicate\na more important field. The value can be negative. Multiple fields can have the same order, and field orders\nwithin a tag do not have to be sequential.","description_kind":"plain","computed":true},"string_value":{"type":"string","description":"Holds the value for a tag field with string type.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"Holds the value for a tag field with timestamp type.","description_kind":"plain","optional":true}},"description":"This maps the ID of a tag field to the value of and additional information about that field.\nValid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name for this template.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Template location region.","description_kind":"plain","optional":true,"computed":true},"tag_template_id":{"type":"string","description":"The id of the tag template to create.","description_kind":"plain","required":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description for this field.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The display name for this field.","description_kind":"plain","optional":true,"computed":true},"field_id":{"type":"string","description_kind":"plain","required":true},"is_required":{"type":"bool","description":"Whether this is a required field. Defaults to false.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}","description_kind":"plain","computed":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag template.\nA higher value indicates a more important field. The value can be negative.\nMultiple fields can have the same order, and field orders within a tag do not have to be sequential.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"type":{"nesting_mode":"list","block":{"attributes":{"primitive_type":{"type":"string","description":"Represents primitive types - string, bool etc.\n Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: [\"DOUBLE\", \"STRING\", \"BOOL\", \"TIMESTAMP\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enum_type":{"nesting_mode":"list","block":{"block_types":{"allowed_values":{"nesting_mode":"set","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","required":true}},"description":"The set of allowed values for this enum. The display names of the\nvalues must be case-insensitively unique within this set. Currently,\nenum values can only be added to the list of allowed values. Deletion\nand renaming of enum values are not supported.\nCan have up to 500 allowed values.","description_kind":"plain"},"min_items":1}},"description":"Represents an enum type.\n Exactly one of 'primitive_type' or 'enum_type' must be set","description_kind":"plain"},"max_items":1}},"description":"The type of value this tag field can contain.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy":{"version":0,"block":{"attributes":{"activated_policy_types":{"type":["list","string"],"description":"A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"]","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this taxonomy.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Taxonomy location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance":{"version":0,"block":{"attributes":{"api_endpoint":{"type":"string","description":"Endpoint on which the REST APIs is accessible.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"dataproc_service_account":{"type":"string","description":"User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of the instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name for an instance.","description_kind":"plain","optional":true},"enable_rbac":{"type":"bool","description":"Option to enable granular role-based access control.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Option to enable Stackdriver Logging.","description_kind":"plain","optional":true},"enable_stackdriver_monitoring":{"type":"bool","description":"Option to enable Stackdriver Monitoring.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket generated by Data Fusion in the customer project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for instance to use to annotate any related underlying resources,\nsuch as Compute Engine VMs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"options":{"type":["map","string"],"description":"Map of additional options used to configure the behavior of Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"p4_service_account":{"type":"string","description":"P4 service account for the customer project.","description_kind":"plain","computed":true},"private_instance":{"type":"bool","description":"Specifies whether the Data Fusion instance should be private. If set to\ntrue, all Data Fusion nodes will have private IP addresses and will not be\nable to access the public internet.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"service_endpoint":{"type":"string","description":"Endpoint on which the Data Fusion UI and REST APIs are accessible.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this Data Fusion instance.\n- CREATING: Instance is being created\n- RUNNING: Instance is running and ready for requests\n- FAILED: Instance creation failed\n- DELETING: Instance is being deleted\n- UPGRADING: Instance is being upgraded\n- RESTARTING: Instance is being restarted","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of this Data Fusion instance if available.","description_kind":"plain","computed":true},"tenant_project_id":{"type":"string","description":"The name of the tenant project.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Represents the type of Data Fusion instance. Each type is configured with\nthe default settings for processing and memory.\n- BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines\nusing point and click UI. However, there are certain limitations, such as fewer number\nof concurrent pipelines, no support for streaming pipelines, etc.\n- ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features\navailable, such as support for streaming pipelines, higher number of concurrent pipelines, etc.\n- DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but\nwith restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration\npipelines at low cost. Possible values: [\"BASIC\", \"ENTERPRISE\", \"DEVELOPER\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time the instance was last updated in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"version":{"type":"string","description":"Current version of the Data Fusion.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"CDC\", \"HEALTHCARE\", \"CCAI_INSIGHTS\"]","description_kind":"plain","required":true},"state":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true}},"description":"List of accelerators enabled for this CDF instance.\n\nIf accelerators are enabled it is possible a permadiff will be created with the Options field.\nUsers will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes).","description_kind":"plain"}},"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"event_publish_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Option to enable Event Publishing.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}","description_kind":"plain","required":true}},"description":"Option to enable and pass metadata for event publishing.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"ip_allocation":{"type":"string","description":"The IP range in CIDR notation to use for the managed Data Fusion instance\nnodes. This range must not overlap with any other ranges used in the Data Fusion instance network.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the network in the project with which the tenant project\nwill be peered for executing pipelines. In case of shared VPC where the network resides in another host\nproject the network should specified in the form of projects/{host-project-id}/global/networks/{network}","description_kind":"plain","required":true}},"description":"Network configuration options. These are required when a private Data Fusion instance is to be created.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_fusion_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_loss_prevention_deidentify_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"deidentify_config":{"nesting_mode":"list","block":{"block_types":{"image_transformations":{"nesting_mode":"list","block":{"block_types":{"transforms":{"nesting_mode":"list","block":{"block_types":{"all_info_types":{"nesting_mode":"list","block":{"description":"Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes.","description_kind":"plain"},"max_items":1},"all_text":{"nesting_mode":"list","block":{"description":"Apply transformation to all text that doesn't match an infoType.","description_kind":"plain"},"max_items":1},"redaction_color":{"nesting_mode":"list","block":{"attributes":{"blue":{"type":"number","description":"The amount of blue in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"green":{"type":"number","description":"The amount of green in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"red":{"type":"number","description":"The amount of red in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true}},"description":"The color to use when redacting content from an image. If not specified, the default is black.","description_kind":"plain"},"max_items":1},"selected_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"},"min_items":1}},"description":"Apply transformation to the selected infoTypes.","description_kind":"plain"},"max_items":1}},"description":"For determination of how redaction of images should occur.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as an image and redact.","description_kind":"plain"},"max_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"attributes":{"replace_with_info_type_config":{"type":"bool","description":"Replace each matching finding with the name of the info type.","description_kind":"plain","optional":true}},"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character.\nMasking can start from the beginning or end of the string.","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"Range of shift in days. Negative means shift to earlier in time.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends).\nNegative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"An integer value.","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a\nyear by itself or a year and month where the day is not significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Primitive transformation to apply to the infoType.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as free-form text and apply the same free text transformation everywhere","description_kind":"plain"},"max_items":1},"record_transformations":{"nesting_mode":"list","block":{"block_types":{"field_transformations":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against.\nThe 'value' block must only contain one argument. For example when a condition is evaluated against a string-type field, only 'string_value' should be set.\nThis argument is mandatory, except for conditions using the 'EXISTS' operator.","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression.","description_kind":"plain"},"max_items":1}},"description":"Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation.\nExample Use Cases:\n- Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.\n- Redact a field if the date of birth field is greater than 85.","description_kind":"plain"},"max_items":1},"fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId.\nFieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".","description_kind":"plain"},"min_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"},"min_items":1}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking. Only one of this or 'common_characters_to_ignore' must be specified.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Only one of this or 'characters_to_skip' must be specified. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Only one of this, 'custom_alphabet' or 'radix' must be specified. Possible values: [\"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''. Only one of this, 'common_alphabet' or 'radix' must be specified.","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\]. Only one of this, 'custom_alphabet' or 'common_alphabet' must be specified.","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"replace_with_info_type_config":{"nesting_mode":"list","block":{"description":"Replace each matching finding with the name of the info type.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","required":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the contents of the field as free text, and selectively transform content that matches an InfoType.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a specified value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Transform the record by applying various field transformations.","description_kind":"plain"}},"record_suppressions":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against. [Mandatory, except for EXISTS tests.]","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression, consisting of an operator and conditions.","description_kind":"plain"},"max_items":1}},"description":"A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.","description_kind":"plain"},"max_items":1}},"description":"Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.","description_kind":"plain"}}},"description":"Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the deidentify template","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_inspect_template":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the inspect template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the inspect template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the inspect template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the inspect template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"inspect_config":{"nesting_mode":"list","block":{"attributes":{"content_options":{"type":["list","string"],"description":"List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: [\"CONTENT_TEXT\", \"CONTENT_IMAGE\"]","description_kind":"plain","optional":true},"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","required":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","required":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","required":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"},"min_items":1},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider.","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider.","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.\nFor tabular data, the context includes the column name.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_job_trigger":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the job trigger.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the job trigger.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_run_time":{"type":"string","description":"The timestamp of the last time this trigger executed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the job trigger. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the trigger, either in the format 'projects/{{project}}'\nor 'projects/{{project}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Whether the trigger is currently active. Default value: \"HEALTHY\" Possible values: [\"PAUSED\", \"HEALTHY\", \"CANCELLED\"]","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The trigger id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+.\nThe maximum length is 100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"inspect_job":{"nesting_mode":"list","block":{"attributes":{"inspect_template_name":{"type":"string","description":"The name of the template to run when this job is triggered.","description_kind":"plain","optional":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"deidentify":{"nesting_mode":"list","block":{"attributes":{"cloud_storage_output":{"type":"string","description":"User settable Cloud Storage bucket and folders to store de-identified files.\n\nThis field must be set for cloud storage deidentification.\n\nThe output Cloud Storage bucket must be different from the input bucket.\n\nDe-identified files will overwrite files in the output path.\n\nForm of: gs://bucket/folder/ or gs://bucket","description_kind":"plain","required":true},"file_types_to_transform":{"type":["list","string"],"description":"List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed.\n\nIf empty, all supported files will be transformed. Supported types may be automatically added over time.\n\nIf a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Possible values: [\"IMAGE\", \"TEXT_FILE\", \"CSV\", \"TSV\"]","description_kind":"plain","optional":true}},"block_types":{"transformation_config":{"nesting_mode":"list","block":{"attributes":{"deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the default de-identify template.","description_kind":"plain","optional":true},"image_redact_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for images.","description_kind":"plain","optional":true},"structured_deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables.","description_kind":"plain","optional":true}},"description":"User specified deidentify templates and configs for structured, unstructured, and image files.","description_kind":"plain"},"max_items":1},"transformation_details_storage_config":{"nesting_mode":"list","block":{"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","optional":true}},"description":"The BigQuery table in which to store the output.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Config for storing transformation details.","description_kind":"plain"},"max_items":1}},"description":"Create a de-identified copy of the requested table or files.","description_kind":"plain"},"max_items":1},"job_notification_emails":{"nesting_mode":"list","block":{"description":"Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.","description_kind":"plain"},"max_items":1},"pub_sub":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to.","description_kind":"plain","required":true}},"description":"Publish a message into a given Pub/Sub topic when the job completes.","description_kind":"plain"},"max_items":1},"publish_findings_to_cloud_data_catalog":{"nesting_mode":"list","block":{"description":"Publish findings of a DlpJob to Data Catalog.","description_kind":"plain"},"max_items":1},"publish_summary_to_cscc":{"nesting_mode":"list","block":{"description":"Publish the result summary of a DlpJob to the Cloud Security Command Center.","description_kind":"plain"},"max_items":1},"publish_to_stackdriver":{"nesting_mode":"list","block":{"description":"Enable Stackdriver metric dlp.googleapis.com/findingCount.","description_kind":"plain"},"max_items":1},"save_findings":{"nesting_mode":"list","block":{"block_types":{"output_config":{"nesting_mode":"list","block":{"attributes":{"output_schema":{"type":"string","description":"Schema used for writing the findings for Inspect jobs. This field is only used for\nInspect and must be unspecified for Risk jobs. Columns are derived from the Finding\nobject. If appending to an existing table, any columns from the predefined schema\nthat are missing will be added. No columns in the existing table will be deleted.\n\nIf unspecified, then all available columns will be used for a new table or an (existing)\ntable with no schema, and no changes will be made to an existing table that has a schema.\nOnly for use with external storage. Possible values: [\"BASIC_COLUMNS\", \"GCS_COLUMNS\", \"DATASTORE_COLUMNS\", \"BIG_QUERY_COLUMNS\", \"ALL_COLUMNS\"]","description_kind":"plain","optional":true}},"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table. If is not set a new one will be generated for you with the following format:\n'dlp_googleapis_yyyy_mm_dd_[dlp_job_id]'. Pacific timezone will be used for generating the date details.","description_kind":"plain","optional":true}},"description":"Information on the location of the target BigQuery Table.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to store output","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk","description_kind":"plain"},"max_items":1}},"description":"A task to execute on the completion of a job.","description_kind":"plain"}},"inspect_config":{"nesting_mode":"list","block":{"attributes":{"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","optional":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","optional":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","optional":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"}},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"block_types":{"big_query_options":{"nesting_mode":"list","block":{"attributes":{"rows_limit":{"type":"number","description":"Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted.\nIf not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be\nspecified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"rows_limit_percent":{"type":"number","description":"Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of\nrowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either\nrowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. Default value: \"TOP\" Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"excluded_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field excluded from scanning.","description_kind":"plain","required":true}},"description":"References to fields excluded from scanning.\nThis allows you to skip inspection of entire columns which you know have no findings.","description_kind":"plain"}},"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of a BigQuery field to be returned with the findings.","description_kind":"plain","required":true}},"description":"Specifies the BigQuery fields that will be returned with findings.\nIf not specified, no identifying fields will be returned for findings.","description_kind":"plain"}},"included_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field to which scanning is limited.","description_kind":"plain","required":true}},"description":"Limit scanning only to these fields.","description_kind":"plain"}},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining BigQuery table and row identifiers.","description_kind":"plain"},"max_items":1},"cloud_storage_options":{"nesting_mode":"list","block":{"attributes":{"bytes_limit_per_file":{"type":"number","description":"Max number of bytes to scan from a file. If a scanned file's size is bigger than this value\nthen the rest of the bytes are omitted.","description_kind":"plain","optional":true},"bytes_limit_per_file_percent":{"type":"number","description":"Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"file_types":{"type":["list","string"],"description":"List of file type groups to include in the scan. If empty, all files are scanned and available data\nformat processors are applied. In addition, the binary content of the selected files is always scanned as well.\nImages are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: [\"BINARY_FILE\", \"TEXT_FILE\", \"IMAGE\", \"WORD\", \"PDF\", \"AVRO\", \"CSV\", \"TSV\", \"POWERPOINT\", \"EXCEL\"]","description_kind":"plain","optional":true},"files_limit_percent":{"type":"number","description":"Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile.\nIf not specified, scanning would start from the top. Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The Cloud Storage url of the file(s) to scan, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard\nin the path is allowed.\n\nIf the url ends in a trailing slash, the bucket or directory represented by the url will be scanned\nnon-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is\nequivalent to 'gs://mybucket/*', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/*'.","description_kind":"plain","optional":true}},"block_types":{"regex_file_set":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The name of a Cloud Storage bucket.","description_kind":"plain","required":true},"exclude_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to exclude. All files in the bucket that match at\nleast one of these regular expressions will be excluded from the scan.","description_kind":"plain","optional":true},"include_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to include. All files in the bucket\nthat match at least one of these regular expressions will be included in the set of files,\nexcept for those that also match an item in excludeRegex. Leaving this field empty will\nmatch all files by default (this is equivalent to including .* in the list)","description_kind":"plain","optional":true}},"description":"The regex-filtered set of files to scan.","description_kind":"plain"},"max_items":1}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a file or a set of files within a Google Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"datastore_options":{"nesting_mode":"list","block":{"block_types":{"kind":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the Datastore kind.","description_kind":"plain","required":true}},"description":"A representation of a Datastore kind.","description_kind":"plain"},"min_items":1,"max_items":1},"partition_id":{"nesting_mode":"list","block":{"attributes":{"namespace_id":{"type":"string","description":"If not empty, the ID of the namespace to which the entities belong.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the project to which the entities belong.","description_kind":"plain","required":true}},"description":"Datastore partition ID. A partition ID identifies a grouping of entities. The grouping\nis always by project and namespace, however the namespace ID may be empty.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a data set within Google Cloud Datastore.","description_kind":"plain"},"max_items":1},"hybrid_options":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A short description of where the data is coming from. Will be stored once in the job. 256 max length.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"To organize findings, these labels will be added to each finding.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nLabel values must be between 0 and 63 characters long and must conform to the regular expression '([a-z]([-a-z0-9]*[a-z0-9])?)?'.\n\nNo more than 10 labels can be associated with a given finding.\n\nExamples:\n* '\"environment\" : \"production\"'\n* '\"pipeline\" : \"etl\"'","description_kind":"plain","optional":true},"required_finding_label_keys":{"type":["list","string"],"description":"These are labels that each inspection request must include within their 'finding_labels' map. Request\nmay contain others, but any missing one of these will be rejected.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nNo more than 10 keys can be required.","description_kind":"plain","optional":true}},"block_types":{"table_options":{"nesting_mode":"list","block":{"block_types":{"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The columns that are the primary keys for table objects included in ContentItem. A copy of this\ncell's value will stored alongside alongside each finding so that the finding can be traced to\nthe specific row it came from. No more than 3 may be provided.","description_kind":"plain"}}},"description":"If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.","description_kind":"plain"},"max_items":1}},"description":"Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.","description_kind":"plain"},"max_items":1},"timespan_config":{"nesting_mode":"list","block":{"attributes":{"enable_auto_population_of_timespan_config":{"type":"bool","description":"When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid\nscanning files that have not been modified since the last time the JobTrigger executed. This will\nbe based on the time of the execution of the last run of the JobTrigger.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Exclude files or rows newer than this value. If set to zero, no upper time limit is applied.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Exclude files or rows older than this value.","description_kind":"plain","optional":true}},"block_types":{"timestamp_field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery.\n\nFor BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was\nmodified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp\nfield are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column.\n\nFor Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the\ntimestamp property does not exist or its value is empty or invalid.","description_kind":"plain","required":true}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Controls what and how to inspect for findings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"triggers":{"nesting_mode":"list","block":{"block_types":{"manual":{"nesting_mode":"list","block":{"description":"For use with hybrid jobs. Jobs must be manually created and finished.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"recurrence_period_duration":{"type":"string","description":"With this option a job is started a regular periodic basis. For example: every day (86400 seconds).\n\nA scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs.\n\nThis value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Schedule for triggered jobs","description_kind":"plain"},"max_items":1}},"description":"What event needs to occur for a new job to be started.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_data_loss_prevention_stored_info_type":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the info type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the info type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the info type. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the info type in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"stored_info_type_id":{"type":"string","description":"The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100\ncharacters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"large_custom_dictionary":{"nesting_mode":"list","block":{"block_types":{"big_query_field":{"nesting_mode":"list","block":{"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Designated field in the BigQuery table.","description_kind":"plain"},"min_items":1,"max_items":1},"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"max_items":1},"cloud_storage_file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The url, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard in the path is allowed.","description_kind":"plain","required":true}},"description":"Set of files containing newline-delimited lists of dictionary phrases.","description_kind":"plain"},"max_items":1},"output_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API.\nIf any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_database_migration_service_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The ID of the connection profile.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dbprovider":{"type":"string","description":"The database provider.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The connection profile display name.","description_kind":"plain","optional":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the connection profile should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"block_types":{"alloydb":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The AlloyDB cluster ID that this connection profile is associated with.","description_kind":"plain","required":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels for the AlloyDB cluster created by DMS.","description_kind":"plain","optional":true},"vpc_network":{"type":"string","description":"Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.","description_kind":"plain","required":true}},"block_types":{"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates if the initialUser.password field has been set.","description_kind":"plain","computed":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","required":true}},"description":"Required. Input only. Initial user to setup during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"primary_instance_settings":{"nesting_mode":"list","block":{"attributes":{"database_flags":{"type":["map","string"],"description":"Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The database username.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels for the AlloyDB primary instance created by DMS.","description_kind":"plain","optional":true},"private_ip":{"type":"string","description":"Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","required":true}},"description":"Configuration for the machines that host the underlying database engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for the cluster's primary instance","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination AlloyDB cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.","description_kind":"plain"},"max_items":1},"cloudsql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"Output only. The Cloud SQL instance ID that this connection profile is associated with.","description_kind":"plain","computed":true},"private_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's private IP.","description_kind":"plain","computed":true},"public_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's public IP.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. Possible values: [\"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true},"auto_storage_increase":{"type":"bool","description":"If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.\nIf the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.","description_kind":"plain","optional":true},"cmek_key_name":{"type":"string","description":"The KMS key name used for the csql instance.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The Cloud SQL default instance level collation.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"string","description":"The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"The type of storage. Possible values: [\"PD_SSD\", \"PD_HDD\"]","description_kind":"plain","optional":true},"database_flags":{"type":["map","string"],"description":"The database flags passed to the Cloud SQL instance at startup.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The database engine type and version.\nCurrently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion","description_kind":"plain","optional":true},"root_password":{"type":"string","description":"Input only. Initial root password.","description_kind":"plain","optional":true,"sensitive":true},"root_password_set":{"type":"bool","description":"Output only. Indicates If this connection profile root password is stored.","description_kind":"plain","computed":true},"source_id":{"type":"string","description":"The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID","description_kind":"plain","required":true},"storage_auto_resize_limit":{"type":"string","description":"The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).\nFor more information, see https://cloud.google.com/sql/docs/mysql/instance-settings","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.","description_kind":"plain","optional":true}},"block_types":{"ip_config":{"nesting_mode":"list","block":{"attributes":{"enable_ipv4":{"type":"bool","description":"Whether the instance should be assigned an IPv4 address or not.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.\nThis setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP should be enforced or not.","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time when this access control entry expires in RFC 3339 format.","description_kind":"plain","optional":true},"label":{"type":"string","description":"A label to identify this entry.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Input only. The time-to-leave of this access control entry.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The allowlisted value for the access control list.","description_kind":"plain","required":true}},"description":"The list of external networks that are allowed to connect to the instance using the IP.","description_kind":"plain"}}},"description":"The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination Cloud SQL database.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for MySQL databases.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"network_architecture":{"type":"string","description":"Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for PostgreSQL databases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataflow_job":{"version":0,"block":{"attributes":{"additional_experiments":{"type":["set","string"],"description":"List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].","description_kind":"plain","optional":true,"computed":true},"enable_streaming_engine":{"type":"bool","description":"Indicates if the job should use the streaming engine feature.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_configuration":{"type":"string","description":"The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".","description_kind":"plain","optional":true},"job_id":{"type":"string","description":"The unique ID of this job.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to use for the job.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource, required by Dataflow.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which VMs will be assigned. If it is not provided, \"default\" will be used.","description_kind":"plain","optional":true},"on_delete":{"type":"string","description":"One of \"drain\" or \"cancel\". Specifies behavior of deletion during terraform destroy.","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Key/Value pairs to be passed to the Dataflow job (as used in the template).","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created job should run.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The Service Account email used to create the job.","description_kind":"plain","optional":true},"skip_wait_on_job_termination":{"type":"bool","description":"If true, treat DRAINING and CANCELLING as terminal job states and do not wait for further changes before removing from terraform state and moving on. WARNING: this will lead to job name conflicts if you do not ensure that the job names are different, e.g. by embedding a release ID or by using a random_id.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The current state of the resource, selected from the JobState enum.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork to which VMs will be assigned. Should be of the form \"regions/REGION/subnetworks/SUBNETWORK\".","description_kind":"plain","optional":true},"temp_gcs_location":{"type":"string","description":"A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.","description_kind":"plain","required":true},"template_gcs_path":{"type":"string","description":"The Google Cloud Storage path to the Dataflow job template.","description_kind":"plain","required":true},"transform_name_mapping":{"type":["map","string"],"description":"Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of this job, selected from the JobType enum.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone in which the created job should run. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the asset was created.","description_kind":"plain","computed":true},"dataplex_zone":{"type":"string","description":"The zone for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the asset.","description_kind":"plain","optional":true},"discovery_status":{"type":["list",["object",{"last_run_duration":"string","last_run_time":"string","message":"string","state":"string","stats":["list",["object",{"data_items":"number","data_size":"number","filesets":"number","tables":"number"}]],"update_time":"string"}]],"description":"Output only. Status of the discovery feature applied to data referenced by this asset.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the asset.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the asset.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"resource_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the resource referenced by this asset.","description_kind":"plain","computed":true},"security_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the security policy applied to resource referenced by this asset.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the asset was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data referenced by this asset. When this spec is left unset, the asset will use the spec set on the parent zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: `projects/{project_number}/buckets/{bucket_id}` `projects/{project_number}/datasets/{dataset_id}`","description_kind":"plain","optional":true},"type":{"type":"string","description":"Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resource that is referenced by this asset.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset_iam_binding":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_member":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the scan was created.","description_kind":"plain","computed":true},"data_profile_result":{"type":["list",["object",{"profile":["list",["object",{"fields":["list",["object",{"mode":"string","name":"string","profile":["list",["object",{"distinct_ratio":"number","double_profile":["list",["object",{"average":"number","max":"string","min":"string","quartiles":"string","standard_deviation":"number"}]],"integer_profile":["list",["object",{"average":"number","max":"string","min":"string","quartiles":"string","standard_deviation":"number"}]],"null_ratio":"number","string_profile":["list",["object",{"average_length":"number","max_length":"string","min_length":"string"}]],"top_n_values":["list",["object",{"count":"string","value":"string"}]]}]],"type":"string"}]]}]],"row_count":"string","scanned_data":["list",["object",{"incremental_field":["list",["object",{"end":"string","field":"string","start":"string"}]]}]]}]],"description":"The result of the data profile scan.","description_kind":"plain","computed":true},"data_quality_result":{"type":["list",["object",{"dimensions":["list",["object",{"passed":"bool"}]],"passed":"bool","row_count":"string","rules":["list",["object",{"evaluated_count":"string","failing_rows_query":"string","null_count":"string","pass_ratio":"number","passed":"bool","passed_count":"string","rule":["list",["object",{"column":"string","dimension":"string","ignore_null":"bool","non_null_expectation":["list",["object",{}]],"range_expectation":["list",["object",{"max_value":"string","min_value":"string","strict_max_enabled":"bool","strict_min_enabled":"bool"}]],"regex_expectation":["list",["object",{"regex":"string"}]],"row_condition_expectation":["list",["object",{"sql_expression":"string"}]],"set_expectation":["list",["object",{"values":["list","string"]}]],"statistic_range_expectation":["list",["object",{"max_value":"string","min_value":"string","statistic":"string","strict_max_enabled":"bool","strict_min_enabled":"bool"}]],"table_condition_expectation":["list",["object",{"sql_expression":"string"}]],"threshold":"number","uniqueness_expectation":["list",["object",{}]]}]]}]],"scanned_data":["list",["object",{"incremental_field":["list",["object",{"end":"string","field":"string","start":"string"}]]}]]}]],"description":"The result of the data quality scan.","description_kind":"plain","computed":true},"data_scan_id":{"type":"string","description":"DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the scan.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"execution_status":{"type":["list",["object",{"latest_job_end_time":"string","latest_job_start_time":"string"}]],"description":"Status of the data scan execution.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the scan. A list of key-\u003evalue pairs.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the data scan should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the DataScan.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of DataScan.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the scan was last updated.","description_kind":"plain","computed":true}},"block_types":{"data":{"nesting_mode":"list","block":{"attributes":{"entity":{"type":"string","description":"The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be:\n(Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type \"TABLE\" for DataProfileScan/DataQualityScan.","description_kind":"plain","optional":true}},"description":"The data source for DataScan.","description_kind":"plain"},"min_items":1,"max_items":1},"data_profile_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.","description_kind":"plain","optional":true}},"description":"DataProfileScan related setting.","description_kind":"plain"},"max_items":1},"data_quality_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.","description_kind":"plain","optional":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"The unnested column which this rule is evaluated against.","description_kind":"plain","optional":true},"dimension":{"type":"string","description":"The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are [\"COMPLETENESS\", \"ACCURACY\", \"CONSISTENCY\", \"VALIDITY\", \"UNIQUENESS\", \"INTEGRITY\"]","description_kind":"plain","required":true},"ignore_null":{"type":"bool","description":"Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules.","description_kind":"plain","optional":true},"threshold":{"type":"number","description":"The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0).","description_kind":"plain","optional":true}},"block_types":{"non_null_expectation":{"nesting_mode":"list","block":{"description":"ColumnMap rule which evaluates whether each column value is null.","description_kind":"plain"},"max_items":1},"range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"strict_max_enabled":{"type":"bool","description":"Whether each value needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether each value needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnMap rule which evaluates whether each column value lies between a specified range.","description_kind":"plain"},"max_items":1},"regex_expectation":{"nesting_mode":"list","block":{"attributes":{"regex":{"type":"string","description":"A regular expression the column value is expected to match.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value matches a specified regex.","description_kind":"plain"},"max_items":1},"row_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether each row passes the specified condition.","description_kind":"plain"},"max_items":1},"set_expectation":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Expected values for the column value.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value is contained by a specified set.","description_kind":"plain"},"max_items":1},"statistic_range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"statistic":{"type":"string","description":"column statistics. Possible values: [\"STATISTIC_UNDEFINED\", \"MEAN\", \"MIN\", \"MAX\"]","description_kind":"plain","required":true},"strict_max_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range.","description_kind":"plain"},"max_items":1},"table_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether the provided expression is true.","description_kind":"plain"},"max_items":1},"uniqueness_expectation":{"nesting_mode":"list","block":{"description":"ColumnAggregate rule which evaluates whether the column has duplicates.","description_kind":"plain"},"max_items":1}},"description":"The list of rules to evaluate against a data source. At least one rule is required.","description_kind":"plain"}}},"description":"DataQualityScan related setting.","description_kind":"plain"},"max_items":1},"execution_spec":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table.","description_kind":"plain","optional":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"block_types":{"on_demand":{"nesting_mode":"list","block":{"description":"The scan runs once via dataScans.run API.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule for running scans periodically. This field is required for Schedule scans.","description_kind":"plain","required":true}},"description":"The scan is scheduled to run periodically.","description_kind":"plain"},"max_items":1}},"description":"Spec related to how often and when a scan should be triggered.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"DataScan execution settings.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_datascan_iam_binding":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_member":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the lake.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the lake was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the lake.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User-defined labels for the lake.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"metastore_status":{"type":["list",["object",{"endpoint":"string","message":"string","state":"string","update_time":"string"}]],"description":"Output only. Metastore status of the lake.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the lake.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account associated with this lake. This service account must be authorized to access or operate on resources managed by the lake.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the lake was last updated.","description_kind":"plain","computed":true}},"block_types":{"metastore":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional. A relative reference to the Dataproc Metastore (https://cloud.google.com/dataproc-metastore/docs) service associated with the lake: `projects/{project_id}/locations/{location_id}/services/{service_id}`","description_kind":"plain","optional":true}},"description":"Optional. Settings to manage lake and Dataproc Metastore service instance association.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_lake_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the task was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the task.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"execution_status":{"type":["list",["object",{"latest_job":["list",["object",{"end_time":"string","message":"string","name":"string","retry_count":"number","service":"string","service_job":"string","start_time":"string","state":"string","uid":"string"}]],"update_time":"string"}]],"description":"Configuration for the cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the task.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake in which the task will be created in.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the task will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the task.","description_kind":"plain","computed":true},"task_id":{"type":"string","description":"The task Id of the task.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the task was last updated.","description_kind":"plain","computed":true}},"block_types":{"execution_spec":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["map","string"],"description":"The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}.","description_kind":"plain","optional":true},"max_job_execution_lifetime":{"type":"string","description":"The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account to use to execute a task. If not provided, the default Compute service account for the project is used.","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1},"notebook":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"notebook":{"type":"string","description":"Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value).","description_kind":"plain","required":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"python_script_file":{"type":"string","description":"The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"sql_script":{"type":"string","description":"The query text. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true},"sql_script_file":{"type":"string","description":"A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_spec":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Trigger type of the user-specified Task Possible values: [\"ON_DEMAND\", \"RECURRING\"]","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the zone.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the zone was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the zone.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the zone.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"type":{"type":"string","description":"Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the zone. This ID will be different if the zone is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the zone was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data in this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"location_type":{"type":"string","description":"Required. Immutable. The location type of the resources that are allowed to be attached to the assets within this zone. Possible values: LOCATION_TYPE_UNSPECIFIED, SINGLE_REGION, MULTI_REGION","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resources that are referenced by the assets within this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_zone_iam_binding":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_member":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the autoscaling policy should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The \"resource name\" of the autoscaling policy.","description_kind":"plain","computed":true},"policy_id":{"type":"string","description":"The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 50 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"basic_algorithm":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"string","description":"Duration between scaling events. A scaling period starts after the\nupdate operation from the previous event has completed.\n\nBounds: [2m, 1d]. Default: 2m.","description_kind":"plain","optional":true}},"block_types":{"yarn_config":{"nesting_mode":"list","block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"Timeout for YARN graceful decommissioning of Node Managers. Specifies the\nduration to wait for jobs to complete before forcefully removing workers\n(and potentially interrupting jobs). Only applicable to downscaling operations.\n\nBounds: [0s, 1d].","description_kind":"plain","required":true},"scale_down_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nremove workers. A scale-down factor of 1 will result in scaling down so that there\nis no available memory remaining after the update (more aggressive scaling).\nA scale-down factor of 0 disables removing workers, which can be beneficial for\nautoscaling a single job.\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_down_min_worker_fraction":{"type":"number","description":"Minimum scale-down threshold as a fraction of total cluster size before scaling occurs.\nFor example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must\nrecommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0\nmeans the autoscaler will scale down on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true},"scale_up_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nadd workers. A scale-up factor of 1.0 will result in scaling up so that there\nis no pending memory remaining after the update (more aggressive scaling).\nA scale-up factor closer to 0 will result in a smaller magnitude of scaling up\n(less aggressive scaling).\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_up_min_worker_fraction":{"type":"number","description":"Minimum scale-up threshold as a fraction of total cluster size before scaling\noccurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler\nmust recommend at least a 2-worker scale-up for the cluster to scale. A threshold of\n0 means the autoscaler will scale up on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true}},"description":"YARN autoscaling configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Basic algorithm for autoscaling.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group. Note that by default, clusters will not use\nsecondary workers. Required for secondary workers if the minimum secondary instances is set.\nBounds: [minInstances, ). Defaults to 0.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for secondary workers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group.","description_kind":"plain","required":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for primary workers.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster":{"version":0,"block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"The timeout duration which allows graceful decomissioning when you change the number of worker nodes directly through a terraform apply","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The list of labels (key/value pairs) to be applied to instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name which is the name of the cluster.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the cluster will exist. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the cluster and associated nodes will be created in. Defaults to global.","description_kind":"plain","optional":true}},"block_types":{"cluster_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":" The name of the cloud storage bucket ultimately used to house the staging data for the cluster. If staging_bucket is specified, it will contain this value, otherwise it will be the auto generated name.","description_kind":"plain","computed":true},"staging_bucket":{"type":"string","description":"The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. Note: If you don't explicitly specify a staging_bucket then GCP will auto create / assign one for you. However, you are not guaranteed an auto generated bucket which is solely dedicated to your cluster; it may be shared with other clusters in the same region/zone also choosing to use the auto generation option.","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"The Cloud Storage temp bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. Note: If you don't explicitly specify a temp_bucket then GCP will auto create / assign one for you.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy_uri":{"type":"string","description":"The autoscaling policy used by the cluster.","description_kind":"plain","required":true}},"description":"The autoscaling policy config associated with the cluster.","description_kind":"plain"},"max_items":1},"dataproc_metric_config":{"nesting_mode":"list","block":{"block_types":{"metrics":{"nesting_mode":"list","block":{"attributes":{"metric_overrides":{"type":["set","string"],"description":"Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect.","description_kind":"plain","optional":true},"metric_source":{"type":"string","description":"A source for the collection of Dataproc OSS metrics (see [available OSS metrics] (https://cloud.google.com//dataproc/docs/guides/monitoring#available_oss_metrics)).","description_kind":"plain","required":true}},"description":"Metrics sources to enable.","description_kind":"plain"},"min_items":1}},"description":"The config for Dataproc metrics.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","required":true}},"description":"The Customer managed encryption keys settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"The flag to enable http access to specific ports on the cluster from external sources (aka Component Gateway). Defaults to false.","description_kind":"plain","required":true},"http_ports":{"type":["map","string"],"description":"The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"The config settings for port access on the cluster. Structure defined below.","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all instances in the cluster will only have internal IP addresses. Note: Private Google Access (also known as privateIpGoogleAccess) must be enabled on the subnetwork that the cluster will be launched in.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"A map of the Compute Engine metadata entries to add to all instances","description_kind":"plain","optional":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to the cluster will be part of. Conflicts with subnetwork. If neither is specified, this defaults to the \"default\" network.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs under the service_account specified. These can be either FQDNs, or scope aliases.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork the cluster will be part of. Conflicts with network.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to instances in the cluster. Tags are used to identify valid sources or targets for network firewalls.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP zone where your data is stored and used (i.e. where the master and the worker nodes will be created in). If region is set to 'global' (default) then zone is mandatory, otherwise GCP is able to make use of Auto Zone Placement to determine this automatically for you. Note: This setting additionally determines and restricts which computing resources are available for use with other configs such as cluster_config.master_config.machine_type and cluster_config.worker_config.machine_type.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group_uri":{"type":"string","description":"The URI of a sole-tenant that the cluster will be created on.","description_kind":"plain","required":true}},"description":"Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Type of reservation to consume.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether instances have integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether instances have Secure Boot enabled.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether instances have the vTPM enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster.","description_kind":"plain"},"max_items":1},"initialization_action":{"nesting_mode":"list","block":{"attributes":{"script":{"type":"string","description":"The script to be executed during initialization of the cluster. The script must be a GCS file with a gs:// prefix.","description_kind":"plain","required":true},"timeout_sec":{"type":"number","description":"The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300).","description_kind":"plain","optional":true}},"description":"Commands to execute on each node after config is completed. You can specify multiple versions of these.","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"The duration to keep the cluster alive while idling (no jobs running). After this TTL, the cluster will be deleted. Valid range: [10m, 14d].","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Time when the cluster became idle (most recent job finished) and became eligible for deletion due to idleness.","description_kind":"plain","computed":true}},"description":"The settings for auto deletion cluster schedule.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master/worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the master/worker instances in a cluster.","description_kind":"plain"},"max_items":1},"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","required":true}},"description":"Specifies a Metastore configuration.","description_kind":"plain"},"max_items":1},"preemptible_worker_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of preemptible instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"num_instances":{"type":"number","description":"Specifies the number of preemptible nodes to create. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"preemptibility":{"type":"string","description":"Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.","description_kind":"plain","optional":true}},"block_types":{"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each preemptible worker node, specified in GB. The smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each preemptible worker node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each preemptible worker node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the additional (aka preemptible) instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster\nKerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Flag to indicate whether to Kerberize the cluster.","description_kind":"plain","optional":true},"kdc_db_key_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing\nthe password to the user provided keystore. For the self-signed certificate, this password is generated\nby Dataproc","description_kind":"plain","optional":true},"keystore_uri":{"type":"string","description":"The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"kms_key_uri":{"type":"string","description":"The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","required":true},"realm":{"type":"string","description":"The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password_uri":{"type":"string","description":"The cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","required":true},"tgt_lifetime_hours":{"type":"number","description":"The lifetime of the ticket granting ticket, in hours.","description_kind":"plain","optional":true},"truststore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"truststore_uri":{"type":"string","description":"The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true}},"description":"Kerberos related configuration","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Security related configuration.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"The Cloud Dataproc image version to use for the cluster - this controls the sets of software versions installed onto the nodes when you create clusters. If not specified, defaults to the latest version.","description_kind":"plain","optional":true,"computed":true},"optional_components":{"type":["set","string"],"description":"The set of optional components to activate on the cluster.","description_kind":"plain","optional":true},"override_properties":{"type":["map","string"],"description":"A list of override and additional properties (key/value pairs) used to modify various aspects of the common configuration files used when creating a cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A list of the properties used to set the daemon config files. This will include any values supplied by the user via cluster_config.software_config.override_properties","description_kind":"plain","computed":true}},"description":"The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master/worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the master/worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Allows you to configure various aspects of the cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_cluster_config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket.","description_kind":"plain","optional":true}},"block_types":{"auxiliary_services_config":{"nesting_mode":"list","block":{"block_types":{"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"The Hive Metastore configuration for this workload.","description_kind":"plain","optional":true}},"description":"The Hive Metastore configuration for this workload.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Auxiliary services configuration for a Cluster.","description_kind":"plain"},"max_items":1},"kubernetes_cluster_config":{"nesting_mode":"list","block":{"attributes":{"kubernetes_namespace":{"type":"string","description":"A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.","description_kind":"plain","optional":true}},"block_types":{"gke_cluster_config":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_target":{"type":"string","description":"A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","optional":true}},"block_types":{"node_pool_target":{"nesting_mode":"list","block":{"attributes":{"node_pool":{"type":"string","description":"The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{nodePool}'","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"The roles associated with the GKE node pool.","description_kind":"plain","required":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"locations":{"type":["set","string"],"description":"The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes in the node pool. Must be \u003e= minNodeCount, and must be \u003e 0.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true}},"description":"The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.","description_kind":"plain"},"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Compute Engine machine type.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\" or \"Intel Sandy Bridge\".","description_kind":"plain","optional":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances. Preemptible nodes cannot be used in a node pool with the CONTROLLER role or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).","description_kind":"plain","optional":true},"spot":{"type":"bool","description":"Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.","description_kind":"plain","optional":true}},"description":"The node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"Input only. The configuration for the GKE node pool.","description_kind":"plain"},"max_items":1}},"description":"GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget.","description_kind":"plain"}}},"description":"The configuration for running the Dataproc cluster on GKE.","description_kind":"plain"},"min_items":1,"max_items":1},"kubernetes_software_config":{"nesting_mode":"list","block":{"attributes":{"component_version":{"type":["map","string"],"description":"The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image.","description_kind":"plain","optional":true,"computed":true}},"description":"The software configuration for this Dataproc cluster running on Kubernetes.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for running the Dataproc cluster on Kubernetes.","description_kind":"plain"},"max_items":1}},"description":"The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a Dataproc-on-GKE cluster. Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtualClusterConfig must be specified.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_binding":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_member":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job":{"version":0,"block":{"attributes":{"driver_controls_files_uri":{"type":"string","description":"Output-only. If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.","description_kind":"plain","computed":true},"driver_output_resource_uri":{"type":"string","description":"Output-only. A URI pointing to the location of the stdout of the job's driver program","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the job is first cancelled before issuing the delete.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the cluster can be found and jobs subsequently run against. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Cloud Dataproc region. This essentially determines which clusters are available for this job to be submitted to. If not specified, defaults to global.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"details":"string","state":"string","state_start_time":"string","substate":"string"}]],"description":"The status of the job.","description_kind":"plain","computed":true}},"block_types":{"hadoop_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of Hadoop job","description_kind":"plain"},"max_items":1},"hive_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Hive command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"The config of hive job","description_kind":"plain"},"max_items":1},"pig_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Pig command: name=[value]).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pag job.","description_kind":"plain"},"max_items":1},"placement":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the cluster where the job will be submitted","description_kind":"plain","required":true},"cluster_uuid":{"type":"string","description":"Output-only. A cluster UUID generated by the Cloud Dataproc service when the job is submitted","description_kind":"plain","computed":true}},"description":"The config of job placement.","description_kind":"plain"},"min_items":1,"max_items":1},"presto_config":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Presto client tags to attach to this query.","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The format in which query output will be displayed. See the Presto documentation for supported output formats.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values. Used to set Presto session properties Equivalent to using the --session flag in the Presto CLI.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of presto job","description_kind":"plain"},"max_items":1},"pyspark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pySpark job.","description_kind":"plain"},"max_items":1},"reference":{"nesting_mode":"list","block":{"attributes":{"job_id":{"type":"string","description":"The job ID, which must be unique within the project. The job ID is generated by the server upon job submission or provided by the user as a means to perform retries without creating duplicate jobs","description_kind":"plain","optional":true,"computed":true}},"description":"The reference of the job","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true},"max_failures_total":{"type":"number","description":"Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of the Spark job.","description_kind":"plain"},"max_items":1},"sparksql_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Cloud Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of SparkSql job","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","optional":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The fully qualified customer provided Cloud KMS key name to use for customer data encryption.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","required":true}},"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain"},"max_items":1},"hive_metastore_config":{"nesting_mode":"list","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml).\nThe mappings override system defaults (some keys cannot be overridden)","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Hive metastore schema version.","description_kind":"plain","required":true}},"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"krb5_config_gcs_uri":{"type":"string","description":"A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly.","description_kind":"plain","required":true},"principal":{"type":"string","description":"A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form \"primary/instance@REALM\", but there is no exact format.","description_kind":"plain","required":true}},"block_types":{"keytab":{"nesting_mode":"list","block":{"attributes":{"cloud_secret":{"type":"string","description":"The relative resource name of a Secret Manager secret version, in the following form:\n\n\"projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}\".","description_kind":"plain","required":true}},"description":"A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information used to configure the Hive metastore service as a service principal in a Kerberos realm.","description_kind":"plain"},"max_items":1}},"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"The day of week, when the window starts. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"hour_of_day":{"type":"number","description":"The hour of day (0-23) when the window starts.","description_kind":"plain","required":true}},"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"consumers":{"nesting_mode":"list","block":{"attributes":{"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.\nIt is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.\nThere must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:\n'projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}","description_kind":"plain","required":true}},"description":"The consumer-side network configuration for the Dataproc Metastore instance.","description_kind":"plain"},"min_items":1}},"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain"},"max_items":1},"telemetry_config":{"nesting_mode":"list","block":{"attributes":{"log_format":{"type":"string","description":"The output format of the Dataproc Metastore service's logs. Default value: \"JSON\" Possible values: [\"LEGACY\", \"JSON\"]","description_kind":"plain","optional":true}},"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataproc_workflow_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time template was created.","description_kind":"plain","computed":true},"dag_timeout":{"type":"string","description":"Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label **keys** must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be empty, but, if present, must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workflow template, as described in https://cloud.google.com/apis/design/resource_names. * For `projects.regions.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/regions/{region}/workflowTemplates/{template_id}` * For `projects.locations.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/locations/{location}/workflowTemplates/{template_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The time template was last updated.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Output only. The current version of this workflow template.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"jobs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.","description_kind":"plain","optional":true},"prerequisite_step_ids":{"type":["list","string"],"description":"Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.","description_kind":"plain","optional":true},"step_id":{"type":"string","description":"Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.","description_kind":"plain","required":true}},"block_types":{"hadoop_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hadoop job.","description_kind":"plain"},"max_items":1},"hive_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Hive queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hive job.","description_kind":"plain"},"max_items":1},"pig_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains the Pig queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Pig job.","description_kind":"plain"},"max_items":1},"presto_job":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Optional. Presto client tags to attach to this query","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Presto job.","description_kind":"plain"},"max_items":1},"pyspark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a PySpark job.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.","description_kind":"plain","optional":true},"max_failures_total":{"type":"number","description":"Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.","description_kind":"plain","optional":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Spark job.","description_kind":"plain"},"max_items":1},"spark_r_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkR job.","description_kind":"plain"},"max_items":1},"spark_sql_job":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkSql job.","description_kind":"plain"},"max_items":1}},"description":"Required. The Directed Acyclic Graph of Jobs to submit.","description_kind":"plain"},"min_items":1},"parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Brief description of the parameter. Must not exceed 1024 characters.","description_kind":"plain","optional":true},"fields":{"type":["list","string"],"description":"Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.","description_kind":"plain","required":true}},"block_types":{"validation":{"nesting_mode":"list","block":{"block_types":{"regex":{"nesting_mode":"list","block":{"attributes":{"regexes":{"type":["list","string"],"description":"Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).","description_kind":"plain","required":true}},"description":"Validation based on regular expressions.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Required. List of allowed values for the parameter.","description_kind":"plain","required":true}},"description":"Validation based on a list of allowed values.","description_kind":"plain"},"max_items":1}},"description":"Optional. Validation rules to be applied to this parameter's value.","description_kind":"plain"},"max_items":1}},"description":"Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.","description_kind":"plain"}},"placement":{"nesting_mode":"list","block":{"block_types":{"cluster_selector":{"nesting_mode":"list","block":{"attributes":{"cluster_labels":{"type":["map","string"],"description":"Required. The cluster labels. Cluster must have all labels to match.","description_kind":"plain","required":true},"zone":{"type":"string","description":"Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.","description_kind":"plain"},"max_items":1},"managed_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.","description_kind":"plain","optional":true}},"description":"Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"gce_pd_kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","optional":true}},"description":"Optional. Encryption settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.","description_kind":"plain","optional":true},"http_ports":{"type":["map","string"],"description":"Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"Optional. Port/endpoint configuration for this cluster","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).","description_kind":"plain","optional":true},"network":{"type":"string","description":"Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`","description_kind":"plain","optional":true},"private_ipv6_google_access":{"type":"string","description":"Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group":{"type":"string","description":"Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`","description_kind":"plain","required":true}},"description":"Optional. Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION","description_kind":"plain","optional":true},"key":{"type":"string","description":"Optional. Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Optional. Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Optional. Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.","description_kind":"plain","optional":true}},"description":"Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Optional. The shared Compute Engine config settings for all instances in a cluster.","description_kind":"plain"},"max_items":1},"initialization_actions":{"nesting_mode":"list","block":{"attributes":{"executable_file":{"type":"string","description":"Required. Cloud Storage URI of executable file.","description_kind":"plain","optional":true},"execution_timeout":{"type":"string","description":"Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.","description_kind":"plain","optional":true}},"description":"Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"auto_delete_ttl":{"type":"string","description":"Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","computed":true}},"description":"Optional. Lifecycle setting for the cluster.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for the master instance in a cluster.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for additional worker instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.","description_kind":"plain","optional":true},"kdc_db_key":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"keystore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"Optional. The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","optional":true},"realm":{"type":"string","description":"Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","optional":true},"tgt_lifetime_hours":{"type":"number","description":"Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.","description_kind":"plain","optional":true},"truststore":{"type":"string","description":"Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"truststore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true}},"description":"Optional. Kerberos related configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Security settings for the cluster.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.","description_kind":"plain","optional":true},"optional_components":{"type":["list","string"],"description":"Optional. The set of components to activate on the cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).","description_kind":"plain","optional":true}},"description":"Optional. The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Required. The cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A cluster that is managed by the workflow.","description_kind":"plain"},"max_items":1}},"description":"Required. WorkflowTemplate scheduling information.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastore_index":{"version":0,"block":{"attributes":{"ancestor":{"type":"string","description":"Policy for including ancestors in the index. Default value: \"NONE\" Possible values: [\"NONE\", \"ALL_ANCESTORS\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_id":{"type":"string","description":"The index id.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"The entity kind which the index applies to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"direction":{"type":"string","description":"The direction the index should optimize for sorting. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The property name to index.","description_kind":"plain","required":true}},"description":"An ordered list of properties to index on.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The connection profile identifier.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this connection profile is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_profile":{"nesting_mode":"list","block":{"description":"BigQuery warehouse profile.","description_kind":"plain"},"max_items":1},"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"SSH password.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"SSH private key.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"Forward SSH tunnel connectivity.","description_kind":"plain"},"max_items":1},"gcs_profile":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The Cloud Storage bucket name.","description_kind":"plain","required":true},"root_path":{"type":"string","description":"The root path inside the Cloud Storage bucket.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket profile.","description_kind":"plain"},"max_items":1},"mysql_profile":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the MySQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the MySQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the MySQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the MySQL connection.","description_kind":"plain","required":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM-encoded certificate of the CA that signed the source database\nserver's certificate.","description_kind":"plain","optional":true,"sensitive":true},"ca_certificate_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true},"client_certificate":{"type":"string","description":"PEM-encoded certificate that will be used by the replica to\nauthenticate against the source database server. If this field\nis used then the 'clientKey' and the 'caCertificate' fields are\nmandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_certificate_set":{"type":"bool","description":"Indicates whether the clientCertificate field is set.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'client_certificate' and the\n'ca_certificate' fields are mandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_key_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true}},"description":"SSL configuration for the MySQL connection.","description_kind":"plain"},"max_items":1}},"description":"MySQL database profile.","description_kind":"plain"},"max_items":1},"oracle_profile":{"nesting_mode":"list","block":{"attributes":{"connection_attributes":{"type":["map","string"],"description":"Connection string attributes","description_kind":"plain","optional":true},"database_service":{"type":"string","description":"Database for the Oracle connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the Oracle connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Oracle connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the Oracle connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the Oracle connection.","description_kind":"plain","required":true}},"description":"Oracle database profile.","description_kind":"plain"},"max_items":1},"postgresql_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the PostgreSQL connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the PostgreSQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the PostgreSQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the PostgreSQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the PostgreSQL connection.","description_kind":"plain","required":true}},"description":"PostgreSQL database profile.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"A reference to a private connection resource. Format: 'projects/{project}/locations/{location}/privateConnections/{name}'","description_kind":"plain","required":true}},"description":"Private connectivity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_private_connection":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc":{"type":"string","description":"Fully qualified name of the VPC that Datastream will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween Datastream and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_datastream_stream":{"version":0,"block":{"attributes":{"customer_managed_encryption_key":{"type":"string","description":"A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data\nwill be encrypted using an internal Stream-specific encryption key provisioned through KMS.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Stream. Set this field to 'RUNNING' to start the stream, and 'PAUSED' to pause the stream.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this stream is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The stream's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the stream.","description_kind":"plain","computed":true},"stream_id":{"type":"string","description":"The stream identifier.","description_kind":"plain","required":true}},"block_types":{"backfill_all":{"nesting_mode":"list","block":{"block_types":{"mysql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"oracle_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"postgresql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1}},"description":"Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded.","description_kind":"plain"},"max_items":1},"backfill_none":{"nesting_mode":"list","block":{"description":"Backfill strategy to disable automatic backfill for the Stream's objects.","description_kind":"plain"},"max_items":1},"destination_config":{"nesting_mode":"list","block":{"attributes":{"destination_connection_profile":{"type":"string","description":"Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"bigquery_destination_config":{"nesting_mode":"list","block":{"attributes":{"data_freshness":{"type":"string","description":"The guaranteed data freshness (in seconds) when querying tables created by the stream.\nEditing this field will only affect new tables created in the future, but existing tables\nwill not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true}},"block_types":{"single_target_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID in the format projects/{project}/datasets/{dataset_id} or\n{project}:{dataset_id}","description_kind":"plain","required":true}},"description":"A single target dataset to which all data will be streamed.","description_kind":"plain"},"max_items":1},"source_hierarchy_datasets":{"nesting_mode":"list","block":{"block_types":{"dataset_template":{"nesting_mode":"list","block":{"attributes":{"dataset_id_prefix":{"type":"string","description":"If supplied, every created dataset will have its name prefixed by the provided value.\nThe prefix and name will be separated by an underscore. i.e. _.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery\ntable. The BigQuery Service Account associated with your project requires access to this\nencryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}.\nSee https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee https://cloud.google.com/bigquery/docs/locations for supported locations.","description_kind":"plain","required":true}},"description":"Dataset template used for dynamic dataset creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1},"gcs_destination_config":{"nesting_mode":"list","block":{"attributes":{"file_rotation_interval":{"type":"string","description":"The maximum duration for which new events are added before a file is closed and a new file is created.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true,"computed":true},"file_rotation_mb":{"type":"number","description":"The maximum file size to be saved in the bucket.","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path inside the Cloud Storage bucket to write data to.","description_kind":"plain","optional":true}},"block_types":{"avro_file_format":{"nesting_mode":"list","block":{"description":"AVRO file format configuration.","description_kind":"plain"},"max_items":1},"json_file_format":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"Compression of the loaded JSON file. Possible values: [\"NO_COMPRESSION\", \"GZIP\"]","description_kind":"plain","optional":true},"schema_file_format":{"type":"string","description":"The schema file format along JSON data files. Possible values: [\"NO_SCHEMA_FILE\", \"AVRO_SCHEMA_FILE\"]","description_kind":"plain","optional":true}},"description":"JSON file format configuration.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"Destination connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"source_config":{"nesting_mode":"list","block":{"attributes":{"source_connection_profile":{"type":"string","description":"Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"mysql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"oracle_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"drop_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"stream_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"postgresql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non\nnegative. If not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"publication":{"type":"string","description":"The name of the publication that includes the set of all tables\nthat are defined in the stream's include_objects.","description_kind":"plain","required":true},"replication_slot":{"type":"string","description":"The name of the logical replication slot that's configured with\nthe pgoutput plugin.","description_kind":"plain","required":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"PostgreSQL data source configuration.","description_kind":"plain"},"max_items":1}},"description":"Source connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_deployment_manager_deployment":{"version":0,"block":{"attributes":{"create_policy":{"type":"string","description":"Set the policy to use for creating new resources. Only used on\ncreate and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or\n'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist,\nthe deployment will fail. Note that updating this field does not\nactually affect the deployment, just how it is updated. Default value: \"CREATE_OR_ACQUIRE\" Possible values: [\"ACQUIRE\", \"CREATE_OR_ACQUIRE\"]","description_kind":"plain","optional":true},"delete_policy":{"type":"string","description":"Set the policy to use for deleting new resources on update/delete.\nValid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE',\nresource is deleted after removal from Deployment Manager. If\n'ABANDON', the resource is only removed from Deployment Manager\nand is not actually deleted. Note that updating this field does not\nactually change the deployment, just how it is updated. Default value: \"DELETE\" Possible values: [\"ABANDON\", \"DELETE\"]","description_kind":"plain","optional":true},"deployment_id":{"type":"string","description":"Unique identifier for deployment. Output only.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional user-provided description of deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"manifest":{"type":"string","description":"Output only. URL of the manifest representing the last manifest that\nwas successfully deployed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the deployment","description_kind":"plain","required":true},"preview":{"type":"bool","description":"If set to true, a deployment is created with \"shell\" resources\nthat are not actually instantiated. This allows you to preview a\ndeployment. It can be updated to false to actually deploy\nwith real resources.\n ~\u003e**NOTE:** Deployment Manager does not allow update\nof a deployment in preview (unless updating to preview=false). Thus,\nTerraform will force-recreate deployments if either preview is updated\nto true or if other fields are updated while preview is true.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Output only. Server defined URL for the resource.","description_kind":"plain","computed":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":"Key for label.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of label.","description_kind":"plain","optional":true}},"description":"Key-value pairs to apply to this labels.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full YAML contents of your configuration file.","description_kind":"plain","required":true}},"description":"The root configuration file to use for this deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"imports":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full contents of the template that you want to import.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the template to import, as declared in the YAML\nconfiguration.","description_kind":"plain","optional":true}},"description":"Specifies import files for this configuration. This can be\nused to import templates or other files. For example, you might\nimport a text file in order to use the file in a template.","description_kind":"plain"}}},"description":"Parameters that define your deployment, including the deployment\nconfiguration and relevant templates.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_agent":{"version":0,"block":{"attributes":{"api_version":{"type":"string","description":"API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query\ndifferent service endpoints for different API versions. However, bots connectors and webhook calls will follow\nthe specified API version.\n* API_VERSION_V1: Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", \"API_VERSION_V2_BETA_1\"]","description_kind":"plain","optional":true,"computed":true},"avatar_uri":{"type":"string","description":"The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered\ninto this field, the Dialogflow will save the image in the backend. The address of the backend image returned\nfrom the API will be shown in the [avatarUriBackend] field.","description_kind":"plain","optional":true},"avatar_uri_backend":{"type":"string","description":"The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar,\nthe [avatarUri] field can be used.","description_kind":"plain","computed":true},"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent,\nyou can tune the machine learning classification threshold. If the returned score value is less than the threshold\nvalue, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be\ntriggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the\ndefault of 0.3 is used.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this agent.","description_kind":"plain","required":true},"enable_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_mode":{"type":"string","description":"Determines how intents are detected from user queries.\n* MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates\nsyntax and composite entities.\n* MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones\nusing @sys.any or very large developer entities. Possible values: [\"MATCH_MODE_HYBRID\", \"MATCH_MODE_ML_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the defaultLanguageCode).","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The agent tier. If not specified, TIER_STANDARD is assumed.\n* TIER_STANDARD: Standard tier.\n* TIER_ENTERPRISE: Enterprise tier (Essentials).\n* TIER_ENTERPRISE_PLUS: Enterprise tier (Plus).\nNOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between\nthe Terraform state and Dialogflow if the agent tier is changed outside of Terraform. Possible values: [\"TIER_STANDARD\", \"TIER_ENTERPRISE\", \"TIER_ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_agent":{"version":0,"block":{"attributes":{"avatar_uri":{"type":"string","description":"The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the agent, unique within the location.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location this agent is located in.\n\n~\u003e **Note:** The first time you are deploying an Agent in your project you must configure location settings.\n This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console.\n Another options is to use global location so you don't need to manually configure location settings.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the agent.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the default_language_code).","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"speech_to_text_settings":{"nesting_mode":"list","block":{"attributes":{"enable_speech_adaptation":{"type":"bool","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","optional":true}},"description":"Settings related to speech recognition.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_entity_type":{"version":0,"block":{"attributes":{"auto_expansion_mode":{"type":"string","description":"Represents kinds of entities.\n* AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity.\n* AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: [\"AUTO_EXPANSION_MODE_DEFAULT\", \"AUTO_EXPANSION_MODE_UNSPECIFIED\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the entity type, unique within the agent.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates whether the entity type can be automatically expanded.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value.\n* KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language of the following fields in entityType:\nEntityType.entities.value\nEntityType.entities.synonyms\nEntityType.excluded_phrases.value\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a entity type for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging.","description_kind":"plain","optional":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions.\nFor KIND_LIST entity types: This collection must contain exactly one synonym equal to value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions.\nFor KIND_MAP entity types: A canonical value to be used in place of synonyms.\nFor KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","optional":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"},"min_items":1},"excluded_phrases":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The word or phrase to be excluded.","description_kind":"plain","optional":true}},"description":"Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion.\nIf the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_environment":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the environment (unique in an agent). Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the environment.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Agent to create an Environment for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Update time of this environment. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_configs":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}.","description_kind":"plain","required":true}},"description":"A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_dialogflow_cx_flow":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the flow.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in flow:\nFlow.event_handlers.trigger_fulfillment.messages\nFlow.event_handlers.trigger_fulfillment.conditional_cases\nFlow.transition_routes.trigger_fulfillment.messages\nFlow.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the flow.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a flow for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"A flow's transition route group serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"messages":{"nesting_mode":"list","block":{"block_types":{"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A flow's event handlers serve two purposes:\nThey are responsible for handling events (e.g. no match, webhook errors) in the flow.\nThey are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow.\nUnlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored.","description_kind":"plain"}},"nlu_settings":{"nesting_mode":"list","block":{"attributes":{"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold.\nIf the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used.","description_kind":"plain","optional":true},"model_training_mode":{"type":"string","description":"Indicates NLU model training mode.\n* MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode.\n* MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: [\"MODEL_TRAINING_MODE_AUTOMATIC\", \"MODEL_TRAINING_MODE_MANUAL\"]","description_kind":"plain","optional":true},"model_type":{"type":"string","description":"Indicates the type of NLU model.\n* MODEL_TYPE_STANDARD: Use standard NLU model.\n* MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: [\"MODEL_TYPE_STANDARD\", \"MODEL_TYPE_ADVANCED\"]","description_kind":"plain","optional":true}},"description":"NLU related settings of the flow.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"messages":{"nesting_mode":"list","block":{"block_types":{"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A flow's transition routes serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying \"help\" or \"can I talk to a human?\", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow.\n\nTransitionRoutes are evalauted in the following order:\n TransitionRoutes with intent specified.\n TransitionRoutes with only condition specified.\n TransitionRoutes with intent specified are inherited by pages in the flow.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_intent":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation.\nAdding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes.\nPrefix \"sys-\" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. \"sys-head\" means the intent is a head intent. \"sys.contextual\" means the intent is a contextual intent.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in intent:\nIntent.training_phrases.parts.text\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create an intent for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\nIf the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console.\nIf the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true}},"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","required":true},"id":{"type":"string","description":"The unique identifier of the parameter. This field is used by training phrases to annotate their parts.","description_kind":"plain","required":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging.\nNote: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true}},"description":"The collection of parameters associated with the intent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"training_phrases":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The unique identifier of the training phrase.","description_kind":"plain","computed":true},"repeat_count":{"type":"number","description":"Indicates how many times this example was added to the intent.","description_kind":"plain","optional":true}},"block_types":{"parts":{"nesting_mode":"list","block":{"attributes":{"parameter_id":{"type":"string","description":"The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The text for this part.","description_kind":"plain","required":true}},"description":"The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase.\nNote: The API does not automatically annotate training phrases like the Dialogflow Console does.\nNote: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated.\nIf the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set.\nIf you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways:\nPart.text is set to a part of the phrase that has no parameters.\nPart.text is set to a part of the phrase that you want to annotate, and the parameterId field is set.","description_kind":"plain"},"min_items":1}},"description":"The collection of training phrases the agent is trained on to identify the intent.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_page":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in page:\n\nPage.entry_fulfillment.messages\nPage.entry_fulfillment.conditional_cases\nPage.event_handlers.trigger_fulfillment.messages\nPage.event_handlers.trigger_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.messages\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.reprompt_event_handlers.messages\nPage.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases\nPage.transition_routes.trigger_fulfillment.messages\nPage.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The flow to create a page for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page.\nIf multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -\u003e page's transition route group -\u003e flow's transition routes.\nIf multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"entry_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"messages":{"nesting_mode":"list","block":{"block_types":{"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}}},"description":"The fulfillment to call when the session is entering the page.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"messages":{"nesting_mode":"list","block":{"block_types":{"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"Handlers associated with the page to handle events such as webhook errors, no match or no input.","description_kind":"plain"}},"form":{"nesting_mode":"list","block":{"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the parameter, unique within the form.","description_kind":"plain","optional":true},"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","optional":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log.\nIf redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true},"required":{"type":"bool","description":"Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them.\nRequired parameters must be filled before form filling concludes.","description_kind":"plain","optional":true}},"block_types":{"fill_behavior":{"nesting_mode":"list","block":{"block_types":{"initial_prompt_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"messages":{"nesting_mode":"list","block":{"block_types":{"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}}},"description":"The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter.","description_kind":"plain"},"max_items":1}},"description":"Defines fill behavior for the parameter.","description_kind":"plain"},"max_items":1}},"description":"Parameters to collect from the user.","description_kind":"plain"}}},"description":"The form associated with the page, used for collecting parameters relevant to the page.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"messages":{"nesting_mode":"list","block":{"block_types":{"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow.\nWhen we are in a certain page, the TransitionRoutes are evalauted in the following order:\nTransitionRoutes defined in the page with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in flow with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in the page with only condition specified.\nTransitionRoutes defined in the transition route groups with only condition specified.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the version. Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation.","description_kind":"plain","computed":true},"nlu_settings":{"type":["list",["object",{"classification_threshold":"number","model_training_mode":"string","model_type":"string"}]],"description":"The NLU settings of the flow at version creation.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Flow to create an Version for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this version.\n* RUNNING: Version is not ready to serve (e.g. training is running).\n* SUCCEEDED: Training has succeeded and this version is ready to serve.\n* FAILED: Version training failed.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_webhook":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Indicates whether the webhook is disabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the webhook, unique within the agent.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the webhook.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a webhook for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Webhook execution timeout.","description_kind":"plain","optional":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"Configuration for a generic web service.","description_kind":"plain"},"max_items":1},"service_directory":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"The name of Service Directory service.","description_kind":"plain","required":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"The name of Service Directory service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for a Service Directory service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_entity_type":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The name of this entity type to be displayed on the console.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates the kind of entity type.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value.\n* KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity\ntypes can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/agent/entityTypes/\u003cEntity type ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym\ncould be green onions.\nFor KIND_LIST entity types:\n* This collection must contain exactly one synonym equal to value.","description_kind":"plain","required":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value\ncould be scallions.\nFor KIND_MAP entity types:\n* A reference value to be used in place of synonyms.\nFor KIND_LIST entity types:\n* A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","required":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_fulfillment":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the fulfillment, unique within the agent.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether fulfillment is enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the fulfillment.\nFormat: projects/\u003cProject ID\u003e/agent/fulfillment - projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agent/fulfillment","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"features":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of the feature that enabled for fulfillment.\n* SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: [\"SMALLTALK\"]","description_kind":"plain","required":true}},"description":"The field defines whether the fulfillment is enabled for certain features.","description_kind":"plain"}},"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password for HTTP Basic authentication.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with fulfillment requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The fulfillment URI for receiving POST requests. It must use https protocol.","description_kind":"plain","required":true},"username":{"type":"string","description":"The user name for HTTP Basic authentication.","description_kind":"plain","optional":true}},"description":"Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_intent":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The name of the action associated with the intent.\nNote: The action name must not contain whitespaces.","description_kind":"plain","optional":true,"computed":true},"default_response_platforms":{"type":["list","string"],"description":"The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED\n(i.e. default platform). Possible values: [\"FACEBOOK\", \"SLACK\", \"TELEGRAM\", \"KIK\", \"SKYPE\", \"LINE\", \"VIBER\", \"ACTIONS_ON_GOOGLE\", \"GOOGLE_HANGOUTS\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this intent to be displayed on the console.","description_kind":"plain","required":true},"events":{"type":["list","string"],"description":"The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of\nthe contexts must be present in the active user session for an event to trigger this intent. See the\n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details.","description_kind":"plain","optional":true},"followup_intent_info":{"type":["list",["object",{"followup_intent_name":"string","parent_followup_intent_name":"string"}]],"description":"Information about all followup intents that have this intent as a direct or indirect parent. We populate this field\nonly in the output.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"input_context_names":{"type":["list","string"],"description":"The list of context names required for this intent to be triggered.\nFormat: projects/\u003cProject ID\u003e/agent/sessions/-/contexts/\u003cContext ID\u003e.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent.","description_kind":"plain","optional":true,"computed":true},"ml_disabled":{"type":"bool","description":"Indicates whether Machine Learning is disabled for the intent.\nNote: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML\nONLY match mode. Also, auto-markup in the UI is turned off.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent_followup_intent_name":{"type":"string","description":"The unique identifier of the parent intent in the chain of followup intents.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\n - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds\n to the Normal priority in the console.\n - If the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reset_contexts":{"type":"bool","description":"Indicates whether to delete all contexts in the current session when this intent is matched.","description_kind":"plain","optional":true,"computed":true},"root_followup_intent_name":{"type":"string","description":"The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup\nintents chain for this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"webhook_state":{"type":"string","description":"Indicates whether webhooks are enabled for the intent.\n* WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent.\n* WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot\nfilling prompt is forwarded to the webhook. Possible values: [\"WEBHOOK_STATE_ENABLED\", \"WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The DNS name of this managed zone, for instance \"example.com.\".","description_kind":"plain","required":true},"force_destroy":{"type":"bool","description":"Set this true to delete all records in the zone.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this ManagedZone.","description_kind":"plain","optional":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"User assigned name for this resource.\nMust be unique within the project.","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description":"Delegate your managed_zone to these virtual name servers;\ndefined by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"]","description_kind":"plain","optional":true}},"block_types":{"cloud_logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_logging":{"type":"bool","description":"If set, enable query logging for this ManagedZone. False by default, making logging opt-in.","description_kind":"plain","required":true}},"description":"Cloud logging configuration","description_kind":"plain"},"max_items":1},"dnssec_config":{"nesting_mode":"list","block":{"attributes":{"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true},"non_existence":{"type":"string","description":"Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"]","description_kind":"plain","optional":true}},"block_types":{"default_key_specs":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"]","description_kind":"plain","optional":true},"key_length":{"type":"number","description":"Length of the keys in bits","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"]","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true}},"description":"Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.","description_kind":"plain"}}},"description":"DNSSEC configuration","description_kind":"plain"},"max_items":1},"forwarding_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address of a target name server.","description_kind":"plain","required":true}},"description":"List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.","description_kind":"plain"},"min_items":1}},"description":"The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.","description_kind":"plain"},"max_items":1},"peering_config":{"nesting_mode":"list","block":{"block_types":{"target_network":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The network with which to peer.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.","description_kind":"plain"},"max_items":1},"private_visibility_config":{"nesting_mode":"list","block":{"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to bind to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you\nmay experience issues with this resource while updating. If you've defined a 'networks' block and\nadd another 'networks' block while keeping the old block, Terraform will see an incorrect diff\nand apply an incorrect update to the resource. If you encounter this issue, remove all 'networks'\nblocks in an update and then apply another update adding all of them back simultaneously.","description_kind":"plain"},"min_items":1}},"description":"For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"enable_inbound_forwarding":{"type":"bool","description":"Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User assigned name for this policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"alternative_name_server_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address to forward to.","description_kind":"plain","required":true}},"description":"Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.","description_kind":"plain"},"min_items":1}},"description":"Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.","description_kind":"plain"},"max_items":1},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"List of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description":"The name of the zone in which this record set will reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The DNS name this record set will apply to.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \\\" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \\\"\\\" inside the Terraform configuration string (e.g. \"first255characters\\\"\\\"morecharacters\").","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"plain","optional":true},"type":{"type":"string","description":"The DNS record set type.","description_kind":"plain","required":true}},"block_types":{"routing_policy":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing":{"type":"bool","description":"Specifies whether to enable fencing for geo queries.","description_kind":"plain","optional":true}},"block_types":{"geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Geo location based routing policy.","description_kind":"plain"}},"primary_backup":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing_for_backups":{"type":"bool","description":"Specifies whether to enable fencing for backup geo queries.","description_kind":"plain","optional":true},"trickle_ratio":{"type":"number","description":"Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.","description_kind":"plain","optional":true}},"block_types":{"backup_geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The backup geo targets, which provide a regional failover policy for the otherwise global primary targets.","description_kind":"plain"},"min_items":1},"primary":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of global primary targets to be health checked.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.","description_kind":"plain"},"max_items":1},"wrr":{"nesting_mode":"list","block":{"attributes":{"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true},"weight":{"type":"number","description":"The ratio of traffic routed to the target.","description_kind":"plain","required":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of `rrdatas` or `health_checked_targets` can be set.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Weighted Round Robin based routing policy.","description_kind":"plain"}}},"description":"The configuration for steering traffic based on query. You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_response_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the response policy, such as 'My new response policy'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy_name":{"type":"string","description":"The user assigned name for this Response Policy, such as 'myresponsepolicy'.","description_kind":"plain","required":true}},"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The fully qualified URL of the VPC network to bind to.\nThis should be formatted like\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_response_policy_rule":{"version":0,"block":{"attributes":{"dns_name":{"type":"string","description":"The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy":{"type":"string","description":"Identifies the response policy addressed by this request.","description_kind":"plain","required":true},"rule_name":{"type":"string","description":"An identifier for this rule. Must be unique with the ResponsePolicy.","description_kind":"plain","required":true}},"block_types":{"local_data":{"nesting_mode":"list","block":{"block_types":{"local_datas":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"For example, www.example.com.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description":"As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Number of seconds that this ResourceRecordSet can be cached by\nresolvers.","description_kind":"plain","optional":true},"type":{"type":"string","description":"One of valid DNS resource types. Possible values: [\"A\", \"AAAA\", \"CAA\", \"CNAME\", \"DNSKEY\", \"DS\", \"HTTPS\", \"IPSECVPNKEY\", \"MX\", \"NAPTR\", \"NS\", \"PTR\", \"SOA\", \"SPF\", \"SRV\", \"SSHFP\", \"SVCB\", \"TLSA\", \"TXT\"]","description_kind":"plain","required":true}},"description":"All resource record sets for this selector, one per resource record type. The name must match the dns_name.","description_kind":"plain"},"min_items":1}},"description":"Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;\nin particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name. Must be unique.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the processor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor_default_version":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"processor":{"type":"string","description":"The processor to set the version on.","description_kind":"plain","required":true},"version":{"type":"string","description":"The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel.\nApply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_document_schema":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name of the schema given by the user.","description_kind":"plain","required":true},"document_is_folder":{"type":"bool","description":"Tells whether the document is a folder or a typical document.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the document schema.","description_kind":"plain","computed":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"property_type_options":{"nesting_mode":"list","block":{"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1}},"description":"Nested structured data property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text/string property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_location":{"version":0,"block":{"attributes":{"access_control_mode":{"type":"string","description":"The access control mode for accessing the customer data. Possible values: [\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\", \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_BYOID\", \"ACL_MODE_UNIVERSAL_ACCESS\"]","description_kind":"plain","required":true},"database_type":{"type":"string","description":"The type of database used to store customer data. Possible values: [\"DB_INFRA_SPANNER\", \"DB_CLOUD_SQL_POSTGRES\"]","description_kind":"plain","required":true},"document_creator_default_role":{"type":"string","description":"The default role for the person who create a document. Possible values: [\"DOCUMENT_ADMIN\", \"DOCUMENT_EDITOR\", \"DOCUMENT_VIEWER\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"The KMS key used for CMEK encryption. It is required that\nthe kms key is in the same region as the endpoint. The\nsame key will be used for all provisioned resources, if\nencryption is available. If the kmsKey is left empty, no\nencryption will be enforced.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the instance is to be provisioned. It takes the form projects/{projectNumber}/locations/{location}.","description_kind":"plain","required":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service":{"version":1,"block":{"attributes":{"apis":{"type":["list",["object",{"methods":["list",["object",{"name":"string","request_type":"string","response_type":"string","syntax":"string"}]],"name":"string","syntax":"string","version":"string"}]],"description":"A list of API objects.","description_kind":"plain","computed":true},"config_id":{"type":"string","description":"The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.","description_kind":"plain","computed":true},"dns_address":{"type":"string","description":"The address at which the service can be found - usually the same as the service name.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["object",{"address":"string","name":"string"}]],"description":"A list of Endpoint objects.","description_kind":"plain","computed":true},"grpc_config":{"type":"string","description":"The full text of the Service Config YAML file (Example located here). If provided, must also provide protoc_output_base64. open_api config must not be provided.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"openapi_config":{"type":"string","description":"The full text of the OpenAPI YAML configuration as described here. Either this, or both of grpc_config and protoc_output_base64 must be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project ID that the service belongs to. If not provided, provider project is used.","description_kind":"plain","optional":true,"computed":true},"protoc_output_base64":{"type":"string","description":"The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_binding":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_member":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_essential_contacts_contact":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address to send notifications to. This does not need to be a Google account.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_tag":{"type":"string","description":"The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.","description_kind":"plain","required":true},"name":{"type":"string","description":"The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}","description_kind":"plain","computed":true},"notification_category_subscriptions":{"type":["list","string"],"description":"The categories of notifications that the contact will receive communications for.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_channel":{"version":0,"block":{"attributes":{"activation_token":{"type":"string","description":"Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the channel. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{project}/topics/{topic_id}`.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE","description_kind":"plain","computed":true},"third_party_provider":{"type":"string","description":"The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: `projects/{project}/locations/{location}/providers/{provider_id}`.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_google_channel_config":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the config. Must be in the format of, `projects/{project}/locations/{location}/googleChannelConfig`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_trigger":{"version":0,"block":{"attributes":{"channel":{"type":"string","description":"Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.","description_kind":"plain","optional":true},"conditions":{"type":["map","string"],"description":"Output only. The reason(s) why a trigger is in FAILED state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"event_data_content_type":{"type":"string","description":"Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User labels attached to the triggers that can be used to group resources.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the trigger. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"cloud_function":{"type":"string","description":"[WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function}","description_kind":"plain","optional":true},"workflow":{"type":"string","description":"The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`","description_kind":"plain","optional":true}},"block_types":{"cloud_run_service":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"region":{"type":"string","description":"Required. The region the Cloud Run service is deployed in.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.","description_kind":"plain","required":true}},"description":"Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.","description_kind":"plain"},"max_items":1},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.","description_kind":"plain","required":true},"location":{"type":"string","description":"Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Required. The namespace the GKE service is running in.","description_kind":"plain","required":true},"path":{"type":"string","description":"Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the GKE service.","description_kind":"plain","required":true}},"description":"A GKE service capable of receiving events. The service should be running in the same project as the trigger.","description_kind":"plain"},"max_items":1}},"description":"Required. Destination specifies where the events should be sent to.","description_kind":"plain"},"min_items":1,"max_items":1},"matching_criteria":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.","description_kind":"plain","required":true}},"description":"Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transport":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"subscription":{"type":"string","description":"Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.","description_kind":"plain","optional":true}},"description":"The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.","description_kind":"plain"},"max_items":1}},"description":"Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_filestore_backup":{"version":0,"block":{"attributes":{"capacity_gb":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"download_bytes":{"type":"string","description":"Amount of bytes that will be downloaded if the backup is restored.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_file_share":{"type":"string","description":"Name of the file share in the source Cloud Filestore instance that the backup is created from.","description_kind":"plain","required":true},"source_instance":{"type":"string","description":"The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup.","description_kind":"plain","required":true},"source_instance_tier":{"type":"string","description":"The service tier of the source Cloud Filestore instance that this backup is created from.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The backup state.","description_kind":"plain","computed":true},"storage_bytes":{"type":"string","description":"The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE","description_kind":"plain","required":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"file_shares":{"nesting_mode":"list","block":{"attributes":{"capacity_gb":{"type":"number","description":"File share capacity in GiB. This must be at least 1024 GiB\nfor the standard tier, or 2560 GiB for the premium tier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the fileshare (16 characters or less)","description_kind":"plain","required":true},"source_backup":{"type":"string","description":"The resource name of the backup, in the format\nprojects/{projectId}/locations/{locationId}/backups/{backupId},\nthat this file share has been restored from.","description_kind":"plain","computed":true}},"block_types":{"nfs_export_options":{"nesting_mode":"list","block":{"attributes":{"access_mode":{"type":"string","description":"Either READ_ONLY, for allowing only read requests on the exported directory,\nor READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"anon_gid":{"type":"number","description":"An integer representing the anonymous group id with a default value of 65534.\nAnon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"anon_uid":{"type":"number","description":"An integer representing the anonymous user id with a default value of 65534.\nAnon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"ip_ranges":{"type":["list","string"],"description":"List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share.\nOverlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned.\nThe limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.","description_kind":"plain","optional":true},"squash_mode":{"type":"string","description":"Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH,\nfor not allowing root access. The default is NO_ROOT_SQUASH. Default value: \"NO_ROOT_SQUASH\" Possible values: [\"NO_ROOT_SQUASH\", \"ROOT_SQUASH\"]","description_kind":"plain","optional":true}},"description":"Nfs Export Options. There is a limit of 10 export options per file share.","description_kind":"plain"},"max_items":10}},"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"networks":{"nesting_mode":"list","block":{"attributes":{"connect_mode":{"type":"string","description":"The network connect mode of the Filestore instance.\nIf not provided, the connect mode defaults to\nDIRECT_PEERING. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"A list of IPv4 or IPv6 addresses.","description_kind":"plain","computed":true},"modes":{"type":["list","string"],"description":"IP versions for which the instance has\nIP addresses assigned. Possible values: [\"ADDRESS_MODE_UNSPECIFIED\", \"MODE_IPV4\", \"MODE_IPV6\"]","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the GCE VPC network to which the\ninstance is connected.","description_kind":"plain","required":true},"reserved_ip_range":{"type":"string","description":"A /29 CIDR block that identifies the range of IP\naddresses reserved for this instance.","description_kind":"plain","optional":true,"computed":true}},"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_snapshot":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"filesystem_used_bytes":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The resource name of the filestore instance.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the snapshot. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The snapshot state.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_release":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the release was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: `projects/{project_id}/releases/{release_id}`\\Firestore Rules Releases will **always** have the name 'cloud.firestore'","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"ruleset_name":{"type":"string","description":"Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Time the release was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_ruleset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the `Ruleset` was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["list",["object",{"services":["list","string"]}]],"description":"Output only. The metadata for this ruleset.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output only. Name of the `Ruleset`. The ruleset_id is auto generated by the service. Format: `projects/{project_id}/rulesets/{ruleset_id}`","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"language":{"type":"string","description":"`Language` of the `Source` bundle. If unspecified, the language will default to `FIREBASE_RULES`. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS","description_kind":"plain","optional":true}},"block_types":{"files":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"Textual Content.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint (e.g. github sha) associated with the `File`.","description_kind":"plain","optional":true},"name":{"type":"string","description":"File name.","description_kind":"plain","required":true}},"description":"`File` set constituting the `Source` bundle.","description_kind":"plain"},"min_items":1}},"description":"`Source` for the `Ruleset`.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_database":{"version":0,"block":{"attributes":{"app_engine_integration_mode":{"type":"string","description":"The App Engine integration mode to use for this database. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"concurrency_mode":{"type":"string","description":"The concurrency control mode to use for this database. Possible values: [\"OPTIMISTIC\", \"PESSIMISTIC\", \"OPTIMISTIC_WITH_ENTITY_GROUPS\"]","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"The timestamp at which this database was created.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an\nup-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_prefix":{"type":"string","description":"Output only. The keyPrefix for this database.\nThis keyPrefix is used, in combination with the project id (\"~\") to construct the application id\nthat is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes.\nThis value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The location of the database. Available databases are listed at\nhttps://cloud.google.com/firestore/docs/locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID to use for the database, which will become the final\ncomponent of the database's resource name. This value should be 4-63\ncharacters. Valid characters are /[a-z][0-9]-/ with first character\na letter and the last a letter or a number. Must not be\nUUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/.\n\"(default)\" database id is also valid.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the database.\nSee https://cloud.google.com/datastore/docs/firestore-or-datastore\nfor information about how to choose. Possible values: [\"FIRESTORE_NATIVE\", \"DATASTORE_MODE\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_document":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 format.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"document_id":{"type":"string","description":"The client-assigned document ID to use for this document during creation.","description_kind":"plain","required":true},"fields":{"type":"string","description":"The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}'","description_kind":"plain","computed":true},"path":{"type":"string","description":"A relative path to the collection this document exists within","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Last update timestamp in RFC3339 format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_field":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The id of the collection group to configure.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"field":{"type":"string","description":"The id of the field to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this field. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"index_config":{"nesting_mode":"list","block":{"block_types":{"indexes":{"nesting_mode":"set","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=, !=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Collection scoped queries require you specify\nthe collection at query time. Collection group scope allows queries across all\ncollections with the same id. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"description":"The indexes to configure on the field. Order or array contains must be specified.","description_kind":"plain"}}},"description":"The single field index configuration for this field.\nCreating an index configuration for this field will override any inherited configuration with the\nindexes specified. Configuring the index configuration with an empty block disables all indexes on\nthe field.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"ttl_config":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"The state of the TTL configuration.","description_kind":"plain","computed":true}},"description":"If set, this field is configured for TTL deletion.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_index":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection being indexed.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"block_types":{"fields":{"nesting_mode":"list","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"field_path":{"type":"string","description":"Name of the field.","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true}},"description":"The fields supported by this index. The last field entry is always for\nthe field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the\nsame direction as that of the last field defined. If the final field\nin a composite index is not directional, the '__name__' will be\nordered '\"ASCENDING\"' (unless explicitly specified otherwise).","description_kind":"plain"},"min_items":2},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The folder id from the name \"folders/{folder_id}\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Folder. Its format is folders/{folder_id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Folder has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"ID of the folder of the access approval settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"folders/{folder_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n * all\n * App Engine\n * BigQuery\n * Cloud Bigtable\n * Cloud Key Management Service\n * Compute Engine\n * Cloud Dataflow\n * Cloud Identity and Access Management\n * Cloud Pub/Sub\n * Cloud Storage\n * Persistent Disk\n\nNote: These values are supported as input, but considered a legacy format:\n * all\n * appengine.googleapis.com\n * bigquery.googleapis.com\n * bigtable.googleapis.com\n * cloudkms.googleapis.com\n * compute.googleapis.com\n * dataflow.googleapis.com\n * iam.googleapis.com\n * pubsub.googleapis.com\n * storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_folder_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_game_services_game_server_cluster":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The resource name of the game server cluster","description_kind":"plain","required":true},"description":{"type":"string","description":"Human readable description of the cluster.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this game server cluster. Each label is a\nkey-value pair.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Cluster.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of the game server cluster, eg:\n\n'projects/{project_id}/locations/{location}/realms/{realm_id}/gameServerClusters/{cluster_id}'.\nFor example,\n\n'projects/my-project/locations/{location}/realms/zanzibar/gameServerClusters/my-onprem-cluster'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"realm_id":{"type":"string","description":"The realm id of the game server realm.","description_kind":"plain","required":true}},"block_types":{"connection_info":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Namespace designated on the game server cluster where the game server\ninstances will be created. The namespace existence will be validated\nduring creation.","description_kind":"plain","required":true}},"block_types":{"gke_cluster_reference":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The full or partial name of a GKE cluster, using one of the following\nforms:\n\n* 'projects/{project_id}/locations/{location}/clusters/{cluster_id}'\n* 'locations/{location}/clusters/{cluster_id}'\n* '{cluster_id}'\n\nIf project and location are not specified, the project and location of the\nGameServerCluster resource are used to generate the full name of the\nGKE cluster.","description_kind":"plain","required":true}},"description":"Reference of the GKE cluster where the game servers are installed.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Game server cluster connection information. This information is used to\nmanage game server clusters.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_game_services_game_server_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"A unique id for the deployment config.","description_kind":"plain","required":true},"deployment_id":{"type":"string","description":"A unique id for the deployment.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the game server config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this game server config. Each label is a\nkey-value pair.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Deployment.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the game server config, in the form:\n\n'projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"fleet_configs":{"nesting_mode":"list","block":{"attributes":{"fleet_spec":{"type":"string","description":"The fleet spec, which is sent to Agones to configure fleet.\nThe spec can be passed as inline json but it is recommended to use a file reference\ninstead. File references can contain the json or yaml format of the fleet spec. Eg:\n\n* fleet_spec = jsonencode(yamldecode(file(\"fleet_configs.yaml\")))\n* fleet_spec = file(\"fleet_configs.json\")\n\nThe format of the spec can be found :\n'https://agones.dev/site/docs/reference/fleet/'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the FleetConfig.","description_kind":"plain","optional":true,"computed":true}},"description":"The fleet config contains list of fleet specs. In the Single Cloud, there\nwill be only one.","description_kind":"plain"},"min_items":1},"scaling_configs":{"nesting_mode":"list","block":{"attributes":{"fleet_autoscaler_spec":{"type":"string","description":"Fleet autoscaler spec, which is sent to Agones.\nExample spec can be found :\nhttps://agones.dev/site/docs/reference/fleetautoscaler/","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the ScalingConfig","description_kind":"plain","required":true}},"block_types":{"schedules":{"nesting_mode":"list","block":{"attributes":{"cron_job_duration":{"type":"string","description":"The duration for the cron job event. The duration of the event is effective\nafter the cron job's start time.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"cron_spec":{"type":"string","description":"The cron definition of the scheduled event. See\nhttps://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as\ndefined by the realm.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"The end time of the event.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the event.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"description":"The schedules to which this scaling config applies.","description_kind":"plain"}},"selectors":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Set of labels to group by.","description_kind":"plain","optional":true}},"description":"Labels used to identify the clusters to which this scaling config\napplies. A cluster is subject to this scaling config if its labels match\nany of the selector entries.","description_kind":"plain"}}},"description":"Optional. This contains the autoscaling settings.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_game_services_game_server_deployment":{"version":0,"block":{"attributes":{"deployment_id":{"type":"string","description":"A unique id for the deployment.","description_kind":"plain","required":true},"description":{"type":"string","description":"Human readable description of the game server deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this game server deployment. Each label is a\nkey-value pair.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Deployment.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of the game server deployment, eg:\n\n'projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}'.\nFor example,\n\n'projects/my-project/locations/{location}/gameServerDeployments/my-deployment'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_game_services_game_server_deployment_rollout":{"version":0,"block":{"attributes":{"default_game_server_config":{"type":"string","description":"This field points to the game server config that is\napplied by default to all realms and clusters. For example,\n\n'projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config'.","description_kind":"plain","required":true},"deployment_id":{"type":"string","description":"The deployment to rollout the new config to. Only 1 rollout must be associated with each deployment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource id of the game server deployment\n\neg: 'projects/my-project/locations/global/gameServerDeployments/my-deployment/rollout'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"game_server_config_overrides":{"nesting_mode":"list","block":{"attributes":{"config_version":{"type":"string","description":"Version of the configuration.","description_kind":"plain","optional":true}},"block_types":{"realms_selector":{"nesting_mode":"list","block":{"attributes":{"realms":{"type":["list","string"],"description":"List of realms to match against.","description_kind":"plain","optional":true}},"description":"Selection by realms.","description_kind":"plain"},"max_items":1}},"description":"The game_server_config_overrides contains the per game server config\noverrides. The overrides are processed in the order they are listed. As\nsoon as a match is found for a cluster, the rest of the list is not\nprocessed.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_game_services_realm":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description of the realm.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"ETag of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this realm. Each label is a key-value pair.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Realm.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of the realm, of the form:\n'projects/{project_id}/locations/{location}/realms/{realm_id}'. For\nexample, 'projects/my-project/locations/{location}/realms/my-realm'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"realm_id":{"type":"string","description":"GCP region of the Realm.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"Required. Time zone where all realm-specific policies are evaluated. The value of\nthis field must be from the IANA time zone database:\nhttps://www.iana.org/time-zones.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The source cluster from which Backups will be created via this BackupPlan.","description_kind":"plain","required":true},"deactivated":{"type":"bool","description":"This flag indicates whether this BackupPlan has been deactivated.\nSetting this field to True locks the BackupPlan such that no further updates will be allowed\n(except deletes), including the deactivated field itself. It also prevents any new Backups\nfrom being created via this BackupPlan (including scheduled Backups).","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"User specified descriptive string for this BackupPlan.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"etag is used for optimistic concurrency control as a way to help prevent simultaneous\nupdates of a backup plan from overwriting each other. It is strongly suggested that\nsystems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates\nin order to avoid race conditions: An etag is returned in the response to backupPlans.get,\nand systems are expected to put that etag in the request to backupPlans.patch or\nbackupPlans.delete to ensure that their change will be applied to the same version of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Backup Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protected_pod_count":{"type":"number","description":"The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State of the BackupPlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why BackupPlan is in its current state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, include all namespaced resources.","description_kind":"plain","optional":true},"include_secrets":{"type":"bool","description":"This flag specifies whether Kubernetes Secret resources should be included\nwhen they fall into the scope of Backups.","description_kind":"plain","optional":true,"computed":true},"include_volume_data":{"type":"bool","description":"This flag specifies whether volume data should be backed up when PVCs are\nincluded in the scope of a Backup.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_key":{"nesting_mode":"list","block":{"attributes":{"gcp_kms_encryption_key":{"type":"string","description":"Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*","description_kind":"plain","required":true}},"description":"This defines a customer managed encryption key that will be used to encrypt the \"config\"\nportion (the Kubernetes resources) of Backups created via this plan.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of namespaced Kubernetes Resources.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"If set, include just the resources in the listed namespaces.","description_kind":"plain"},"max_items":1}},"description":"Defines the configuration of Backups created via this BackupPlan.","description_kind":"plain"},"max_items":1},"backup_schedule":{"nesting_mode":"list","block":{"attributes":{"cron_schedule":{"type":"string","description":"A standard cron string that defines a repeating schedule for\ncreating Backups via this BackupPlan.\nIf this is defined, then backupRetainDays must also be defined.","description_kind":"plain","optional":true},"paused":{"type":"bool","description":"This flag denotes whether automatic Backup creation is paused for this BackupPlan.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines a schedule for automatic Backup creation via this BackupPlan.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"backup_delete_lock_days":{"type":"number","description":"Minimum age for a Backup created via this BackupPlan (in days).\nMust be an integer value between 0-90 (inclusive).\nA Backup created under this BackupPlan will not be deletable\nuntil it reaches Backup's (create time + backup_delete_lock_days).\nUpdating this field of a BackupPlan does not affect existing Backups.\nBackups created after a successful update will inherit this new value.","description_kind":"plain","optional":true,"computed":true},"backup_retain_days":{"type":"number","description":"The default maximum age of a Backup created via this BackupPlan.\nThis field MUST be an integer value \u003e= 0 and \u003c= 365. If specified,\na Backup created under this BackupPlan will be automatically deleted\nafter its age reaches (createTime + backupRetainDays).\nIf not specified, Backups created under this BackupPlan will NOT be\nsubject to automatic deletion. Updating this field does NOT affect\nexisting Backups under it. Backups created AFTER a successful update\nwill automatically pick up the new value.\nNOTE: backupRetainDays must be \u003e= backupDeleteLockDays.\nIf cronSchedule is defined, then this must be \u003c= 360 * the creation interval.]","description_kind":"plain","optional":true,"computed":true},"locked":{"type":"bool","description":"This flag denotes whether the retention policy of this BackupPlan is locked.\nIf set to True, no further update is allowed on this policy, including\nthe locked field itself.","description_kind":"plain","optional":true,"computed":true}},"description":"RetentionPolicy governs lifecycle of Backups created under this plan.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"block_types":{"fleetobservability":{"nesting_mode":"list","block":{"block_types":{"logging_config":{"nesting_mode":"list","block":{"block_types":{"default_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the default routing config to logs not specified in other configs.","description_kind":"plain"},"max_items":1},"fleet_scope_logs_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the routing config to all logs for all fleet scopes.","description_kind":"plain"},"max_items":1}},"description":"Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.","description_kind":"plain"},"max_items":1}},"description":"Fleet Observability feature spec.","description_kind":"plain"},"max_items":1},"multiclusteringress":{"nesting_mode":"list","block":{"attributes":{"config_membership":{"type":"string","description":"Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: 'projects/foo-proj/locations/global/memberships/bar'","description_kind":"plain","required":true}},"description":"Multicluster Ingress-specific spec.","description_kind":"plain"},"max_items":1}},"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_feature_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this membership.","description_kind":"plain","optional":true},"membership_id":{"type":"string","description":"The client-provided identifier of the membership.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the membership.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"authority":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://' and // be a valid\nwith length \u003c2000 characters. For example: 'https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster' (must be 'locations' rather than 'zones'). If the cluster is provisioned with Terraform, this is '\"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}\"'.","description_kind":"plain","required":true}},"description":"Authority encodes how Google will recognize identities from this Membership.\nSee the workload identity documentation for more details:\nhttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity","description_kind":"plain"},"max_items":1},"endpoint":{"nesting_mode":"list","block":{"block_types":{"gke_cluster":{"nesting_mode":"list","block":{"attributes":{"resource_link":{"type":"string","description":"Self-link of the GCP resource for the GKE cluster.\nFor example: '//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster'.\nIt can be at the most 1000 characters in length. If the cluster is provisioned with Terraform,\nthis can be '\"//container.googleapis.com/${google_container_cluster.my-cluster.id}\"' or\n'google_container_cluster.my-cluster.id'.","description_kind":"plain","required":true}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_healthcare_consent_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_consent_ttl":{"type":"string","description":"Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"enable_consent_create_on_update":{"type":"bool","description":"If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Consent stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}'\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}'\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this ConsentStore, for example:\n\"consent1\"","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_binding":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_member":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dataset":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the Dataset.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Dataset.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"The default timezone used by this dataset. Must be a either a valid IANA time zone name such as\n\"America/New_York\" or empty, which defaults to UTC. This is used for parsing times in resources\n(e.g., HL7 messages) where no explicit timezone is specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dicom_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize DICOM stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the DicomStore.\n\n** Changing this property may recreate the Dicom store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_binding":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_member":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_fhir_store":{"version":0,"block":{"attributes":{"complex_data_type_reference_parsing":{"type":"string","description":"Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED by default after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. Possible values: [\"COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED\", \"DISABLED\", \"ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"disable_referential_integrity":{"type":"bool","description":"Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store\ncreation. The default value is false, meaning that the API will enforce referential integrity and fail the\nrequests that will result in inconsistent state in the FHIR store. When this field is set to true, the API\nwill skip referential integrity check. Consequently, operations that rely on references, such as\nPatient.get$everything, will not return all the results if broken references exist.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"disable_resource_versioning":{"type":"bool","description":"Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation\nof FHIR store. If set to false, which is the default behavior, all write operations will cause historical\nversions to be recorded automatically. The historical versions can be fetched through the history APIs, but\ncannot be updated. If set to true, no historical versions will be kept. The server will send back errors for\nattempts to read the historical versions.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"enable_history_import":{"type":"bool","description":"Whether to allow the bulk import API to accept history bundles and directly insert historical resource\nversions into the FHIR store. Importing resource histories creates resource interactions that appear to have\noccurred in the past, which clients may not want to allow. If set to false, history bundles within an import\nwill fail with an error.\n\n** Changing this property may recreate the FHIR store (removing all data) **\n\n** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **","description_kind":"plain","optional":true},"enable_update_create":{"type":"bool","description":"Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update\noperation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through\nthe Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit\nlogs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient\nidentifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub\nnotifications.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize FHIR stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the FhirStore.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"version":{"type":"string","description":"The FHIR specification version. Possible values: [\"DSTU2\", \"STU3\", \"R4\"]","description_kind":"plain","required":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"stream_configs":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"Supply a FHIR resource type (such as \"Patient\" or \"Observation\"). See\nhttps://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats\nan empty list as an intent to stream all the supported resource types in this FHIR store.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_uri":{"type":"string","description":"BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId","description_kind":"plain","required":true}},"block_types":{"schema_config":{"nesting_mode":"list","block":{"attributes":{"recursive_structure_depth":{"type":"number","description":"The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem\nresource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called\nconcept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default\nvalue 2. The maximum depth allowed is 5.","description_kind":"plain","required":true},"schema_type":{"type":"string","description":"Specifies the output schema type.\n * ANALYTICS: Analytics schema defined by the FHIR community.\n See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.\n * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.\n * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: \"ANALYTICS\" Possible values: [\"ANALYTICS\", \"ANALYTICS_V2\", \"LOSSLESS\"]","description_kind":"plain","optional":true}},"block_types":{"last_updated_partition_config":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of partitioning. Possible values: [\"PARTITION_TYPE_UNSPECIFIED\", \"HOUR\", \"DAY\", \"MONTH\", \"YEAR\"]","description_kind":"plain","required":true}},"description":"The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.","description_kind":"plain"},"max_items":1}},"description":"The configuration for the exported BigQuery schema.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The destination BigQuery structure that contains both the dataset location and corresponding schema config.\nThe output is organized in one table per resource type. The server reuses the existing tables (if any) that\nare named after the resource types, e.g. \"Patient\", \"Observation\". When there is no existing table for a given\nresource type, the server attempts to create one.\nSee the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of streaming configs that configure the destinations of streaming export for every resource mutation in\nthis FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next\nresource mutation is streamed to the new location in addition to the existing ones. When a location is removed\nfrom the list, the server stops streaming to that location. Before adding a new config, you must add the required\nbigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on\nthe order of dozens of seconds) is expected before the results show up in the streaming destination.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize HL7v2 stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Hl7V2Store.\n\n** Changing this property may recreate the Hl7v2 store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Restricts notifications sent for messages matching a filter. If this is empty, all messages\nare matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings\n\nFields/functions available for filtering are:\n\n* messageType, from the MSH-9.1 field. For example, NOT messageType = \"ADT\".\n* send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date \u003c \"2017-01-02\".\n* sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime \u003c \"2017-01-02T00:00:00-05:00\".\n* sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = \"ABC\".\n* PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId(\"123456\", \"MRN\").\n* labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels.\"priority\"=\"high\". The operator :* can be used to assert the existence of a label. For example, labels.\"priority\":*.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.\n\nIf a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver","description_kind":"plain","required":true}},"description":"A list of notification configs. Each configuration uses a filter to determine whether to publish a\nmessage (both Ingest \u0026 Create) on the corresponding notification destination. Only the message name\nis sent as part of the notification. Supplied by the client.","description_kind":"plain"}},"parser_config":{"nesting_mode":"list","block":{"attributes":{"allow_null_header":{"type":"bool","description":"Determines whether messages with no header are allowed.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"JSON encoded string for schemas used to parse messages in this\nstore if schematized parsing is desired.","description_kind":"plain","optional":true},"segment_terminator":{"type":"string","description":"Byte(s) to be used as the segment terminator. If this is unset, '\\r' will be used as segment terminator.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The version of the unschematized parser to be used when a custom 'schema' is not set. Default value: \"V1\" Possible values: [\"V1\", \"V2\", \"V3\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iam_access_boundary_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"access_boundary_rule":{"nesting_mode":"list","block":{"attributes":{"available_permissions":{"type":["list","string"],"description":"A list of permissions that may be allowed for use on the specified resource.","description_kind":"plain","optional":true},"available_resource":{"type":"string","description":"The full resource name of a Google Cloud resource entity.","description_kind":"plain","optional":true}},"block_types":{"availability_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The availability condition further constrains the access allowed by the access boundary rule.","description_kind":"plain"},"max_items":1}},"description":"An access boundary rule in an IAM policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A user-specified description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,\nor use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the pool.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Immutable. The resource name of the parent. Format: 'organizations/{org-id}'.","description_kind":"plain","required":true},"session_duration":{"type":"string","description":"Duration that the Google Cloud access tokens, console sign-in sessions,\nand 'gcloud' sign-in sessions from this pool are valid.\nMust be greater than 15 minutes (900s) and less than 12 hours (43200s).\nIf 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).\nA duration in seconds with up to nine fractional digits, ending with ''s''. Example: \"'3.5s'\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"Output only. The state of the pool.\n * STATE_UNSPECIFIED: State unspecified.\n * ACTIVE: The pool is active, and may be used in Google Cloud policies.\n * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted\n after approximately 30 days. You can restore a soft-deleted pool using\n [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).\n You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.\n While a pool is deleted, you cannot use it to exchange tokens, or use\n existing tokens to access resources. If the pool is undeleted, existing\n tokens grant access again.","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,\ndigits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"A [Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n 'google.profile_photo' and 'google.display_name' are not supported.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters.\nIf unspecified, all valid authentication credentials will be accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from the authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings.\n This is also the subject that appears in Cloud Logging logs. This is a required field and\n the mapped subject cannot exceed 127 bytes.\n * 'google.groups': Groups the authenticating user belongs to. You can grant groups access to\n resources using an IAM 'principalSet' binding; access applies to all members of the group.\n * 'google.display_name': The name of the authenticated user. This is an optional field and\n the mapped display name cannot exceed 100 bytes. If not set, 'google.subject' will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n * 'google.profile_photo': The URL that specifies the authenticated user's thumbnail photo.\n This is an optional field. When set, the image will be visible as the user's profile picture.\n If not set, a generic user icon will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}', where {custom_attribute}\nis the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.\nThe maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a workforce pool\nto Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor OIDC providers, you must supply a custom mapping that includes the 'google.subject' attribute.\nFor example, the following maps the sub claim of the incoming credential to the 'subject' attribute\non a Google token:\n'''\n{\"google.subject\": \"assertion.sub\"}\n'''\n\nAn object containing a list of '\"key\": value' pairs.\nExample: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-specified description of the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the provider.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}'","description_kind":"plain","computed":true},"provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name.\nThis value must be 4-32 characters, and may contain the characters [a-z0-9-].\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently\n deleted after approximately 30 days. You can restore a soft-deleted provider using\n [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name.\nThe IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.\nIt must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"oidc":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID. Must match the audience claim of the JWT issued by the identity provider.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URI. Must be a valid URI using the 'https' scheme.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true,"sensitive":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The optional client secret. Required to enable Authorization Code flow for web sign-in.","description_kind":"plain"},"max_items":1},"web_sso_config":{"nesting_mode":"list","block":{"attributes":{"assertion_claims_behavior":{"type":"string","description":"The behavior for how OIDC Claims are included in the 'assertion' object used for attribute mapping and attribute condition.\n* MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.\n* ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values: [\"MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\", \"ONLY_ID_TOKEN_CLAIMS\"]","description_kind":"plain","required":true},"response_type":{"type":"string","description":"The Response Type to request for in the OIDC Authorization Request for web sign-in.\n\nThe 'CODE' Response Type is recommended to avoid the Implicit Flow, for security reasons.\n* CODE: The 'response_type=code' selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.\n* ID_TOKEN: The 'response_type=id_token' selection uses the Implicit Flow for web sign-in. Possible values: [\"CODE\", \"ID_TOKEN\"]","description_kind":"plain","required":true}},"description":"Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.","description_kind":"plain"},"max_items":1}},"description":"Represents an OpenId Connect 1.0 identity provider.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.\nThe xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\nThe max size of the acceptable xml document will be bounded to 128k characters.\n\nThe metadata xml document should satisfy the following constraints:\n1) Must contain an Identity Provider Entity ID.\n2) Must contain at least one non-expired signing key certificate.\n3) For each signing key:\n a) Valid from should be no more than 7 days from now.\n b) Valid to should be no more than 10 years in the future.\n4) Up to 3 IdP signing keys are allowed in the metadata xml.\n\nWhen updating the provider's metadata xml, at least one non-expired signing key\nmust overlap with the existing metadata. This requirement is skipped if there are\nno non-expired signing keys present in the existing metadata.","description_kind":"plain","required":true}},"description":"Represents a SAML identity provider.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use\nexisting tokens to access resources. If the pool is re-enabled, existing tokens grant\naccess again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the pool. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the pool as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pool.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The pool is active, and may be used in Google Cloud policies.\n* DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after\n approximately 30 days. You can restore a soft-deleted pool using\n UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is\n permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or\n use existing tokens to access resources. If the pool is undeleted, existing tokens grant\n access again.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"[A Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters. If\nunspecified, all valid authentication credential are accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups'\nvalue of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value\n in IAM bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters.\n * 'google.groups': Groups the external identity belongs to. You can grant groups\n access to resources using an IAM 'principalSet' binding; access applies to all\n members of the group.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}',\nwhere '{custom_attribute}' is the name of the custom attribute to be mapped. You can\ndefine a maximum of 50 custom attributes. The maximum length of a mapped attribute key\nis 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a\nworkload to Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor AWS providers, the following rules apply:\n - If no attribute mapping is defined, the following default mapping applies:\n '''\n {\n \"google.subject\":\"assertion.arn\",\n \"attribute.aws_role\":\n \"assertion.arn.contains('assumed-role')\"\n \" ? assertion.arn.extract('{account_arn}assumed-role/')\"\n \" + 'assumed-role/'\"\n \" + assertion.arn.extract('assumed-role/{role_name}/')\"\n \" : assertion.arn\",\n }\n '''\n - If any custom attribute mappings are defined, they must include a mapping to the\n 'google.subject' attribute.\n\nFor OIDC providers, the following rules apply:\n - Custom attribute mappings must be defined, and must include a mapping to the\n 'google.subject' attribute. For example, the following maps the 'sub' claim of the\n incoming credential to the 'subject' attribute on a Google token.\n '''\n {\"google.subject\": \"assertion.sub\"}\n '''","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description for the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the provider as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active, and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted\n after approximately 30 days. You can restore a soft-deleted provider using\n UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider\n until it is permanently deleted.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID used for the pool, which is the final component of the pool resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"workload_identity_pool_provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name. This\nvalue must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"attributes":{"account_id":{"type":"string","description":"The AWS account ID.","description_kind":"plain","required":true}},"description":"An Amazon Web Services identity provider. Not compatible with the property oidc.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"allowed_audiences":{"type":["list","string"],"description":"Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange\nrequests are rejected if the token audience does not match one of the configured\nvalues. Each audience may be at most 256 characters. A maximum of 10 audiences may\nbe configured.\n\nIf this list is empty, the OIDC token audience must be equal to the full canonical\nresource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.\nFor example:\n'''\n//iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\nhttps://iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\n'''","description_kind":"plain","optional":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URL.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"description":"An OpenId Connect 1.0 identity provider. Not compatible with the property aws.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_brand":{"version":0,"block":{"attributes":{"application_title":{"type":"string","description":"Application name displayed on OAuth consent screen.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'\nNOTE: The name can also be expressed as 'projects/{project_id}/brands/{brand_id}', e.g. when importing.\nNOTE: The brand identification corresponds to the project number as only one\nbrand can be created per project.","description_kind":"plain","computed":true},"org_internal_only":{"type":"bool","description":"Whether the brand is only intended for usage inside the GSuite organization only.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"support_email":{"type":"string","description":"Support email displayed on the OAuth consent screen. Can be either a\nuser or group email. When a user email is specified, the caller must\nbe the user with the associated email address. When a group email is\nspecified, the caller can be either a user or a service account which\nis an owner of the specified group in Cloud Identity.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_identity_platform_config":{"version":0,"block":{"attributes":{"authorized_domains":{"type":["list","string"],"description":"List of domains authorized for OAuth redirects.","description_kind":"plain","optional":true},"autodelete_anonymous_users":{"type":"bool","description":"Whether anonymous users will be auto-deleted after a period of 30 days","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blocking_functions":{"nesting_mode":"list","block":{"block_types":{"forward_inbound_credentials":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's access token.","description_kind":"plain","optional":true},"id_token":{"type":"bool","description":"Whether to pass the user's OIDC identity provider's ID token.","description_kind":"plain","optional":true},"refresh_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's refresh token.","description_kind":"plain","optional":true}},"description":"The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.","description_kind":"plain"},"max_items":1},"triggers":{"nesting_mode":"set","block":{"attributes":{"event_type":{"type":"string","description_kind":"plain","required":true},"function_uri":{"type":"string","description":"HTTP URI trigger for the Cloud Function.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"When the trigger was changed.","description_kind":"plain","computed":true}},"description":"Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\".","description_kind":"plain"},"min_items":1}},"description":"Configuration related to blocking functions.","description_kind":"plain"},"max_items":1},"quota":{"nesting_mode":"list","block":{"block_types":{"sign_up_quota_config":{"nesting_mode":"list","block":{"attributes":{"quota":{"type":"number","description":"A sign up APIs quota that customers can override temporarily.","description_kind":"plain","optional":true},"quota_duration":{"type":"string","description":"How long this quota will be active for. It is measurred in seconds, e.g., Example: \"9.615s\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"When this quota will take affect.","description_kind":"plain","optional":true}},"description":"Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to quotas.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the DefaultSupportedIdpConfig resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The IdP's x509 certificate.","description_kind":"plain","optional":true}},"description":"The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","optional":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","optional":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_project_default_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource. Example: \"projects/my-awesome-project/config\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","optional":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","optional":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant":{"version":0,"block":{"attributes":{"allow_password_signup":{"type":"bool","description":"Whether to allow email/password user authentication.","description_kind":"plain","optional":true},"disable_auth":{"type":"bool","description":"Whether authentication is disabled for the tenant. If true, the users under\nthe disabled tenant are not allowed to sign-in. Admins of the disabled tenant\nare not able to manage its users.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name of the tenant.","description_kind":"plain","required":true},"enable_email_link_signin":{"type":"bool","description":"Whether to enable email link user authentication.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the tenant that is generated by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the default supported IDP config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this DefaultSupportedIdpConfig resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this inbound SAML config resource exists","description_kind":"plain","required":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The x509 certificate","description_kind":"plain","optional":true}},"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","required":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","required":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this OIDC IDP configuration resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","optional":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_template":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.","description_kind":"plain","required":true},"protection_level":{"type":"string","description":"The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".","description_kind":"plain","optional":true}},"description":"A template describing settings for new crypto key versions.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_binding":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_member":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.","description_kind":"plain","computed":true},"attestation":{"type":["list",["object",{"cert_chains":["list",["object",{"cavium_certs":"string","google_card_certs":"string","google_partition_certs":"string"}]],"content":"string","external_protection_level_options":["list",["object",{"ekm_connection_key_path":"string","external_key_uri":"string"}]],"format":"string"}]],"description":"Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly provided for key versions with protectionLevel HSM.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The name of the cryptoKey associated with the CryptoKeyVersions.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"generate_time":{"type":"string","description":"The time this CryptoKeyVersion key material was generated","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name for this CryptoKeyVersion.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the CryptoKeyVersion. Possible values: [\"PENDING_GENERATION\", \"ENABLED\", \"DISABLED\", \"DESTROYED\", \"DESTROY_SCHEDULED\", \"PENDING_IMPORT\", \"IMPORT_FAILED\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_key_ring_import_job":{"version":0,"block":{"attributes":{"attestation":{"type":["list",["object",{"content":"string","format":"string"}]],"description":"Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.\nUse this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly present if the chosen ImportMethod is one with a protection level of HSM.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"The time at which this resource is scheduled for expiration and can no longer be used.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_job_id":{"type":"string","description":"It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}","description_kind":"plain","required":true},"import_method":{"type":"string","description":"The wrapping method to be used for incoming key material. Possible values: [\"RSA_OAEP_3072_SHA1_AES_256\", \"RSA_OAEP_4096_SHA1_AES_256\"]","description_kind":"plain","required":true},"key_ring":{"type":"string","description":"The KeyRing that this import job belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The protection level of the ImportJob. This must match the protectionLevel of the\nversionTemplate on the CryptoKey you attempt to import into. Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\"]","description_kind":"plain","required":true},"public_key":{"type":["list",["object",{"pem":"string"}]],"description":"The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the ImportJob, indicating if it can be used.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description":"The additional authenticated data used for integrity checks during encryption and decryption.","description_kind":"plain","optional":true,"sensitive":true},"ciphertext":{"type":"string","description":"Contains the result of encrypting the provided plaintext, encoded in base64.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The full name of the CryptoKey that will be used to encrypt the provided plaintext.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description":"The plaintext to be encrypted.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_billing_account_bucket_config":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_billing_account_exclusion":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_billing_account_sink":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The billing account exported to the sink.","description_kind":"plain","required":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_folder_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_folder_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder to be exported to the sink. Note that either [FOLDER_ID] or \"folders/[FOLDER_ID]\" is accepted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_linked_dataset":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket to which the linked dataset is attached.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\"\nand \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this link. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"Output only. The linked dataset lifecycle state.","description_kind":"plain","computed":true},"link_id":{"type":"string","description":"The id of the linked dataset.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the linked dataset.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the linked dataset. The name can have up to 100 characters. A valid link id\n(at the end of the link name) must only have alphanumeric characters and underscores within it.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the linked dataset.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID\nof the link, so the link must match the naming restrictions of BigQuery datasets\n(alphanumeric characters and underscores only). The dataset will have a resource path of\n\"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]\"","description_kind":"plain","computed":true}},"description":"The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along\nwith it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery\nViews corresponding to the LogViews in the bucket.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket of the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the view.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this view.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the view. For example: \\'projects/my-project/locations/global/buckets/my-bucket/views/my-view\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the view.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_metric":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects\nare supported. The bucket has to be in the same project as the metric.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this metric, which is used in documentation. The maximum length of the\ndescription is 8000 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this metric is disabled and it does not generate any points.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which\nis used to match log entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key string to an extractor expression which is used to extract data from a log\nentry field and assign as the label value. Each label key specified in the LabelDescriptor must\nhave an associated extractor expression in this map. The syntax of the extractor expression is\nthe same as for the valueExtractor field.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The client-assigned metric identifier. Examples - \"error_count\", \"nginx/requests\".\nMetric identifiers are limited to 100 characters and can include only the following\ncharacters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash\ncharacter (/) denotes a hierarchy of name pieces, and it cannot be the first character\nof the name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"value_extractor":{"type":"string","description":"A valueExtractor is required when using a distribution logs-based metric to extract the values to\nrecord from a log entry. Two functions are supported for value extraction - EXTRACT(field) or\nREGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which\nthe value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax\n(https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified\nlog entry field. The value of the field is converted to a string before applying the regex. It is an\nerror to specify a regex that does not include exactly one capture group.","description_kind":"plain","optional":true}},"block_types":{"bucket_options":{"nesting_mode":"list","block":{"block_types":{"explicit_buckets":{"nesting_mode":"list","block":{"attributes":{"bounds":{"type":["list","number"],"description":"The values must be monotonically increasing.","description_kind":"plain","required":true}},"description":"Specifies a set of buckets with arbitrary widths.","description_kind":"plain"},"max_items":1},"exponential_buckets":{"nesting_mode":"list","block":{"attributes":{"growth_factor":{"type":"number","description":"Must be greater than 1.","description_kind":"plain","optional":true},"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","optional":true}},"description":"Specifies an exponential sequence of buckets that have a width that is proportional to the value of\nthe lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.","description_kind":"plain"},"max_items":1},"linear_buckets":{"nesting_mode":"list","block":{"attributes":{"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","optional":true},"offset":{"type":"number","description":"Lower bound of the first bucket.","description_kind":"plain","optional":true},"width":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","optional":true}},"description":"Specifies a linear sequence of buckets that all have the same width (except overflow and underflow).\nEach bucket represents a constant absolute uncertainty on the specific value in the bucket.","description_kind":"plain"},"max_items":1}},"description":"The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it\ndescribes the bucket boundaries used to create a histogram of the extracted values.","description_kind":"plain"},"max_items":1},"metric_descriptor":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case\nwithout an ending period, for example \"Request count\". This field is optional but it is\nrecommended to be set for any metrics associated with user-visible concepts, such as Quota.","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to DELTA. Possible values: [\"DELTA\", \"GAUGE\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"unit":{"type":"string","description":"The unit in which the metric value is reported. It is only applicable if the valueType is\n'INT64', 'DOUBLE', or 'DISTRIBUTION'. The supported units are a subset of\n[The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to INT64. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\", \"MONEY\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The label key.","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"BOOL\", \"INT64\", \"STRING\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. For\nexample, the appengine.googleapis.com/http/server/response_latencies metric type has a label\nfor the HTTP response code, response_code, so you can look at latencies for successful responses\nor just for responses that failed.","description_kind":"plain"}}},"description":"The optional metric descriptor associated with the logs-based metric.\nIf unspecified, it uses a default metric descriptor with a DELTA metric kind,\nINT64 value type, with no labels and a unit of \"1\". Such a metric counts the\nnumber of log entries matching the filter expression.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_organization_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_organization_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization to be exported to the sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_project_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"enable_analytics":{"type":"bool","description":"Enable log analytics for the bucket. Cannot be disabled once enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"locked":{"type":"bool","description":"Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"project":{"type":"string","description":"The parent project that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_project_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_logging_project_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project to create the sink in. If omitted, the project associated with the provider is used.","description_kind":"plain","optional":true,"computed":true},"unique_writer_identity":{"type":"bool","description":"Whether or not to create a unique identity associated with this sink. If false (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.","description_kind":"plain","optional":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_looker_instance":{"version":0,"block":{"attributes":{"consumer_network":{"type":"string","description":"Network name in the consumer project in the format of: projects/{project}/global/networks/{network}\nNote that the consumer network may be in a different GCP project than the consumer\nproject that is hosting the Looker Instance.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"egress_public_ip":{"type":"string","description":"Public Egress IP (IPv4).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_private_ip":{"type":"string","description":"Private Ingress IP (IPv4).","description_kind":"plain","computed":true},"ingress_public_ip":{"type":"string","description":"Public Ingress IP (IPv4).","description_kind":"plain","computed":true},"looker_uri":{"type":"string","description":"Looker instance URI which can be used to access the Looker Instance UI.","description_kind":"plain","computed":true},"looker_version":{"type":"string","description":"The Looker version that the instance is using.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"platform_edition":{"type":"string","description":"Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:\n- LOOKER_CORE_TRIAL: trial instance\n- LOOKER_CORE_STANDARD: pay as you go standard instance\n- LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance\n- LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance\n- LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\n- LOOKER_MODELER: standalone modeling service Default value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\", \"LOOKER_MODELER\"]","description_kind":"plain","optional":true},"private_ip_enabled":{"type":"bool","description":"Whether private IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_ip_enabled":{"type":"bool","description":"Whether public IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the Looker region of the instance.","description_kind":"plain","optional":true,"computed":true},"reserved_range":{"type":"string","description":"Name of a reserved IP address range within the consumer network, to be used for\nprivate service access connection. User may or may not specify this in a request.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time the instance was updated in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true}},"block_types":{"admin_settings":{"nesting_mode":"list","block":{"attributes":{"allowed_email_domains":{"type":["list","string"],"description":"Email domain allowlist for the instance.\n\nDefine the email domains to which your users can deliver Looker (Google Cloud core) content.\nUpdating this list will restart the instance. Updating the allowed email domains from terraform\nmeans the value provided will be considered as the entire list and not an amendment to the\nexisting list of allowed email domains.","description_kind":"plain","optional":true}},"description":"Looker instance Admin settings.","description_kind":"plain"},"max_items":1},"deny_maintenance_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance denial period for this instance.\n\nYou must allow at least 14 days of maintenance availability\nbetween any two deny maintenance periods.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Name of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","optional":true},"kms_key_name_version":{"type":"string","description":"Full name and version of the CMEK key currently in use to encrypt Looker data.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Status of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","computed":true}},"description":"Looker instance encryption settings.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"Required. Day of the week for this MaintenanceWindow (in UTC).\n\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance window for an instance.\n\nMaintenance of your instance takes place once a month, and will require\nyour instance to be restarted during updates, which will temporarily\ndisrupt service.","description_kind":"plain"},"max_items":1},"oauth_config":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID for the Oauth config.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for the Oauth config.","description_kind":"plain","required":true}},"description":"Looker Instance OAuth login settings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_metadata":{"nesting_mode":"list","block":{"attributes":{"additional_developer_user_count":{"type":"number","description":"Number of additional Developer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_standard_user_count":{"type":"number","description":"Number of additional Standard Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_viewer_user_count":{"type":"number","description":"Number of additional Viewer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true}},"description":"Metadata about users for a Looker instance.\n\nThese settings are only available when platform edition LOOKER_CORE_STANDARD is set.\n\nThere are ten Standard and two Developer users included in the cost of the product.\nYou can allocate additional Standard, Viewer, and Developer users for this instance.\nIt is an optional step and can be modified later.\n\nWith the Standard edition of Looker (Google Cloud core), you can provision up to 50\ntotal users, distributed across Viewer, Standard, and Developer.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_memcache_instance":{"version":0,"block":{"attributes":{"authorized_network":{"type":"string","description":"The full name of the GCE network to connect the instance to. If not provided,\n'default' will be used.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"discovery_endpoint":{"type":"string","description":"Endpoint for Discovery API","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-visible name for the instance.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.","description_kind":"plain","optional":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Output only. Published maintenance schedule.","description_kind":"plain","computed":true},"memcache_full_version":{"type":"string","description":"The full version of memcached server running on this instance.","description_kind":"plain","computed":true},"memcache_nodes":{"type":["list",["object",{"host":"string","node_id":"string","port":"number","state":"string","zone":"string"}]],"description":"Additional information about the instance state, if available.","description_kind":"plain","computed":true},"memcache_version":{"type":"string","description":"The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"Number of nodes in the memcache instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Memcache instance. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"zones":{"type":["set","string"],"description":"Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.","description_kind":"plain"},"min_items":1}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"memcache_parameters":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"This is a unique ID associated with this set of parameters.","description_kind":"plain","computed":true},"params":{"type":["map","string"],"description":"User-defined set of parameters to use in the memcache process.","description_kind":"plain","optional":true}},"description":"User-specified parameters for this memcache instance.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"Number of CPUs per node.","description_kind":"plain","required":true},"memory_size_mb":{"type":"number","description":"Memory size in Mebibytes for each memcache node.","description_kind":"plain","required":true}},"description":"Configuration for memcache nodes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_ml_engine_model":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description specified for the model when it was created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"One or more labels that you can add, to organize your models.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the model.","description_kind":"plain","required":true},"online_prediction_console_logging":{"type":"bool","description":"If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging","description_kind":"plain","optional":true},"online_prediction_logging":{"type":"bool","description":"If true, online prediction access logs are sent to StackDriver Logging.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"regions":{"type":["list","string"],"description":"The list of regions where the model is going to be deployed.\nCurrently only one region per model is supported","description_kind":"plain","optional":true}},"block_types":{"default_version":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name specified for the version when it was created.","description_kind":"plain","required":true}},"description":"The default version of the model. This version will be used to handle\nprediction requests that do not specify a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_alert_policy":{"version":0,"block":{"attributes":{"combiner":{"type":"string","description":"How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"]","description_kind":"plain","required":true},"creation_record":{"type":["list",["object",{"mutate_time":"string","mutated_by":"string"}]],"description":"A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether or not the policy is enabled. The default is true.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]","description_kind":"plain","computed":true},"notification_channels":{"type":["list","string"],"description":"Identifies the notification channels to which notifications should be\nsent when incidents are opened or closed or when new violations occur\non an already opened incident. Each element of this array corresponds\nto the name field in each of the NotificationChannel objects that are\nreturned from the notificationChannels.list method. The syntax of the\nentries in this field is\n'projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"alert_strategy":{"nesting_mode":"list","block":{"attributes":{"auto_close":{"type":"string","description":"If an alert policy that was active has no data for this long, any open incidents will close.","description_kind":"plain","optional":true}},"block_types":{"notification_channel_strategy":{"nesting_mode":"list","block":{"attributes":{"notification_channel_names":{"type":["list","string"],"description":"The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"renotify_interval":{"type":"string","description":"The frequency at which to send reminder notifications for open incidents.","description_kind":"plain","optional":true}},"description":"Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.","description_kind":"plain"}},"notification_rate_limit":{"nesting_mode":"list","block":{"attributes":{"period":{"type":"string","description":"Not more than one notification per period.","description_kind":"plain","optional":true}},"description":"Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.","description_kind":"plain"},"max_items":1}},"description":"Control over how this alert policy's notification channels are notified.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.","description_kind":"plain","computed":true}},"block_types":{"condition_absent":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.","description_kind":"plain","required":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.","description_kind":"plain"}},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.","description_kind":"plain"},"max_items":1}},"description":"A condition that checks that a time series\ncontinues to receive new data points.","description_kind":"plain"},"max_items":1},"condition_matched_log":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A logs-based filter.","description_kind":"plain","required":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.","description_kind":"plain","optional":true}},"description":"A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.","description_kind":"plain"},"max_items":1},"condition_monitoring_query_language":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"Monitoring Query Language query that outputs a boolean stream.","description_kind":"plain","required":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A Monitoring Query Language query that outputs a boolean stream","description_kind":"plain"},"max_items":1},"condition_prometheus_query_language":{"nesting_mode":"list","block":{"attributes":{"alert_rule":{"type":"string","description":"The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.","description_kind":"plain","optional":true},"evaluation_interval":{"type":"string","description":"How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy","description_kind":"plain","optional":true},"query":{"type":"string","description":"The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.","description_kind":"plain","required":true},"rule_group":{"type":"string","description":"The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true}},"description":"A Monitoring Query Language query that outputs a boolean stream\n\nA condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.","description_kind":"plain"},"max_items":1},"condition_threshold":{"nesting_mode":"list","block":{"attributes":{"comparison":{"type":"string","description":"The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"]","description_kind":"plain","required":true},"denominator_filter":{"type":"string","description":"A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"threshold_value":{"type":"number","description":"A value against which to compare the time\nseries.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.","description_kind":"plain"}},"denominator_aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.","description_kind":"plain"}},"forecast_options":{"nesting_mode":"list","block":{"attributes":{"forecast_horizon":{"type":"string","description":"The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.","description_kind":"plain","required":true}},"description":"When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.","description_kind":"plain"},"max_items":1},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A condition that compares a time series against a\nthreshold.","description_kind":"plain"},"max_items":1}},"description":"A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.","description_kind":"plain"},"min_items":1},"documentation":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"The format of the content field. Presently, only the value\n\"text/markdown\" is supported.","description_kind":"plain","optional":true}},"description":"Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_custom_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"telemetry":{"nesting_mode":"list","block":{"attributes":{"resource_name":{"type":"string","description":"The full name of the resource that defines this service.\nFormatted as described in\nhttps://cloud.google.com/apis/design/resource_names.","description_kind":"plain","optional":true}},"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_dashboard":{"version":0,"block":{"attributes":{"dashboard_json":{"type":"string","description":"The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_group":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A user-assigned name for this group, used only for display\npurposes.","description_kind":"plain","required":true},"filter":{"type":"string","description":"The filter used to determine which monitored resources\nbelong to this group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_cluster":{"type":"bool","description":"If true, the members of this group are considered to be a\ncluster. The system can perform additional analysis on\ngroups that are clusters.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for this group. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\".","description_kind":"plain","computed":true},"parent_name":{"type":"string","description":"The name of the group's parent, if it has one. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\". For\ngroups with no parent, parentName is the empty string, \"\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_metric_descriptor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A detailed description of the metric, which can be used in documentation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"launch_stage":{"type":"string","description":"The launch stage of the metric definition. Possible values: [\"LAUNCH_STAGE_UNSPECIFIED\", \"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"METRIC_KIND_UNSPECIFIED\", \"GAUGE\", \"DELTA\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"monitored_resource_types":{"type":["set","string"],"description":"If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the metric descriptor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/.","description_kind":"plain","required":true},"unit":{"type":"string","description":"The units in which the metric value is reported. It is only applicable if the\nvalueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of\nthe stored metric values.\n\nDifferent systems may scale the values to be more easily displayed (so a value of\n0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as\n3.5MBy). However, if the unit is KBy, then the value of the metric is always in\nthousands of bytes, no matter how it may be displayed.\n\nIf you want a custom metric to record the exact number of CPU-seconds used by a job,\nyou can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently\n1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as\n12005.\n\nAlternatively, if you want a custom metric to record data in a more granular way, you\ncan create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value\n12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024).\nThe supported units are a subset of The Unified Code for Units of Measure standard.\nMore info can be found in the API documentation\n(https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors).","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]*","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"STRING\", \"BOOL\", \"INT64\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels.","description_kind":"plain"}},"metadata":{"nesting_mode":"list","block":{"attributes":{"ingest_delay":{"type":"string","description":"The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true},"sample_period":{"type":"string","description":"The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true}},"description":"Metadata which can be used to guide usage of the metric.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_monitored_project":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when this 'MonitoredProject' was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metrics_scope":{"type":"string","description":"Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the 'MonitoredProject'. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: 'locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER}'","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","required":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"block_types":{"sensitive_labels":{"nesting_mode":"list","block":{"attributes":{"auth_token":{"type":"string","description":"An authorization token for a notification channel. Channel types that support this field include: slack","description_kind":"plain","optional":true,"sensitive":true},"password":{"type":"string","description":"An password for a notification channel. Channel types that support this field include: webhook_basicauth","description_kind":"plain","optional":true,"sensitive":true},"service_key":{"type":"string","description":"An servicekey token for a notification channel. Channel types that support this field include: pagerduty","description_kind":"plain","optional":true,"sensitive":true}},"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"basic_service":{"nesting_mode":"list","block":{"attributes":{"service_labels":{"type":["map","string"],"description":"Labels that specify the resource that emits the monitoring data\nwhich is used for SLO reporting of this 'Service'.","description_kind":"plain","optional":true},"service_type":{"type":"string","description":"The type of service that this basic service defines, e.g.\nAPP_ENGINE service type","description_kind":"plain","optional":true}},"description":"A well-known service type, defined by its service type and service labels.\nValid values of service types and services labels are described at\nhttps://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_slo":{"version":0,"block":{"attributes":{"calendar_period":{"type":"string","description":"A calendar period, semantically \"since the start of the current\n\u003ccalendarPeriod\u003e\". Possible values: [\"DAY\", \"WEEK\", \"FORTNIGHT\", \"MONTH\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Name used for UI elements listing this SLO.","description_kind":"plain","optional":true},"goal":{"type":"number","description":"The fraction of service that must be good in order for this objective\nto be met. 0 \u003c goal \u003c= 0.999","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rolling_period_days":{"type":"number","description":"A rolling time period, semantically \"in the past X days\".\nMust be between 1 to 30 days, inclusive.","description_kind":"plain","optional":true},"service":{"type":"string","description":"ID of the service to which this SLO belongs.","description_kind":"plain","required":true},"slo_id":{"type":"string","description":"The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"basic_sli":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic Service-Level Indicator (SLI) on a well-known service type.\nPerformance will be computed on the basis of pre-defined metrics.\n\nSLIs are used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"request_based_sli":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided.\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1}},"description":"A request-based SLI defines a SLI for which atomic units of\nservice are counted directly.\n\nA SLI describes a good service.\nIt is used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"windows_based_sli":{"nesting_mode":"list","block":{"attributes":{"good_bad_metric_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nwith ValueType = BOOL. The window is good if any true values\nappear in the window. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain","optional":true},"window_period":{"type":"string","description":"Duration over which window quality is evaluated, given as a\nduration string \"{X}s\" representing X seconds. Must be an\ninteger fraction of a day and at least 60s.","description_kind":"plain","optional":true}},"block_types":{"good_total_ratio_threshold":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"number","description":"If window performance \u003e= threshold, the window is counted\nas good.","description_kind":"plain","optional":true}},"block_types":{"basic_sli_performance":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to 'true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1},"performance":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.","description_kind":"plain"},"max_items":1}},"description":"Request-based SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1}},"description":"Criterion that describes a window as good if its performance is\nhigh enough. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1},"metric_mean_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nThe provided TimeSeries must have ValueType = INT64 or\nValueType = DOUBLE and MetricKind = GAUGE. Mean value 'X'\nshould satisfy 'range.min \u003c= X \u003c= range.max'\nunder good service.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Mean value 'X' of 'time_series'\nvalues should satisfy 'range.min \u003c= X \u003c= range.max' for a\ngood service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *averaged* across returned streams.\nOne of 'good_bad_metric_filter',\n\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.\nAverage value X of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"max_items":1},"metric_sum_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nquality. The provided TimeSeries must have\nValueType = INT64 or ValueType = DOUBLE and\nMetricKind = GAUGE.\n\nSummed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Summed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *summed* across returned streams.\nSummed value 'X' of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.\n\nOne of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1}},"description":"A windows-based SLI defines the criteria for time windows.\ngood_service is defined based off the count of these time windows\nfor which the provided service was of good quality.\n\nA SLI describes a good service. It is used to measure and calculate\nthe quality of the Service's performance with respect to a single\naspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_monitoring_uptime_check_config":{"version":0,"block":{"attributes":{"checker_type":{"type":"string","description":"The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. Possible values: [\"STATIC_IP_CHECKERS\", \"VPC_CHECKERS\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique resource name for this UptimeCheckConfig. The format is projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID].","description_kind":"plain","computed":true},"period":{"type":"string","description":"How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selected_regions":{"type":["list","string"],"description":"The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration","description_kind":"plain","required":true},"uptime_check_id":{"type":"string","description":"The id of the uptime check","description_kind":"plain","computed":true}},"block_types":{"content_matchers":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"String or regex content to match (max 1024 bytes)","description_kind":"plain","required":true},"matcher":{"type":"string","description":"The type of content matcher that will be applied to the server output, compared to the content string when the check is run. Default value: \"CONTAINS_STRING\" Possible values: [\"CONTAINS_STRING\", \"NOT_CONTAINS_STRING\", \"MATCHES_REGEX\", \"NOT_MATCHES_REGEX\", \"MATCHES_JSON_PATH\", \"NOT_MATCHES_JSON_PATH\"]","description_kind":"plain","optional":true}},"block_types":{"json_path_matcher":{"nesting_mode":"list","block":{"attributes":{"json_matcher":{"type":"string","description":"Options to perform JSONPath content matching. Default value: \"EXACT_MATCH\" Possible values: [\"EXACT_MATCH\", \"REGEX_MATCH\"]","description_kind":"plain","optional":true},"json_path":{"type":"string","description":"JSONPath within the response output pointing to the expected 'ContentMatcher::content' to match against.","description_kind":"plain","required":true}},"description":"Information needed to perform a JSONPath content match. Used for 'ContentMatcherOption::MATCHES_JSON_PATH' and 'ContentMatcherOption::NOT_MATCHES_JSON_PATH'.","description_kind":"plain"},"max_items":1}},"description":"The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required.","description_kind":"plain"}},"http_check":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"The request body associated with the HTTP POST request. If contentType is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If the requestMethod is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. \"foo=bar\" in URL-encoded form is \"foo%3Dbar\" and in base64 encoding is \"Zm9vJTI1M0RiYXI=\".","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"The content type to use for the check. Possible values: [\"TYPE_UNSPECIFIED\", \"URL_ENCODED\"]","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.","description_kind":"plain","optional":true,"computed":true},"mask_headers":{"type":"bool","description":"Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if mask_headers is set to True then the headers will be obscured with ******.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with \"/\", a \"/\" will be prepended automatically. Optional (defaults to \"/\").","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).","description_kind":"plain","optional":true,"computed":true},"request_method":{"type":"string","description":"The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. Default value: \"GET\" Possible values: [\"METHOD_UNSPECIFIED\", \"GET\", \"POST\"]","description_kind":"plain","optional":true},"use_ssl":{"type":"bool","description":"If true, use HTTPS instead of HTTP to run the check.","description_kind":"plain","optional":true},"validate_ssl":{"type":"bool","description":"Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where monitoredResource is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect.","description_kind":"plain","optional":true}},"block_types":{"accepted_response_status_codes":{"nesting_mode":"list","block":{"attributes":{"status_class":{"type":"string","description":"A class of status codes to accept. Possible values: [\"STATUS_CLASS_1XX\", \"STATUS_CLASS_2XX\", \"STATUS_CLASS_3XX\", \"STATUS_CLASS_4XX\", \"STATUS_CLASS_5XX\", \"STATUS_CLASS_ANY\"]","description_kind":"plain","optional":true},"status_value":{"type":"number","description":"A status code to accept.","description_kind":"plain","optional":true}},"description":"If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299.","description_kind":"plain"}},"auth_info":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password to authenticate.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"The username to authenticate.","description_kind":"plain","required":true}},"description":"The authentication information. Optional when creating an HTTP check; defaults to empty.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make an HTTP or HTTPS check.","description_kind":"plain"},"max_items":1},"monitored_resource":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels \"project_id\", \"instance_id\", and \"zone\".","description_kind":"plain","required":true},"type":{"type":"string","description":"The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource types (https://cloud.google.com/monitoring/api/resources) and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list).","description_kind":"plain","required":true}},"description":"The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service","description_kind":"plain"},"max_items":1},"resource_group":{"nesting_mode":"list","block":{"attributes":{"group_id":{"type":"string","description":"The group of resources being monitored. Should be the 'name' of a group","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The resource type of the group members. Possible values: [\"RESOURCE_TYPE_UNSPECIFIED\", \"INSTANCE\", \"AWS_ELB_LOAD_BALANCER\"]","description_kind":"plain","optional":true}},"description":"The group resource associated with the configuration.","description_kind":"plain"},"max_items":1},"tcp_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) to construct the full URL.","description_kind":"plain","required":true}},"description":"Contains information needed to make a TCP check.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_hub":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the hub.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).","description_kind":"plain","optional":true},"name":{"type":"string","description":"Immutable. The name of the hub. Hub names must be unique. They use the following form: `projects/{project_number}/locations/global/hubs/{hub_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"routing_vpcs":{"type":["list",["object",{"uri":"string"}]],"description":"The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_spoke":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the spoke was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the spoke.","description_kind":"plain","optional":true},"hub":{"type":"string","description":"Immutable. The URI of the hub that this spoke is attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the spoke. Spoke names must be unique.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the spoke was last updated.","description_kind":"plain","computed":true}},"block_types":{"linked_interconnect_attachments":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked interconnect attachment resources","description_kind":"plain","required":true}},"description":"A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.","description_kind":"plain"},"max_items":1},"linked_router_appliance_instances":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The IP address on the VM to use for peering.","description_kind":"plain","optional":true},"virtual_machine":{"type":"string","description":"The URI of the virtual machine resource","description_kind":"plain","optional":true}},"description":"The list of router appliance instances","description_kind":"plain"},"min_items":1}},"description":"The URIs of linked Router appliance resources","description_kind":"plain"},"max_items":1},"linked_vpn_tunnels":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked VPN tunnel resources.","description_kind":"plain","required":true}},"description":"The URIs of linked VPN tunnel resources","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_connectivity_test":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The user-supplied description of the Connectivity Test.\nMaximum of 512 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the connectivity test.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"IP Protocol of the test. When not provided, \"TCP\" is assumed.","description_kind":"plain","optional":true},"related_projects":{"type":["list","string"],"description":"Other projects that may be relevant for reachability analysis.\nThis is applicable to scenarios where a test can cross project\nboundaries.","description_kind":"plain","optional":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n1. Only the IP address is specified, and the IP address is within\na GCP project. 2. When you are using Shared VPC and the IP address\nthat you provide is from the service project. In this case, the\nnetwork that the IP address resides in is defined in the host\nproject.","description_kind":"plain","optional":true}},"description":"Required. Destination specification of the Connectivity Test.\n\nYou can use a combination of destination IP address, Compute\nEngine VM instance, or VPC network to uniquely identify the\ndestination location.\n\nEven if the destination IP address is not unique, the source IP\nlocation is unique. Usually, the analysis can infer the destination\nendpoint from route information.\n\nIf the destination you specify is a VM instance and the instance has\nmultiple network interfaces, then you must also specify either a\ndestination IP address or VPC network to identify the destination\ninterface.\n\nA reachability analysis proceeds even if the destination location\nis ambiguous. However, the result can include endpoints that you\ndon't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"source":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"Type of the network where the endpoint is located. Possible values: [\"GCP_NETWORK\", \"NON_GCP_NETWORK\"]","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n\n1. Only the IP address is specified, and the IP address is\n within a GCP project.\n2. When you are using Shared VPC and the IP address\n that you provide is from the service project. In this case,\n the network that the IP address resides in is defined in the\n host project.","description_kind":"plain","optional":true}},"description":"Required. Source specification of the Connectivity Test.\n\nYou can use a combination of source IP address, virtual machine\n(VM) instance, or Compute Engine network to uniquely identify the\nsource location.\n\nExamples: If the source IP address is an internal IP address within\na Google Cloud Virtual Private Cloud (VPC) network, then you must\nalso specify the VPC network. Otherwise, specify the VM instance,\nwhich already contains its internal IP address and VPC network\ninformation.\n\nIf the source of the test is within an on-premises network, then\nyou must provide the destination VPC network.\n\nIf the source endpoint is a Compute Engine VM instance with multiple\nnetwork interfaces, the instance itself is not sufficient to\nidentify the endpoint. So, you must also specify the source IP\naddress or VPC network.\n\nA reachability analysis proceeds even if the source location is\nambiguous. However, the test result may include endpoints that\nyou don't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group":{"version":0,"block":{"attributes":{"capacity":{"type":"number","description":"Capacity of the Address Group.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"items":{"type":["list","string"],"description":"List of items.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the AddressGroup resource.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the AddressGroup resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the Address Group. Possible values are \"IPV4\" or \"IPV6\". Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}\ngatewaySecurityPolicy should match the pattern:(^a-z?$).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy_rule":{"version":0,"block":{"attributes":{"application_matcher":{"type":"string","description":"CEL expression for matching on L7/application level criteria.","description_kind":"plain","optional":true},"basic_profile":{"type":"string","description":"Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values: [\"BASIC_PROFILE_UNSPECIFIED\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether the rule is enforced.","description_kind":"plain","required":true},"gateway_security_policy":{"type":"string","description":"The name of the gatewat security policy this rule belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}\nrule should match the pattern: (^a-z?$).","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority of the rule. Lower number corresponds to higher precedence.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"session_matcher":{"type":"string","description":"CEL expression for matching on session criteria.","description_kind":"plain","required":true},"tls_inspection_enabled":{"type":"bool","description":"Flag to enable TLS inspection of traffic matching on. Can only be true if the\nparent GatewaySecurityPolicy references a TLSInspectionConfig.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_url_lists":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time when the security policy was created.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the url lists.","description_kind":"plain","required":true},"name":{"type":"string","description":"Short name of the UrlList resource to be created.\nThis value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. 'urlList'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Time when the security policy was updated.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"values":{"type":["list","string"],"description":"FQDNs and URLs.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_keyset":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*\nwhich means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"managed":{"type":"bool","description":"Set to true to have the CDN automatically manage this public key value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).\nRepresentations or encodings of the public key other than this will be rejected with an error.","description_kind":"plain","optional":true,"sensitive":true}},"description":"An ordered list of Ed25519 public keys to use for validating signed requests.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.\nYou may specify no more than one Google-managed public key.\nIf you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.\n\nEd25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.\nEnsure that the private key is kept secret, and that only authorized users can add public keys to a keyset.","description_kind":"plain"},"max_items":3},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"validation_shared_keys":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the secret version in Secret Manager.\n\nThe resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.\nThe secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.\n* If you are using HMAC-SHA1, we suggest 20-byte secrets.\n* If you are using HMAC-SHA256, we suggest 32-byte secrets.\nSee RFC 2104, Section 3 for more details on these recommendations.","description_kind":"plain","required":true}},"description":"An ordered list of shared keys to use for validating signed requests.\nShared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.\nYou can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.","description_kind":"plain"},"max_items":3}},"description_kind":"plain"}},"google_network_services_edge_cache_origin":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"failover_origin":{"type":"string","description":"The Origin resource to try when the current origin cannot be reached.\nAfter maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.\n\nThe value of timeout.maxAttemptsTimeout dictates the timeout across all origins.\nA reference to a Topic resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.","description_kind":"plain","optional":true},"max_attempts":{"type":"number","description":"The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.\n\nOnce maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,\nretryConditions and failoverOrigin to control its own cache fill failures.\n\nThe total number of allowed attempts to cache fill across this and failover origins is limited to four.\nThe total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.\n\nThe last valid, non-retried response from all origins will be returned to the client.\nIf no origin returns a valid response, an HTTP 502 will be returned to the client.\n\nDefaults to 1. Must be a value greater than 0 and less than 4.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"origin_address":{"type":"string","description":"A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.\n\nThis address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname\n\nWhen providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.\nIf a Cloud Storage bucket is provided, it must be in the canonical \"gs://bucketname\" format. Other forms, such as \"storage.googleapis.com\", will be rejected.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port to connect to the origin on.\nDefaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security \u0026 performance.\n\nWhen using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: [\"HTTP2\", \"HTTPS\", \"HTTP\"]","description_kind":"plain","optional":true,"computed":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more retry conditions for the configured origin.\n\nIf the failure mode during a connection attempt to the origin matches the configured retryCondition(s),\nthe origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.\n\nThe default retryCondition is \"CONNECT_FAILURE\".\n\nretryConditions apply to this origin, and not subsequent failoverOrigin(s),\nwhich may specify their own retryConditions and maxAttempts.\n\nValid values are:\n\n- CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts.\n- HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.\n- GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n- RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)\n- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.\n- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: [\"CONNECT_FAILURE\", \"HTTP_5XX\", \"GATEWAY_ERROR\", \"RETRIABLE_4XX\", \"NOT_FOUND\", \"FORBIDDEN\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"The access key ID your origin uses to identify the key.","description_kind":"plain","required":true},"origin_region":{"type":"string","description":"The name of the AWS region that your origin is in.","description_kind":"plain","required":true},"secret_access_key_version":{"type":"string","description":"The Secret Manager secret version of the secret access key used by your origin.\n\nThis is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require.","description_kind":"plain","required":true}},"description":"Enable AWS Signature Version 4 origin authentication.","description_kind":"plain"},"max_items":1},"origin_override_action":{"nesting_mode":"list","block":{"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.\n\nBy default, added header values are appended\nto the response or request headers with the\nsame field names. The added values are\nseparated by commas.\n\nTo overwrite existing values, set 'replace' to 'true'.","description_kind":"plain","optional":true}},"description":"Describes a header to add.\n\nYou may add a maximum of 25 request headers.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding and removing\nheaders, for request handled by this origin.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected\norigin, the request's host header is replaced with\ncontents of the hostRewrite.\n\nThis value must be between 1 and 255 characters.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for request that are\nhandled by this origin.","description_kind":"plain"},"max_items":1}},"description":"The override actions, including url rewrites and header\nadditions, for requests that use this origin.","description_kind":"plain"},"max_items":1},"origin_redirect":{"nesting_mode":"list","block":{"attributes":{"redirect_conditions":{"type":["list","string"],"description":"The set of redirect response codes that the CDN\nfollows. Values of\n[RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)\nare accepted.","description_kind":"plain","optional":true}},"description":"Follow redirects from this origin.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"string","description":"The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.\n\nDefaults to 5 seconds. The timeout must be a value between 1s and 15s.\n\nThe connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.","description_kind":"plain","optional":true},"max_attempts_timeout":{"type":"string","description":"The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nIf a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.","description_kind":"plain","optional":true},"read_timeout":{"type":"string","description":"The maximum duration to wait between reads of a single HTTP connection/stream.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nThe readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true},"response_timeout":{"type":"string","description":"The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.\n\nDefaults to 30 seconds. The timeout must be a value between 1s and 120s.\n\nThe responseTimeout starts after the connection has been established.\n\nThis also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true}},"description":"The connection and HTTP timeout configuration for this origin.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_service":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"disable_http2":{"type":"bool","description":"Disables HTTP/2.\n\nHTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.\n\nSome legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.","description_kind":"plain","optional":true},"disable_quic":{"type":"bool","description":"HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.","description_kind":"plain","optional":true,"computed":true},"edge_security_policy":{"type":"string","description":"Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.","description_kind":"plain","optional":true},"edge_ssl_certificates":{"type":["list","string"],"description":"URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.\n\nNote that only \"global\" certificates with a \"scope\" of \"EDGE_CACHE\" can be attached to an EdgeCacheService.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_addresses":{"type":["list","string"],"description":"The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"ipv6_addresses":{"type":["list","string"],"description":"The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"require_tls":{"type":"bool","description":"Require TLS (HTTPS) for all clients connecting to this service.\n\nClients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).\nYou must have at least one (1) edgeSslCertificate specified to enable this.","description_kind":"plain","optional":true,"computed":true},"ssl_policy":{"type":"string","description":"URL of the SslPolicy resource that will be associated with the EdgeCacheService.\n\nIf not set, the EdgeCacheService has no SSL policy configured, and will default to the \"COMPATIBLE\" policy.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Specifies whether to enable logging for traffic served by this service.","description_kind":"plain","optional":true,"computed":true},"sample_rate":{"type":"number","description":"Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].\n\nThis field can only be specified if logging is enabled for this service.","description_kind":"plain","optional":true}},"description":"Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"routing":{"nesting_mode":"list","block":{"block_types":{"host_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the hostRule.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"The list of host patterns to match.\n\nHost patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.\n\nWhen multiple hosts are specified, hosts are matched in the following priority:\n\n 1. Exact domain names: ''www.foo.com''.\n 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.\n 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.\n 4. Special wildcard ''*'' matching any domain.\n\n Notes:\n\n The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.\n\n Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the \":authority\" header, from the incoming request.\n\n You may specify up to 10 hosts.","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the pathMatcher associated with this hostRule.","description_kind":"plain","required":true}},"description":"The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.","description_kind":"plain"},"min_items":1,"max_items":10},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"route_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the routeRule.","description_kind":"plain","optional":true},"origin":{"type":"string","description":"The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names (\"my-origin\") or fully-qualified resource URLs - e.g. \"networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin\"\n\nOnly one of origin or urlRedirect can be set.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"The priority of this route rule, where 1 is the highest priority.\n\nYou cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers\nto which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Describes a header to add.","description_kind":"plain"},"max_items":25},"request_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to remove.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25},"response_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Headers to add to the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain"},"max_items":25},"response_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"Headers to remove from the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding \u0026 removing headers, for requests that match this route.","description_kind":"plain"},"max_items":1},"match_rule":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.","description_kind":"plain","optional":true,"computed":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.","description_kind":"plain","optional":true}},"block_types":{"header_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value of the header should exactly match contents of exactMatch.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The header name to match on.","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false (default), the headerMatch is considered a match if the match criteria above are met.\nIf set to true, the headerMatch is considered a match if the match criteria above are NOT met.","description_kind":"plain","optional":true,"computed":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch.","description_kind":"plain","optional":true}},"description":"Specifies a list of header match criteria, all of which must match corresponding headers in the request.","description_kind":"plain"},"max_items":3},"query_parameter_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.","description_kind":"plain"},"max_items":5}},"description":"The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates\nwithin a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.","description_kind":"plain"},"min_items":1,"max_items":5},"route_action":{"nesting_mode":"list","block":{"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.\n\nFor all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: [\"CACHE_ALL_STATIC\", \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"BYPASS_CACHE\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"string","description":"Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.\n\n- The TTL must be \u003e 0 and \u003c= 86400s (1 day)\n- The clientTtl cannot be larger than the defaultTtl (if set)\n- Fractions of a second are not allowed.\n\nOmit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true},"default_ttl":{"type":"string","description":"Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).\n\nDefaults to 3600s (1 hour).\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\" (equivalent to must-revalidate)\n- The value of defaultTTL cannot be set to a value greater than that of maxTTL.\n- Fractions of a second are not allowed.\n- When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.\n\nNote that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Specifies the maximum allowed TTL for cached content served by this origin.\n\nDefaults to 86400s (1 day).\n\nCache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\"\n- The value of maxTtl must be equal to or greater than defaultTtl.\n- Fractions of a second are not allowed.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.\n\nBy default, the CDNPolicy will apply the following default TTLs to these status codes:\n\n- HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m\n- HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s\n- HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s\n\nThese defaults can be overridden in negativeCachingPolicy","description_kind":"plain","optional":true},"negative_caching_policy":{"type":["map","string"],"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\n\n- Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.\n- TTLs must be \u003e= 0 (where 0 is \"always revalidate\") and \u003c= 86400s (1 day)\n\nNote that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.","description_kind":"plain","optional":true},"signed_request_keyset":{"type":"string","description":"The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.","description_kind":"plain","optional":true,"computed":true},"signed_request_maximum_expiration_ttl":{"type":"string","description":"Limit how far into the future the expiration time of a signed request may be.\n\nWhen set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.\n\n- The TTL must be \u003e 0.\n- Fractions of a second are not allowed.\n\nBy default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.","description_kind":"plain","optional":true},"signed_request_mode":{"type":"string","description":"Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.\n\nYou must also set a signedRequestKeyset to enable signed requests.\n\nWhen set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: [\"DISABLED\", \"REQUIRE_SIGNATURES\", \"REQUIRE_TOKENS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"add_signatures":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"The actions to take to add signatures to responses. Possible values: [\"GENERATE_COOKIE\", \"GENERATE_TOKEN_HLS_COOKIELESS\", \"PROPAGATE_TOKEN_HLS_COOKIELESS\"]","description_kind":"plain","required":true},"copied_parameters":{"type":["list","string"],"description":"The parameters to copy from the verified token to the generated token.\n\nOnly the following parameters may be copied:\n\n * 'PathGlobs'\n * 'paths'\n * 'acl'\n * 'URLPrefix'\n * 'IPRanges'\n * 'SessionID'\n * 'id'\n * 'Data'\n * 'data'\n * 'payload'\n * 'Headers'\n\nYou may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"keyset":{"type":"string","description":"The keyset to use for signature generation.\n\nThe following are both valid paths to an EdgeCacheKeyset resource:\n\n * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'\n * 'yourKeyset'\n\nThis must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to put the generated token.\n\nIf not specified, defaults to 'edge-cache-token'.\n\nIf specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nThis field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"token_ttl":{"type":"string","description":"The duration the token is valid starting from the moment the token is first generated.\n\nDefaults to '86400s' (1 day).\n\nThe TTL must be \u003e= 0 and \u003c= 604,800 seconds (1 week).\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Enable signature generation or propagation on this route.\n\nThis field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"exclude_host":{"type":"bool","description":"If true, requests to different hosts will be cached separately.\n\nNote: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.","description_kind":"plain","optional":true,"computed":true},"exclude_query_string":{"type":"bool","description":"If true, exclude query string parameters from the cache key\n\nIf false (the default), include the query string parameters in\nthe cache key according to includeQueryParameters and\nexcludeQueryParameters. If neither includeQueryParameters nor\nexcludeQueryParameters is set, the entire query string will be\nincluded.","description_kind":"plain","optional":true},"excluded_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to exclude from cache keys. All other parameters will be included.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true,"computed":true},"included_cookie_names":{"type":["list","string"],"description":"Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.\n\nCookie names:\n - must be valid RFC 6265 \"cookie-name\" tokens\n - are case sensitive\n - cannot start with \"Edge-Cache-\" (case insensitive)\n\n Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.\n\n You may specify up to three cookie names.","description_kind":"plain","optional":true},"included_header_names":{"type":["list","string"],"description":"Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.\n\n- Header names must be valid HTTP RFC 7230 header field values.\n- Header field names are case insensitive\n- To include the HTTP method, use \":method\"\n\nNote that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.","description_kind":"plain","optional":true},"included_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys. All other parameters will be excluded.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"Defines the request parameters that contribute to the cache key.","description_kind":"plain"},"max_items":1},"signed_token_options":{"nesting_mode":"list","block":{"attributes":{"allowed_signature_algorithms":{"type":["list","string"],"description":"The allowed signature algorithms to use.\n\nDefaults to using only ED25519.\n\nYou may specify up to 3 signature algorithms to use. Possible values: [\"ED25519\", \"HMAC_SHA_256\", \"HMAC_SHA1\"]","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to find the token.\n\nThe name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nDefaults to 'edge-cache-token'.","description_kind":"plain","optional":true}},"description":"Additional options for signed tokens.\n\nsignedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1}},"description":"The policy to use for defining caching and signed request behaviour for requests that match this route.","description_kind":"plain"},"max_items":1},"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\n\nThis translates to the Access-Control-Allow-Credentials response header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods response header.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\n\nThis translates to the Access-Control-Allow-Origin response header.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"max_age":{"type":"string","description":"Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).\n\n- Setting the value to -1 forces a pre-flight check for all requests (not recommended)\n- A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.\n- This translates to the Access-Control-Max-Age header.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"description":"CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was supplied in the request.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.\n\nThis can only be set if there is at least one (1) edgeSslCertificate set on the service.","description_kind":"plain","optional":true,"computed":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was supplied in the request.\n\npathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.\n\nThe path value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.\n\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction.\n\nThe supported values are:\n\n- 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.\n- 'FOUND', which corresponds to 302.\n- 'SEE_OTHER' which corresponds to 303.\n- 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.\n- 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: [\"MOVED_PERMANENTLY_DEFAULT\", \"FOUND\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\", \"PERMANENT_REDIRECT\"]","description_kind":"plain","optional":true,"computed":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.","description_kind":"plain","optional":true,"computed":true}},"description":"The URL redirect configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.","description_kind":"plain"},"min_items":1,"max_items":200}},"description":"The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.","description_kind":"plain"},"min_items":1,"max_items":10}},"description":"Defines how requests are routed, modified, cached and/or which origin content is filled from.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_gateway":{"version":0,"block":{"attributes":{"addresses":{"type":["list","string"],"description":"Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,\nan IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.\nGateways of type 'OPEN_MESH' listen on 0.0.0.0.","description_kind":"plain","optional":true},"certificate_urls":{"type":["list","string"],"description":"A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.\nThis feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"delete_swg_autogen_router_on_destroy":{"type":"bool","description":"When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.\nIf there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"gateway_security_policy":{"type":"string","description":"A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.\nFor example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.\nThis policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Gateway resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the Gateway resource to be created.","description_kind":"plain","required":true},"network":{"type":"string","description":"The relative resource name identifying the VPC network that is using this configuration.\nFor example: 'projects/*/global/networks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"ports":{"type":["list","number"],"description":"One or more port numbers (1-65535), on which the Gateway will receive traffic.\nThe proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are\nlimited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"Immutable. Scope determines how configuration across multiple Gateway instances are merged.\nThe configuration for multiple Gateway instances with the same scope will be merged as presented as\na single coniguration to the proxy/load balancer.\nMax length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.\nIf empty, TLS termination is disabled.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"The relative resource name identifying the subnetwork in which this SWG is allocated.\nFor example: 'projects/*/regions/us-central1/subnetworks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY. Possible values: [\"TYPE_UNSPECIFIED\", \"OPEN_MESH\", \"SECURE_WEB_GATEWAY\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_environment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of this environment for the UI.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name specified for the Environment instance.\nFormat: projects/{project_id}/locations/{location}/environments/{environmentId}","description_kind":"plain","required":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance fully boots up.\nThe path must be a URL or Cloud Storage path. Example: \"gs://path-to-file/file-name\"","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance":{"version":0,"block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","optional":true,"computed":true},"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"number","description":"The size of the data disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB).\nYou can choose the size of the data disk based on how big your notebooks and data are.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"disk_encryption":{"type":"string","description":"Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values: [\"DISK_ENCRYPTION_UNSPECIFIED\", \"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"install_gpu_driver":{"type":"bool","description":"Whether the end user authorizes Google Cloud to install GPU driver\non this instance. If this field is empty or set to false, the GPU driver\nwon't be installed. Only applicable to instances with GPUs.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"The list of owners of this instance after creation.\nFormat: alias@example.com.\nCurrently supports one owner only.\nIf not specified, all of the service account users of\nyour VM instance's service account can use the instance.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK.\nFormat: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this instance. These can be later modified by the setLabels method.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"machine_type":{"type":"string","description":"A reference to a machine type which defines VM kind.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Custom metadata to apply to this instance.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the Notebook instance.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC that this instance is in.\nFormat: projects/{project_id}/global/networks/{network_id}","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC driver. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"no_proxy_access":{"type":"bool","description":"The notebook instance will not register with the proxy..","description_kind":"plain","optional":true},"no_public_ip":{"type":"bool","description":"No public IP will be assigned to this instance.","description_kind":"plain","optional":true},"no_remove_data_disk":{"type":"bool","description":"If true, the data disk will not be auto deleted when deleting the instance.","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a\nnotebook instance fully boots up. The path must be a URL\nor Cloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the Jupyter notebook.\nOnly returned when the resource is in a 'PROVISIONED' state. If\nneeded you can utilize 'terraform apply -refresh-only' to await\nthe population of this value.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account on this instance, giving access to other\nGoogle Cloud services. You can use any service account within\nthe same project, but you must have the service account user\npermission to use the instance. If not specified,\nthe Compute Engine default service account is used.","description_kind":"plain","optional":true,"computed":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances.\nIf not specified, the following scopes are defined:\n- https://www.googleapis.com/auth/cloud-platform\n- https://www.googleapis.com/auth/userinfo.email","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this instance.","description_kind":"plain","computed":true},"subnet":{"type":"string","description":"The name of the subnet that this instance is in.\nFormat: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to instance.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Instance update time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of this accelerator. Possible values: [\"ACCELERATOR_TYPE_UNSPECIFIED\", \"NVIDIA_TESLA_K80\", \"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\", \"NVIDIA_TESLA_A100\", \"TPU_V2\", \"TPU_V3\"]","description_kind":"plain","required":true}},"description":"The hardware accelerator used on this instance. If you use accelerators,\nmake sure that your configuration has enough vCPUs and memory to support the\nmachineType you have selected.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"The type of Compute Reservation. Possible values: [\"NO_RESERVATION\", \"ANY_RESERVATION\", \"SPECIFIC_RESERVATION\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the\nboot integrity of the instance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image when the instance is created.\nEnabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs\nauthentic software by verifying the digital signature of all boot components, and halting the boot process\nif signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. Check [Images using supported Shielded VM features]\nNot all combinations are valid","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_location":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Location resource.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_runtime":{"version":0,"block":{"attributes":{"health_state":{"type":"string","description":"The health state of this runtime. For a list of possible output\nvalues, see 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#healthstate'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"metrics":{"type":["list",["object",{"system_metrics":["map","string"]}]],"description":"Contains Runtime daemon metrics such as Service status and JupyterLab\nstatus","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name specified for the Notebook runtime.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this runtime.","description_kind":"plain","computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"The type of access mode this instance. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#RuntimeAccessType'.","description_kind":"plain","optional":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the runtime.","description_kind":"plain","computed":true},"runtime_owner":{"type":"string","description":"The owner of this runtime after creation. Format: 'alias@example.com'.\nCurrently supports one owner only.","description_kind":"plain","optional":true}},"description":"The config settings for accessing runtime.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"enable_health_monitoring":{"type":"bool","description":"Verifies core internal services are running. Default: True.","description_kind":"plain","optional":true},"idle_shutdown":{"type":"bool","description":"Runtime will automatically shutdown after idle_shutdown_time.\nDefault: True","description_kind":"plain","optional":true},"idle_shutdown_timeout":{"type":"number","description":"Time in minutes to wait before shuting down runtime.\nDefault: 180 minutes","description_kind":"plain","optional":true},"install_gpu_driver":{"type":"bool","description":"Install Nvidia Driver automatically.","description_kind":"plain","optional":true},"notebook_upgrade_schedule":{"type":"string","description":"Cron expression in UTC timezone for schedule instance auto upgrade.\nPlease follow the [cron format](https://en.wikipedia.org/wiki/Cron).","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance\nfully boots up. The path must be a URL or\nCloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"post_startup_script_behavior":{"type":"string","description":"Behavior for the post startup script. Possible values: [\"POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED\", \"RUN_EVERY_START\", \"DOWNLOAD_AND_RUN_EVERY_START\"]","description_kind":"plain","optional":true},"upgradeable":{"type":"bool","description":"Bool indicating whether an newer image is available in an image family.","description_kind":"plain","computed":true}},"block_types":{"kernels":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to use as Kernels in the notebook instance.","description_kind":"plain"}}},"description":"The config settings for software inside the runtime.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"instance_id":{"type":"string","description":"The unique identifier of the Managed Compute Engine instance.","description_kind":"plain","computed":true},"instance_name":{"type":"string","description":"The user-friendly name of the Managed Compute Engine instance.","description_kind":"plain","computed":true}},"block_types":{"virtual_machine_config":{"nesting_mode":"list","block":{"attributes":{"guest_attributes":{"type":["map","string"],"description":"The Compute Engine guest attributes. (see [Project and instance\nguest attributes](https://cloud.google.com/compute/docs/\nstoring-retrieving-metadata#guest_attributes)).","description_kind":"plain","computed":true},"internal_ip_only":{"type":"bool","description":"If true, runtime will only have internal IP addresses. By default,\nruntimes are not restricted to internal IP addresses, and will\nhave ephemeral external IP addresses assigned to each vm. This\n'internal_ip_only' restriction can only be enabled for subnetwork\nenabled networks, and all dependencies must be configured to be\naccessible without external IP addresses.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for runtimes.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to virtual machine.\n(see [Project and instance metadata](https://cloud.google.com\n/compute/docs/storing-retrieving-metadata#project_and_instance\n_metadata)).","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine network to be used for machine communications.\nCannot be specified with subnetwork. If neither 'network' nor\n'subnet' is specified, the \"default\" network of the project is\nused, if it exists. A full URL or partial URI. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/global/default'\n * 'projects/[project_id]/regions/global/default'\nRuntimes are managed resources inside Google Infrastructure.\nRuntimes support the following network configurations:\n * Google Managed Network (Network \u0026 subnet are empty)\n * Consumer Project VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.\n * Shared VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. This may be gVNIC\nor VirtioNet. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"reserved_ip_range":{"type":"string","description":"Reserved IP Range name is used for VPC Peering. The\nsubnetwork allocation will use the range *name* if it's assigned.","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"The Compute Engine subnetwork to be used for machine\ncommunications. Cannot be specified with network. A full URL or\npartial URI are valid. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/us-east1/subnetworks/sub0'\n * 'projects/[project_id]/regions/us-east1/subnetworks/sub0'","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to runtime (see [Tagging instances]\n(https://cloud.google.com/compute/docs/\nlabel-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone where the virtual machine is located.","description_kind":"plain","computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Accelerator model. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#AcceleratorType'","description_kind":"plain","optional":true}},"description":"The Compute Engine accelerator configuration for this runtime.","description_kind":"plain"},"max_items":1},"container_images":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to start the notebook instance.","description_kind":"plain"}},"data_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Optional. Specifies whether the disk will be auto-deleted\nwhen the instance is deleted (but not when the disk is\ndetached from the instance).","description_kind":"plain","computed":true},"boot":{"type":"bool","description":"Optional. Indicates that this is a boot disk. The virtual\nmachine will use the first partition of the disk for its\nroot filesystem.","description_kind":"plain","computed":true},"device_name":{"type":"string","description":"Optional. Specifies a unique device name of your choice\nthat is reflected into the /dev/disk/by-id/google-* tree\nof a Linux operating system running within the instance.\nThis name can be used to reference the device for mounting,\nresizing, and so on, from within the instance.\nIf not specified, the server chooses a default device name\nto apply to this disk, in the form persistent-disk-x, where\nx is a number assigned by Google Compute Engine. This field\nis only applicable for persistent disks.","description_kind":"plain","computed":true},"guest_os_features":{"type":["list","string"],"description":"Indicates a list of features to enable on the guest operating\nsystem. Applicable only for bootable images. To see a list of\navailable features, read 'https://cloud.google.com/compute/docs/\nimages/create-delete-deprecate-private-images#guest-os-features'\noptions. ''","description_kind":"plain","computed":true},"index":{"type":"number","description":"Output only. A zero-based index to this disk, where 0 is\nreserved for the boot disk. If you have many disks attached\nto an instance, each disk would have a unique index number.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"\"Specifies the disk interface to use for attaching this disk,\nwhich is either SCSI or NVME. The default is SCSI. Persistent\ndisks must always use SCSI and the request will fail if you attempt\nto attach a persistent disk in any other format than SCSI. Local SSDs\ncan use either NVME or SCSI. For performance characteristics of SCSI\nover NVMe, see Local SSD performance. Valid values: * NVME * SCSI\".","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Type of the resource. Always compute#attachedDisk for attached\ndisks.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Output only. Any valid publicly visible licenses.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE\nor READ_ONLY. If not specified, the default is to attach\nthe disk in READ_WRITE mode.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Specifies a valid partial or full URL to an existing\nPersistent Disk resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the disk, either SCRATCH or PERSISTENT.\nIf not specified, the default is PERSISTENT.","description_kind":"plain","optional":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Provide this property when creating the disk.","description_kind":"plain","optional":true},"disk_name":{"type":"string","description":"Specifies the disk name. If not specified, the default is\nto use the name of the instance. If the disk with the\ninstance name exists already in the given zone/region, a\nnew name will be automatically generated.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB. If not\nspecified, the disk will be the same size as the image\n(usually 10GB). If specified, the size must be equal to\nor larger than 10GB. Default 100 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"The type of the boot disk attached to this runtime,\ndefaults to standard persistent disk. For valid values,\nsee 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#disktype'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. These can be later modified\nby the disks.setLabels method. This field is only\napplicable for persistent disks.","description_kind":"plain","optional":true,"computed":true}},"description":"Input only. Specifies the parameters for a new disk that will\nbe created alongside the new instance. Use initialization\nparameters to create boot disks or local SSDs attached to the\nnew instance. This property is mutually exclusive with the\nsource property; you can only define one or the other, but not\nboth.","description_kind":"plain"},"max_items":1}},"description":"Data disk option configuration settings.","description_kind":"plain"},"min_items":1,"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS resource identifier of the customer-managed\nencryption key used to protect a resource, such as a disks.\nIt has the following format:\n'projects/{PROJECT_ID}/locations/{REGION}/keyRings/\n{KEY_RING_NAME}/cryptoKeys/{KEY_NAME}'","description_kind":"plain","optional":true}},"description":"Encryption settings for virtual machine data disk.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.\nEnables monitoring and attestation of the boot integrity of\nthe instance. The attestation is performed against the\nintegrity policy baseline. This baseline is initially derived\nfrom the implicitly trusted boot image when the instance is\ncreated. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.Secure\nBoot helps ensure that the system only runs authentic software\nby verifying the digital signature of all boot components, and\nhalting the boot process if signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled. Enabled by\ndefault.","description_kind":"plain","optional":true}},"description":"Shielded VM Instance configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Virtual Machine configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Use a Compute Engine VM image to start the managed notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_org_policy_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","required":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Basic information about the Organization Policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"organizations/{organization_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"organization_id":{"type":"string","description":"ID of the organization of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can be done for individual services.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_organization_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to create a custom role.","description_kind":"plain","required":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The role id to use for this role.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_os_policy_assignment":{"version":0,"block":{"attributes":{"baseline":{"type":"bool","description":"Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.\nFor a given OS policy assignment, there is only one revision with a value of 'true' for this field.","description_kind":"plain","computed":true},"deleted":{"type":"bool","description":"Output only. Indicates that this revision deletes the OS policy assignment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"OS policy assignment description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Indicates that reconciliation is in progress for the revision. This value is 'true' when the 'rollout_state' is one of:\n* IN_PROGRESS\n* CANCELLING","description_kind":"plain","computed":true},"revision_create_time":{"type":"string","description":"Output only. The timestamp that the revision was created.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment","description_kind":"plain","computed":true},"rollout_state":{"type":"string","description":"Output only. OS policy assignment rollout state","description_kind":"plain","computed":true},"skip_await_rollout":{"type":"bool","description":"Set to true to skip awaiting rollout during resource creation and update.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server generated unique id for the OS policy assignment resource.","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VMs in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true}},"block_types":{"exclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM exclusion.\nIf the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM inclusion.\nIf the list has more than one 'LabelSet', the VM is included if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inventories":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*' An empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventories to select VMs.\nA VM is selected if its inventory data matches at least one of the following inventories.","description_kind":"plain"}}},"description":"Filter to select VMs.","description_kind":"plain"},"min_items":1,"max_items":1},"os_policies":{"nesting_mode":"list","block":{"attributes":{"allow_no_resource_group_match":{"type":"bool","description":"This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to 'true' if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Policy description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The id of the OS policy with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the assignment.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Policy mode Possible values: [\"MODE_UNSPECIFIED\", \"VALIDATION\", \"ENFORCEMENT\"]","description_kind":"plain","required":true}},"block_types":{"resource_groups":{"nesting_mode":"list","block":{"block_types":{"inventory_filters":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version\nPrefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*'\nAn empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventory filters for the resource group.\nThe resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters.\nFor example, to apply this resource group to VMs running either 'RHEL' or 'CentOS' operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos'\nIf the list is empty, this resource group will be applied to the target VM unconditionally.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The id of the resource with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the OS policy.","description_kind":"plain","required":true}},"block_types":{"exec":{"nesting_mode":"list","block":{"block_types":{"enforce":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.","description_kind":"plain"},"max_items":1},"validate":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Exec resource","description_kind":"plain"},"max_items":1},"file":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"A a file with this content. The size of the content is limited to 1024 characters.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The absolute path of the file within the VM.","description_kind":"plain","required":true},"permissions":{"type":"string","description":"Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755.\nBelow are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4","description_kind":"plain","computed":true},"state":{"type":"string","description":"Desired state of the file. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"PRESENT\", \"ABSENT\", \"CONTENTS_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local source.","description_kind":"plain"},"max_items":1}},"description":"File resource","description_kind":"plain"},"max_items":1},"pkg":{"nesting_mode":"list","block":{"attributes":{"desired_state":{"type":"string","description":"The desired state the agent should maintain for this package. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"INSTALLED\", \"REMOVED\"]","description_kind":"plain","required":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Apt.","description_kind":"plain"},"max_items":1},"deb":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'dpkg -i package' - install when true: 'apt-get update \u0026\u0026 apt-get -y install package.deb'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A deb package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A deb package file.","description_kind":"plain"},"max_items":1},"googet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by GooGet.","description_kind":"plain"},"max_items":1},"msi":{"nesting_mode":"list","block":{"attributes":{"properties":{"type":["list","string"],"description":"Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of 'ACTION=INSTALL REBOOT=ReallySuppress'.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"The MSI package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An MSI package.","description_kind":"plain"},"max_items":1},"rpm":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'rpm --upgrade --replacepkgs package.rpm' - install when true: 'yum -y install package.rpm' or 'zypper -y install package.rpm'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"An rpm package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An rpm package file.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by YUM.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Zypper.","description_kind":"plain"},"max_items":1}},"description":"Package resource","description_kind":"plain"},"max_items":1},"repository":{"nesting_mode":"list","block":{"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"archive_type":{"type":"string","description":"Type of archive files in this repository. Possible values: [\"ARCHIVE_TYPE_UNSPECIFIED\", \"DEB\", \"DEB_SRC\"]","description_kind":"plain","required":true},"components":{"type":["list","string"],"description":"List of components for this repository. Must contain at least one item.","description_kind":"plain","required":true},"distribution":{"type":"string","description":"Distribution of this repository.","description_kind":"plain","required":true},"gpg_key":{"type":"string","description":"URI of the key file for this repository. The agent maintains a keyring at '/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg'.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI for this repository.","description_kind":"plain","required":true}},"description":"An Apt Repository.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the repository.","description_kind":"plain","required":true},"url":{"type":"string","description":"The url of the repository.","description_kind":"plain","required":true}},"description":"A Goo Repository.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the yum config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for resource conflicts.","description_kind":"plain","required":true}},"description":"A Yum Repository.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the zypper config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.","description_kind":"plain","required":true}},"description":"A Zypper Repository.","description_kind":"plain"},"max_items":1}},"description":"Package repository resource","description_kind":"plain"},"max_items":1}},"description":"List of resources configured for this resource group. The resources are executed in the exact order specified here.","description_kind":"plain"},"min_items":1}},"description":"List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored.\nIf none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag 'allow_no_resource_group_match'","description_kind":"plain"},"min_items":1}},"description":"List of OS policies to be applied to the VMs.","description_kind":"plain"},"min_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"min_wait_duration":{"type":"string","description":"This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the 'disruption_budget' at least until this duration of time has passed after configuration changes are applied.","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_patch_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the patch deployment was created. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the patch deployment. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Duration of the patch. After the duration ends, the patch times out.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_execute_time":{"type":"string","description":"The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the patch deployment resource in a project.\nThe patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.","description_kind":"plain","computed":true},"patch_deployment_id":{"type":"string","description":"A name for the patch deployment in the project. When creating a name the following rules apply:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the project.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Time the patch deployment was last updated. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VM instances in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true},"instance_name_prefixes":{"type":["list","string"],"description":"Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group\nVMs when targeting configs, for example prefix=\"prod-\".","description_kind":"plain","optional":true},"instances":{"type":["list","string"],"description":"Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',\n'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or\n'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'","description_kind":"plain","optional":true},"zones":{"type":["list","string"],"description":"Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone.","description_kind":"plain","optional":true}},"block_types":{"group_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Compute Engine instance labels that must be present for a VM instance to be targeted by this filter","description_kind":"plain","required":true}},"description":"Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances.","description_kind":"plain"}}},"description":"VM instances to patch.","description_kind":"plain"},"min_items":1,"max_items":1},"one_time_schedule":{"nesting_mode":"list","block":{"attributes":{"execute_time":{"type":"string","description":"The desired patch job execution time. A timestamp in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"Schedule a one-time execution.","description_kind":"plain"},"max_items":1},"patch_config":{"nesting_mode":"list","block":{"attributes":{"mig_instances_allowed":{"type":"bool","description":"Allows the patch job to run on Managed instance groups (MIGs).","description_kind":"plain","optional":true},"reboot_config":{"type":"string","description":"Post-patch reboot settings. Possible values: [\"DEFAULT\", \"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"type":{"type":"string","description":"By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: [\"DIST\", \"UPGRADE\"]","description_kind":"plain","optional":true}},"description":"Apt update settings. Use this setting to override the default apt patch rules.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain","required":true}},"description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain"},"max_items":1},"post_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run after the patch update.","description_kind":"plain"},"max_items":1},"pre_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run before the patch update.","description_kind":"plain"},"max_items":1},"windows_update":{"nesting_mode":"list","block":{"attributes":{"classifications":{"type":["list","string"],"description":"Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: [\"CRITICAL\", \"SECURITY\", \"DEFINITION\", \"DRIVER\", \"FEATURE_PACK\", \"SERVICE_PACK\", \"TOOL\", \"UPDATE_ROLLUP\", \"UPDATE\"]","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of KBs to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of kbs to be updated. These are the only patches that will be updated.\nThis field must not be used with other patch configurations.","description_kind":"plain","optional":true}},"description":"Windows update settings. Use this setting to override the default Windows patch rules.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"minimal":{"type":"bool","description":"Will cause patch to run yum update-minimal instead.","description_kind":"plain","optional":true},"security":{"type":"bool","description":"Adds the --security flag to yum update. Not supported on all platforms.","description_kind":"plain","optional":true}},"description":"Yum update settings. Use this setting to override the default yum patch rules.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"categories":{"type":["list","string"],"description":"Install only patches with these categories. Common categories include security, recommended, and feature.","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of packages to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.\nThis field must not be used with any other patch configuration fields.","description_kind":"plain","optional":true},"severities":{"type":["list","string"],"description":"Install only patches with these severities. Common severities include critical, important, moderate, and low.","description_kind":"plain","optional":true},"with_optional":{"type":"bool","description":"Adds the --with-optional flag to zypper patch.","description_kind":"plain","optional":true},"with_update":{"type":"bool","description":"Adds the --with-update flag, to zypper patch.","description_kind":"plain","optional":true}},"description":"zypper update settings. Use this setting to override the default zypper patch rules.","description_kind":"plain"},"max_items":1}},"description":"Patch configuration that is applied.","description_kind":"plain"},"max_items":1},"recurring_schedule":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The end time at which a recurring patch deployment schedule is no longer active.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_execute_time":{"type":"string","description":"The time the last patch job ran successfully.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"next_execute_time":{"type":"string","description":"The time the next patch job is scheduled to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"start_time":{"type":"string","description":"The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"monthly":{"nesting_mode":"list","block":{"attributes":{"month_day":{"type":"number","description":"One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.\nMonths without the target day will be skipped. For example, a schedule to run \"every month on the 31st\"\nwill not run in February, April, June, etc.","description_kind":"plain","optional":true}},"block_types":{"week_day_of_month":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"A day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"week_ordinal":{"type":"number","description":"Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month.","description_kind":"plain","required":true}},"description":"Week day in a month.","description_kind":"plain"},"max_items":1}},"description":"Schedule with monthly executions.","description_kind":"plain"},"max_items":1},"time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Time of the day to run a recurring deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","required":true},"version":{"type":"string","description":"IANA Time Zone Database version number, e.g. \"2019a\".","description_kind":"plain","optional":true}},"description":"Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are\ndetermined by the chosen time zone.","description_kind":"plain"},"min_items":1,"max_items":1},"weekly":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\". Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"description":"Schedule with weekly executions.","description_kind":"plain"},"max_items":1}},"description":"Schedule recurring executions.","description_kind":"plain"},"max_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode of the patch rollout. Possible values: [\"ZONE_BY_ZONE\", \"CONCURRENT_ZONES\"]","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.\nDuring patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.\nA VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.\nFor zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.\nFor example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout strategy of the patch job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_login_ssh_public_key":{"version":0,"block":{"attributes":{"expiration_time_usec":{"type":"string","description":"An expiration time in microseconds since epoch.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The SHA-256 fingerprint of the SSH public key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Public key text in SSH format, defined by RFC4253 section 6.6.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project ID of the Google Cloud Platform project.","description_kind":"plain","optional":true},"user":{"type":"string","description":"The user email.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CaPool. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this CaPool.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tier":{"type":"string","description":"The Tier of this CaPool. Possible values: [\"ENTERPRISE\", \"DEVOPS\"]","description_kind":"plain","required":true}},"block_types":{"issuance_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_lifetime":{"type":"string","description":"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority\nexpires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true}},"block_types":{"allowed_issuance_modes":{"nesting_mode":"list","block":{"attributes":{"allow_config_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CertificateConfig.","description_kind":"plain","required":true},"allow_csr_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CSR.","description_kind":"plain","required":true}},"description":"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.","description_kind":"plain"},"max_items":1},"allowed_key_types":{"nesting_mode":"list","block":{"block_types":{"elliptic_curve":{"nesting_mode":"list","block":{"attributes":{"signature_algorithm":{"type":"string","description":"The algorithm used. Possible values: [\"ECDSA_P256\", \"ECDSA_P384\", \"EDDSA_25519\"]","description_kind":"plain","required":true}},"description":"Represents an allowed Elliptic Curve key type.","description_kind":"plain"},"max_items":1},"rsa":{"nesting_mode":"list","block":{"attributes":{"max_modulus_size":{"type":"string","description":"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice will not enforce an explicit upper bound on RSA modulus sizes.","description_kind":"plain","optional":true},"min_modulus_size":{"type":"string","description":"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice-level min RSA modulus size will continue to apply.","description_kind":"plain","optional":true}},"description":"Describes an RSA key that may be used in a Certificate issued from a CaPool.","description_kind":"plain"},"max_items":1}},"description":"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.\nOtherwise, any key may be used.","description_kind":"plain"}},"baseline_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request\nincludes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate\nrequest uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate\nissuance request will fail.","description_kind":"plain"},"max_items":1},"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.\nOtherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"If this is set, the Subject field may be copied from a certificate request into the signed certificate.\nOtherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a\ncertificate is signed. To see the full allowed syntax and some examples,\nsee https://cloud.google.com/certificate-authority-service/docs/cel-guide","description_kind":"plain"},"max_items":1}},"description":"Describes constraints on identities that may appear in Certificates issued through this CaPool.\nIf this is omitted, then this CaPool will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1}},"description":"The IssuancePolicy to control how Certificates will be issued from this CaPool.","description_kind":"plain"},"max_items":1},"publishing_options":{"nesting_mode":"list","block":{"attributes":{"encoding_format":{"type":"string","description":"Specifies the encoding format of each CertificateAuthority's CA\ncertificate and CRLs. If this is omitted, CA certificates and CRLs\nwill be published in PEM. Possible values: [\"PEM\", \"DER\"]","description_kind":"plain","optional":true},"publish_ca_cert":{"type":"bool","description":"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\"\nX.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding\nX.509 extension will not be written in issued certificates.","description_kind":"plain","required":true},"publish_crl":{"type":"bool","description":"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension\nin all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not\nbe written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are\nalso rebuilt shortly after a certificate is revoked.","description_kind":"plain","required":true}},"description":"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_binding":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_member":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate":{"version":0,"block":{"attributes":{"certificate_authority":{"type":"string","description":"The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from\na Certificate Authority with resource name 'projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca',\nargument 'pool' should be set to 'projects/my-project/locations/us-central1/caPools/my-pool', argument 'certificate_authority'\nshould be set to 'my-ca'.","description_kind":"plain","optional":true},"certificate_description":{"type":["list",["object",{"aia_issuing_certificate_urls":["list","string"],"authority_key_id":["list",["object",{"key_id":"string"}]],"cert_fingerprint":["list",["object",{"sha256_hash":"string"}]],"config_values":["list",["object",{"key_usage":["list",["object",{"base_key_usage":["list",["object",{"key_usage_options":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]]}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"obect_id":["list",["object",{"object_id_path":["list","number"]}]]}]]}]]}]],"crl_distribution_points":["list","string"],"public_key":["list",["object",{"format":"string","key":"string"}]],"subject_description":["list",["object",{"hex_serial_number":"string","lifetime":"string","not_after_time":"string","not_before_time":"string","subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"custom_sans":["list",["object",{"critical":"bool","obect_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_description":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","description_kind":"plain","computed":true},"certificate_template":{"type":"string","description":"The resource name for a CertificateTemplate used to issue this certificate,\nin the format 'projects/*/locations/*/certificateTemplates/*'. If this is specified,\nthe caller must have the necessary permission to use this template. If this is\nomitted, no template will be used. This template must be in the same location\nas the Certificate.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_certificate_authority":{"type":"string","description":"The resource name of the issuing CertificateAuthority in the format 'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Certificate. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this Certificate.","description_kind":"plain","required":true},"pem_certificate":{"type":"string","description":"Output only. The pem-encoded, signed X.509 certificate.","description_kind":"plain","computed":true},"pem_certificate_chain":{"type":["list","string"],"description":"The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","description_kind":"plain","computed":true},"pem_certificates":{"type":["list","string"],"description":"Required. Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","deprecated":true,"computed":true},"pem_csr":{"type":"string","description":"Immutable. A pem-encoded X.509 certificate signing request (CSR).","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"revocation_details":{"type":["list",["object",{"revocation_state":"string","revocation_time":"string"}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is\nconsidered revoked if and only if this field is present.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateAuthority was updated.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the public key. Currently, only PEM format is supported. Possible values: [\"KEY_TYPE_UNSPECIFIED\", \"PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.","description_kind":"plain","optional":true}},"description":"A PublicKey describes a public key.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","optional":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","required":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0\nrequires setting 'zero_max_issuer_path_length = true'.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nIf both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"key_spec":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use for creating a managed Cloud KMS key for a for a simplified\nexperience. All managed keys will be have their ProtectionLevel as HSM. Possible values: [\"SIGN_HASH_ALGORITHM_UNSPECIFIED\", \"RSA_PSS_2048_SHA256\", \"RSA_PSS_3072_SHA256\", \"RSA_PSS_4096_SHA256\", \"RSA_PKCS1_2048_SHA256\", \"RSA_PKCS1_3072_SHA256\", \"RSA_PKCS1_4096_SHA256\", \"EC_P256_SHA256\", \"EC_P384_SHA384\"]","description_kind":"plain","optional":true},"cloud_kms_key_version":{"type":"string","description":"The resource name for an existing Cloud KMS CryptoKeyVersion in the format\n'projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*'.","description_kind":"plain","optional":true}},"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"subordinate_config":{"nesting_mode":"list","block":{"attributes":{"certificate_authority":{"type":"string","description":"This can refer to a CertificateAuthority that was used to create a\nsubordinate CertificateAuthority. This field is used for information\nand usability purposes only. The resource name is in the format\n'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","optional":true}},"block_types":{"pem_issuer_chain":{"nesting_mode":"list","block":{"attributes":{"pem_certificates":{"type":["list","string"],"description":"Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","optional":true}},"description":"Contains the PEM certificate chain for the issuers of this CertificateAuthority,\nbut not pem certificate for this CA itself.","description_kind":"plain"},"max_items":1}},"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human-readable description of scenarios this template is intended for.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels with user-defined metadata.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was updated.","description_kind":"plain","computed":true}},"block_types":{"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel","description_kind":"plain"},"max_items":1}},"description":"Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1},"passthrough_extensions":{"nesting_mode":"list","block":{"attributes":{"known_extensions":{"type":["list","string"],"description":"Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.","description_kind":"plain"}}},"description":"Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.","description_kind":"plain"},"max_items":1},"predefined_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value of this X.509 extension.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Required. The OID for this X.509 extension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Describes custom X.509 extensions.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Detailed scenarios in which a key may be used.","description_kind":"plain"},"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","description_kind":"plain"}}},"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_binding":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_member":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","optional":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","optional":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","required":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","required":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Project has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"projects/{project_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Deprecated in favor of 'project_id'","description_kind":"plain","deprecated":true,"optional":true},"project_id":{"type":"string","description":"ID of the project of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_default_service_accounts":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE.\n\t\t\t\tNote that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID where service accounts are created.","description_kind":"plain","required":true},"restore_policy":{"type":"string","description":"The action to be performed in the default service accounts on the resource destroy.\n\t\t\t\tValid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.","description_kind":"plain","optional":true},"service_accounts":{"type":["map","string"],"description":"The Service Accounts changed by this resource. It is used for revert the action on the destroy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_project_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"role_id":{"type":"string","description":"The camel case role id to use for this role. Cannot contain - characters.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","optional":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_usage_export_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to store reports in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description":"A prefix for the reports, for instance, the project name.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project to set the export bucket on. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_public_ca_external_account_key":{"version":0,"block":{"attributes":{"b64_mac_key":{"type":"string","description":"Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService\nwhen the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"location":{"type":"string","description":"Location for the externalAccountKey. Currently only 'global' is supported.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the reservation.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite reservation.","description_kind":"plain","optional":true},"throughput_capacity":{"type":"number","description":"The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_subscription":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"delivery_config":{"nesting_mode":"list","block":{"attributes":{"delivery_requirement":{"type":"string","description":"When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: [\"DELIVER_IMMEDIATELY\", \"DELIVER_AFTER_STORED\", \"DELIVERY_REQUIREMENT_UNSPECIFIED\"]","description_kind":"plain","required":true}},"description":"The settings for this subscription's message delivery.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"partition_config":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of partitions in the topic. Must be at least 1.","description_kind":"plain","required":true}},"block_types":{"capacity":{"nesting_mode":"list","block":{"attributes":{"publish_mib_per_sec":{"type":"number","description":"Subscribe throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true},"subscribe_mib_per_sec":{"type":"number","description":"Publish throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true}},"description":"The capacity configuration.","description_kind":"plain"},"max_items":1}},"description":"The settings for this topic's partitions.","description_kind":"plain"},"max_items":1},"reservation_config":{"nesting_mode":"list","block":{"attributes":{"throughput_reservation":{"type":"string","description":"The Reservation to use for this topic's throughput capacity.","description_kind":"plain","optional":true}},"description":"The settings for this topic's Reservation usage.","description_kind":"plain"},"max_items":1},"retention_config":{"nesting_mode":"list","block":{"attributes":{"per_partition_bytes":{"type":"string","description":"The provisioned storage, in bytes, per partition. If the number of bytes stored\nin any of the topic's partitions grows beyond this value, older messages will be\ndropped to make room for newer ones, regardless of the value of period.","description_kind":"plain","required":true},"period":{"type":"string","description":"How long a published message is retained. If unset, messages will be retained as\nlong as the bytes retained for each partition is below perPartitionBytes. A\nduration in seconds with up to nine fractional digits, terminated by 's'.\nExample: \"3.5s\".","description_kind":"plain","optional":true}},"description":"The settings for a topic's message retention.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema":{"version":0,"block":{"attributes":{"definition":{"type":"string","description":"The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID to use for the schema, which will become the final component of the schema's resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","optional":true,"computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","optional":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true}},"block_types":{"bigquery_config":{"nesting_mode":"list","block":{"attributes":{"drop_unknown_fields":{"type":"bool","description":"When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery.\nOtherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog.","description_kind":"plain","optional":true},"table":{"type":"string","description":"The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId}","description_kind":"plain","required":true},"use_topic_schema":{"type":"bool","description":"When true, use the topic's schema as the columns to write to in BigQuery, if it exists.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.","description_kind":"plain","optional":true}},"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig or bigQueryConfig can be set, but not both.\nIf both are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"dead_letter_policy":{"nesting_mode":"list","block":{"attributes":{"dead_letter_topic":{"type":"string","description":"The name of the topic to which dead letter messages should be published.\nFormat is 'projects/{project}/topics/{topic}'.\n\nThe Cloud Pub/Sub service account associated with the enclosing subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Publish() to this topic.\n\nThe operation will fail if the topic does not exist.\nUsers should ensure that there is a subscription attached to this topic\nsince messages published to a topic with no subscriptions are lost.","description_kind":"plain","optional":true},"max_delivery_attempts":{"type":"number","description":"The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.","description_kind":"plain","optional":true}},"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain"},"max_items":1},"expiration_policy":{"nesting_mode":"list","block":{"attributes":{"ttl":{"type":"string","description":"Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".","description_kind":"plain","required":true}},"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain"},"max_items":1},"push_config":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.","description_kind":"plain","optional":true},"push_endpoint":{"type":"string","description":"A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".","description_kind":"plain","required":true}},"block_types":{"no_wrapper":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request. Writes the\nPub/Sub message attributes to '\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request.","description_kind":"plain","required":true}},"description":"When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.","description_kind":"plain"},"max_items":1}},"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_backoff":{"type":"string","description":"The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"minimum_backoff":{"type":"string","description":"The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nCannot be more than 31 days or less than 10 minutes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"message_storage_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_persistence_regions":{"type":["list","string"],"description":"A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.","description_kind":"plain","required":true}},"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain"},"max_items":1},"schema_settings":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"]","description_kind":"plain","optional":true},"schema":{"type":"string","description":"The name of the schema that messages published should be\nvalidated against. Format is projects/{project}/schemas/{schema}.\nThe value of this field will be _deleted-schema_\nif the schema has been deleted.","description_kind":"plain","required":true}},"description":"Settings for validating messages published against a schema.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_topic_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_recaptcha_enterprise_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp corresponding to the creation of this Key.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-readable display name of this key. Modifiable by user.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"See [Creating and managing labels](https://cloud.google.com/recaptcha-enterprise/docs/labels).","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Key in the format \"projects/{project}/keys/{key}\".","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"android_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_package_names":{"type":"bool","description":"If set to true, it means allowed_package_names will not be enforced.","description_kind":"plain","optional":true},"allowed_package_names":{"type":["list","string"],"description":"Android package names of apps allowed to use the key. Example: 'com.companyname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by Android apps.","description_kind":"plain"},"max_items":1},"ios_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_bundle_ids":{"type":"bool","description":"If set to true, it means allowed_bundle_ids will not be enforced.","description_kind":"plain","optional":true},"allowed_bundle_ids":{"type":["list","string"],"description":"iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by iOS apps.","description_kind":"plain"},"max_items":1},"testing_options":{"nesting_mode":"list","block":{"attributes":{"testing_challenge":{"type":"string","description":"For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE","description_kind":"plain","optional":true,"computed":true},"testing_score":{"type":"number","description":"All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.","description_kind":"plain","optional":true}},"description":"Options for user acceptance testing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"web_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_domains":{"type":"bool","description":"If set to true, it means allowed_domains will not be enforced.","description_kind":"plain","optional":true},"allow_amp_traffic":{"type":"bool","description":"If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'","description_kind":"plain","optional":true},"challenge_security_preference":{"type":"string","description":"Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY","description_kind":"plain","optional":true,"computed":true},"integration_type":{"type":"string","description":"Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE","description_kind":"plain","required":true}},"description":"Settings for keys that can be used by websites.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","optional":true,"computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","optional":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true,"sensitive":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","optional":true,"computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","optional":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","optional":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","optional":true,"computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","optional":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"persistence_mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]","description_kind":"plain","optional":true,"computed":true},"rdb_next_snapshot_time":{"type":"string","description":"Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true}},"description":"Persistence configuration for an instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_resource_manager_lien":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time of creation","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A system-generated unique identifier for this Lien.","description_kind":"plain","computed":true},"origin":{"type":"string","description":"A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.","description_kind":"plain","required":true},"parent":{"type":"string","description":"A reference to the resource this Lien is attached to.\nThe server will validate the parent against those for which Liens are supported.\nSince a variety of objects can have Liens against them, you must provide the type\nprefix (e.g. \"projects/my-project-name\").","description_kind":"plain","required":true},"reason":{"type":"string","description":"Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.","description_kind":"plain","required":true},"restrictions":{"type":["list","string"],"description":"The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete']","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/muteConfigs/{configId},\nfolders/{folder}/muteConfigs/{configId},\nor projects/{project}/muteConfigs/{configId}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Resource name of the new mute configs's parent. Its format is\n\"organizations/[organization_id]\", \"folders/[folder_id]\", or\n\"projects/[project_id]\".","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"replication":{"nesting_mode":"list","block":{"attributes":{"automatic":{"type":"bool","description":"The Secret will automatically be replicated without any restrictions.","description_kind":"plain","optional":true}},"block_types":{"user_managed":{"nesting_mode":"list","block":{"block_types":{"replicas":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The canonical IDs of the location to replicate data. For example: \"us-east1\".","description_kind":"plain","required":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination secret.","description_kind":"plain","required":true}},"description":"Customer Managed Encryption for the secret.","description_kind":"plain"},"max_items":1}},"description":"The list of Replicas for this Secret. Cannot be empty.","description_kind":"plain"},"min_items":1}},"description":"The Secret will be replicated to the regions specified by the user.","description_kind":"plain"},"max_items":1}},"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain"},"min_items":1,"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*.\nFor publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description":"The time at which the Secret was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the SecretVersion.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager secret resource","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created.","description_kind":"plain","required":true},"description":{"type":"string","description":"A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the service account is disabled. Defaults to false","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the service account. Can be updated without creating a new resource.","description_kind":"plain","optional":true},"email":{"type":"string","description":"The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully-qualified name of the service account.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description":"The unique id of the service account.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keepers":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger recreation of resource.","description_kind":"plain","optional":true},"key_algorithm":{"type":"string","description":"The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name used for this key pair","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_type":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description":"The public key, base64 encoded","description_kind":"plain","computed":true},"public_key_data":{"type":"string","description":"A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.","description_kind":"plain","optional":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true},"service_account_id":{"type":"string","description":"The ID of the parent service account of the key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}, where {ACCOUNT} is the email address or unique id of the service account. If the {ACCOUNT} syntax is used, the project will be inferred from the provider's configuration.","description_kind":"plain","required":true},"valid_after":{"type":"string","description":"The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_before":{"type":"string","description":"The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_networking_connection":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"Name of VPC network connected with service producers using VPC peering.","description_kind":"plain","required":true},"peering":{"type":"string","description_kind":"plain","computed":true},"reserved_peering_ranges":{"type":["list","string"],"description":"Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks.","description_kind":"plain","required":true},"service":{"type":"string","description":"Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description":"The DNS domain name suffix of the peered DNS domain.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the peered DNS domain.","description_kind":"plain","required":true},"network":{"type":"string","description":"Network in the consumer project to peer with.","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to create a peered DNS domain for, e.g. servicenetworking.googleapis.com","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"block_types":{"pubsub_configs":{"nesting_mode":"set","block":{"attributes":{"message_format":{"type":"string","description":"The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"]","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":"Email address of the service account used for publishing Cloud Pub/Sub messages.\nThis service account needs to be in the same project as the PubsubConfig. When added,\nthe caller needs to have iam.serviceAccounts.actAs permission on this service account.\nIf unspecified, it defaults to the compute engine default service account.","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","optional":true,"computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the database. Defaults to true. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the database will fail.","description_kind":"plain","optional":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after\nthe instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Fully qualified name of the KMS key to use to encrypt this database. This key must exist\nin the same location as the Spanner Database.","description_kind":"plain","required":true}},"description":"Encryption configuration for the database","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database_iam_binding":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_member":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","required":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","optional":true,"computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","optional":true},"encryption_key_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","optional":true,"computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","optional":true,"computed":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","optional":true,"computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","optional":true,"sensitive":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true}},"block_types":{"clone":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"database_names":{"type":["list","string"],"description":"(SQL Server only, use with point_in_time) clone only the specified databases from the source instance. Clone all databases if empty.","description_kind":"plain","optional":true},"point_in_time":{"type":"string","description":"The timestamp of the point in time that should be restored.","description_kind":"plain","optional":true},"source_instance_name":{"type":"string","description":"The name of the instance from which the point in time should be restored.","description_kind":"plain","required":true}},"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain"},"max_items":1},"replica_configuration":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM representation of the trusted CA's x509 certificate.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"PEM representation of the replica's x509 certificate.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.","description_kind":"plain","optional":true},"connect_retry_interval":{"type":"number","description":"The number of seconds between connect retries. MySQL's default is 60 seconds.","description_kind":"plain","optional":true},"dump_file_path":{"type":"string","description":"Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.","description_kind":"plain","optional":true},"failover_target":{"type":"bool","description":"Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres","description_kind":"plain","optional":true},"master_heartbeat_period":{"type":"number","description":"Time in ms between replication heartbeats.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the replication connection.","description_kind":"plain","optional":true,"sensitive":true},"ssl_cipher":{"type":"string","description":"Permissible ciphers for use in SSL encryption.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for replication connection.","description_kind":"plain","optional":true},"verify_server_certificate":{"type":"bool","description":"True if the master's common name value is checked during the SSL handshake.","description_kind":"plain","optional":true}},"description":"The configuration for replication.","description_kind":"plain"},"max_items":1},"restore_backup_context":{"nesting_mode":"list","block":{"attributes":{"backup_run_id":{"type":"number","description":"The ID of the backup run to restore from.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"The ID of the instance that the backup was taken from.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The full project ID of the source instance.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The name of server instance collation.","description_kind":"plain","optional":true},"connector_enforcement":{"type":"string","description":"Specifies if connections must use Cloud SQL connectors.","description_kind":"plain","optional":true,"computed":true},"deletion_protection_enabled":{"type":"bool","description":"Configuration to protect against accidental instance deletion.","description_kind":"plain","optional":true},"disk_autoresize":{"type":"bool","description":"Enables auto-resizing of the storage size. Defaults to true.","description_kind":"plain","optional":true},"disk_autoresize_limit":{"type":"number","description":"The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.","description_kind":"plain","optional":true},"pricing_plan":{"type":"string","description":"Pricing plan for this instance, can only be PER_USE.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"A set of key/value user label pairs to assign to the instance.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"Used to make sure changes to the settings block are atomic.","description_kind":"plain","computed":true}},"block_types":{"active_directory_config":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the Active Directory for SQL Server (e.g., mydomain.com).","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. Can be 1 or 2.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"backup_configuration":{"nesting_mode":"list","block":{"attributes":{"binary_log_enabled":{"type":"bool","description":"True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"True if backup configuration is enabled.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup configuration.","description_kind":"plain","optional":true},"point_in_time_recovery_enabled":{"type":"bool","description":"True if Point-in-time recovery is enabled.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"HH:MM format time indicating when backup configuration starts.","description_kind":"plain","optional":true,"computed":true},"transaction_log_retention_days":{"type":"number","description":"The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backup_retention_settings":{"nesting_mode":"list","block":{"attributes":{"retained_backups":{"type":"number","description":"Number of backups to retain.","description_kind":"plain","required":true},"retention_unit":{"type":"string","description":"The unit that 'retainedBackups' represents. Defaults to COUNT","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"data_cache_config":{"nesting_mode":"list","block":{"attributes":{"data_cache_enabled":{"type":"bool","description":"Whether data cache is enabled for the instance.","description_kind":"plain","optional":true}},"description":"Data cache configurations.","description_kind":"plain"},"max_items":1},"database_flags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the flag.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value of the flag.","description_kind":"plain","required":true}},"description_kind":"plain"}},"deny_maintenance_period":{"nesting_mode":"list","block":{"attributes":{"end_date":{"type":"string","description":"End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"start_date":{"type":"string","description":"Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"time":{"type":"string","description":"Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"insights_config":{"nesting_mode":"list","block":{"attributes":{"query_insights_enabled":{"type":"bool","description":"True if Query Insights feature is enabled.","description_kind":"plain","optional":true},"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.","description_kind":"plain","optional":true,"computed":true},"query_string_length":{"type":"number","description":"Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"True if Query Insights will record application tags from query when enabled.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"True if Query Insights will record client address when enabled.","description_kind":"plain","optional":true}},"description":"Configuration of Query Insights.","description_kind":"plain"},"max_items":1},"ip_configuration":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"enable_private_path_for_google_cloud_services":{"type":"bool","description":"Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.","description_kind":"plain","optional":true},"ipv4_enabled":{"type":"bool","description":"Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"set","block":{"attributes":{"expiration_time":{"type":"string","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true},"value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"location_preference":{"nesting_mode":"list","block":{"attributes":{"follow_gae_application":{"type":"string","description":"A Google App Engine application whose zone to remain in. Must be in the same region as this instance.","description_kind":"plain","optional":true},"secondary_zone":{"type":"string","description":"The preferred Compute Engine zone for the secondary/failover","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The preferred compute engine zone.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of week (1-7), starting on Monday","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Hour of day (0-23), ignored if day not set","description_kind":"plain","optional":true},"update_track":{"type":"string","description":"Receive updates earlier (canary) or later (stable)","description_kind":"plain","optional":true}},"description":"Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.","description_kind":"plain"},"max_items":1},"password_validation_policy":{"nesting_mode":"list","block":{"attributes":{"complexity":{"type":"string","description":"Password complexity.","description_kind":"plain","optional":true},"disallow_username_substring":{"type":"bool","description":"Disallow username as a part of the password.","description_kind":"plain","optional":true},"enable_password_policy":{"type":"bool","description":"Whether the password policy is enabled or not.","description_kind":"plain","required":true},"min_length":{"type":"number","description":"Minimum number of characters allowed.","description_kind":"plain","optional":true},"password_change_interval":{"type":"string","description":"Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.","description_kind":"plain","optional":true},"reuse_interval":{"type":"number","description":"Number of previous passwords that cannot be reused.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"sql_server_audit_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The name of the destination bucket (e.g., gs://mybucket).","description_kind":"plain","optional":true},"retention_interval":{"type":"string","description":"How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..","description_kind":"plain","optional":true},"upload_interval":{"type":"string","description":"How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_source_representation_instance":{"version":0,"block":{"attributes":{"ca_certificate":{"type":"string","description":"The CA certificate on the external server. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The MySQL version running on your source database server. Possible values: [\"MYSQL_5_6\", \"MYSQL_5_7\", \"MYSQL_8_0\", \"POSTGRES_9_6\", \"POSTGRES_10\", \"POSTGRES_11\", \"POSTGRES_12\", \"POSTGRES_13\", \"POSTGRES_14\"]","description_kind":"plain","required":true},"dump_file_path":{"type":"string","description":"A file in the bucket that contains the data from the external server.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The externally accessible IPv4 address for the source database server.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the source representation instance. Use any valid Cloud SQL instance name.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the replication user account.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The externally accessible port for the source database server.\nDefaults to 3306.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created instance should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description":"The replication user account on the external server.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_ssl_cert":{"version":1,"block":{"attributes":{"cert":{"type":"string","description":"The actual certificate data for this client certificate.","description_kind":"plain","computed":true},"cert_serial_number":{"type":"string","description":"The serial number extracted from the certificate data.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"The private key associated with the client certificate.","description_kind":"plain","computed":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"server_ca_cert":{"type":"string","description":"The CA cert of the server this client cert was generated from.","description_kind":"plain","computed":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 Fingerprint of the certificate.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_user":{"version":1,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the user. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they\n\t\t\t\thave been granted SQL roles. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host":{"type":"string","description":"The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the user. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.","description_kind":"plain","optional":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"sql_server_user_details":{"type":["list",["object",{"disabled":"bool","server_roles":["list","string"]}]],"description_kind":"plain","computed":true},"type":{"type":"string","description":"The user type. It determines the method to authenticate the user during login.\n The default is the database's built-in user type. Flags include \"BUILT_IN\", \"CLOUD_IAM_USER\", or \"CLOUD_IAM_SERVICE_ACCOUNT\".","description_kind":"plain","optional":true}},"block_types":{"password_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_failed_attempts":{"type":"number","description":"Number of failed attempts allowed before the user get locked.","description_kind":"plain","optional":true},"enable_failed_attempts_check":{"type":"bool","description":"If true, the check that will lock user after too many failed login attempts will be enabled.","description_kind":"plain","optional":true},"enable_password_verification":{"type":"bool","description":"If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.","description_kind":"plain","optional":true},"password_expiration_duration":{"type":"string","description":"Password expiration duration with one week grace period.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"locked":"bool","password_expiration_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket":{"version":0,"block":{"attributes":{"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","optional":true,"computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true}},"block_types":{"autoclass":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.","description_kind":"plain","required":true}},"description":"The bucket's autoclass configuration.","description_kind":"plain"},"max_items":1},"cors":{"nesting_mode":"list","block":{"attributes":{"max_age_seconds":{"type":"number","description":"The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.","description_kind":"plain","optional":true},"method":{"type":["list","string"],"description":"The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".","description_kind":"plain","optional":true},"origin":{"type":["list","string"],"description":"The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".","description_kind":"plain","optional":true},"response_header":{"type":["list","string"],"description":"The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.","description_kind":"plain","optional":true}},"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain"}},"custom_placement_config":{"nesting_mode":"list","block":{"attributes":{"data_locations":{"type":["set","string"],"description":"The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.","description_kind":"plain","required":true}},"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain"},"max_items":1},"encryption":{"nesting_mode":"list","block":{"attributes":{"default_kms_key_name":{"type":"string","description":"A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in. See the docs for more details.","description_kind":"plain","required":true}},"description":"The bucket's encryption configuration.","description_kind":"plain"},"max_items":1},"lifecycle_rule":{"nesting_mode":"list","block":{"block_types":{"action":{"nesting_mode":"set","block":{"attributes":{"storage_class":{"type":"string","description":"The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.","description_kind":"plain","required":true}},"description":"The Lifecycle Rule's action configuration. A single block of this type is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"condition":{"nesting_mode":"set","block":{"attributes":{"age":{"type":"number","description":"Minimum age of an object in days to satisfy this condition.","description_kind":"plain","optional":true},"created_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"custom_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"days_since_custom_time":{"type":"number","description":"Number of days elapsed since the user-specified timestamp set on an object.","description_kind":"plain","optional":true},"days_since_noncurrent_time":{"type":"number","description":"Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.","description_kind":"plain","optional":true},"matches_prefix":{"type":["list","string"],"description":"One or more matching name prefixes to satisfy this condition.","description_kind":"plain","optional":true},"matches_storage_class":{"type":["list","string"],"description":"Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.","description_kind":"plain","optional":true},"matches_suffix":{"type":["list","string"],"description":"One or more matching name suffixes to satisfy this condition.","description_kind":"plain","optional":true},"noncurrent_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"num_newer_versions":{"type":"number","description":"Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.","description_kind":"plain","optional":true},"with_state":{"type":"string","description":"Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".","description_kind":"plain","optional":true,"computed":true}},"description":"The Lifecycle Rule's condition configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain"},"max_items":100},"logging":{"nesting_mode":"list","block":{"attributes":{"log_bucket":{"type":"string","description":"The bucket that will receive log objects.","description_kind":"plain","required":true},"log_object_prefix":{"type":"string","description":"The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"is_locked":{"type":"bool","description":"If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.","description_kind":"plain","optional":true},"retention_period":{"type":"number","description":"The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.","description_kind":"plain","required":true}},"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"versioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, versioning is fully enabled for this bucket.","description_kind":"plain","required":true}},"description":"The bucket's Versioning configuration.","description_kind":"plain"},"max_items":1},"website":{"nesting_mode":"list","block":{"attributes":{"main_page_suffix":{"type":"string","description":"Behaves as the bucket's directory index where missing objects are treated as potential directories.","description_kind":"plain","optional":true},"not_found_page":{"type":"string","description":"The custom object to return when a requested resource is not found.","description_kind":"plain","optional":true}},"description":"Configuration if the bucket acts as a website.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket it applies to.","description_kind":"plain","required":true},"default_acl":{"type":"string","description":"Configure this ACL to be the default ACL.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"predefined_acl":{"type":"string","description":"The canned GCS ACL to apply. Must be set if role_entity is not.","description_kind":"plain","optional":true},"role_entity":{"type":["list","string"],"description":"List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","optional":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true,"sensitive":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","optional":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","optional":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","optional":true,"computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","optional":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","optional":true,"computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","optional":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","optional":true,"computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","optional":true}},"block_types":{"customer_encryption":{"nesting_mode":"list","block":{"attributes":{"encryption_algorithm":{"type":"string","description":"The encryption algorithm. Default: AES256","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"Base64 encoded customer supplied encryption key.","description_kind":"plain","required":true,"sensitive":true}},"description":"Encryption key; encoded using base64.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object, if applied to an object.","description_kind":"plain","optional":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_hmac_key":{"version":0,"block":{"attributes":{"access_id":{"type":"string","description":"The access ID of the HMAC Key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"HMAC secret key material.","description_kind":"plain","computed":true,"sensitive":true},"service_account_email":{"type":"string","description":"The email address of the key's associated service account.","description_kind":"plain","required":true},"state":{"type":"string","description":"The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: \"ACTIVE\" Possible values: [\"ACTIVE\", \"INACTIVE\"]","description_kind":"plain","optional":true},"time_created":{"type":"string","description":"'The creation time of the HMAC key in RFC 3339 format. '","description_kind":"plain","computed":true},"updated":{"type":"string","description":"'The last modification time of the HMAC key metadata in RFC 3339 format.'","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_notification":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"custom_attributes":{"type":["map","string"],"description":" A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription","description_kind":"plain","optional":true},"event_types":{"type":["set","string"],"description":"List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"notification_id":{"type":"string","description":"The ID of the created notification.","description_kind":"plain","computed":true},"object_name_prefix":{"type":"string","description":"Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The Cloud Pub/Sub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object to apply the access control to.","description_kind":"plain","required":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description_kind":"plain","required":true},"predefined_acl":{"type":"string","description_kind":"plain","optional":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_transfer_agent_pool":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Specifies the client-specified AgentPool description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID of the agent pool to create.\n\nThe agentPoolId must meet the following requirements:\n* Length of 128 characters or less.\n* Not start with the string goog.\n* Start with a lowercase ASCII character, followed by:\n * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~).\n * One or more numerals or lowercase ASCII characters.\n\nAs expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies the state of the AgentPool.","description_kind":"plain","computed":true}},"block_types":{"bandwidth_limit":{"nesting_mode":"list","block":{"attributes":{"limit_mbps":{"type":"string","description":"Bandwidth rate in megabytes per second, distributed across all the agents in the pool.","description_kind":"plain","required":true}},"description":"Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_transfer_job":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the Transfer Job was created.","description_kind":"plain","computed":true},"deletion_time":{"type":"string","description":"When the Transfer Job was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Unique description to identify the Transfer Job.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modification_time":{"type":"string","description":"When the Transfer Job was last modified.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the Transfer Job.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.","description_kind":"plain","optional":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"event_types":{"type":["set","string"],"description":"Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Topic.name of the Pub/Sub topic to which to publish notifications.","description_kind":"plain","required":true}},"description":"Notification configuration.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"repeat_interval":{"type":"string","description":"Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"schedule_end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.","description_kind":"plain"},"max_items":1},"schedule_start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.","description_kind":"plain"},"min_items":1,"max_items":1},"start_time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","required":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","required":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","required":true}},"description":"The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.","description_kind":"plain"},"max_items":1}},"description":"Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.","description_kind":"plain"},"max_items":1},"transfer_spec":{"nesting_mode":"list","block":{"attributes":{"sink_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true},"source_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_s3_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"S3 Bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"S3 Bucket path in bucket to transfer.","description_kind":"plain","optional":true},"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.","description_kind":"plain","optional":true}},"block_types":{"aws_access_key":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"AWS Key ID.","description_kind":"plain","required":true,"sensitive":true},"secret_access_key":{"type":"string","description":"AWS Secret Access Key.","description_kind":"plain","required":true,"sensitive":true}},"description":"AWS credentials block.","description_kind":"plain"},"max_items":1}},"description":"An AWS S3 data source.","description_kind":"plain"},"max_items":1},"azure_blob_storage_data_source":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container to transfer from the Azure Storage account.","description_kind":"plain","required":true},"path":{"type":"string","description":"Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.","description_kind":"plain","optional":true,"computed":true},"storage_account":{"type":"string","description":"The name of the Azure Storage account.","description_kind":"plain","required":true}},"block_types":{"azure_credentials":{"nesting_mode":"list","block":{"attributes":{"sas_token":{"type":"string","description":"Azure shared access signature.","description_kind":"plain","required":true,"sensitive":true}},"description":" Credentials used to authenticate API requests to Azure.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An Azure Blob Storage data source.","description_kind":"plain"},"max_items":1},"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"http_data_source":{"nesting_mode":"list","block":{"attributes":{"list_url":{"type":"string","description":"The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.","description_kind":"plain","required":true}},"description":"A HTTP URL data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"posix_data_sink":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data sink.","description_kind":"plain"},"max_items":1},"posix_data_source":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data source.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Transfer specification.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_tags_location_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagKey. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagKey.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagKey.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"]","description_kind":"plain","optional":true},"purpose_data":{"type":["map","string"],"description":"Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"\u003cproject-name\u003e/\u003cvpc-name\u003e\"'.","description_kind":"plain","optional":true},"short_name":{"type":"string","description":"Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagValue. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagValue.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_value_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_node":{"version":0,"block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of hardware accelerators associated with this node.","description_kind":"plain","required":true},"cidr_block":{"type":"string","description":"The CIDR block that the TPU node will use when selecting an IP\naddress. This CIDR block must be a /29 block; the Compute Engine\nnetworks API forbids a smaller block, and using a larger block would\nbe wasteful (a node can only consume one IP address).\n\nErrors will occur if the CIDR block has already been used for a\ncurrently existing TPU node, the CIDR block conflicts with any\nsubnetworks in the user's provided network, or the provided network\nis peered with another network that is using that CIDR block.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"The user-supplied description of the TPU. Maximum of 512 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The immutable name of the TPU.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of a network to peer the TPU node to. It must be a\npreexisting Compute Engine network inside of the project on which\nthis API has been activated. If none is provided, \"default\" will be\nused.","description_kind":"plain","optional":true,"computed":true},"network_endpoints":{"type":["list",["object",{"ip_address":"string","port":"number"}]],"description":"The network endpoints where TPU workers can be accessed and sent work.\nIt is recommended that Tensorflow clients of the node first reach out\nto the first (index 0) entry.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used to run the tensor flow services within the\nnode. To share resources, including Google Cloud Storage data, with\nthe Tensorflow job running in the Node, this account must have\npermissions to that data.","description_kind":"plain","computed":true},"tensorflow_version":{"type":"string","description":"The version of Tensorflow running in the Node.","description_kind":"plain","required":true},"use_service_networking":{"type":"bool","description":"Whether the VPC peering for the node is set up through Service Networking API.\nThe VPC Peering should be set up before provisioning the node. If this field is set,\ncidr_block field should not be specified. If the network that you want to peer the\nTPU Node to is a Shared VPC network, the node must be created with this this field enabled.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP location for the TPU. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"scheduling_config":{"nesting_mode":"list","block":{"attributes":{"preemptible":{"type":"bool","description":"Defines whether the TPU instance is preemptible.","description_kind":"plain","required":true}},"description":"Sets the scheduling options for this TPU instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_dataset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the dataset was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.","description_kind":"plain","optional":true,"computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Dataset. This value is set by Google.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp of when the dataset was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","optional":true}},"description":"Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was created.","description_kind":"plain","computed":true},"deployed_models":{"type":["list",["object",{"automatic_resources":["list",["object",{"max_replica_count":"number","min_replica_count":"number"}]],"create_time":"string","dedicated_resources":["list",["object",{"autoscaling_metric_specs":["list",["object",{"metric_name":"string","target":"number"}]],"machine_spec":["list",["object",{"accelerator_count":"number","accelerator_type":"string","machine_type":"string"}]],"max_replica_count":"number","min_replica_count":"number"}]],"display_name":"string","enable_access_logging":"bool","enable_container_logging":"bool","id":"string","model":"string","model_version_id":"string","private_endpoints":["list",["object",{"explain_http_uri":"string","health_http_uri":"string","predict_http_uri":"string","service_attachment":"string"}]],"service_account":"string","shared_resources":"string"}]],"description":"Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/).","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Endpoint.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates. If not set, a blind \"overwrite\" update happens.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"model_deployment_monitoring_job":{"type":"string","description":"Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: 'projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}'","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits.","description_kind":"plain","required":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. Where '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was last updated.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: 'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any EntityTypes and Features for this Featurestore will also be deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Featurestore.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"If set, both of the online and offline data storage will be secured by this key.","description_kind":"plain"},"max_items":1},"online_serving_config":{"nesting_mode":"list","block":{"attributes":{"fixed_node_count":{"type":"number","description":"The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating.","description_kind":"plain","optional":true}},"block_types":{"scaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other.","description_kind":"plain"},"max_items":1}},"description":"Config for online serving resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the EntityType.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"featurestore":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this EntityType.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the EntityType.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"categorical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).","description_kind":"plain"},"max_items":1},"import_features_analysis":{"nesting_mode":"list","block":{"attributes":{"anomaly_detection_baseline":{"type":"string","description":"Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below:\n* LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics.\n* MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists.\n* PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below:\n* DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled.\n* ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it.\n* DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it.","description_kind":"plain","optional":true}},"description":"The config for ImportFeatures Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1},"numerical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64).","description_kind":"plain"},"max_items":1},"snapshot_analysis":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.","description_kind":"plain","optional":true},"monitoring_interval_days":{"type":"number","description":"Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1.\nIf both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used.","description_kind":"plain","optional":true},"staleness_days":{"type":"number","description":"Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days.","description_kind":"plain","optional":true}},"description":"The config for Snapshot Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1}},"description":"The default monitoring configuration for all Features under this EntityType.\n\nIf this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the entity type was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the feature.","description_kind":"plain","optional":true},"entitytype":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the feature.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the feature","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the entity type was most recently updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"value_type":{"type":"string","description":"Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"contents_delta_uri":{"type":"string","description":"Allows inserting, updating or deleting the contents of the Matching Engine Index.\nThe string must be a valid Cloud Storage directory path. If this\nfield is set when calling IndexService.UpdateIndex, then no other\nIndex field can be also updated as part of the same call.\nThe expected structure and format of the files this URI points to is\ndescribed at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format","description_kind":"plain","optional":true},"is_complete_overwrite":{"type":"bool","description":"If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,\nthen existing content of the Index will be replaced by the data from the contentsDeltaUri.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"approximate_neighbors_count":{"type":"number","description":"The default number of neighbors to find via approximate search before exact reordering is\nperformed. Exact reordering is a procedure where results returned by an\napproximate search algorithm are reordered via a more expensive distance computation.\nRequired if tree-AH algorithm is used.","description_kind":"plain","optional":true},"dimensions":{"type":"number","description":"The number of dimensions of the input vectors.","description_kind":"plain","required":true},"distance_measure_type":{"type":"string","description":"The distance measure used in nearest neighbor search. The value must be one of the followings:\n* SQUARED_L2_DISTANCE: Euclidean (L_2) Distance\n* L1_DISTANCE: Manhattan (L_1) Distance\n* COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.\n* DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product","description_kind":"plain","optional":true},"feature_norm_type":{"type":"string","description":"Type of normalization to be carried out on each vector. The value must be one of the followings:\n* UNIT_L2_NORM: Unit L2 normalization type\n* NONE: No normalization type is specified.","description_kind":"plain","optional":true},"shard_size":{"type":"string","description":"Index data is split into equal parts to be processed. These are called \"shards\".\nThe shard size must be specified when creating an index. The value must be one of the followings:\n* SHARD_SIZE_SMALL: Small (2GB)\n* SHARD_SIZE_MEDIUM: Medium (20GB)\n* SHARD_SIZE_LARGE: Large (50GB)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"algorithm_config":{"nesting_mode":"list","block":{"block_types":{"brute_force_config":{"nesting_mode":"list","block":{"description":"Configuration options for using brute force search, which simply implements the\nstandard linear search in the database for each query.","description_kind":"plain"},"max_items":1},"tree_ah_config":{"nesting_mode":"list","block":{"attributes":{"leaf_node_embedding_count":{"type":"number","description":"Number of embeddings on each leaf node. The default value is 1000 if not set.","description_kind":"plain","optional":true},"leaf_nodes_to_search_percent":{"type":"number","description":"The default percentage of leaf nodes that any query may be searched. Must be in\nrange 1-100, inclusive. The default value is 10 (means 10%) if not set.","description_kind":"plain","optional":true}},"description":"Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).\nPlease refer to this paper for more details: https://arxiv.org/abs/1908.10396","description_kind":"plain"},"max_items":1}},"description":"The configuration with regard to the algorithms used for efficient search.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the Matching Engine Index.","description_kind":"plain"},"max_items":1}},"description":"An additional information about the Index","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered.\nPrivate services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.\n[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.\nWhere '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index endpoint. eg us-central1","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_tensorboard":{"version":0,"block":{"attributes":{"blob_storage_path_prefix":{"type":"string","description":"Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp of when the Tensorboard was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this Tensorboard.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User provided name of this Tensorboard.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Tensorboards.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Tensorboard.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tensorboard. eg us-central1","description_kind":"plain","optional":true,"computed":true},"run_count":{"type":"string","description":"The number of Runs stored in this Tensorboard.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Tensorboard was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector.","description_kind":"plain","optional":true,"computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector.","description_kind":"plain","optional":true,"computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true}},"block_types":{"subnet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.","description_kind":"plain","optional":true,"computed":true}},"description":"The subnet in which to house the connector","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workflows_workflow":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the workflow was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"The KMS key used to encrypt workflow and execution data.\n\nFormat: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the workflow provided by the user. Must be at most 1000 unicode characters long.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Workflow.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the workflow.","description_kind":"plain","optional":true},"revision_id":{"type":"string","description":"The revision of the workflow. A new one is generated if the service account or source contents is changed.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Name of the service account associated with the latest workflow version. This service\naccount represents the identity of the workflow and determines what permissions the workflow has.\nFormat: projects/{project}/serviceAccounts/{account} or {account}.\nUsing - as a wildcard for the {project} or not providing one at all will infer the project from the account.\nThe {account} value can be the email address or the unique_id of the service account.\nIf not provided, workflow will use the project's default service account.\nModifying this field for an existing workflow results in a new workflow revision.","description_kind":"plain","optional":true,"computed":true},"source_contents":{"type":"string","description":"Workflow code to be executed. The size limit is 32KB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the workflow deployment.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the workflow was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"google_access_approval_folder_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"folder_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_approval_organization_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_approval_project_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_active_folder":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_alloydb_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list",["object",{"display_name":"string","labels":["map","string"],"location_id":"string","metadata":["map","string"],"name":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_alloydb_supported_database_flags":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"supported_database_flags":{"type":["list",["object",{"accepts_multiple_values":"bool","flag_name":"string","integer_restrictions":["list",["object",{"max_value":"string","min_value":"string"}]],"name":"string","requires_db_restart":"bool","string_restrictions":["list",["object",{"allowed_values":["list","string"]}]],"supported_db_versions":["list","string"],"value_type":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_app_engine_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","computed":true},"docker_config":{"type":["list",["object",{"immutable_tags":"bool"}]],"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","required":true},"maven_config":{"type":["list",["object",{"allow_snapshot_overwrites":"bool","version_policy":"string"}]],"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"remote_repository_config":{"type":["list",["object",{"description":"string","docker_repository":["list",["object",{"public_repository":"string"}]],"maven_repository":["list",["object",{"public_repository":"string"}]],"npm_repository":["list",["object",{"public_repository":"string"}]],"python_repository":["list",["object",{"public_repository":"string"}]]}]],"description":"Configuration specific for a Remote Repository.","description_kind":"plain","computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true},"virtual_repository_config":{"type":["list",["object",{"upstream_policies":["list",["object",{"id":"string","priority":"number","repository":"string"}]]}]],"description":"Configuration specific for a Virtual Repository.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"application_endpoint":{"type":["list",["object",{"host":"string","port":"number"}]],"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain","computed":true},"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","computed":true},"gateway":{"type":["list",["object",{"app_gateway":"string","ingress_port":"number","type":"string","uri":"string"}]],"description":"Gateway used by the AppConnection.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"principal_info":{"type":["list",["object",{"service_account":["list",["object",{"email":"string"}]]}]],"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":0,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","computed":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_default_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lookup_projects":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"project_ids":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_client_config":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"The OAuth2 access token used by the client to authenticate against the Google Cloud API.","description_kind":"markdown","computed":true,"sensitive":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. It is created in a projects/{{project}}/regions/{{region}}/zones/{{zone}} format and is NOT used by the data source in requests to Google APIs.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project to apply any resources to.","description_kind":"markdown","computed":true},"region":{"type":"string","description":"The region to operate under.","description_kind":"markdown","computed":true},"zone":{"type":"string","description":"The zone to operate under.","description_kind":"markdown","computed":true}},"description":"Use this data source to access the configuration of the Google Cloud provider.","description_kind":"markdown"}},"google_client_openid_userinfo":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email of the account used by the provider to authenticate with GCP.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. Its value is the same as the `email` attribute. Do not use this field, use the `email` attribute instead.","description_kind":"markdown","computed":true}},"description":"Get OpenID userinfo about the credentials used with the Google provider, specifically the email.\nThis datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.\n\n~\u003e This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.","description_kind":"markdown"}},"google_cloud_identity_group_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"create_time":"string","group":"string","name":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"roles":["set",["object",{"name":"string"}]],"type":"string","update_time":"string"}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_groups":{"version":0,"block":{"attributes":{"groups":{"type":["list",["object",{"create_time":"string","description":"string","display_name":"string","group_key":["list",["object",{"id":"string","namespace":"string"}]],"initial_group_config":"string","labels":["map","string"],"name":"string","parent":"string","update_time":"string"}]],"description":"List of Cloud Identity groups.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_service":{"version":1,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"metadata":{"type":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"metadata":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"name":"string","namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"spec":["list",["object",{"container_concurrency":"number","containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_from":["list",["object",{"secret_key_ref":["list",["object",{"key":"string","name":"string"}]]}]]}]],"env_from":["list",["object",{"config_map_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]],"prefix":"string","secret_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string","protocol":"string"}]],"resources":["list",["object",{"limits":["map","string"],"requests":["map","string"]}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"service_account_name":"string","serving_state":"string","timeout_seconds":"number","volumes":["list",["object",{"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"key":"string","mode":"number","path":"string"}]],"secret_name":"string"}]]}]]}]]}]],"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"approval_config":{"type":["list",["object",{"approval_required":"bool"}]],"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain","computed":true},"bitbucket_server_trigger_config":{"type":["list",["object",{"bitbucket_server_config_resource":"string","project_key":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repo_slug":"string"}]],"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain","computed":true},"build":{"type":["list",["object",{"artifacts":["list",["object",{"images":["list","string"],"objects":["list",["object",{"location":"string","paths":["list","string"],"timing":["list",["object",{"end_time":"string","start_time":"string"}]]}]]}]],"available_secrets":["list",["object",{"secret_manager":["list",["object",{"env":"string","version_name":"string"}]]}]],"images":["list","string"],"logs_bucket":"string","options":["list",["object",{"disk_size_gb":"number","dynamic_substitutions":"bool","env":["list","string"],"log_streaming_option":"string","logging":"string","machine_type":"string","requested_verify_option":"string","secret_env":["list","string"],"source_provenance_hash":["list","string"],"substitution_option":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"worker_pool":"string"}]],"queue_ttl":"string","secret":["list",["object",{"kms_key_name":"string","secret_env":["map","string"]}]],"source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","substitutions":["map","string"],"tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"string","object":"string"}]]}]],"step":["list",["object",{"allow_exit_codes":["list","number"],"allow_failure":"bool","args":["list","string"],"dir":"string","entrypoint":"string","env":["list","string"],"id":"string","name":"string","script":"string","secret_env":["list","string"],"timeout":"string","timing":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"wait_for":["list","string"]}]],"substitutions":["map","string"],"tags":["list","string"],"timeout":"string"}]],"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","computed":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","computed":true},"git_file_source":{"type":["list",["object",{"github_enterprise_config":"string","path":"string","repo_type":"string","repository":"string","revision":"string","uri":"string"}]],"description":"The file source describing the local or remote Build template.","description_kind":"plain","computed":true},"github":{"type":["list",["object",{"enterprise_config_resource_name":"string","name":"string","owner":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]]}]],"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","computed":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","computed":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_config":{"type":["list",["object",{"service_account_email":"string","state":"string","subscription":"string","topic":"string"}]],"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"repository_event_config":{"type":["list",["object",{"pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repository":"string"}]],"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","computed":true},"source_to_build":{"type":["list",["object",{"github_enterprise_config":"string","ref":"string","repo_type":"string","repository":"string","uri":"string"}]],"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","computed":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","required":true},"trigger_template":{"type":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"webhook_config":{"type":["list",["object",{"secret":"string","state":"string"}]],"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"build_config":{"type":["list",["object",{"build":"string","docker_repository":"string","entry_point":"string","environment_variables":["map","string"],"runtime":"string","source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"number","object":"string"}]]}]],"worker_pool":"string"}]],"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_filters":["set",["object",{"attribute":"string","operator":"string","value":"string"}]],"event_type":"string","pubsub_topic":"string","retry_policy":"string","service_account_email":"string","trigger":"string","trigger_region":"string"}]],"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_config":{"type":["list",["object",{"all_traffic_on_latest_revision":"bool","available_cpu":"string","available_memory":"string","environment_variables":["map","string"],"gcf_uri":"string","ingress_settings":"string","max_instance_count":"number","max_instance_request_concurrency":"number","min_instance_count":"number","secret_environment_variables":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"secret_volumes":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"service":"string","service_account_email":"string","timeout_seconds":"number","uri":"string","vpc_connector":"string","vpc_connector_egress_settings":"string"}]],"description":"Describes the Service being deployed.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","computed":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","computed":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","computed":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_type":"string","failure_policy":["list",["object",{"retry":"bool"}]],"resource":"string"}]],"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain","computed":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs8\", \"nodejs10\", \"python37\", \"go111\".","description_kind":"plain","computed":true},"secret_environment_variables":{"type":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"description":"Secret environment variables configuration","description_kind":"plain","computed":true},"secret_volumes":{"type":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"description":"Secret volumes configuration.","description_kind":"plain","computed":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","computed":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","computed":true},"source_repository":{"type":["list",["object",{"deployed_url":"string","url":"string"}]],"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","computed":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","computed":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudiot_registry_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"config":{"type":["list",["object",{"airflow_uri":"string","dag_gcs_prefix":"string","database_config":["list",["object",{"machine_type":"string"}]],"encryption_config":["list",["object",{"kms_key_name":"string"}]],"environment_size":"string","gke_cluster":"string","maintenance_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]],"master_authorized_networks_config":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"enabled":"bool"}]],"node_config":["list",["object",{"disk_size_gb":"number","enable_ip_masq_agent":"bool","ip_allocation_policy":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"machine_type":"string","network":"string","oauth_scopes":["set","string"],"service_account":"string","subnetwork":"string","tags":["set","string"],"zone":"string"}]],"node_count":"number","private_environment_config":["list",["object",{"cloud_composer_connection_subnetwork":"string","cloud_composer_network_ipv4_cidr_block":"string","cloud_sql_ipv4_cidr_block":"string","enable_private_endpoint":"bool","enable_privately_used_public_ips":"bool","master_ipv4_cidr_block":"string","web_server_ipv4_cidr_block":"string"}]],"recovery_config":["list",["object",{"scheduled_snapshots_config":["list",["object",{"enabled":"bool","snapshot_creation_schedule":"string","snapshot_location":"string","time_zone":"string"}]]}]],"resilience_mode":"string","software_config":["list",["object",{"airflow_config_overrides":["map","string"],"env_variables":["map","string"],"image_version":"string","pypi_packages":["map","string"],"python_version":"string","scheduler_count":"number"}]],"web_server_config":["list",["object",{"machine_type":"string"}]],"web_server_network_access_control":["list",["object",{"allowed_ip_range":["set",["object",{"description":"string","value":"string"}]]}]],"workloads_config":["list",["object",{"scheduler":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"web_server":["list",["object",{"cpu":"number","memory_gb":"number","storage_gb":"number"}]],"worker":["list",["object",{"cpu":"number","max_count":"number","memory_gb":"number","min_count":"number","storage_gb":"number"}]]}]]}]],"description":"Configuration parameters for this environment.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_composer_image_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_versions":{"type":["list",["object",{"image_version_id":"string","supported_python_versions":["list","string"]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_addresses":{"version":0,"block":{"attributes":{"addresses":{"type":["list",["object",{"address":"string","address_type":"string","description":"string","name":"string","region":"string","self_link":"string","status":"string"}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description":"Filter sets the optional parameter \"filter\": A filter expression that\nfilters resources listed in the response. The expression must specify\nthe field name, an operator, and the value that you want to use for\nfiltering. The value must be a string, a number, or a boolean. The\noperator must be either \"=\", \"!=\", \"\u003e\", \"\u003c\", \"\u003c=\", \"\u003e=\" or \":\". For\nexample, if you are filtering Compute Engine instances, you can\nexclude instances named \"example-instance\" by specifying \"name !=\nexample-instance\". The \":\" operator can be used with string fields to\nmatch substrings. For non-string fields it is equivalent to the \"=\"\noperator. The \":*\" comparison can be used to test whether a key has\nbeen defined. For example, to find all objects with \"owner\" label\nuse: \"\"\" labels.owner:* \"\"\" You can also filter nested fields. For\nexample, you could specify \"scheduling.automaticRestart = false\" to\ninclude instances only if they are not scheduled for automatic\nrestarts. You can use filtering on nested fields to filter based on\nresource labels. To filter on multiple expressions, provide each\nseparate expression within parentheses. For example: \"\"\"\n(scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\")\n\"\"\" By default, each expression is an \"AND\" expression. However, you\ncan include \"AND\" and \"OR\" expressions explicitly. For example: \"\"\"\n(cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\")\nAND (scheduling.automaticRestart = true) \"\"\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The google project in which addresses are listed. Defaults to provider's configuration if missing.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region that should be considered to search addresses. All regions are considered if missing.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_http_headers":["list","string"],"query_string_whitelist":["list","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"request_coalescing":"bool","serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","computed":true},"backend":{"type":["set",["object",{"balancing_mode":"string","capacity_scaler":"number","description":"string","group":"string","max_connections":"number","max_connections_per_endpoint":"number","max_connections_per_instance":"number","max_rate":"number","max_rate_per_endpoint":"number","max_rate_per_instance":"number","max_utilization":"number"}]],"description":"The set of backends that serve this BackendService.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_host":"bool","include_http_headers":["list","string"],"include_named_cookies":["list","string"],"include_protocol":"bool","include_query_string":"bool","query_string_blacklist":["set","string"],"query_string_whitelist":["set","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain","computed":true},"circuit_breakers":{"type":["list",["object",{"max_connections":"number","max_pending_requests":"number","max_requests":"number","max_requests_per_connection":"number","max_retries":"number"}]],"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","computed":true},"consistent_hash":{"type":["list",["object",{"http_cookie":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"http_header_name":"string","minimum_ring_size":"number"}]],"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","computed":true},"iap":{"type":["list",["object",{"oauth2_client_id":"string","oauth2_client_secret":"string","oauth2_client_secret_sha256":"string"}]],"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"locality_lb_policies":{"type":["list",["object",{"custom_policy":["list",["object",{"data":"string","name":"string"}]],"policy":["list",["object",{"name":"string"}]]}]],"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain","computed":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","sample_rate":"number"}]],"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"outlier_detection":{"type":["list",["object",{"base_ejection_time":["list",["object",{"nanos":"number","seconds":"number"}]],"consecutive_errors":"number","consecutive_gateway_failure":"number","enforcing_consecutive_errors":"number","enforcing_consecutive_gateway_failure":"number","enforcing_success_rate":"number","interval":["list",["object",{"nanos":"number","seconds":"number"}]],"max_ejection_percent":"number","success_rate_minimum_hosts":"number","success_rate_request_volume":"number","success_rate_stdev_factor":"number"}]],"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the load_balancing_scheme is set\nto INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\"]","description_kind":"plain","computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","computed":true},"security_settings":{"type":["list",["object",{"client_tls_policy":"string","subject_alt_names":["list","string"]}]],"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","rsa_encrypted_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"This field can only be used:\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By internal TCP/UDP load balancers, backend service-based network load\nbalancers, and internal and external protocol forwarding.\n\n\nSet this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule.\n\nThe 'ports', 'port_range', and\n'allPorts' fields are mutually exclusive.","description_kind":"plain","computed":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","computed":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","computed":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","computed":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By backend service-based network load balancers, target pool-based\nnetwork load balancers, internal proxy load balancers, external proxy load\nbalancers, Traffic Director, external protocol forwarding, and Classic VPN.\nSome products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\n\nOnly packets addressed to ports in the specified range will be forwarded to\nthe backends configured with this forwarding rule.\n\nThe 'ports' and 'port_range' fields are mutually exclusive.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have\noverlapping 'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]'\npair, and cannot have overlapping 'portRange's.","description_kind":"plain","computed":true},"ports":{"type":["set","string"],"description":"This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By internal TCP/UDP load balancers, backend service-based network load\nbalancers, and internal protocol forwarding.\n\n\nYou can specify a list of up to five ports by number, separated by commas.\nThe ports can be contiguous or discontiguous. Only packets addressed to\nthese ports will be forwarded to the backends configured with this\nforwarding rule.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot share any values\ndefined in 'ports'.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]'\npair, and cannot share any values defined in 'ports'.\n\nThe 'ports' and 'port_range' fields are mutually exclusive.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","computed":true},"metadata_filters":{"type":["list",["object",{"filter_labels":["list",["object",{"name":"string","value":"string"}]],"filter_match_criteria":"string"}]],"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By backend service-based network load balancers, target pool-based\nnetwork load balancers, internal proxy load balancers, external proxy load\nbalancers, Traffic Director, external protocol forwarding, and Classic VPN.\nSome products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\n\n* TargetHttpProxy: 80, 8080\n* TargetHttpsProxy: 443\n* TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995,\n 1883, 5222\n* TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995,\n 1883, 5222\n* TargetVpnGateway: 500, 4500","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"vpn_interfaces":{"type":["list",["object",{"id":"number","interconnect_attachment":"string","ip_address":"string"}]],"description":"A list of interfaces on this VPN gateway.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"grpc_health_check":{"type":["list",["object",{"grpc_service_name":"string","port":"number","port_name":"string","port_specification":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","computed":true},"http2_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"http_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"https_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool"}]],"description":"Configure logging on this health check.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"tcp_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description_kind":"plain","computed":true},"family":{"type":"string","description_kind":"plain","optional":true,"computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"image_id":{"type":"string","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description_kind":"plain","computed":true},"source_disk_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","computed":true},"boot_disk":{"type":["list",["object",{"auto_delete":"bool","device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","initialize_params":["list",["object",{"image":"string","labels":["map","string"],"resource_manager_tags":["map","string"],"size":"number","type":"string"}]],"kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"The boot disk for the instance.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","optional":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"The networks attached to the instance.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"params":{"type":["list",["object",{"resource_manager_tags":["map","string"]}]],"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy being used by the instance.","description_kind":"plain","computed":true},"scratch_disk":{"type":["list",["object",{"interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"The shielded vm config being used by the instance.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"named_port":{"type":["list",["object",{"name":"string","port":"number"}]],"description_kind":"plain","computed":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_serial_port":{"version":0,"block":{"attributes":{"contents":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"port":{"type":"number","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","computed":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_lb_ip_ranges":{"version":0,"block":{"attributes":{"http_ssl_tcp_internal":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_ipv4":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetworks_self_links":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","computed":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","computed":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_types":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"instance":"string","named_ports":["list",["object",{"name":"string","port":"number"}]],"status":"string"}]],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"app_engine":{"type":["list",["object",{"service":"string","url_mask":"string","version":"string"}]],"description":"Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_function":{"type":["list",["object",{"function":"string","url_mask":"string"}]],"description":"Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_run":{"type":["list",["object",{"service":"string","tag":"string","url_mask":"string"}]],"description":"Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"This field is only used for PSC.\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_target_service":{"type":"string","description":"The target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the Serverless NEGs Reside.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field is only used for PSC.\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_regions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","computed":true},"disk_consistency_group_policy":{"type":["list",["object",{"enabled":"bool"}]],"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain","computed":true},"group_placement_policy":{"type":["list",["object",{"availability_domain_count":"number","collocation":"string","vm_count":"number"}]],"description":"Resource policy for instances used for placement configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_schedule_policy":{"type":["list",["object",{"expiration_time":"string","start_time":"string","time_zone":"string","vm_start_schedule":["list",["object",{"schedule":"string"}]],"vm_stop_schedule":["list",["object",{"schedule":"string"}]]}]],"description":"Resource policy for scheduling instance operations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_schedule_policy":{"type":["list",["object",{"retention_policy":["list",["object",{"max_retention_days":"number","on_source_disk_delete":"string"}]],"schedule":["list",["object",{"daily_schedule":["list",["object",{"days_in_cycle":"number","start_time":"string"}]],"hourly_schedule":["list",["object",{"hours_in_cycle":"number","start_time":"string"}]],"weekly_schedule":["list",["object",{"day_of_weeks":["set",["object",{"day":"string","start_time":"string"}]]}]]}]],"snapshot_properties":["list",["object",{"chain_name":"string","guest_flush":"bool","labels":["map","string"],"storage_locations":["set","string"]}]]}]],"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"bgp":{"type":["list",["object",{"advertise_mode":"string","advertised_groups":["list","string"],"advertised_ip_ranges":["list",["object",{"description":"string","range":"string"}]],"asn":"number","keepalive_interval":"number"}]],"description":"BGP information specific to this router.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information\nsee the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool","filter":"string"}]],"description":"Configuration for logging on NAT","description_kind":"plain","computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","computed":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"rules":{"type":["set",["object",{"action":["list",["object",{"source_nat_active_ips":["set","string"],"source_nat_drain_ips":["set","string"]}]],"description":"string","match":"string","rule_number":"number"}]],"description":"A list of rules associated with this NAT.","description_kind":"plain","computed":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","computed":true},"subnetwork":{"type":["set",["object",{"name":"string","secondary_ip_range_names":["set","string"],"source_ip_ranges_to_nat":["set","string"]}]],"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain","computed":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","computed":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","computed":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","computed":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_status":{"version":0,"block":{"attributes":{"best_routes":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes for this router's network.","description_kind":"plain","computed":true},"best_routes_for_router":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes learned by this router.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the router to query.","description_kind":"plain","required":true},"network":{"type":"string","description":"URI of the network to which this router belongs.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the target router.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of the target router.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","computed":true},"source_disk_encryption_key":{"type":["list",["object",{"kms_key_service_account":"string","raw_key":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"network":{"type":"string","description_kind":"plain","computed":true},"private_ip_google_access":{"type":"bool","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_attached_install_manifest":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"manifest":{"type":"string","description_kind":"plain","computed":true},"platform_version":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_container_attached_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_aws_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_azure_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_cluster":{"version":1,"block":{"attributes":{"addons_config":{"type":["list",["object",{"cloudrun_config":["list",["object",{"disabled":"bool","load_balancer_type":"string"}]],"config_connector_config":["list",["object",{"enabled":"bool"}]],"dns_cache_config":["list",["object",{"enabled":"bool"}]],"gce_persistent_disk_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcp_filestore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcs_fuse_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gke_backup_agent_config":["list",["object",{"enabled":"bool"}]],"horizontal_pod_autoscaling":["list",["object",{"disabled":"bool"}]],"http_load_balancing":["list",["object",{"disabled":"bool"}]],"network_policy_config":["list",["object",{"disabled":"bool"}]]}]],"description":"The configuration for addons supported by GKE.","description_kind":"plain","computed":true},"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","computed":true},"authenticator_groups_config":{"type":["list",["object",{"security_group":"string"}]],"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"enabled":"bool","evaluation_mode":"string"}]],"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain","computed":true},"cluster_autoscaling":{"type":["list",["object",{"auto_provisioning_defaults":["list",["object",{"boot_disk_kms_key":"string","disk_size":"number","disk_type":"string","image_type":"string","management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool","upgrade_options":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]]}]],"min_cpu_platform":"string","oauth_scopes":["list","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]]}]],"enabled":"bool","resource_limits":["list",["object",{"maximum":"number","minimum":"number","resource_type":"string"}]]}]],"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain","computed":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","computed":true},"confidential_nodes":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain","computed":true},"cost_management_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Cost management configuration for the cluster.","description_kind":"plain","computed":true},"database_encryption":{"type":["list",["object",{"key_name":"string","state":"string"}]],"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain","computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","computed":true},"default_snat_status":{"type":["list",["object",{"disabled":"bool"}]],"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain","computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","computed":true},"dns_config":{"type":["list",["object",{"cluster_dns":"string","cluster_dns_domain":"string","cluster_dns_scope":"string"}]],"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","computed":true},"enable_binary_authorization":{"type":"bool","description":"Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.","description_kind":"plain","computed":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","computed":true},"enable_k8s_beta_apis":{"type":["list",["object",{"enabled_apis":["set","string"]}]],"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain","computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","computed":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","computed":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","computed":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","computed":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"gateway_api_config":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration for GKE Gateway API controller.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","computed":true},"ip_allocation_policy":{"type":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"services_ipv4_cidr_block":"string","services_secondary_range_name":"string","stack_type":"string"}]],"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true},"logging_config":{"type":["list",["object",{"enable_components":["list","string"]}]],"description":"Logging configuration for the cluster.","description_kind":"plain","computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"daily_maintenance_window":["list",["object",{"duration":"string","start_time":"string"}]],"maintenance_exclusion":["set",["object",{"end_time":"string","exclusion_name":"string","exclusion_options":["list",["object",{"scope":"string"}]],"start_time":"string"}]],"recurring_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]]}]],"description":"The maintenance policy to use for the cluster.","description_kind":"plain","computed":true},"master_auth":{"type":["list",["object",{"client_certificate":"string","client_certificate_config":["list",["object",{"issue_client_certificate":"bool"}]],"client_key":"string","cluster_ca_certificate":"string"}]],"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain","computed":true},"master_authorized_networks_config":{"type":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"gcp_public_cidrs_access_enabled":"bool"}]],"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain","computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"mesh_certificates":{"type":["list",["object",{"enable_certificates":"bool"}]],"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","computed":true},"monitoring_config":{"type":["list",["object",{"enable_components":["list","string"],"managed_prometheus":["list",["object",{"enabled":"bool"}]]}]],"description":"Monitoring configuration for the cluster.","description_kind":"plain","computed":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","computed":true},"network_policy":{"type":["list",["object",{"enabled":"bool","provider":"string"}]],"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain","computed":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster.","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","disk_size_gb":"number","disk_type":"string","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"description":"The configuration of the nodepool","description_kind":"plain","computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","computed":true},"node_pool":{"type":["list",["object",{"autoscaling":["list",["object",{"location_policy":"string","max_node_count":"number","min_node_count":"number","total_max_node_count":"number","total_min_node_count":"number"}]],"initial_node_count":"number","instance_group_urls":["list","string"],"managed_instance_group_urls":["list","string"],"management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool"}]],"max_pods_per_node":"number","name":"string","name_prefix":"string","network_config":["list",["object",{"create_pod_range":"bool","enable_private_nodes":"bool","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"pod_ipv4_cidr_block":"string","pod_range":"string"}]],"node_config":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","disk_size_gb":"number","disk_type":"string","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"node_count":"number","node_locations":["set","string"],"placement_policy":["list",["object",{"policy_name":"string","type":"string"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]],"version":"string"}]],"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain","computed":true},"node_pool_defaults":{"type":["list",["object",{"node_config_defaults":["list",["object",{"logging_variant":"string"}]]}]],"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain","computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","computed":true},"notification_config":{"type":["list",["object",{"pubsub":["list",["object",{"enabled":"bool","filter":["list",["object",{"event_type":["list","string"]}]],"topic":"string"}]]}]],"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_cluster_config":{"type":["list",["object",{"enable_private_endpoint":"bool","enable_private_nodes":"bool","master_global_access_config":["list",["object",{"enabled":"bool"}]],"master_ipv4_cidr_block":"string","peering_name":"string","private_endpoint":"string","private_endpoint_subnetwork":"string","public_endpoint":"string"}]],"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"release_channel":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain","computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","computed":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","computed":true},"resource_usage_export_config":{"type":["list",["object",{"bigquery_destination":["list",["object",{"dataset_id":"string"}]],"enable_network_egress_metering":"bool","enable_resource_consumption_metering":"bool"}]],"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain","computed":true},"security_posture_config":{"type":["list",["object",{"mode":"string","vulnerability_mode":"string"}]],"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"service_external_ips_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true},"vertical_pod_autoscaling":{"type":["list",["object",{"enabled":"bool"}]],"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"workload_pool":"string"}]],"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_engine_versions":{"version":0,"block":{"attributes":{"default_cluster_version":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_master_version":{"type":"string","description_kind":"plain","computed":true},"latest_node_version":{"type":"string","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel_default_version":{"type":["map","string"],"description_kind":"plain","computed":true},"release_channel_latest_version":{"type":["map","string"],"description_kind":"plain","computed":true},"valid_master_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_node_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"version_prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_image":{"version":0,"block":{"attributes":{"digest":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_url":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"tag":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"repository_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key":"string"}]],"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"hive_metastore_config":{"type":["list",["object",{"config_overrides":["map","string"],"kerberos_config":["list",["object",{"keytab":["list",["object",{"cloud_secret":"string"}]],"krb5_config_gcs_uri":"string","principal":"string"}]],"version":"string"}]],"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","required":true},"maintenance_window":{"type":["list",["object",{"day_of_week":"string","hour_of_day":"number"}]],"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","computed":true},"network_config":{"type":["list",["object",{"consumers":["list",["object",{"endpoint_uri":"string","subnetwork":"string"}]]}]],"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","computed":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"telemetry_config":{"type":["list",["object",{"log_format":"string"}]],"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_datastream_static_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"static_ips":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"DNS keys identifier","description_kind":"markdown","computed":true},"key_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"ds_record":"string","id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description":"A list of Key-signing key (KSK) records.","description_kind":"markdown","computed":true},"managed_zone":{"type":"string","description":"The Name of the zone.","description_kind":"markdown","required":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true,"computed":true},"zone_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description":"A list of Zone-signing key (ZSK) records.","description_kind":"markdown","computed":true}},"description":"Get the DNSKEY and DS records of DNSSEC-signed managed zones","description_kind":"markdown"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field.","description_kind":"markdown","computed":true},"dns_name":{"type":"string","description":"The fully qualified DNS name of this zone.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"DNS managed zone identifier","description_kind":"markdown","computed":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"markdown","computed":true},"name":{"type":"string","description":"A unique name for the resource.","description_kind":"markdown","required":true},"name_servers":{"type":["list","string"],"description":"The list of nameservers that will be authoritative for this domain. Use NS records to redirect from your DNS provider to these names, thus making Google Cloud DNS authoritative for this zone.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.","description_kind":"markdown","computed":true}},"description":"Provides access to a zone's attributes within Google Cloud DNS","description_kind":"markdown"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"DNS record set identifier","description_kind":"markdown","computed":true},"managed_zone":{"type":"string","description":"The Name of the zone.","description_kind":"markdown","required":true},"name":{"type":"string","description":"The DNS name for the resource.","description_kind":"markdown","required":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set.","description_kind":"markdown","computed":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"markdown","computed":true},"type":{"type":"string","description":"The identifier of a supported record type. See the list of Supported DNS record types.","description_kind":"markdown","required":true}},"description":"A DNS record set within Google Cloud DNS","description_kind":"markdown"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"folder_id":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"lookup_organization":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folders":{"version":0,"block":{"attributes":{"folders":{"type":["list",["object",{"create_time":"string","delete_time":"string","display_name":"string","etag":"string","name":"string","parent":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_game_services_game_server_deployment_rollout":{"version":0,"block":{"attributes":{"default_game_server_config":{"type":"string","description":"This field points to the game server config that is\napplied by default to all realms and clusters. For example,\n\n'projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config'.","description_kind":"plain","computed":true},"deployment_id":{"type":"string","description":"The deployment to rollout the new config to. Only 1 rollout must be associated with each deployment.","description_kind":"plain","required":true},"game_server_config_overrides":{"type":["list",["object",{"config_version":"string","realms_selector":["list",["object",{"realms":["list","string"]}]]}]],"description":"The game_server_config_overrides contains the per game server config\noverrides. The overrides are processed in the order they are listed. As\nsoon as a match is found for a cluster, the rest of the list is not\nprocessed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource id of the game server deployment\n\neg: 'projects/my-project/locations/global/gameServerDeployments/my-deployment/rollout'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"audit_config":{"nesting_mode":"set","block":{"attributes":{"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"audit_log_configs":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description_kind":"plain","optional":true},"log_type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"binding":{"nesting_mode":"set","block":{"attributes":{"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"included_permissions":{"type":["list","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"stage":{"type":"string","description_kind":"plain","computed":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_testable_permissions":{"version":0,"block":{"attributes":{"custom_support_level":{"type":"string","description_kind":"plain","optional":true},"full_resource_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permissions":{"type":["list",["object",{"api_disabled":"bool","custom_support_level":"string","name":"string","stage":"string","title":"string"}]],"description_kind":"plain","computed":true},"stages":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","computed":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","computed":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","computed":true},"version_template":{"type":["list",["object",{"algorithm":"string","protection_level":"string"}]],"description":"A template describing settings for new crypto key versions.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_secret":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description_kind":"plain","optional":true},"ciphertext":{"type":"string","description_kind":"plain","required":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"ciphertext":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain","deprecated":true}},"google_logging_project_cmek_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","optional":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\n\t\t\t\tFor example:\n\t\t\t\t\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\n\t\t\t\tThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_sink":{"version":0,"block":{"attributes":{"bigquery_options":{"type":["list",["object",{"use_partitioned_tables":"bool"}]],"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","computed":true},"exclusions":{"type":["list",["object",{"description":"string","disabled":"bool","filter":"string","name":"string"}]],"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","computed":true},"id":{"type":"string","description":"Required. An identifier for the resource in format: \"projects/[PROJECT_ID]/sinks/[SINK_NAME]\", \"organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME]\", \"billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_NAME]\", \"folders/[FOLDER_ID]/sinks/[SINK_NAME]\"","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","computed":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_app_engine_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"module_id":{"type":"string","description":"The ID of the App Engine module underlying this service. \nCorresponds to the 'moduleId' resource label for a 'gae_app'\nmonitored resource(see https://cloud.google.com/monitoring/api/resources#tag_gae_app)","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_cluster_istio_service":{"version":0,"block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the clusterName resource label in k8s_cluster resources.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the location resource label in k8s_cluster resources.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service. \n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_istio_canonical_service":{"version":0,"block":{"attributes":{"canonical_service":{"type":"string","description":"The name of the canonical service underlying this service.. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"canonical_service_namespace":{"type":"string","description":"The namespace of the canonical service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the Istio mesh in which this canonical service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_mesh_istio_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the mesh in which this Istio service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"sensitive_labels":{"type":["list",["object",{"auth_token":"string","password":"string","service_key":"string"}]],"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_uptime_check_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uptime_check_ips":{"type":["list",["object",{"ip_address":"string","location":"string","region":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_netblock_ip_ranges":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv4":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv6":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"range_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"directory_customer_id":{"type":"string","description_kind":"plain","computed":true},"domain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"org_id":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"subject_config":["list",["object",{"subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"x509_config":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number","non_ca":"bool","zero_max_issuer_path_length":"bool"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"key_spec":{"type":["list",["object",{"algorithm":"string","cloud_kms_key_version":"string"}]],"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","computed":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"subordinate_config":{"type":["list",["object",{"certificate_authority":"string","pem_issuer_chain":["list",["object",{"pem_certificates":["list","string"]}]]}]],"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","computed":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","computed":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","optional":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","computed":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_projects":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["list",["object",{"create_time":"string","labels":["map","string"],"lifecycle_state":"string","name":"string","number":"string","parent":["map","string"],"project_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","computed":true},"bigquery_config":{"type":["list",["object",{"drop_unknown_fields":"bool","table":"string","use_topic_schema":"bool","write_metadata":"bool"}]],"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig or bigQueryConfig can be set, but not both.\nIf both are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"dead_letter_policy":{"type":["list",["object",{"dead_letter_topic":"string","max_delivery_attempts":"number"}]],"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","computed":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","computed":true},"expiration_policy":{"type":["list",["object",{"ttl":"string"}]],"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"push_config":{"type":["list",["object",{"attributes":["map","string"],"no_wrapper":["list",["object",{"write_metadata":"bool"}]],"oidc_token":["list",["object",{"audience":"string","service_account_email":"string"}]],"push_endpoint":"string"}]],"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain","computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","computed":true},"retry_policy":{"type":["list",["object",{"maximum_backoff":"string","minimum_backoff":"string"}]],"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nCannot be more than 31 days or less than 10 minutes.","description_kind":"plain","computed":true},"message_storage_policy":{"type":["list",["object",{"allowed_persistence_regions":["list","string"]}]],"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"schema_settings":{"type":["list",["object",{"encoding":"string","schema":"string"}]],"description":"Settings for validating messages published against a schema.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","computed":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"create_time":"string","description":"string","update_time":"string","weekly_maintenance_window":["list",["object",{"day":"string","duration":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]]}]],"description":"Maintenance policy for an instance.","description_kind":"plain","computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_config":{"type":["list",["object",{"persistence_mode":"string","rdb_next_snapshot_time":"string","rdb_snapshot_period":"string","rdb_snapshot_start_time":"string"}]],"description":"Persistence configuration for an instance.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","computed":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"replication":{"type":["list",["object",{"automatic":"bool","user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain","computed":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_account_access_token":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifetime":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["set","string"],"description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_id_token":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"include_email":{"type":"bool","description_kind":"plain","optional":true},"target_audience":{"type":"string","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_account_jwt":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"expires_in":{"type":"number","description":"Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwt":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"payload":{"type":"string","description":"A JSON-encoded JWT claims set that will be included in the signed JWT.","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description_kind":"plain","computed":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_configs":{"type":["set",["object",{"message_format":"string","service_account_email":"string","topic":"string"}]],"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","required":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_backup_run":{"version":0,"block":{"attributes":{"backup_id":{"type":"number","description":"The identifier for this backup run. Unique only for a specific Cloud SQL instance. If left empty and multiple backups exist for the instance, most_recent must be set to true.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"Name of the database instance.","description_kind":"plain","required":true},"location":{"type":"string","description":"Location of the backups.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description":"Toggles use of the most recent backup run if multiple backups exist for a Cloud SQL instance.","description_kind":"plain","optional":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the backup operation actually started in UTC timezone in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of this run.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_ca_certs":{"version":0,"block":{"attributes":{"active_version":{"type":"string","description_kind":"plain","computed":true},"certs":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"clone":{"type":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","source_instance_name":"string"}]],"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","computed":true},"replica_configuration":{"type":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"description":"The configuration for replication.","description_kind":"plain","computed":true},"restore_backup_context":{"type":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"description_kind":"plain","computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true},"settings":{"type":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["list",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","require_ssl":"bool"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]],"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instances":{"version":0,"block":{"attributes":{"database_version":{"type":"string","description":"To filter out the database instances which are of the specified database version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"available_maintenance_versions":["list","string"],"clone":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","source_instance_name":"string"}]],"connection_name":"string","database_version":"string","deletion_protection":"bool","encryption_key_name":"string","first_ip_address":"string","instance_type":"string","ip_address":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"maintenance_version":"string","master_instance_name":"string","name":"string","private_ip_address":"string","project":"string","public_ip_address":"string","region":"string","replica_configuration":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"restore_backup_context":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"root_password":"string","self_link":"string","server_ca_cert":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"service_account_email_address":"string","settings":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["list",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","require_ssl":"bool"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project that contains the instances.","description_kind":"plain","optional":true},"region":{"type":"string","description":"To filter out the database instances which are located in this specified region.","description_kind":"plain","optional":true},"state":{"type":"string","description":"To filter out the database instances based on the current state of the database instance, valid values include : \"SQL_INSTANCE_STATE_UNSPECIFIED\", \"RUNNABLE\", \"SUSPENDED\", \"PENDING_DELETE\", \"PENDING_CREATE\", \"MAINTENANCE\" and \"FAILED\".","description_kind":"plain","optional":true},"tier":{"type":"string","description":"To filter out the database instances based on the machine type.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"To filter out the database instances which are located in this specified zone.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_databases":{"version":0,"block":{"attributes":{"databases":{"type":["list",["object",{"charset":"string","collation":"string","deletion_policy":"string","instance":"string","name":"string","project":"string","self_link":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL database instance in which the database belongs.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_tiers":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project ID of the project for which to list tiers.","description_kind":"plain","optional":true,"computed":true},"tiers":{"type":["list",["object",{"disk_quota":"number","ram":"number","region":["list","string"],"tier":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket":{"version":0,"block":{"attributes":{"autoclass":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's autoclass configuration.","description_kind":"plain","computed":true},"cors":{"type":["list",["object",{"max_age_seconds":"number","method":["list","string"],"origin":["list","string"],"response_header":["list","string"]}]],"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain","computed":true},"custom_placement_config":{"type":["list",["object",{"data_locations":["set","string"]}]],"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain","computed":true},"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","computed":true},"encryption":{"type":["list",["object",{"default_kms_key_name":"string"}]],"description":"The bucket's encryption configuration.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","computed":true},"lifecycle_rule":{"type":["list",["object",{"action":["set",["object",{"storage_class":"string","type":"string"}]],"condition":["set",["object",{"age":"number","created_before":"string","custom_time_before":"string","days_since_custom_time":"number","days_since_noncurrent_time":"number","matches_prefix":["list","string"],"matches_storage_class":["list","string"],"matches_suffix":["list","string"],"noncurrent_time_before":"string","num_newer_versions":"number","with_state":"string"}]]}]],"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","computed":true},"logging":{"type":["list",["object",{"log_bucket":"string","log_object_prefix":"string"}]],"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","computed":true},"retention_policy":{"type":["list",["object",{"is_locked":"bool","retention_period":"number"}]],"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true},"versioning":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's Versioning configuration.","description_kind":"plain","computed":true},"website":{"type":["list",["object",{"main_page_suffix":"string","not_found_page":"string"}]],"description":"Configuration if the bucket acts as a website.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","optional":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","computed":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","optional":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object_content":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_object_signed_url":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"content_md5":{"type":"string","description_kind":"plain","optional":true},"content_type":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"duration":{"type":"string","description_kind":"plain","optional":true},"extension_headers":{"type":["map","string"],"description_kind":"plain","optional":true},"http_method":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description_kind":"plain","required":true},"signed_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_project_service_account":{"version":0,"block":{"attributes":{"email_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_transfer_project_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subject_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_tensorflow_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"versions":{"type":["list","string"],"description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.","description_kind":"plain","computed":true},"metadata":{"type":["list",["object",{"config":["list",["object",{"algorithm_config":["list",["object",{"brute_force_config":["list",["object",{}]],"tree_ah_config":["list",["object",{"leaf_node_embedding_count":"number","leaf_nodes_to_search_percent":"number"}]]}]],"approximate_neighbors_count":"number","dimensions":"number","distance_measure_type":"string","feature_norm_type":"string","shard_size":"string"}]],"contents_delta_uri":"string","is_complete_overwrite":"bool"}]],"description":"An additional information about the Index","description_kind":"plain","computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector.","description_kind":"plain","computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector.","description_kind":"plain","computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true},"subnet":{"type":["list",["object",{"name":"string","project_id":"string"}]],"description":"The subnet in which to house the connector","description_kind":"plain","computed":true}},"description_kind":"plain"}}}}}} +{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/google":{"provider":{"version":0,"block":{"attributes":{"access_approval_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_context_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_token":{"type":"string","description_kind":"plain","optional":true},"active_directory_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"add_terraform_attribution_label":{"type":"bool","description_kind":"plain","optional":true},"alloydb_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apigee_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apikeys_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"app_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"artifact_registry_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"assured_workloads_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"beyondcorp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"big_query_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"biglake_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_analytics_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_connection_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_data_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_datapolicy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_reservation_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigtable_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_project":{"type":"string","description_kind":"plain","optional":true},"binary_authorization_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"blockchain_node_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"certificate_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_asset_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_worker_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_functions_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_identity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_ids_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_scheduler_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_tasks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudbuildv2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddeploy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddomains_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudfunctions2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"composer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"compute_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_analysis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_attached_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_aws_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_azure_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"core_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true},"data_catalog_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_fusion_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_loss_prevention_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_pipeline_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"database_migration_service_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataplex_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_metastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastream_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"default_labels":{"type":["map","string"],"description_kind":"plain","optional":true},"deployment_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_cx_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"discovery_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dns_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_warehouse_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgecontainer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgenetwork_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"essential_contacts_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"eventarc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"filestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebase_app_check_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebaserules_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_backup_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkehub_feature_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkeonprem_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"healthcare_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_beta_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_credentials_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_workforce_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iap_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"identity_platform_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account_delegates":{"type":["list","string"],"description_kind":"plain","optional":true},"integration_connectors_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"kms_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"logging_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"looker_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memcache_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"migration_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"ml_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"monitoring_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"netapp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_connectivity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_security_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"notebooks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"org_policy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_config_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_login_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privateca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_ca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_lite_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"recaptcha_enterprise_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"redis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"request_reason":{"type":"string","description_kind":"plain","optional":true},"request_timeout":{"type":"string","description_kind":"plain","optional":true},"resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"resource_manager_v3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"secret_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"secure_source_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"securityposture_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_networking_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_usage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"source_repo_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"spanner_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"sql_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_insights_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_location_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"terraform_attribution_label_addition_strategy":{"type":"string","description_kind":"plain","optional":true},"tpu_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"universe_domain":{"type":"string","description_kind":"plain","optional":true},"user_project_override":{"type":"bool","description_kind":"plain","optional":true},"vertex_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vmwareengine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vpc_access_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workbench_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workflows_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"zone":{"type":"string","description_kind":"plain","optional":true}},"block_types":{"batching":{"nesting_mode":"list","block":{"attributes":{"enable_batching":{"type":"bool","description_kind":"plain","optional":true},"send_after":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"resource_schemas":{"google_access_context_manager_access_level":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true},"require_verified_chrome_os":{"type":"bool","description":"If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.","description_kind":"plain","optional":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_level_condition":{"version":0,"block":{"attributes":{"access_level":{"type":"string","description":"The name of the Access Level to add this condition to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_levels":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"access_levels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1}},"description":"The desired Access Levels that should replace all existing Access Levels in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the AccessPolicy. Format: {policy_id}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of this AccessPolicy in the Cloud Resource Hierarchy.\nFormat: organizations/{organization_id}","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description":"Folder or project on which this policy is applicable.\nFormat: folders/{{folder_id}} or projects/{{project_id}}","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Does not affect behavior.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_authorized_orgs_desc":{"version":0,"block":{"attributes":{"asset_type":{"type":"string","description":"The type of entities that need to use the authorization relationship during\nevaluation, such as a device. Valid values are \"ASSET_TYPE_DEVICE\" and\n\"ASSET_TYPE_CREDENTIAL_STRENGTH\". Possible values: [\"ASSET_TYPE_DEVICE\", \"ASSET_TYPE_CREDENTIAL_STRENGTH\"]","description_kind":"plain","optional":true},"authorization_direction":{"type":"string","description":"The direction of the authorization relationship between this organization\nand the organizations listed in the \"orgs\" field. The valid values for this\nfield include the following:\n\nAUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic\nin the organizations listed in the 'orgs' field.\n\nAUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the 'orgs'\nfield to evaluate the traffic in this organization.\n\nFor the authorization relationship to take effect, all of the organizations\nmust authorize and specify the appropriate relationship direction. For\nexample, if organization A authorized organization B and C to evaluate its\ntraffic, by specifying \"AUTHORIZATION_DIRECTION_TO\" as the authorization\ndirection, organizations B and C must specify\n\"AUTHORIZATION_DIRECTION_FROM\" as the authorization direction in their\n\"AuthorizedOrgsDesc\" resource. Possible values: [\"AUTHORIZATION_DIRECTION_TO\", \"AUTHORIZATION_DIRECTION_FROM\"]","description_kind":"plain","optional":true},"authorization_type":{"type":"string","description":"A granular control type for authorization levels. Valid value is \"AUTHORIZATION_TYPE_TRUST\". Possible values: [\"AUTHORIZATION_TYPE_TRUST\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the 'AuthorizedOrgsDesc'. Format:\n'accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}'.\nThe 'authorized_orgs_desc' component must begin with a letter, followed by\nalphanumeric characters or '_'.\nAfter you create an 'AuthorizedOrgsDesc', you cannot change its 'name'.","description_kind":"plain","required":true},"orgs":{"type":["list","string"],"description":"The list of organization ids in this AuthorizedOrgsDesc.\nFormat: 'organizations/\u003corg_number\u003e'\nExample: 'organizations/123456'","description_kind":"plain","optional":true},"parent":{"type":"string","description":"Required. Resource name for the access policy which owns this 'AuthorizedOrgsDesc'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_egress_policy":{"version":0,"block":{"attributes":{"egress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_gcp_user_access_binding":{"version":0,"block":{"attributes":{"access_levels":{"type":["list","string"],"description":"Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"","description_kind":"plain","required":true},"group_key":{"type":"string","description":"Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\"","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","description_kind":"plain","computed":true},"organization_id":{"type":"string","description":"Required. ID of the parent organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeters":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"service_perimeters":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"set","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1}},"description":"The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain":{"version":0,"block":{"attributes":{"admin":{"type":"string","description":"The name of delegated administrator account used to perform Active Directory operations.\nIf not specified, setupadmin will be used.","description_kind":"plain","optional":true},"authorized_networks":{"type":["set","string"],"description":"The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks.\nIf CIDR subnets overlap between networks, domain creation will fail.","description_kind":"plain","optional":true},"domain_name":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fqdn":{"type":"string","description":"The fully-qualified domain name of the exposed domain used by clients to connect to the service.\nSimilar to what would be chosen for an Active Directory set up on an internal network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels that can contain user-provided metadata\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"locations":{"type":["list","string"],"description":"Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/]\ne.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique name of the domain using the format: 'projects/{project}/locations/global/domains/{domainName}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger.\nRanges must be unique and non-overlapping with existing subnets in authorizedNetworks","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain_trust":{"version":0,"block":{"attributes":{"domain":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selective_authentication":{"type":"bool","description":"Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.","description_kind":"plain","optional":true},"target_dns_ip_addresses":{"type":["set","string"],"description":"The target DNS server IP addresses which can resolve the remote domain involved in the trust.","description_kind":"plain","required":true},"target_domain_name":{"type":"string","description":"The fully qualified target domain name which will be in trust with the current domain.","description_kind":"plain","required":true},"trust_direction":{"type":"string","description":"The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values: [\"INBOUND\", \"OUTBOUND\", \"BIDIRECTIONAL\"]","description_kind":"plain","required":true},"trust_handshake_secret":{"type":"string","description":"The trust secret used for the handshake with the target domain. This will not be stored.","description_kind":"plain","required":true,"sensitive":true},"trust_type":{"type":"string","description":"The type of trust represented by the trust resource. Possible values: [\"FOREST\", \"EXTERNAL\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_backup":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_id":{"type":"string","description":"The ID of the alloydb backup.","description_kind":"plain","required":true},"cluster_name":{"type":"string","description":"The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).","description_kind":"plain","required":true},"cluster_uid":{"type":"string","description":"Output only. The system-generated UID of the cluster which was used to create this resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Delete time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the backup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Backup.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"expiry_quantity":{"type":["list",["object",{"retention_count":"number","total_retention_count":"number"}]],"description":"Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy.\nOnce the expiry quantity is over retention, the backup is eligible to be garbage collected.","description_kind":"plain","computed":true},"expiry_time":{"type":"string","description":"Output only. The time at which after the backup is eligible to be garbage collected.\nIt is the duration specified by the backup's retention policy, added to the backup's createTime.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb backup. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb backup should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"size_bytes":{"type":"string","description":"Output only. The size of the backup in bytes.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the backup.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The backup type, which suggests the trigger for the backup. Possible values: [\"TYPE_UNSPECIFIED\", \"ON_DEMAND\", \"AUTOMATED\", \"CONTINUOUS\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_source":{"type":["list",["object",{"backup_name":"string"}]],"description":"Cluster created from backup.","description_kind":"plain","computed":true},"cluster_id":{"type":"string","description":"The ID of the alloydb cluster.","description_kind":"plain","required":true},"cluster_type":{"type":"string","description":"The type of cluster. If not set, defaults to PRIMARY. Default value: \"PRIMARY\" Possible values: [\"PRIMARY\", \"SECONDARY\"]","description_kind":"plain","optional":true},"continuous_backup_info":{"type":["list",["object",{"earliest_restorable_time":"string","enabled_time":"string","encryption_info":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"schedule":["list","string"]}]],"description":"ContinuousBackupInfo describes the continuous backup properties of a cluster.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the cluster should be deleted forcefully.\nDeleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.\nDeleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = \"FORCE\" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb cluster should reside.","description_kind":"plain","required":true},"migration_source":{"type":["list",["object",{"host_port":"string","reference_id":"string","source_type":"string"}]],"description":"Cluster created via DMS migration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster resource.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation).\nSet to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current serving state of the cluster.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"list","block":{"attributes":{"backup_window":{"type":"string","description":"The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"enabled":{"type":"bool","description":"Whether automated backups are enabled.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to backups created using this configuration.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"quantity_based_retention":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of backups to retain.","description_kind":"plain","optional":true}},"description":"Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"time_based_retention":{"nesting_mode":"list","block":{"attributes":{"retention_period":{"type":"string","description":"The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"block_types":{"start_times":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).","description_kind":"plain"},"min_items":1}},"description":"Weekly schedule for the Backup.","description_kind":"plain"},"max_items":1}},"description":"The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.","description_kind":"plain"},"max_items":1},"continuous_backup_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether continuous backup recovery is enabled. If not set, defaults to true.","description_kind":"plain","optional":true},"recovery_window_days":{"type":"number","description":"The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1}},"description":"The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","optional":true}},"description":"Initial user to setup during cluster creation.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: \"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true}},"description":"Metadata related to network configuration.","description_kind":"plain"},"max_items":1},"restore_backup_source":{"nesting_mode":"list","block":{"attributes":{"backup_name":{"type":"string","description":"The name of the backup that this cluster is restored from.","description_kind":"plain","required":true}},"description":"The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"restore_continuous_backup_source":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The name of the source cluster that this cluster is restored from.","description_kind":"plain","required":true},"point_in_time":{"type":"string","description":"The point in time that this cluster is restored to, in RFC 3339 format.","description_kind":"plain","required":true}},"description":"The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"secondary_config":{"nesting_mode":"list","block":{"attributes":{"primary_cluster_name":{"type":"string","description":"Name of the primary cluster must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true}},"description":"Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_instance":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"]","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"database_flags":{"type":["map","string"],"description":"Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Instance.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gce_zone":{"type":"string","description":"The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The ID of the alloydb instance.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"The type of the instance.\nIf the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the 'depends_on' meta-data attribute.\nIf the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.\nExample: {instance_type = google_alloydb_cluster.\u003csecondary_cluster_name\u003e.cluster_type} instead of {instance_type = SECONDARY}\nIf the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.\nUse deletion_policy = \"FORCE\" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.\nUsers can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. Possible values: [\"PRIMARY\", \"READ_POOL\", \"SECONDARY\"]","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb instance.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance resource.","description_kind":"plain","computed":true},"reconciling":{"type":"bool","description":"Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the alloydb instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"client_connection_config":{"nesting_mode":"list","block":{"attributes":{"require_connectors":{"type":"bool","description":"Configuration to enforce connectors only (ex: AuthProxy) connections to the database.","description_kind":"plain","optional":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ssl_mode":{"type":"string","description":"SSL mode. Specifies client-server SSL/TLS connection behavior. Possible values: [\"ENCRYPTED_ONLY\", \"ALLOW_UNENCRYPTED_AND_ENCRYPTED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"SSL config option for this instance.","description_kind":"plain"},"max_items":1}},"description":"Client connection specific configurations.","description_kind":"plain"},"max_items":1},"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","optional":true,"computed":true}},"description":"Configurations for the machines that host the underlying database engine.","description_kind":"plain"},"max_items":1},"query_insights_config":{"nesting_mode":"list","block":{"attributes":{"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.","description_kind":"plain","optional":true},"query_string_length":{"type":"number","description":"Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"Record application tags for an instance. This flag is turned \"on\" by default.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"Record client address for an instance. Client address is PII information. This flag is turned \"on\" by default.","description_kind":"plain","optional":true}},"description":"Configuration for query insights.","description_kind":"plain"},"max_items":1},"read_pool_config":{"nesting_mode":"list","block":{"attributes":{"node_count":{"type":"number","description":"Read capacity, i.e. number of nodes in a read pool instance.","description_kind":"plain","optional":true}},"description":"Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_user":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"database_roles":{"type":["list","string"],"description":"List of database roles this database user has.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Password for this database user.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"The database role name of the user.","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The type of this user. Possible values: [\"ALLOYDB_BUILT_IN\", \"ALLOYDB_IAM_USER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_addons_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"advanced_api_ops_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"api_security_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"connectors_platform_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"integration_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"monetization_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1}},"description":"Addon configurations of the Apigee organization.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_endpoint_attachment":{"version":0,"block":{"attributes":{"connection_state":{"type":"string","description":"State of the endpoint attachment connection to the service attachment.","description_kind":"plain","computed":true},"endpoint_attachment_id":{"type":"string","description":"ID of the endpoint attachment.","description_kind":"plain","required":true},"host":{"type":"string","description":"Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the endpoint attachment.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Endpoint Attachment in the following format:\norganizations/{organization}/endpointAttachments/{endpointAttachment}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"service_attachment":{"type":"string","description":"Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_keystore":{"version":0,"block":{"attributes":{"aliases":{"type":["list","string"],"description":"Aliases in this keystore.","description_kind":"plain","computed":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created keystore.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_references":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Optional. A human-readable description of this reference.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"refers":{"type":"string","description":"Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup":{"version":0,"block":{"attributes":{"hostnames":{"type":["list","string"],"description":"Hostnames of the environment group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment group.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup_attachment":{"version":0,"block":{"attributes":{"envgroup_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'.","description_kind":"plain","required":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment":{"version":0,"block":{"attributes":{"api_proxy_type":{"type":"string","description":"Optional. API Proxy type supported by the environment. The type can be set when creating\nthe Environment and cannot be changed. Possible values: [\"API_PROXY_TYPE_UNSPECIFIED\", \"PROGRAMMABLE\", \"CONFIGURABLE\"]","description_kind":"plain","optional":true,"computed":true},"deployment_type":{"type":"string","description":"Optional. Deployment type supported by the environment. The deployment type can be\nset when creating the environment and cannot be changed. When you enable archive\ndeployment, you will be prevented from performing a subset of actions within the\nenvironment, including:\nManaging the deployment of API proxy or shared flow revisions;\nCreating, updating, or deleting resource files;\nCreating, updating, or deleting target servers. Possible values: [\"DEPLOYMENT_TYPE_UNSPECIFIED\", \"PROXY\", \"ARCHIVE\"]","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the environment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"type":{"type":"string","description":"Types that can be selected for an Environment. Each of the types are\nlimited by capability and capacity. Refer to Apigee's public documentation\nto understand about each of these types in details.\nAn Apigee org can support heterogeneous Environments. Possible values: [\"ENVIRONMENT_TYPE_UNSPECIFIED\", \"BASE\", \"INTERMEDIATE\", \"COMPREHENSIVE\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_config":{"nesting_mode":"list","block":{"attributes":{"current_aggregate_node_count":{"type":"string","description":"The current total number of gateway nodes that each environment currently has across\nall instances.","description_kind":"plain","computed":true},"max_node_count":{"type":"string","description":"The maximum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended maximum number of nodes for that gateway.","description_kind":"plain","optional":true},"min_node_count":{"type":"string","description":"The minimum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended minimum number of nodes for that gateway.","description_kind":"plain","optional":true}},"description":"NodeConfig for setting the min/max number of nodes associated with the environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_iam_binding":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_member":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apigee_flowhook":{"version":0,"block":{"attributes":{"continue_on_error":{"type":"bool","description":"Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the flow hook.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"flow_hook_point":{"type":"string","description":"Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the environment","description_kind":"plain","required":true},"sharedflow":{"type":"string","description":"Id of the Sharedflow attaching to a flowhook point.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance":{"version":0,"block":{"attributes":{"consumer_accept_list":{"type":["list","string"],"description":"Optional. Customer accept list represents the list of projects (id/number) on customer\nside that can privately connect to the service attachment. It is an optional field\nwhich the customers can provide during the instance creation. By default, the customer\nproject associated with the Apigee organization will be included to the list.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the instance.","description_kind":"plain","optional":true},"disk_encryption_key_name":{"type":"string","description":"Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_range":{"type":"string","description":"IP range represents the customer-provided CIDR block of length 22 that will be used for\nthe Apigee instance creation. This optional range, if provided, should be freely\navailable as part of larger named range the customer has allocated to the Service\nNetworking peering. If this is not provided, Apigee will automatically request for any\navailable /22 CIDR block from Service Networking. The customer should use this CIDR block\nfor configuring their firewall needs to allow traffic from Apigee.\nInput format: \"a.b.c.d/22\"","description_kind":"plain","optional":true},"location":{"type":"string","description":"Required. Compute Engine location where the instance resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource ID of the instance.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"peering_cidr_range":{"type":"string","description":"The size of the CIDR block range that will be reserved by the instance. For valid values,\nsee [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"string","description":"Output only. Port number of the exposed Apigee endpoint.","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Output only. Resource name of the service attachment created for the instance in\nthe format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately\nforward traffic to this service attachment using the PSC endpoints.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance_attachment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_key_cert_file":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"cert":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Private Key content, omit if uploading to truststore","description_kind":"plain","optional":true,"sensitive":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"certs_info":{"nesting_mode":"list","block":{"block_types":{"cert_info":{"nesting_mode":"list","block":{"attributes":{"basic_constraints":{"type":"string","description":"X.509 basic constraints extension.","description_kind":"plain","optional":true,"computed":true},"expiry_date":{"type":"string","description":"X.509 notAfter validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"is_valid":{"type":"string","description":"Flag that specifies whether the certificate is valid. \nFlag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"X.509 issuer.","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":"string","description":"Public key component of the X.509 subject public key info.","description_kind":"plain","optional":true,"computed":true},"serial_number":{"type":"string","description":"X.509 serial number.","description_kind":"plain","optional":true,"computed":true},"sig_alg_name":{"type":"string","description":"X.509 signatureAlgorithm.","description_kind":"plain","optional":true,"computed":true},"subject":{"type":"string","description":"X.509 subject.","description_kind":"plain","optional":true,"computed":true},"subject_alternative_names":{"type":["list","string"],"description":"X.509 subject alternative names (SANs) extension.","description_kind":"plain","optional":true,"computed":true},"valid_from":{"type":"string","description":"X.509 notBefore validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"X.509 version.","description_kind":"plain","optional":true,"computed":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Chain of certificates under this alias.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_pkcs12":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"file":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"filehash":{"type":"string","description":"Hash of the pkcs file","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_self_signed_cert":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias for the key/certificate pair. Values must match the regular expression [\\w\\s-.]{1,255}.\nThis must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either\nthis parameter or the JSON body.","description_kind":"plain","required":true},"cert_validity_in_days":{"type":"number","description":"Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.","description_kind":"plain","optional":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The Apigee environment name","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"string","description":"Key size. Default and maximum value is 2048 bits.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"The Apigee keystore name associated in an Apigee environment","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee environment","description_kind":"plain","required":true},"sig_alg":{"type":"string","description":"Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA","description_kind":"plain","required":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"Common name of the organization. Maximum length is 64 characters.","description_kind":"plain","optional":true},"country_code":{"type":"string","description":"Two-letter country code. Example, IN for India, US for United States of America.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address. Max 255 characters.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"City or town name. Maximum length is 128 characters.","description_kind":"plain","optional":true},"org":{"type":"string","description":"Organization name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"org_unit":{"type":"string","description":"Organization team name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State or district name. Maximum length is 128 characters.","description_kind":"plain","optional":true}},"description":"Subject details.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alternative_dns_names":{"nesting_mode":"list","block":{"attributes":{"subject_alternative_name":{"type":"string","description":"Subject Alternative Name","description_kind":"plain","optional":true}},"description":"List of alternative host names. Maximum length is 255 characters for each value.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_nat_address":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The allocated NAT IP address.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource ID of the NAT address.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the NAT IP address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_organization":{"version":0,"block":{"attributes":{"analytics_region":{"type":"string","description":"Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).","description_kind":"plain","optional":true},"apigee_project_id":{"type":"string","description":"Output only. Project ID of the Apigee Tenant Project.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"Compute Engine network used for Service Networking to be peered with Apigee runtime instances.\nSee [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).\nValid only when 'RuntimeType' is set to CLOUD. The value can be updated only when there are no runtime instances. For example: \"default\".","description_kind":"plain","optional":true},"billing_type":{"type":"string","description":"Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).","description_kind":"plain","optional":true,"computed":true},"ca_certificate":{"type":"string","description":"Output only. Base64-encoded public certificate for the root CA of the Apigee organization.\nValid only when 'RuntimeType' is CLOUD. A base64-encoded string.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the Apigee organization.","description_kind":"plain","optional":true},"disable_vpc_peering":{"type":"bool","description":"Flag that specifies whether the VPC Peering through Private Google Access should be\ndisabled between the consumer network and Apigee. Required if an 'authorizedNetwork'\non the consumer project is not provided, in which case the flag should be set to 'true'.\nValid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation\nof any Apigee runtime instance and can be updated only when there are no runtime instances.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Apigee organization.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Name of the Apigee organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID associated with the Apigee organization.","description_kind":"plain","required":true},"retention":{"type":"string","description":"Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType\nis not EVALUATION). It controls how long Organization data will be retained after the initial delete\noperation completes. During this period, the Organization may be restored to its last known state.\nAfter this period, the Organization will no longer be able to be restored. Default value: \"DELETION_RETENTION_UNSPECIFIED\" Possible values: [\"DELETION_RETENTION_UNSPECIFIED\", \"MINIMUM\"]","description_kind":"plain","optional":true},"runtime_database_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.\nUpdate is not allowed after the organization is created.\nIf not specified, a Google-Managed encryption key will be used.\nValid only when 'RuntimeType' is CLOUD. For example: 'projects/foo/locations/us/keyRings/bar/cryptoKeys/baz'.","description_kind":"plain","optional":true},"runtime_type":{"type":"string","description":"Runtime type of the Apigee organization based on the Apigee subscription purchased. Default value: \"CLOUD\" Possible values: [\"CLOUD\", \"HYBRID\"]","description_kind":"plain","optional":true},"subscription_type":{"type":"string","description":"Output only. Subscription type of the Apigee organization.\nValid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"block_types":{"property":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the property.","description_kind":"plain","optional":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Properties defined in the Apigee organization profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this shared flow.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the shared flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the shared flow.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this shared flow.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow_deployment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance","description_kind":"plain","required":true},"revision":{"type":"string","description":"Revision of the Sharedflow to be deployed.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.","description_kind":"plain","optional":true},"sharedflow_id":{"type":"string","description":"Id of the Sharedflow to be deployed.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sync_authorization":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.\nUsed internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identities":{"type":["list","string"],"description":"Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'.\n\nThe 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.\n\nThe service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_target_server":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of this TargetServer.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"host":{"type":"string","description":"The host name this target connects to. Value must be a valid hostname as described by RFC-1123.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_enabled":{"type":"bool","description":"Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive.","description_kind":"plain","required":true},"protocol":{"type":"string","description":"Immutable. The protocol used by this TargetServer. Possible values: [\"HTTP\", \"HTTP2\", \"GRPC_TARGET\", \"GRPC\", \"EXTERNAL_CALLOUT\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"s_sl_info":{"nesting_mode":"list","block":{"attributes":{"ciphers":{"type":["list","string"],"description":"The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3.","description_kind":"plain","optional":true},"client_auth_enabled":{"type":"bool","description":"Enables two-way TLS.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables TLS. If false, neither one-way nor two-way TLS will be enabled.","description_kind":"plain","required":true},"ignore_validation_errors":{"type":"bool","description":"If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails.","description_kind":"plain","optional":true},"key_alias":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert.","description_kind":"plain","optional":true},"key_store":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID of the keystore.","description_kind":"plain","optional":true},"protocols":{"type":["list","string"],"description":"The TLS versioins to be used.","description_kind":"plain","optional":true},"trust_store":{"type":"string","description":"The resource ID of the truststore.","description_kind":"plain","optional":true}},"block_types":{"common_name":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The TLS Common Name string of the certificate.","description_kind":"plain","optional":true},"wildcard_match":{"type":"bool","description":"Indicates whether the cert should be matched against as a wildcard cert.","description_kind":"plain","optional":true}},"description":"The TLS Common Name of the certificate.","description_kind":"plain"},"max_items":1}},"description":"Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apikeys_key":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human-readable display name of this API key. Modifiable by user.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_string":{"type":"string","description":"Output only. An encrypted and signed value held by this key. This field can be accessed only through the `GetKeyString` method.","description_kind":"plain","computed":true,"sensitive":true},"name":{"type":"string","description":"The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. Unique id in UUID4 format.","description_kind":"plain","computed":true}},"block_types":{"restrictions":{"nesting_mode":"list","block":{"block_types":{"android_key_restrictions":{"nesting_mode":"list","block":{"block_types":{"allowed_applications":{"nesting_mode":"list","block":{"attributes":{"package_name":{"type":"string","description":"The package name of the application.","description_kind":"plain","required":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.","description_kind":"plain","required":true}},"description":"A list of Android applications that are allowed to make API calls with this key.","description_kind":"plain"},"min_items":1}},"description":"The Android apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"api_targets":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.","description_kind":"plain","required":true}},"description":"A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.","description_kind":"plain"}},"browser_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_referrers":{"type":["list","string"],"description":"A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The HTTP referrers (websites) that are allowed to use the key.","description_kind":"plain"},"max_items":1},"ios_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_bundle_ids":{"type":["list","string"],"description":"A list of bundle IDs that are allowed when making API calls with this key.","description_kind":"plain","required":true}},"description":"The iOS apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"server_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_ips":{"type":["list","string"],"description":"A list of the caller IP addresses that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The IP addresses of callers that are allowed to use the key.","description_kind":"plain"},"max_items":1}},"description":"Key restrictions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"Identifier of the app.","description_kind":"plain","computed":true},"auth_domain":{"type":"string","description":"The domain to authenticate users with when using App Engine's User API.","description_kind":"plain","optional":true,"computed":true},"code_bucket":{"type":"string","description":"The GCS bucket code is being stored in for this app.","description_kind":"plain","computed":true},"database_type":{"type":"string","description_kind":"plain","optional":true,"computed":true},"default_bucket":{"type":"string","description":"The GCS bucket content is being stored in for this app.","description_kind":"plain","computed":true},"default_hostname":{"type":"string","description":"The default hostname for this app.","description_kind":"plain","computed":true},"gcr_domain":{"type":"string","description":"The GCR domain used for storing managed Docker images for this app.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location_id":{"type":"string","description":"The location to serve the app from.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique name of the app.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID to create the application under.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"The serving status of the app.","description_kind":"plain","optional":true,"computed":true},"url_dispatch_rule":{"type":["list",["object",{"domain":"string","path":"string","service":"string"}]],"description":"A list of dispatch rule blocks. Each block has a domain, path, and service field.","description_kind":"plain","computed":true}},"block_types":{"feature_settings":{"nesting_mode":"list","block":{"attributes":{"split_health_checks":{"type":"bool","description_kind":"plain","required":true}},"description":"A block of optional settings to configure specific App Engine features:","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Adapted for use with the app","description_kind":"plain","optional":true},"oauth2_client_id":{"type":"string","description":"OAuth2 client ID to use for the authentication flow.","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"Hex-encoded SHA-256 hash of the client secret.","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application_url_dispatch_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dispatch_rules":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\".\nDefaults to matching all domains: \"*\".","description_kind":"plain","optional":true},"path":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true},"service":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true}},"description":"Rules to match an HTTP request and dispatch that request to a service.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_domain_mapping":{"version":0,"block":{"attributes":{"domain_name":{"type":"string","description":"Relative name of the domain serving the application. Example: example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.","description_kind":"plain","computed":true},"override_strategy":{"type":"string","description":"Whether the domain creation should override any existing mappings for this domain.\nBy default, overrides are rejected. Default value: \"STRICT\" Possible values: [\"STRICT\", \"OVERRIDE\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_records":{"type":["list",["object",{"name":"string","rrdata":"string","type":"string"}]],"description":"The resource records required to configure this domain mapping. These records must be added to the domain's DNS\nconfiguration in order to serve the application via this domain mapping.","description_kind":"plain","computed":true}},"block_types":{"ssl_settings":{"nesting_mode":"list","block":{"attributes":{"certificate_id":{"type":"string","description":"ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will\nremove SSL support.\nBy default, a managed certificate is automatically created for every domain mapping. To omit SSL support\nor to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be\nauthorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource.\nExample: 12345.","description_kind":"plain","optional":true,"computed":true},"pending_managed_certificate_id":{"type":"string","description":"ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new\nmanaged certificate has been successfully provisioned, the previous SSL state will be preserved. Once the\nprovisioning process completes, the 'certificateId' field will reflect the new managed certificate and this\nfield will be left empty. To remove SSL support while there is still a pending managed certificate, clear the\n'certificateId' field with an update request.","description_kind":"plain","computed":true},"ssl_management_type":{"type":"string","description":"SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned.\nIf 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: [\"AUTOMATIC\", \"MANUAL\"]","description_kind":"plain","required":true}},"description":"SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_firewall_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to take if this rule matches. Possible values: [\"UNSPECIFIED_ACTION\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional string description of this rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"A positive integer that defines the order of rule evaluation.\nRules with the lowest priority are evaluated first.\n\nA default rule at priority Int32.MaxValue matches all IPv4 and\nIPv6 traffic when no previous rule matches. Only the action of\nthis rule can be modified by the user.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_range":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_flexible_app_version":{"version":0,"block":{"attributes":{"beta_settings":{"type":["map","string"],"description":"Metadata settings that are supplied to this version to enable beta runtime features.","description_kind":"plain","optional":true},"default_expiration":{"type":"string","description":"Duration that static files should be cached by web proxies and browsers.\nOnly applicable if the corresponding StaticFilesHandler does not specify its own expiration time.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nManualScaling: B1, B2, B4, B8, B4_1G\nDefaults to F1 for AutomaticScaling and B1 for ManualScaling.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"nobuild_files_regex":{"type":"string","description":"Files that match this pattern will not be built into this version. Only applicable for Go runtimes.","description_kind":"plain","optional":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true,"computed":true},"runtime_channel":{"type":"string","description":"The channel of the runtime to use. Only available for some runtimes.","description_kind":"plain","optional":true},"runtime_main_executable_path":{"type":"string","description":"The path or name of the app's main executable.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource. Can contain numbers, letters, and hyphens.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as\ndefault if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: \"SERVING\" Possible values: [\"SERVING\", \"STOPPED\"]","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens.\nReserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"api_config":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Action to take when users access resources that require authentication. Default value: \"AUTH_FAIL_ACTION_REDIRECT\" Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Level of login required to access this resource. Default value: \"LOGIN_OPTIONAL\" Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"script":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL to serve the endpoint at.","description_kind":"plain","optional":true}},"description":"Serving configuration for Google Cloud Endpoints.","description_kind":"plain"},"max_items":1},"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The time period that the Autoscaler should wait before it starts collecting information from a new instance.\nThis prevents the autoscaler from collecting information when the instance is initializing,\nduring which the collected usage would not be reliable. Default: 120s","description_kind":"plain","optional":true},"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true,"computed":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"max_total_instances":{"type":"number","description":"Maximum number of instances that should be started to handle requests for this version. Default: 20","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"min_total_instances":{"type":"number","description":"Minimum number of running instances that should be maintained for this version. Default: 2","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"aggregation_window_length":{"type":"string","description":"Period of time over which CPU utilization is calculated.","description_kind":"plain","optional":true},"target_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1.","description_kind":"plain","required":true}},"description":"Target scaling by CPU usage.","description_kind":"plain"},"min_items":1,"max_items":1},"disk_utilization":{"nesting_mode":"list","block":{"attributes":{"target_read_bytes_per_second":{"type":"number","description":"Target bytes read per second.","description_kind":"plain","optional":true},"target_read_ops_per_second":{"type":"number","description":"Target ops read per seconds.","description_kind":"plain","optional":true},"target_write_bytes_per_second":{"type":"number","description":"Target bytes written per second.","description_kind":"plain","optional":true},"target_write_ops_per_second":{"type":"number","description":"Target ops written per second.","description_kind":"plain","optional":true}},"description":"Target scaling by disk usage.","description_kind":"plain"},"max_items":1},"network_utilization":{"nesting_mode":"list","block":{"attributes":{"target_received_bytes_per_second":{"type":"number","description":"Target bytes received per second.","description_kind":"plain","optional":true},"target_received_packets_per_second":{"type":"number","description":"Target packets received per second.","description_kind":"plain","optional":true},"target_sent_bytes_per_second":{"type":"number","description":"Target bytes sent per second.","description_kind":"plain","optional":true},"target_sent_packets_per_second":{"type":"number","description":"Target packets sent per second.","description_kind":"plain","optional":true}},"description":"Target scaling by network usage.","description_kind":"plain"},"max_items":1},"request_utilization":{"nesting_mode":"list","block":{"attributes":{"target_concurrent_requests":{"type":"number","description":"Target number of concurrent requests.","description_kind":"plain","optional":true},"target_request_count_per_second":{"type":"string","description":"Target requests per second.","description_kind":"plain","optional":true}},"description":"Target scaling by request utilization.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"cloud_build_options":{"nesting_mode":"list","block":{"attributes":{"app_yaml_path":{"type":"string","description":"Path to the yaml file used in deployment, used to determine runtime configuration details.","description_kind":"plain","required":true},"cloud_build_timeout":{"type":"string","description":"The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly.","description_kind":"plain"},"max_items":1},"container":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest.\nExamples: \"gcr.io/my-project/image:tag\" or \"gcr.io/my-project/image@digest\"","description_kind":"plain","required":true}},"description":"The Docker image for the container that runs the version.","description_kind":"plain"},"max_items":1},"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"endpoints_api_service":{"nesting_mode":"list","block":{"attributes":{"config_id":{"type":"string","description":"Endpoints service configuration ID as specified by the Service Management API. For example \"2016-09-19r1\".\n\nBy default, the rollout strategy for Endpoints is \"FIXED\". This means that Endpoints starts up with a particular configuration ID.\nWhen a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID\nand is required in this case.\n\nEndpoints also has a rollout strategy called \"MANAGED\". When using this, Endpoints fetches the latest configuration and does not need\nthe configuration ID. In this case, configId must be omitted.","description_kind":"plain","optional":true},"disable_trace_sampling":{"type":"bool","description":"Enable or disable trace sampling. By default, this is set to false for enabled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Endpoints service name which is the name of the \"service\" resource in the Service Management API.\nFor example \"myapi.endpoints.myproject.cloud.goog\"","description_kind":"plain","required":true},"rollout_strategy":{"type":"string","description":"Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: \"FIXED\" Possible values: [\"FIXED\", \"MANAGED\"]","description_kind":"plain","optional":true}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are\nuploaded as static data and are only served to end users; they cannot be read by the application. If enabled,\nuploads are charged against both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".\nDefault is '0s'","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory.\nThe path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files.\nStatic file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"liveness_check":{"nesting_mode":"list","block":{"attributes":{"check_interval":{"type":"string","description":"Interval between health checks.","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"initial_delay":{"type":"string","description":"The initial delay before starting to execute the checks. Default: \"300s\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before considering the VM healthy. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances.","description_kind":"plain"},"min_items":1,"max_items":1},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"forwarded_ports":{"type":["list","string"],"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain","optional":true},"instance_tag":{"type":"string","description":"Tag to apply to the instance during creation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path.","description_kind":"plain","required":true},"session_affinity":{"type":"bool","description":"Enable session affinity.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path.\n\nIf the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range.\nIf the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network.\nIf the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork.\nIf specified, the subnetwork must exist in the same region as the App Engine flexible environment application.","description_kind":"plain","optional":true}},"description":"Extra network settings","description_kind":"plain"},"max_items":1},"readiness_check":{"nesting_mode":"list","block":{"attributes":{"app_start_timeout":{"type":"string","description":"A maximum time limit on application initialization, measured from moment the application successfully\nreplies to a healthcheck until it is ready to serve traffic. Default: \"300s\"","description_kind":"plain","optional":true},"check_interval":{"type":"string","description":"Interval between health checks. Default: \"5s\".","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before removing traffic. Default: 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before receiving traffic. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation.","description_kind":"plain"},"min_items":1,"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"Number of CPU cores needed.","description_kind":"plain","optional":true},"disk_gb":{"type":"number","description":"Disk size (GB) needed.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) needed.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Unique name for the volume.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Volume size in gigabytes.","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"Underlying volume type, e.g. 'tmpfs'.","description_kind":"plain","required":true}},"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain"}}},"description":"Machine resources for a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_app_engine_service_network_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"network_settings":{"nesting_mode":"list","block":{"attributes":{"ingress_traffic_allowed":{"type":"string","description":"The ingress settings for version or service. Default value: \"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\" Possible values: [\"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\", \"INGRESS_TRAFFIC_ALLOWED_ALL\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB\"]","description_kind":"plain","optional":true}},"description":"Ingress settings for this service. Will apply to all versions.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_service_split_traffic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"migrate_traffic":{"type":"bool","description":"If set to true traffic will be migrated to this version.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"split":{"nesting_mode":"list","block":{"attributes":{"allocations":{"type":["map","string"],"description":"Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.","description_kind":"plain","required":true},"shard_by":{"type":"string","description":"Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: [\"UNSPECIFIED\", \"COOKIE\", \"IP\", \"RANDOM\"]","description_kind":"plain","optional":true}},"description":"Mapping that defines fractional HTTP traffic diversion to different versions within the service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_standard_app_version":{"version":0,"block":{"attributes":{"app_engine_apis":{"type":"bool","description":"Allows App Engine second generation runtimes to access the legacy bundled services.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nBasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8\nDefaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"threadsafe":{"type":"bool","description":"Whether multiple requests can be dispatched to this version at once.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"standard_scheduler_settings":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances to run for this version. Set to zero to disable minInstances configuration.","description_kind":"plain","optional":true},"target_cpu_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true},"target_throughput_utilization":{"type":"number","description":"Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true}},"description":"Scheduler settings for standard environment.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"basic_scaling":{"nesting_mode":"list","block":{"attributes":{"idle_timeout":{"type":"string","description":"Duration of time after the last request that an instance must wait before the instance is shut down.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum number of instances to create for this version. Must be in the range [1.0, 200.0].","description_kind":"plain","required":true}},"description":"Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"min_items":1,"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"min_items":1,"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as\nstatic data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged\nagainst both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"libraries":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the library. Example \"django\".","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the library to select, or \"latest\".","description_kind":"plain","optional":true}},"description":"Configuration for third-party Python runtime libraries that are required by the application.","description_kind":"plain"}},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"egress_setting":{"type":"string","description":"The egress setting for the connector, controlling what traffic is diverted through it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"cleanup_policies":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Policy action. Possible values: [\"DELETE\", \"KEEP\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"newer_than":{"type":"string","description":"Match versions newer than a duration.","description_kind":"plain","optional":true},"older_than":{"type":"string","description":"Match versions older than a duration.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_prefixes":{"type":["list","string"],"description":"Match versions by tag prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_state":{"type":"string","description":"Match versions by tag status. Default value: \"ANY\" Possible values: [\"TAGGED\", \"UNTAGGED\", \"ANY\"]","description_kind":"plain","optional":true},"version_name_prefixes":{"type":["list","string"],"description":"Match versions by version name prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for matching versions.","description_kind":"plain"},"max_items":1},"most_recent_versions":{"nesting_mode":"list","block":{"attributes":{"keep_count":{"type":"number","description":"Minimum number of versions to keep.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for retaining a minimum number of versions. May only be\nspecified with a Keep action.","description_kind":"plain"},"max_items":1}},"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain"}},"docker_config":{"nesting_mode":"list","block":{"attributes":{"immutable_tags":{"type":"bool","description":"The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.","description_kind":"plain","optional":true}},"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain"},"max_items":1},"maven_config":{"nesting_mode":"list","block":{"attributes":{"allow_snapshot_overwrites":{"type":"bool","description":"The repository with this flag will allow publishing the same\nsnapshot versions.","description_kind":"plain","optional":true},"version_policy":{"type":"string","description":"Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"]","description_kind":"plain","optional":true}},"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain"},"max_items":1},"remote_repository_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the remote source.","description_kind":"plain","optional":true}},"block_types":{"apt_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Apt, e.g. '\"debian/dists/buster\"' Possible values: [\"DEBIAN\", \"UBUNTU\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base.","description_kind":"plain","required":true}},"description":"One of the publicly available Apt repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Apt remote repository.","description_kind":"plain"},"max_items":1},"docker_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Docker remote repository.","description_kind":"plain"},"max_items":1},"maven_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Maven remote repository.","description_kind":"plain"},"max_items":1},"npm_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"]","description_kind":"plain","optional":true}},"description":"Specific settings for an Npm remote repository.","description_kind":"plain"},"max_items":1},"python_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Python remote repository.","description_kind":"plain"},"max_items":1},"upstream_credentials":{"nesting_mode":"list","block":{"block_types":{"username_password_credentials":{"nesting_mode":"list","block":{"attributes":{"password_secret_version":{"type":"string","description":"The Secret Manager key version that holds the password to access the\nremote repository. Must be in the format of\n'projects/{project}/secrets/{secret}/versions/{version}'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to access the remote repository.","description_kind":"plain","optional":true}},"description":"Use username and password to access the remote repository.","description_kind":"plain"},"max_items":1}},"description":"The credentials used to access the remote repository.","description_kind":"plain"},"max_items":1},"yum_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Yum. Possible values: [\"CENTOS\", \"CENTOS_DEBUG\", \"CENTOS_VAULT\", \"CENTOS_STREAM\", \"ROCKY\", \"EPEL\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base, e.g. '\"centos/8-stream/BaseOS/x86_64/os\"'","description_kind":"plain","required":true}},"description":"One of the publicly available Yum repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Yum remote repository.","description_kind":"plain"},"max_items":1}},"description":"Configuration specific for a Remote Repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_repository_config":{"nesting_mode":"list","block":{"block_types":{"upstream_policies":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The user-provided ID of the upstream policy.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"Entries with a greater priority value take precedence in the pull order.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repository/repo1\".","description_kind":"plain","optional":true}},"description":"Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.","description_kind":"plain"}}},"description":"Configuration specific for a Virtual Repository.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_assured_workloads_workload":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.","description_kind":"plain","optional":true},"compliance_regime":{"type":"string","description":"Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT","description_kind":"plain","required":true},"compliance_status":{"type":["list",["object",{"acknowledged_violation_count":["list","number"],"active_violation_count":["list","number"]}]],"description":"Output only. Count of active Violations in the Workload.","description_kind":"plain","computed":true},"compliant_but_disallowed_services":{"type":["list","string"],"description":"Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Immutable. The Workload creation timestamp.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"ekm_provisioning_response":{"type":["list",["object",{"ekm_provisioning_error_domain":"string","ekm_provisioning_error_mapping":"string","ekm_provisioning_state":"string"}]],"description":"Optional. Represents the Ekm Provisioning State of the given workload.","description_kind":"plain","computed":true},"enable_sovereign_controls":{"type":"bool","description":"Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kaj_enrollment_state":{"type":"string","description":"Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels applied to the workload.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workload.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for the resource","description_kind":"plain","required":true},"partner":{"type":"string","description":"Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN","description_kind":"plain","optional":true},"provisioned_resources_parent":{"type":"string","description":"Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}","description_kind":"plain","optional":true},"resources":{"type":["list",["object",{"resource_id":"number","resource_type":"string"}]],"description":"Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.","description_kind":"plain","computed":true},"saa_enrollment_response":{"type":["list",["object",{"setup_errors":["list","string"],"setup_status":"string"}]],"description":"Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"violation_notifications_enabled":{"type":"bool","description":"Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"kms_settings":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.","description_kind":"plain","required":true},"rotation_period":{"type":"string","description":"Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.","description_kind":"plain","required":true}},"description":"**DEPRECATED** Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.","description_kind":"plain"},"max_items":1},"partner_permissions":{"nesting_mode":"list","block":{"attributes":{"assured_workloads_monitoring":{"type":"bool","description":"Optional. Allow partner to view violation alerts.","description_kind":"plain","optional":true},"data_logs_viewer":{"type":"bool","description":"Allow the partner to view inspectability logs and monitoring violations.","description_kind":"plain","optional":true},"service_access_approver":{"type":"bool","description":"Optional. Allow partner to view access approval logs.","description_kind":"plain","optional":true}},"description":"Optional. Permissions granted to the AW Partner SA account for the customer workload","description_kind":"plain"},"max_items":1},"resource_settings":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"User-assigned resource display name. If not empty it will be used to create a resource with the specified name.","description_kind":"plain","optional":true},"resource_id":{"type":"string","description":"Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER","description_kind":"plain","optional":true}},"description":"Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","optional":true}},"block_types":{"application_endpoint":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Hostname or IP address of the remote application endpoint.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port of the remote application endpoint.","description_kind":"plain","required":true}},"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain"},"min_items":1,"max_items":1},"gateway":{"nesting_mode":"list","block":{"attributes":{"app_gateway":{"type":"string","description":"AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.","description_kind":"plain","required":true},"ingress_port":{"type":"number","description":"Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of hosting used by the gateway. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1\nfor a list of possible values.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description":"Gateway used by the AppConnection.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"principal_info":{"nesting_mode":"list","block":{"block_types":{"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Email address of the service account.","description_kind":"plain","required":true}},"description":"ServiceAccount represents a GCP service account.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_catalog":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the catalog. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the catalog. Only set after the catalog\nis deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this catalog is considered expired. Only set\nafter the catalog is deleted. Only set after the catalog is deleted.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the Catalog should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the Catalog. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last modification time of the catalog. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_database":{"version":0,"block":{"attributes":{"catalog":{"type":"string","description":"The parent catalog.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation time of the database. A timestamp in RFC3339\nUTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the database. Only set after the\ndatabase is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this database is considered expired. Only set\nafter the database is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the database.","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The last modification time of the database. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"location_uri":{"type":"string","description":"Cloud Storage folder URI where the database data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Stores user supplied Hive database parameters. An object containing a\nlist of\"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"description":"Options of a Hive database.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_table":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the table. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"database":{"type":"string","description":"The id of the parent database.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the table. Only set after the\ntable is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The checksum of a table object computed by the server based on the value\nof other fields. It may be sent on update requests to ensure the client\nhas an up-to-date value before proceeding. It is only checked for update\ntable operations.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this table is considered expired. Only set\nafter the table is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The name of the Table. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type. Possible values: [\"HIVE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last modification time of the table. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"parameters":{"type":["map","string"],"description":"Stores user supplied Hive table parameters. An object containing a\nlist of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"table_type":{"type":"string","description":"Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.","description_kind":"plain","optional":true}},"block_types":{"storage_descriptor":{"nesting_mode":"list","block":{"attributes":{"input_format":{"type":"string","description":"The fully qualified Java class name of the input format.","description_kind":"plain","optional":true},"location_uri":{"type":"string","description":"Cloud Storage folder URI where the table data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The fully qualified Java class name of the output format.","description_kind":"plain","optional":true}},"description":"Stores physical storage information on the data.","description_kind":"plain"},"max_items":1}},"description":"Options of a Hive table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the data exchange.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the data exchange.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the data exchange.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_count":{"type":"number","description":"Number of listings contained in the data exchange.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this data exchange.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the data exchange, for example:\n\"projects/myproject/locations/US/dataExchanges/123\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the data exchange.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"Categories of the listing. Up to two categories are allowed.","description_kind":"plain","optional":true},"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (\u0026) and can't start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the listing.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the listing.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description":"The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"location":{"type":"string","description":"The name of the location this data exchange listing.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the listing. e.g. \"projects/myproject/locations/US/dataExchanges/123/listings/456\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the listing.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_access":{"type":"string","description":"Email or URL of the request access of the listing. Subscribers can use this reference to request access.","description_kind":"plain","optional":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset":{"type":"string","description":"Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123","description_kind":"plain","required":true}},"description":"Shared dataset i.e. BigQuery dataset source.","description_kind":"plain"},"min_items":1,"max_items":1},"data_provider":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the data provider.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the data provider.","description_kind":"plain","optional":true}},"description":"Details of the data provider who owns the source data.","description_kind":"plain"},"max_items":1},"publisher":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the listing publisher.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the listing publisher.","description_kind":"plain","optional":true}},"description":"Details of the publisher who owns the listing and who can share the source data.","description_kind":"plain"},"max_items":1},"restricted_export_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, enable restricted export.","description_kind":"plain","optional":true},"restrict_query_result":{"type":"bool","description":"If true, restrict export of query result derived from restricted linked dataset table.","description_kind":"plain","optional":true}},"description":"If set, restricted export configuration will be propagated and enforced on the linked dataset.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_bi_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"LOCATION_DESCRIPTION","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the singleton BI reservation. Reservation names have the form 'projects/{projectId}/locations/{locationId}/biReservation'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"Size of a reservation, in bytes.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The last update timestamp of a reservation.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"preferred_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset in the above project.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The assigned project ID of the project.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"The ID of the table in the above dataset.","description_kind":"plain","optional":true}},"description":"Preferred tables to use BI capacity for.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_capacity_commitment":{"version":0,"block":{"attributes":{"capacity_commitment_id":{"type":"string","description":"The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is\nempty. This field must only contain lower case alphanumeric characters or dashes. The first and last character\ncannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split\nor merged.","description_kind":"plain","optional":true},"commitment_end_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"commitment_start_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true},"enforce_single_admin_project_per_org":{"type":"string","description":"If true, fail the request if another project in the organization has a capacity commitment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123","description_kind":"plain","computed":true},"plan":{"type":"string","description":"Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"renewal_plan":{"type":"string","description":"The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans.","description_kind":"plain","optional":true},"slot_count":{"type":"number","description":"Number of slots in this commitment.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the commitment","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description":"Optional connection id that should be assigned to the created connection.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A descriptive description for the connection","description_kind":"plain","optional":true},"friendly_name":{"type":"string","description":"A descriptive name for the connection","description_kind":"plain","optional":true},"has_credential":{"type":"bool","description":"True if the connection has credential assigned.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the connection in the form of:\n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"block_types":{"access_role":{"nesting_mode":"list","block":{"attributes":{"iam_role_id":{"type":"string","description":"The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.","description_kind":"plain","required":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role.","description_kind":"plain","computed":true}},"description":"Authentication using Google owned service account to assume into customer's AWS IAM Role.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to Amazon Web Services.","description_kind":"plain"},"max_items":1},"azure":{"nesting_mode":"list","block":{"attributes":{"application":{"type":"string","description":"The name of the Azure Active Directory Application.","description_kind":"plain","computed":true},"client_id":{"type":"string","description":"The client id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"customer_tenant_id":{"type":"string","description":"The id of customer's directory that host the data.","description_kind":"plain","required":true},"federated_application_client_id":{"type":"string","description":"The Azure Application (client) ID where the federated credentials will be hosted.","description_kind":"plain","optional":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"redirect_uri":{"type":"string","description":"The URL user will be redirected to after granting consent during connection setup.","description_kind":"plain","computed":true}},"description":"Container for connection properties specific to Azure.","description_kind":"plain"},"max_items":1},"cloud_resource":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"description":"Container for connection properties for delegation of access to GCP resources.","description_kind":"plain"},"max_items":1},"cloud_spanner":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Cloud Spanner database in the form 'project/instance/database'.","description_kind":"plain","required":true},"database_role":{"type":"string","description":"Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as 'SELECT' and 'INSERT'. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about.","description_kind":"plain","optional":true},"max_parallelism":{"type":"number","description":"Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. 'useParallelism' and 'useDataBoost' must be set when setting max parallelism.","description_kind":"plain","optional":true},"use_data_boost":{"type":"bool","description":"If set, the request will be executed via Spanner independent compute resources. 'use_parallelism' must be set when using data boost.","description_kind":"plain","optional":true},"use_parallelism":{"type":"bool","description":"If parallelism should be used when reading from Cloud Spanner.","description_kind":"plain","optional":true},"use_serverless_analytics":{"type":"bool","description":"If the serverless analytics service should be used to read data from Cloud Spanner. 'useParallelism' must be set when using serverless analytics.","description_kind":"plain","deprecated":true,"optional":true}},"description":"Connection properties specific to Cloud Spanner","description_kind":"plain"},"max_items":1},"cloud_sql":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"Cloud SQL instance ID in the form project:location:instance.","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of the Cloud SQL database. Possible values: [\"DATABASE_TYPE_UNSPECIFIED\", \"POSTGRES\", \"MYSQL\"]","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password for database.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"Username for database.","description_kind":"plain","required":true}},"description":"Cloud SQL properties.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to the Cloud SQL.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"block_types":{"metastore_service_config":{"nesting_mode":"list","block":{"attributes":{"metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId].","description_kind":"plain","optional":true}},"description":"Dataproc Metastore Service configuration for the connection.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name].","description_kind":"plain","optional":true}},"description":"Spark History Server configuration for the connection.","description_kind":"plain"},"max_items":1}},"description":"Container for connection properties to execute stored procedures for Apache Spark. resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection_iam_binding":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_member":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_data_transfer_config":{"version":0,"block":{"attributes":{"data_refresh_window_days":{"type":"number","description":"The number of days to look back to automatically refresh the data.\nFor example, if dataRefreshWindowDays = 10, then every day BigQuery\nreingests data for [today-10, today-1], rather than ingesting data for\njust [today-1]. Only valid if the data source supports the feature.\nSet the value to 0 to use the default value.","description_kind":"plain","optional":true},"data_source_id":{"type":"string","description":"The data source id. Cannot be changed once the transfer config is created.","description_kind":"plain","required":true},"destination_dataset_id":{"type":"string","description":"The BigQuery target dataset id.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"When set to true, no runs are scheduled for a given transfer.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The user specified display name for the transfer config.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the transfer config. Transfer config names have the\nform projects/{projectId}/locations/{location}/transferConfigs/{configId}\nor projects/{projectId}/transferConfigs/{configId},\nwhere configId is usually a uuid, but this is not required.\nThe name is ignored when creating a transfer config.","description_kind":"plain","computed":true},"notification_pubsub_topic":{"type":"string","description":"Pub/Sub topic where notifications will be sent after transfer runs\nassociated with this transfer config finish.","description_kind":"plain","optional":true},"params":{"type":["map","string"],"description":"Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer'\nsection for each data source. For example the parameters for Cloud Storage transfers are listed here:\nhttps://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq\n\n**NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Data transfer schedule. If the data source does not support a custom\nschedule, this should be empty. If it is empty, the default value for\nthe data source will be used. The specified times are in UTC. Examples\nof valid format: 1st,3rd monday of month 15:30, every wed,fri of jan,\njun 13:15, and first sunday of quarter 00:00. See more explanation\nabout the format here:\nhttps://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format\nNOTE: the granularity should be at least 8 hours, or less frequent.","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"Service account email. If this field is set, transfer config will\nbe created with this service account credentials. It requires that\nrequesting user calling this API has permissions to act as this service account.","description_kind":"plain","optional":true}},"block_types":{"email_preferences":{"nesting_mode":"list","block":{"attributes":{"enable_failure_email":{"type":"bool","description":"If true, email notifications will be sent on transfer run failures.","description_kind":"plain","required":true}},"description":"Email notifications will be sent according to these preferences to the\nemail address of the user who owns this transfer config.","description_kind":"plain"},"max_items":1},"schedule_options":{"nesting_mode":"list","block":{"attributes":{"disable_auto_scheduling":{"type":"bool","description":"If true, automatic scheduling of data transfer runs for this\nconfiguration will be disabled. The runs can be started on ad-hoc\nbasis using transferConfigs.startManualRuns API. When automatic\nscheduling is disabled, the TransferConfig.schedule field will\nbe ignored.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Defines time to stop scheduling transfer runs. A transfer run cannot be\nscheduled at or after the end time. The end time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Specifies time to start scheduling transfer runs. The first run will be\nscheduled at or after the start time according to a recurrence pattern\ndefined in the schedule string. The start time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true}},"description":"Options customizing the data transfer schedule.","description_kind":"plain"},"max_items":1},"sensitive_params":{"nesting_mode":"list","block":{"attributes":{"secret_access_key":{"type":"string","description":"The Secret Access Key of the AWS account transferring data from.","description_kind":"plain","required":true,"sensitive":true}},"description":"Different parameters are configured primarily using the the 'params' field on this\nresource. This block contains the parameters which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key\nin the 'params' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description":"User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.","description_kind":"plain","required":true},"data_policy_type":{"type":"string","description":"The enrollment level of the service. Possible values: [\"COLUMN_LEVEL_SECURITY_POLICY\", \"DATA_MASKING_POLICY\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location of the data policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description":"Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_masking_policy":{"nesting_mode":"list","block":{"attributes":{"predefined_expression":{"type":"string","description":"The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: [\"SHA256\", \"ALWAYS_NULL\", \"DEFAULT_MASKING_VALUE\", \"LAST_FOUR_CHARACTERS\", \"FIRST_FOUR_CHARACTERS\", \"EMAIL_MASK\", \"DATE_YEAR_MASK\"]","description_kind":"plain","required":true}},"description":"The data masking policy that specifies the data masking rule to use.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_binding":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_member":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","optional":true,"computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","optional":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","optional":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","optional":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access":{"nesting_mode":"set","block":{"attributes":{"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain"}},"default_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.","description_kind":"plain","required":true}},"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_dataset_access":{"version":0,"block":{"attributes":{"api_updated_member":{"type":"bool","description":"If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles are\nsupported. Predefined roles that have equivalent basic roles are\nswapped by the API to their basic counterparts, and will show a diff\npost-create. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_job":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description":"The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"job_timeout_ms":{"type":"string","description":"Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.","description_kind":"plain","optional":true},"job_type":{"type":"string","description":"The type of the job.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location of the job. The default value is US.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"error_result":["list",["object",{"location":"string","message":"string","reason":"string"}]],"errors":["list",["object",{"location":"string","message":"string","reason":"string"}]],"state":"string"}]],"description":"The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"user_email":{"type":"string","description":"Email address of the user who ran the job.","description_kind":"plain","computed":true}},"block_types":{"copy":{"nesting_mode":"list","block":{"attributes":{"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table.","description_kind":"plain"},"max_items":1},"source_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Source tables to copy.","description_kind":"plain"},"min_items":1}},"description":"Copies a table.","description_kind":"plain"},"max_items":1},"extract":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.","description_kind":"plain","optional":true},"destination_format":{"type":"string","description":"The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.","description_kind":"plain","optional":true,"computed":true},"destination_uris":{"type":["list","string"],"description":"A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.","description_kind":"plain","required":true},"field_delimiter":{"type":"string","description":"When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','","description_kind":"plain","optional":true,"computed":true},"print_header":{"type":"bool","description":"Whether to print out a header row in the results. Default is true.","description_kind":"plain","optional":true},"use_avro_logical_types":{"type":"bool","description":"Whether to use logical types when extracting to AVRO format.","description_kind":"plain","optional":true}},"block_types":{"source_model":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this model.","description_kind":"plain","required":true},"model_id":{"type":"string","description":"The ID of the model.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this model.","description_kind":"plain","required":true}},"description":"A reference to the model being exported.","description_kind":"plain"},"max_items":1},"source_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"A reference to the table being exported.","description_kind":"plain"},"max_items":1}},"description":"Configures an extract job.","description_kind":"plain"},"max_items":1},"load":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.","description_kind":"plain","optional":true},"autodetect":{"type":"bool","description":"Indicates if we should automatically infer the options and schema for CSV and JSON sources.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').","description_kind":"plain","optional":true,"computed":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.","description_kind":"plain","optional":true},"null_marker":{"type":"string","description":"Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.","description_kind":"plain","optional":true},"projection_fields":{"type":["list","string"],"description":"If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.","description_kind":"plain","optional":true,"computed":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N \u003e 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.","description_kind":"plain","required":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table to load the data into.","description_kind":"plain"},"min_items":1,"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Parquet Options for load and make external tables.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.","description_kind":"plain","optional":true},"field":{"type":"string","description":"If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.","description_kind":"plain","required":true}},"description":"Time-based partitioning specification for the destination table.","description_kind":"plain"},"max_items":1}},"description":"Configures a load job.","description_kind":"plain"},"max_items":1},"query":{"nesting_mode":"list","block":{"attributes":{"allow_large_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"flatten_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.","description_kind":"plain","optional":true},"maximum_billing_tier":{"type":"number","description":"Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"maximum_bytes_billed":{"type":"string","description":"Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"parameter_mode":{"type":"string","description":"Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.","description_kind":"plain","required":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.","description_kind":"plain","optional":true},"use_query_cache":{"type":"bool","description":"Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"default_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset. Can be specified '{{dataset_id}}' if 'project_id' is also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}' if not.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.","description_kind":"plain"},"max_items":1},"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.","description_kind":"plain"},"max_items":1},"script_options":{"nesting_mode":"list","block":{"attributes":{"key_result_statement":{"type":"string","description":"Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"]","description_kind":"plain","optional":true},"statement_byte_budget":{"type":"string","description":"Limit on the number of bytes billed per statement. Exceeding this budget results in an error.","description_kind":"plain","optional":true},"statement_timeout_ms":{"type":"string","description":"Timeout period for each statement in a script.","description_kind":"plain","optional":true}},"description":"Options controlling the execution of scripts.","description_kind":"plain"},"max_items":1},"user_defined_function_resources":{"nesting_mode":"list","block":{"attributes":{"inline_code":{"type":"string","description":"An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"A code resource to load from a Google Cloud Storage URI (gs://bucket/path).","description_kind":"plain","optional":true}},"description":"Describes user-defined function resources used in the query.","description_kind":"plain"}}},"description":"Configures a query job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation":{"version":0,"block":{"attributes":{"concurrency":{"type":"number","description":"Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_idle_slots":{"type":"bool","description":"If false, any query using this reservation will use idle slots from other reservations within\nthe same admin project. If true, a query using this reservation will execute with the slot\ncapacity specified above at most.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"multi_region_auxiliary":{"type":"bool","description":"Applicable only for reservations located within one of the BigQuery multi-regions (US or EU).\nIf set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the reservation. This field must only contain alphanumeric characters or dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"slot_capacity":{"type":"number","description":"Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the\nunit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false.","description_kind":"plain","required":true}},"block_types":{"autoscale":{"nesting_mode":"list","block":{"attributes":{"current_slots":{"type":"number","description":"The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots].","description_kind":"plain","computed":true},"max_slots":{"type":"number","description":"Number of slots to be scaled when needed.","description_kind":"plain","optional":true}},"description":"The configuration parameters for the auto scaling feature.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation_assignment":{"version":0,"block":{"attributes":{"assignee":{"type":"string","description":"The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_type":{"type":"string","description":"Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The resource name of the assignment.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reservation":{"type":"string","description":"The reservation for the resource","description_kind":"plain","required":true},"state":{"type":"string","description":"Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_routine":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this routine was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The ID of the dataset containing this routine","description_kind":"plain","required":true},"definition_body":{"type":"string","description":"The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the routine if defined.","description_kind":"plain","optional":true},"determinism_level":{"type":"string","description":"The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_libraries":{"type":["list","string"],"description":"Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\", \"PYTHON\", \"JAVA\", \"SCALA\"]","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this routine was modified, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"return_table_type":{"type":"string","description":"Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.","description_kind":"plain","optional":true},"return_type":{"type":"string","description":"A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~\u003e**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"routine_id":{"type":"string","description":"The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters.","description_kind":"plain","required":true},"routine_type":{"type":"string","description":"The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"]","description_kind":"plain","required":true}},"block_types":{"arguments":{"nesting_mode":"list","block":{"attributes":{"argument_kind":{"type":"string","description":"Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"]","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~\u003e**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"mode":{"type":"string","description":"Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this argument. Can be absent for function return argument.","description_kind":"plain","optional":true}},"description":"Input/output argument of a function or a stored procedure.","description_kind":"plain"}},"remote_function_options":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"Fully qualified name of the user-provided connection object which holds\nthe authentication information to send requests to the remote service.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Endpoint of the user-provided remote service, e.g.\n'https://us-east1-my_gcf_project.cloudfunctions.net/remote_add'","description_kind":"plain","optional":true},"max_batching_rows":{"type":"string","description":"Max number of rows in each batch sent to the remote service. If absent or if 0,\nBigQuery dynamically decides the number of rows in a batch.","description_kind":"plain","optional":true},"user_defined_context":{"type":["map","string"],"description":"User-defined context as a set of key/value pairs, which will be sent as function\ninvocation context together with batched arguments in the requests to the remote\nservice. The total number of bytes of keys and values must be less than 8KB.\n\nAn object containing a list of \"key\": value pairs. Example:\n'{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote function specific options.","description_kind":"plain"},"max_items":1},"spark_options":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"connection":{"type":"string","description":"Fully qualified name of the user-provided Spark connection object.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"container_image":{"type":"string","description":"Custom container image for the runtime environment.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"jar_uris":{"type":["list","string"],"description":"JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"main_class":{"type":"string","description":"The fully qualified name of a class in jarUris, for example, com.example.wordcount.\nExactly one of mainClass and main_jar_uri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"main_file_uri":{"type":"string","description":"The main file/jar URI of the Spark application.\nExactly one of the definitionBody field and the mainFileUri field must be set for Python.\nExactly one of mainClass and mainFileUri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Configuration properties as a set of key/value pairs, which will be passed on to the Spark application.\nFor more information, see Apache Spark and the procedure option list.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"py_file_uris":{"type":["list","string"],"description":"Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"runtime_version":{"type":"string","description":"Runtime version. If not specified, the default runtime version is used.","description_kind":"plain","optional":true}},"description":"Optional. If language is one of \"PYTHON\", \"JAVA\", \"SCALA\", this field stores the options for spark stored procedure.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_table":{"version":0,"block":{"attributes":{"clustering":{"type":["list","string"],"description":"Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.","description_kind":"plain","optional":true},"creation_time":{"type":"number","description":"The time when this table was created, in milliseconds since the epoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The dataset ID to create the table in. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The field description.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"expiration_time":{"type":"number","description":"The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.","description_kind":"plain","optional":true,"computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the table.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this table was last modified, in milliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"max_staleness":{"type":"string","description":"The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of [SQL IntervalValue type](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-types#interval_type).","description_kind":"plain","optional":true},"num_bytes":{"type":"number","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_long_term_bytes":{"type":"number","description":"The number of bytes in the table that are considered \"long-term storage\".","description_kind":"plain","computed":true},"num_rows":{"type":"number","description":"The number of rows of data in this table, excluding any data in the streaming buffer.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the table.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"table_id":{"type":"string","description":"A unique ID for the resource. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Describes the table type.","description_kind":"plain","computed":true}},"block_types":{"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"The self link or full name of the kms key version used to encrypt this table.","description_kind":"plain","computed":true}},"description":"Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.","description_kind":"plain"},"max_items":1},"external_data_configuration":{"nesting_mode":"list","block":{"attributes":{"autodetect":{"type":"bool","description":"Let BigQuery try to autodetect the schema and format of the table.","description_kind":"plain","required":true},"compression":{"type":"string","description":"The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"{{project}}.{{location}}.{{connection_id}}\" or \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\".","description_kind":"plain","optional":true},"file_set_spec_type":{"type":"string","description":"Specifies how source URIs are interpreted for constructing the file set to load. By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems.","description_kind":"plain","optional":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when reading data.","description_kind":"plain","optional":true},"metadata_cache_mode":{"type":"string","description":"Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.","description_kind":"plain","optional":true},"object_metadata":{"type":"string","description":"Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.","description_kind":"plain","optional":true},"reference_file_schema_uri":{"type":"string","description":"When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":" Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"A list of the fully-qualified URIs that point to your data in Google Cloud.","description_kind":"plain","required":true}},"block_types":{"avro_options":{"nesting_mode":"list","block":{"attributes":{"use_avro_logical_types":{"type":"bool","description":"If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).","description_kind":"plain","required":true}},"description":"Additional options if source_format is set to \"AVRO\"","description_kind":"plain"},"max_items":1},"csv_options":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Indicates if BigQuery should accept rows that are missing trailing optional columns.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. The API-side default is \", specified in Terraform escaped as \\\". Due to limitations with Terraform default values, this value is required to be explicitly set.","description_kind":"plain","required":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when reading the data.","description_kind":"plain","optional":true}},"description":"Additional properties to set if source_format is set to \"CSV\".","description_kind":"plain"},"max_items":1},"google_sheets_options":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20\"","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.","description_kind":"plain","optional":true}},"description":"Additional options if source_format is set to \"GOOGLE_SHEETS\".","description_kind":"plain"},"max_items":1},"hive_partitioning_options":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"When set, what mode of hive partitioning to use when reading data.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"source_uri_prefix":{"type":"string","description":"When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.","description_kind":"plain","optional":true}},"description":"When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to JSON.\"","description_kind":"plain"},"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"Indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to PARQUET.\"","description_kind":"plain"},"max_items":1}},"description":"Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.","description_kind":"plain"},"max_items":1},"materialized_view":{"nesting_mode":"list","block":{"attributes":{"allow_non_incremental_definition":{"type":"bool","description":"Allow non incremental materialized view definition. The default value is false.","description_kind":"plain","optional":true},"enable_refresh":{"type":"bool","description":"Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.","description_kind":"plain","optional":true},"query":{"type":"string","description":"A query whose result is persisted.","description_kind":"plain","required":true},"refresh_interval_ms":{"type":"number","description":"Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000.","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a materialized view.","description_kind":"plain"},"max_items":1},"range_partitioning":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The field used to determine how to create a range-based partition.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"end":{"type":"number","description":"End of the range partitioning, exclusive.","description_kind":"plain","required":true},"interval":{"type":"number","description":"The width of each range within the partition.","description_kind":"plain","required":true},"start":{"type":"number","description":"Start of the range partitioning, inclusive.","description_kind":"plain","required":true}},"description":"Information required to partition based on ranges. Structure is documented below.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If specified, configures range-based partitioning for this table.","description_kind":"plain"},"max_items":1},"table_constraints":{"nesting_mode":"list","block":{"block_types":{"foreign_keys":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Set only if the foreign key constraint is named.","description_kind":"plain","optional":true}},"block_types":{"column_references":{"nesting_mode":"list","block":{"attributes":{"referenced_column":{"type":"string","description":"The column in the primary key that are referenced by the referencingColumn.","description_kind":"plain","required":true},"referencing_column":{"type":"string","description":"The column that composes the foreign key.","description_kind":"plain","required":true}},"description":"The pair of the foreign key column and primary key column.","description_kind":"plain"},"min_items":1,"max_items":1},"referenced_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as sample_table$20190123.","description_kind":"plain","required":true}},"description":"The table that holds the primary key and is referenced by this foreign key.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Present only if the table has a foreign key. The foreign key is not enforced.","description_kind":"plain"}},"primary_key":{"nesting_mode":"list","block":{"attributes":{"columns":{"type":["list","string"],"description":"The columns that are composed of the primary key constraint.","description_kind":"plain","required":true}},"description":"Represents a primary key constraint on a table's columns. Present only if the table has a primary key. The primary key is not enforced.","description_kind":"plain"},"max_items":1}},"description":"Defines the primary key and foreign keys.","description_kind":"plain"},"max_items":1},"table_replication_info":{"nesting_mode":"list","block":{"attributes":{"replication_interval_ms":{"type":"number","description":"The interval at which the source materialized view is polled for updates. The default is 300000.","description_kind":"plain","optional":true},"source_dataset_id":{"type":"string","description":"The ID of the source dataset.","description_kind":"plain","required":true},"source_project_id":{"type":"string","description":"The ID of the source project.","description_kind":"plain","required":true},"source_table_id":{"type":"string","description":"The ID of the source materialized view.","description_kind":"plain","required":true}},"description":"Replication info of a table created using \"AS REPLICA\" DDL like: \"CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv\".","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"number","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true,"computed":true},"field":{"type":"string","description":"The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","deprecated":true,"optional":true},"type":{"type":"string","description":"The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.","description_kind":"plain","required":true}},"description":"If specified, configures time-based partitioning for this table.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"query":{"type":"string","description":"A query that BigQuery executes when the view is referenced.","description_kind":"plain","required":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a view.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_app_profile":{"version":0,"block":{"attributes":{"app_profile_id":{"type":"string","description":"The unique name of the app profile in the form '[_a-zA-Z0-9][-_.a-zA-Z0-9]*'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Long form description of the use case for this app profile.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"If true, ignore safety checks when deleting/updating the app profile.","description_kind":"plain","optional":true},"instance":{"type":"string","description":"The name of the instance to create the app profile within.","description_kind":"plain","optional":true},"multi_cluster_routing_cluster_ids":{"type":["list","string"],"description":"The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.","description_kind":"plain","optional":true},"multi_cluster_routing_use_any":{"type":"bool","description":"If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique name of the requested app profile. Values are of the form 'projects/\u003cproject\u003e/instances/\u003cinstance\u003e/appProfiles/\u003cappProfileId\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"single_cluster_routing":{"nesting_mode":"list","block":{"attributes":{"allow_transactional_writes":{"type":"bool","description":"If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.","description_kind":"plain","optional":true},"cluster_id":{"type":"string","description":"The cluster to which read/write requests should be routed.","description_kind":"plain","required":true}},"description":"Use a single-cluster routing policy.","description_kind":"plain"},"max_items":1},"standard_isolation":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"string","description":"The priority of requests sent using this app profile. Possible values: [\"PRIORITY_LOW\", \"PRIORITY_MEDIUM\", \"PRIORITY_HIGH\"]","description_kind":"plain","required":true}},"description":"The standard options used for isolating this app profile's traffic from other use cases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_gc_policy":{"version":0,"block":{"attributes":{"column_family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"deletion_policy":{"type":"string","description":"The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"gc_rules":{"type":"string","description":"Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"block_types":{"max_age":{"nesting_mode":"list","block":{"attributes":{"days":{"type":"number","description":"Number of days before applying GC policy.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"duration":{"type":"string","description":"Duration before applying GC policy","description_kind":"plain","optional":true,"computed":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.","description_kind":"plain"},"max_items":1},"max_version":{"nesting_mode":"list","block":{"attributes":{"number":{"type":"number","description":"Number of version before applying the GC policy.","description_kind":"plain","required":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance":{"version":1,"block":{"attributes":{"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable display name of the Bigtable instance. Defaults to the instance name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".","description_kind":"plain","deprecated":true,"optional":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name (also called Instance Id in the Cloud Console) of the Cloud Bigtable instance. Must be 6-33 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the cluster","description_kind":"plain","computed":true},"storage_type":{"type":"string","description":"The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"cpu_target":{"type":"number","description":"The target CPU utilization for autoscaling. Value must be between 10 and 80.","description_kind":"plain","required":true},"max_nodes":{"type":"number","description":"The maximum number of nodes for autoscaling.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for autoscaling.","description_kind":"plain","required":true},"storage_target":{"type":"number","description":"The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.","description_kind":"plain","optional":true,"computed":true}},"description":"A list of Autoscaling configurations. Only one element is used and allowed.","description_kind":"plain"},"max_items":1}},"description":"A block of cluster configuration options. This can be specified at least once.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table":{"version":0,"block":{"attributes":{"change_stream_retention":{"type":"string","description":"Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"string","description":"A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the table. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"split_keys":{"type":["list","string"],"description":"A list of predefined keys to split the table on. !\u003e Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource.","description_kind":"plain","optional":true}},"block_types":{"column_family":{"nesting_mode":"set","block":{"attributes":{"family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true}},"description":"A group of columns within a table which share a common configuration. This can be specified multiple times.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_table_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account_iam_binding":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_member":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_budget":{"version":1,"block":{"attributes":{"billing_account":{"type":"string","description":"ID of the billing account to set a budget on.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User data for display name in UI. Must be \u003c= 60 chars.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the budget. The resource name\nimplies the scope of a budget. Values are of the form\nbillingAccounts/{billingAccountId}/budgets/{budgetId}.","description_kind":"plain","computed":true}},"block_types":{"all_updates_rule":{"nesting_mode":"list","block":{"attributes":{"disable_default_iam_recipients":{"type":"bool","description":"Boolean. When set to true, disables default notifications sent\nwhen a threshold is exceeded. Default recipients are\nthose with Billing Account Administrators and Billing\nAccount Users IAM roles for the target account.","description_kind":"plain","optional":true},"monitoring_notification_channels":{"type":["list","string"],"description":"The full resource name of a monitoring notification\nchannel in the form\nprojects/{project_id}/notificationChannels/{channel_id}.\nA maximum of 5 channels are allowed.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of the Cloud Pub/Sub topic where budget related\nmessages will be published, in the form\nprojects/{project_id}/topics/{topic_id}. Updates are sent\nat regular intervals to the topic.","description_kind":"plain","optional":true},"schema_version":{"type":"string","description":"The schema version of the notification. Only \"1.0\" is\naccepted. It represents the JSON schema as defined in\nhttps://cloud.google.com/billing/docs/how-to/budgets#notification_format.","description_kind":"plain","optional":true}},"description":"Defines notifications that are sent on every update to the\nbilling account's spend, regardless of the thresholds defined\nusing threshold rules.","description_kind":"plain"},"max_items":1},"amount":{"nesting_mode":"list","block":{"attributes":{"last_period_amount":{"type":"bool","description":"Configures a budget amount that is automatically set to 100% of\nlast period's spend.\nBoolean. Set value to true to use. Do not set to false, instead\nuse the 'specified_amount' block.","description_kind":"plain","optional":true}},"block_types":{"specified_amount":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The 3-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true,"computed":true},"nanos":{"type":"number","description":"Number of nano (10^-9) units of the amount.\nThe value must be between -999,999,999 and +999,999,999\ninclusive. If units is positive, nanos must be positive or\nzero. If units is zero, nanos can be positive, zero, or\nnegative. If units is negative, nanos must be negative or\nzero. For example $-1.75 is represented as units=-1 and\nnanos=-750,000,000.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode\nis \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"A specified amount to use as the budget. currencyCode is\noptional. If specified, it must match the currency of the\nbilling account. The currencyCode is provided on output.","description_kind":"plain"},"max_items":1}},"description":"The budgeted amount for each usage period.","description_kind":"plain"},"min_items":1,"max_items":1},"budget_filter":{"nesting_mode":"list","block":{"attributes":{"calendar_period":{"type":"string","description":"A CalendarPeriod represents the abstract concept of a recurring time period that has a\ncanonical start. Grammatically, \"the start of the current CalendarPeriod\".\nAll calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8).\n\nExactly one of 'calendar_period', 'custom_period' must be provided. Possible values: [\"MONTH\", \"QUARTER\", \"YEAR\", \"CALENDAR_PERIOD_UNSPECIFIED\"]","description_kind":"plain","optional":true},"credit_types":{"type":["list","string"],"description":"Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS,\nthis is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values.\nIf creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true},"credit_types_treatment":{"type":"string","description":"Specifies how credits should be treated when determining spend\nfor threshold calculations. Default value: \"INCLUDE_ALL_CREDITS\" Possible values: [\"INCLUDE_ALL_CREDITS\", \"EXCLUDE_ALL_CREDITS\", \"INCLUDE_SPECIFIED_CREDITS\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A single label and value pair specifying that usage from only\nthis set of labeled resources should be included in the budget.","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["set","string"],"description":"A set of projects of the form projects/{project_number},\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include\nall usage for the billing account, regardless of which project\nthe usage occurred on.","description_kind":"plain","optional":true},"resource_ancestors":{"type":["set","string"],"description":"A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId},\nspecifying that usage from only this set of folders and organizations should be included in the budget.\nIf omitted, the budget includes all usage that the billing account pays for. If the folder or organization\ncontains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects.","description_kind":"plain","optional":true},"services":{"type":["list","string"],"description":"A set of services of the form services/{service_id},\nspecifying that usage from only this set of services should be\nincluded in the budget. If omitted, the report will include\nusage for all the services. The service names are available\nthrough the Catalog API:\nhttps://cloud.google.com/billing/v1/how-tos/catalog-api.","description_kind":"plain","optional":true,"computed":true},"subaccounts":{"type":["list","string"],"description":"A set of subaccounts of the form billingAccounts/{account_id},\nspecifying that usage from only this set of subaccounts should\nbe included in the budget. If a subaccount is set to the name of\nthe parent account, usage from the parent account will be included.\nIf the field is omitted, the report will include usage from the parent\naccount and all subaccounts, if they exist.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"Optional. The end date of the time period. Budgets with elapsed end date won't be processed.\nIf unset, specifies to track all usage incurred since the startDate.","description_kind":"plain"},"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"A start date is required. The start date must be after January 1, 2017.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies to track usage from any start date (required) to any end date (optional).\nThis time period is static, it does not recur.\n\nExactly one of 'calendar_period', 'custom_period' must be provided.","description_kind":"plain"},"max_items":1}},"description":"Filters that define which resources are used to compute the actual\nspend against the budget.","description_kind":"plain"},"max_items":1},"threshold_rules":{"nesting_mode":"list","block":{"attributes":{"spend_basis":{"type":"string","description":"The type of basis used to determine if spend has passed\nthe threshold. Default value: \"CURRENT_SPEND\" Possible values: [\"CURRENT_SPEND\", \"FORECASTED_SPEND\"]","description_kind":"plain","optional":true},"threshold_percent":{"type":"number","description":"Send an alert when this threshold is exceeded. This is a\n1.0-based percentage, so 0.5 = 50%. Must be \u003e= 0.","description_kind":"plain","required":true}},"description":"Rules that trigger alerts (notifications of thresholds being\ncrossed) when spend exceeds the specified percentages of the\nbudget.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_project_info":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The ID of the billing account associated with the project, if\nany. Set to empty string to disable billing for the project.\nFor example, '\"012345-567890-ABCDEF\"' or '\"\"'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_subaccount":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"master_billing_account":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment. This field may be updated. The field may be\ndisplayed in chooser dialogs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"attestation_authority_note":{"nesting_mode":"list","block":{"attributes":{"delegation_service_account_email":{"type":"string","description":"This field will contain the service account email address that\nthis Attestor will use as the principal when querying Container\nAnalysis. Attestor administrators must grant this service account\nthe IAM role needed to read attestations from the noteReference in\nContainer Analysis (containeranalysis.notes.occurrences.viewer).\nThis email address is fixed for the lifetime of the Attestor, but\ncallers should not make any other assumptions about the service\naccount email; future versions may use an email based on a\ndifferent naming pattern.","description_kind":"plain","computed":true},"note_reference":{"type":"string","description":"The resource name of a ATTESTATION_AUTHORITY Note, created by the\nuser. If the Note is in a different project from the Attestor, it\nshould be specified in the format 'projects/*/notes/*' (or the legacy\n'providers/*/notes/*'). This field may not be updated.\nAn attestation by this attestor is stored as a Container Analysis\nATTESTATION_AUTHORITY Occurrence that names a container image\nand that links to this Note.","description_kind":"plain","required":true}},"block_types":{"public_keys":{"nesting_mode":"list","block":{"attributes":{"ascii_armored_pgp_public_key":{"type":"string","description":"ASCII-armored representation of a PGP public key, as the\nentire output by the command\n'gpg --export --armor foo@example.com' (either LF or CRLF\nline endings). When using this field, id should be left\nblank. The BinAuthz API handlers will calculate the ID\nand fill it in automatically. BinAuthz computes this ID\nas the OpenPGP RFC4880 V4 fingerprint, represented as\nupper-case hex. If id is provided by the caller, it will\nbe overwritten by the API-calculated ID.","description_kind":"plain","optional":true},"comment":{"type":"string","description":"A descriptive comment. This field may be updated.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The ID of this public key. Signatures verified by BinAuthz\nmust include the ID of the public key that can be used to\nverify them, and that ID must match the contents of this\nfield exactly. Additional restrictions on this field can\nbe imposed based on which public key type is encapsulated.\nSee the documentation on publicKey cases below for details.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pkix_public_key":{"nesting_mode":"list","block":{"attributes":{"public_key_pem":{"type":"string","description":"A PEM-encoded public key, as described in\n'https://tools.ietf.org/html/rfc7468#section-13'","description_kind":"plain","optional":true},"signature_algorithm":{"type":"string","description":"The signature algorithm used to verify a message against\na signature using this key. These signature algorithm must\nmatch the structure and any object identifiers encoded in\npublicKeyPem (i.e. this algorithm must match that of the\npublic key).","description_kind":"plain","optional":true}},"description":"A raw PKIX SubjectPublicKeyInfo format public key.\n\nNOTE: id may be explicitly provided by the caller when using this\ntype of public key, but it MUST be a valid RFC3986 URI. If id is left\nblank, a default one will be computed based on the digest of the DER\nencoding of the public key.","description_kind":"plain"},"max_items":1}},"description":"Public keys that verify attestations signed by this attestor. This\nfield may be updated.\nIf this field is non-empty, one of the specified public keys must\nverify that an attestation was signed by this attestor for the\nimage specified in the admission request.\nIf this field is empty, this attestor always returns that no valid\nattestations exist.","description_kind":"plain"}}},"description":"A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_binding":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_member":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_binary_authorization_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment.","description_kind":"plain","optional":true},"global_policy_evaluation_mode":{"type":"string","description":"Controls the evaluation of a Google-maintained global admission policy\nfor common system-level images. Images not covered by the global\npolicy will be subject to the project admission policy. Possible values: [\"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"admission_whitelist_patterns":{"nesting_mode":"list","block":{"attributes":{"name_pattern":{"type":"string","description":"An image name pattern to whitelist, in the form\n'registry/path/to/image'. This supports a trailing * as a\nwildcard, but this is allowed only in text after the registry/\npart.","description_kind":"plain","required":true}},"description":"A whitelist of image patterns to exclude from admission rules. If an\nimage's name matches a whitelist pattern, the image's admission\nrequests will always be permitted regardless of your admission rules.","description_kind":"plain"}},"cluster_admission_rules":{"nesting_mode":"set","block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Per-cluster admission rules. An admission rule specifies either that\nall container images used in a pod creation request must be attested\nto by one or more attestors, that all pod creations will be allowed,\nor that all pod creations will be denied. There can be at most one\nadmission rule per cluster spec.\n\n\nIdentifier format: '{{location}}.{{clusterId}}'.\nA location is either a compute zone (e.g. 'us-central1-a') or a region\n(e.g. 'us-central1').","description_kind":"plain"}},"default_admission_rule":{"nesting_mode":"list","block":{"attributes":{"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Default admission rule for a cluster without a per-cluster admission\nrule.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_blockchain_node_engine_blockchain_nodes":{"version":0,"block":{"attributes":{"blockchain_node_id":{"type":"string","description":"ID of the requesting object.","description_kind":"plain","required":true},"blockchain_type":{"type":"string","description":"User-provided key-value pairs Possible values: [\"ETHEREUM\"]","description_kind":"plain","optional":true},"connection_info":{"type":["list",["object",{"endpoint_info":["list",["object",{"json_rpc_api_endpoint":"string","websockets_api_endpoint":"string"}]],"service_attachment":"string"}]],"description":"The connection information through which to interact with a blockchain node.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp at which the blockchain node was first created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-provided key-value pairs\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of Blockchain Node being created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which the blockchain node was last updated.","description_kind":"plain","computed":true}},"block_types":{"ethereum_details":{"nesting_mode":"list","block":{"attributes":{"additional_endpoints":{"type":["list",["object",{"beacon_api_endpoint":"string","beacon_prometheus_metrics_api_endpoint":"string","execution_client_prometheus_metrics_api_endpoint":"string"}]],"description":"User-provided key-value pairs","description_kind":"plain","computed":true},"api_enable_admin":{"type":"bool","description":"Enables JSON-RPC access to functions in the admin namespace. Defaults to false.","description_kind":"plain","optional":true},"api_enable_debug":{"type":"bool","description":"Enables JSON-RPC access to functions in the debug namespace. Defaults to false.","description_kind":"plain","optional":true},"consensus_client":{"type":"string","description":"The consensus client Possible values: [\"CONSENSUS_CLIENT_UNSPECIFIED\", \"LIGHTHOUSE\"]","description_kind":"plain","optional":true},"execution_client":{"type":"string","description":"The execution client Possible values: [\"EXECUTION_CLIENT_UNSPECIFIED\", \"GETH\", \"ERIGON\"]","description_kind":"plain","optional":true},"network":{"type":"string","description":"The Ethereum environment being accessed. Possible values: [\"MAINNET\", \"TESTNET_GOERLI_PRATER\", \"TESTNET_SEPOLIA\"]","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"The type of Ethereum node. Possible values: [\"LIGHT\", \"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"block_types":{"geth_details":{"nesting_mode":"list","block":{"attributes":{"garbage_collection_mode":{"type":"string","description":"Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. Possible values: [\"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"validator_config":{"nesting_mode":"list","block":{"attributes":{"mev_relay_urls":{"type":["list","string"],"description":"URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client.","description_kind":"plain","optional":true}},"description":"Configuration for validator-related parameters on the beacon client, and for any managed validator client.","description_kind":"plain"},"max_items":1}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Certificate resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate. Certificate names must be unique\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.\nSee https://cloud.google.com/vpc/docs/edge-locations.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nSee https://cloud.google.com/compute/docs/regions-zones","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"authorization_attempt_info":{"type":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"description":"Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.","description_kind":"plain","computed":true},"dns_authorizations":{"type":["list","string"],"description":"Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"domains":{"type":["list","string"],"description":"The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution","description_kind":"plain","optional":true},"issuance_config":{"type":"string","description":"The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"provisioning_issue":{"type":["list",["object",{"details":"string","reason":"string"}]],"description":"Information about issues with provisioning this Managed Certificate.","description_kind":"plain","computed":true},"state":{"type":"string","description":"A state of this Managed Certificate.","description_kind":"plain","computed":true}},"description":"Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.","description_kind":"plain"},"max_items":1},"self_managed":{"nesting_mode":"list","block":{"attributes":{"certificate_pem":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true},"pem_certificate":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","optional":true},"pem_private_key":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","optional":true,"sensitive":true},"private_key_pem":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true}},"description":"Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_issuance_config":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a CertificateIssuanceConfig.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description":"Key algorithm to use when generating the private key. Possible values: [\"RSA_2048\", \"ECDSA_P256\"]","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"'Set of label tags associated with the CertificateIssuanceConfig resource.\n An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"1814400s\". Valid values are from 21 days (1814400s) to 30 days (2592000s)","description_kind":"plain","required":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate issuance config.\nCertificateIssuanceConfig names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rotation_window_percentage":{"type":"number","description":"It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate.\nMust be a number between 1-99, inclusive.\nYou must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after\nthe certificate has been issued and at least 7 days before it expires.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"certificate_authority_config":{"nesting_mode":"list","block":{"block_types":{"certificate_authority_service_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue a certificate.\nThe CA pool string has a relative resource path following the form\n\"projects/{project}/locations/{location}/caPools/{caPool}\".","description_kind":"plain","required":true}},"description":"Defines a CertificateAuthorityServiceConfig.","description_kind":"plain"},"max_items":1}},"description":"The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map_entry":{"version":0,"block":{"attributes":{"certificates":{"type":["list","string"],"description":"A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map Entry.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"map":{"type":"string","description":"A map entry that is inputted into the cetrificate map","description_kind":"plain","required":true},"matcher":{"type":"string","description":"A predefined matcher for particular cases, other than SNI selection","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map Entry. Certificate Map Entry\nnames must be unique globally and match pattern\n'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"A serving state of this Certificate Map Entry.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_dns_authorization":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"dns_resource_record":{"type":["list",["object",{"data":"string","name":"string","type":"string"}]],"description":"The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the DNS Authorization resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_trust_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a trust config.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the trust config.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The trust config location.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the trust config. Trust config names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trust_stores":{"nesting_mode":"list","block":{"block_types":{"intermediate_cas":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM intermediate certificate used for building up paths for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Set of intermediate CA certificates used for the path building phase of chain validation.\nThe field is currently not supported if trust config is used for the workload certificate feature.","description_kind":"plain"}},"trust_anchors":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM root certificate of the PKI used for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"List of Trust Anchors to be used while performing validation against a given TrustStore.","description_kind":"plain"}}},"description":"Set of trust stores to perform validation against.\nThis field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_folder_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder this feed should be created in.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The ID of the folder where this feed has been created. Both [FOLDER_NUMBER]\nand folders/[FOLDER_NUMBER] are accepted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_organization_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The organization this feed should be created in.","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_project_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing. If not specified, the resource's\nproject will be used.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group":{"version":0,"block":{"attributes":{"additional_group_keys":{"type":["list",["object",{"id":"string","namespace":"string"}]],"description":"Additional group keys associated with the Group","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the Group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_group_config":{"type":"string","description":"The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the Group was last updated.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the Group.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group_membership":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Membership was created.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the Group to create this membership in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the membership.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the Membership was last updated.","description_kind":"plain","computed":true}},"block_types":{"preferred_member_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the member.","description_kind":"plain"},"max_items":1},"roles":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values: [\"OWNER\", \"MANAGER\", \"MEMBER\"]","description_kind":"plain","required":true}},"block_types":{"expiry_detail":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time at which the MembershipRole will expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.\n\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"The MembershipRole expiry details, only supported for MEMBER role.\nOther roles cannot be accompanied with MEMBER role having expiry.","description_kind":"plain"},"max_items":1}},"description":"The MembershipRoles that apply to the Membership.\nMust not contain duplicate MembershipRoles with the same name.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_ids_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC 3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the endpoint.","description_kind":"plain","optional":true},"endpoint_forwarding_rule":{"type":"string","description":"URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"Internal IP address of the endpoint's network entry point.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like \"src-net\") or the full URL to the network (like \"projects/{project_id}/global/networks/src-net\").","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The minimum alert severity level that is reported by the endpoint. Possible values: [\"INFORMATIONAL\", \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\"]","description_kind":"plain","required":true},"threat_exceptions":{"type":["list","string"],"description":"Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Last update timestamp in RFC 3339 text format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_domain_mapping":{"version":1,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"mapped_route_name":"string","observed_generation":"number","resource_records":["list",["object",{"name":"string","rrdata":"string","type":"string"}]]}]],"description":"The current status of the DomainMapping.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","required":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.\n\nMore info:\nhttps://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.\n\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids","description_kind":"plain","computed":true}},"description":"Metadata associated with this DomainMapping.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"certificate_mode":{"type":"string","description":"The mode of the certificate. Default value: \"AUTOMATIC\" Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true},"force_override":{"type":"bool","description":"If set, the mapping will override any mapping set before this spec was set.\nIt is recommended that the user leaves this empty to receive an error\nwarning about a potential conflict and only set it once the respective UI\nhas given such a warning.","description_kind":"plain","optional":true},"route_name":{"type":"string","description":"The name of the Cloud Run Service that this DomainMapping applies to.\nThe route must exist.","description_kind":"plain","required":true}},"description":"The spec for this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Service:\n\n- 'run.googleapis.com/binary-authorization-breakglass' sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).\n- 'run.googleapis.com/binary-authorization' sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/custom-audiences' sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)\n that can be used in the audience field of ID token for authenticated requests.\n- 'run.googleapis.com/description' sets a user defined description for the Service.\n- 'run.googleapis.com/ingress' sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)\n for the Service. For example, '\"run.googleapis.com/ingress\" = \"all\"'.\n- 'run.googleapis.com/launch-stage' sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)\n when a preview feature is used. For example, '\"run.googleapis.com/launch-stage\": \"BETA\"'\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Revision template:\n\n- 'autoscaling.knative.dev/maxScale' sets the [maximum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.\n- 'autoscaling.knative.dev/minScale' sets the [minimum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/cloudsql-instances' sets the [Cloud SQL\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.\n- 'run.googleapis.com/cpu-throttling' sets whether to throttle the CPU when the container is not actively serving\n requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.\n- 'run.googleapis.com/encryption-key-shutdown-hours' sets the number of hours to wait before an automatic shutdown\n server after CMEK key revocation is detected.\n- 'run.googleapis.com/encryption-key' sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)\n reference to encrypt the container with.\n- 'run.googleapis.com/execution-environment' sets the [execution\n environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)\n where the application will run.\n- 'run.googleapis.com/post-key-revocation-action-type' sets the\n [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)\n after CMEK key revocation.\n- 'run.googleapis.com/secrets' sets a list of key-value pairs to set as\n [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).\n- 'run.googleapis.com/sessionAffinity' sets whether to enable\n [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)\n for connections to the Revision.\n- 'run.googleapis.com/startup-cpu-boost' sets whether to allocate extra CPU to containers on startup.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.\n- 'run.googleapis.com/vpc-access-connector' sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)\n for the Revision.\n- 'run.googleapis.com/vpc-access-egress' sets the outbound traffic to send through the VPC connector for this resource.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number. It will default to the resource's project.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Optional metadata for this Revision, including labels and annotations.\nName will be generated by the Configuration. To set minimum instances\nfor this revision, use the \"autoscaling.knative.dev/minScale\" annotation\nkey. To set maximum instances for this revision, use the\n\"autoscaling.knative.dev/maxScale\" annotation key. To set Cloud SQL\nconnections for the revision, use the \"run.googleapis.com/cloudsql-instances\"\nannotation key.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"container_concurrency":{"type":"number","description":"ContainerConcurrency specifies the maximum allowed in-flight (concurrent)\nrequests per container of the Revision. Values are:\n- '0' thread-safe, the system should manage the max concurrency. This is\n the default value.\n- '1' not-thread-safe. Single concurrency\n- '2-N' thread-safe, max concurrency of N","description_kind":"plain","optional":true,"computed":true},"service_account_name":{"type":"string","description":"Email address of the IAM service account associated with the revision of the\nservice. The service account represents the identity of the running revision,\nand determines what permissions the revision has. If not provided, the revision\nwill use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"serving_state":{"type":"string","description":"ServingState holds a value describing the state the resources\nare in for this Revision.\nIt is expected\nthat the system will manipulate this based on routability and load.","description_kind":"plain","deprecated":true,"computed":true},"timeout_seconds":{"type":"number","description":"TimeoutSeconds holds the max duration the instance is allowed for responding to a request.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell.\nThe docker image's ENTRYPOINT is used if this is not provided.","description_kind":"plain","optional":true},"image":{"type":"string","description":"Docker image name. This is most often a reference to a container located\nin the container registry, such as gcr.io/cloudrun/hello","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container","description_kind":"plain","optional":true,"computed":true},"working_dir":{"type":"string","description":"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.","description_kind":"plain","deprecated":true,"optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Defaults to \"\".","description_kind":"plain","optional":true}},"block_types":{"value_from":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud Secret Manager secret version. Must be 'latest' for the latest\nversion or an integer for a specific version.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form: :projects/{project-id|project-number}/secrets/.\nIf multiple alias definitions are needed, they must be separated by commas.\nThe alias definitions must be set on the run.googleapis.com/secrets annotation.","description_kind":"plain","required":true}},"description":"Selects a key (version) of a secret in Secret Manager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Source for the environment variable's value. Only supports secret_key_ref.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"env_from":{"nesting_mode":"list","block":{"attributes":{"prefix":{"type":"string","description":"An optional identifier to prepend to each key in the ConfigMap.","description_kind":"plain","optional":true}},"block_types":{"config_map_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the ConfigMap must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1},"secret_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the Secret must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"List of sources to populate environment variables in the container.\nAll invalid keys will be reported as an event when the container is starting.\nWhen a key exists in multiple sources, the value associated with the last source will\ntake precedence. Values defined by an Env with a duplicate key will take\nprecedence.","description_kind":"plain","deprecated":true}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 3600.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 3600.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than period_seconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails.","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to \"8080\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" (HTTP/1) and \"h2c\" (HTTP/2 end-to-end). Defaults to \"http1\".","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Protocol for port. Must be \"TCP\". Defaults to \"TCP\".","description_kind":"plain","optional":true}},"description":"List of open ports in the container.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Limits describes the maximum amount of compute resources allowed.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"requests":{"type":["map","string"],"description":"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is\nexplicitly specified, otherwise to an implementation-defined value.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true}},"description":"Compute Resources required by this container. Used to set values such as max memory","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 240.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 240.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than periodSeconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TcpSocket specifies an action involving a TCP port.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container.\nAll other probes are disabled if a startup probe is provided, until it\nsucceeds. Container will not be added to service endpoints if the probe fails.","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must\nnot contain ':'.","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.\nOnly supports SecretVolumeSources.","description_kind":"plain"}}},"description":"Containers defines the unit of execution for this Revision.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Mode bits to use on created files by default. Must be a value between 0000\nand 0777. Defaults to 0644. Directories within the path are not affected by\nthis setting. This might be in conflict with other options that affect the\nfile mode, like fsGroup, and the result can be other mode bits set.","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret\nis assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form:\n{alias}:projects/{project-id|project-number}/secrets/{secret-name}.\nIf multiple alias definitions are needed, they must be separated by\ncommas.\nThe alias definitions must be set on the run.googleapis.com/secrets\nannotation.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Cloud Secret Manager secret version.\nCan be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true},"mode":{"type":"number","description":"Mode bits to use on this file, must be a value between 0000 and 0777. If\nnot specified, the volume defaultMode will be used. This might be in\nconflict with other options that affect the file mode, like fsGroup, and\nthe result can be other mode bits set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the\nsecret_name.\nIf specified, the key will be used as the version to fetch from Cloud\nSecret Manager and the path will be the name of the file exposed in the\nvolume. When items are defined, they must specify a key and a path.","description_kind":"plain"}}},"description":"The secret's value will be presented as the content of a file whose\nname is defined in the item path. If no items are defined, the name of\nthe file is the secret_name.","description_kind":"plain"},"max_items":1}},"description":"Volume represents a named volume in a container.","description_kind":"plain"}}},"description":"RevisionSpec holds the desired state of the Revision (from the client).","description_kind":"plain"},"max_items":1}},"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"latest_revision":{"type":"bool","description":"LatestRevision may be optionally provided to indicate that the latest ready\nRevision of the Configuration should be used for this traffic target. When\nprovided LatestRevision must be true if RevisionName is empty; it must be\nfalse when RevisionName is non-empty.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Percent specifies percent of the traffic to this Revision or Configuration.","description_kind":"plain","required":true},"revision_name":{"type":"string","description":"RevisionName of a specific revision to which to send this portion of traffic.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Tag is optionally used to expose a dedicated url for referencing this target exclusively.","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL displays the URL for accessing tagged traffic targets. URL is displayed in status,\nand is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,\nbut may not contain anything else (e.g. basic auth, url path, etc.)","description_kind":"plain","computed":true}},"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter,\nor break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or\nhttps://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 ExecutionTemplate.","description_kind":"plain","optional":true},"parallelism":{"type":"number","description":"Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.","description_kind":"plain","optional":true,"computed":true},"task_count":{"type":"number","description":"Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/","description_kind":"plain","optional":true,"computed":true}},"block_types":{"template":{"nesting_mode":"list","block":{"attributes":{"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true,"computed":true},"max_retries":{"type":"number","description":"Number of retries allowed per Task, before marking this Task failed.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"timeout":{"type":"string","description":"Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the single container that defines the unit of execution for this task.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run job.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"Describes the task(s) that will be created when executing an execution","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The template used to create executions for this Job.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.","description_kind":"plain","optional":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of requests that each serving instance can receive.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"session_affinity":{"type":"bool","description":"Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"depends_on":{"type":["list","string"],"description":"Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy.","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","optional":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the exposed port of the container, which\nis the value of container.ports[0].containerPort.","description_kind":"plain","required":true}},"description":"TCPSocketAction describes an action based on opening a socket","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true,"computed":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu_idle":{"type":"bool","description":"Determines whether CPU is only allocated during requests. True by default if the parent 'resources' field is not set. However, if\n'resources' is set, this field must be explicitly set to true to preserve the default behavior.","description_kind":"plain","optional":true},"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"startup_cpu_boost":{"type":"bool","description":"Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.","description_kind":"plain","optional":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the containers that define the unit of execution for this Service.","description_kind":"plain"}},"scaling":{"nesting_mode":"list","block":{"attributes":{"max_instance_count":{"type":"number","description":"Maximum number of serving instances that this resource should have.","description_kind":"plain","optional":true},"min_instance_count":{"type":"number","description":"Minimum number of serving instances that this resource should have.","description_kind":"plain","optional":true}},"description":"Scaling settings for this Revision.","description_kind":"plain"},"max_items":1},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["set","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"GCS Bucket name","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the GCS bucket as read-only","description_kind":"plain","optional":true}},"description":"Represents a GCS Bucket mounted as a volume.","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path that is exported by the NFS server.","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the NFS volume as read only","description_kind":"plain","optional":true},"server":{"type":"string","description":"Hostname or IP address of the NFS server","description_kind":"plain","required":true}},"description":"Represents an NFS mount.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","optional":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run service.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"The template used to create revisions for this Service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"percent":{"type":"number","description":"Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"Revision to which to send this portion of traffic, if traffic allocation is by revision.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Indicates a string to be part of the URI to exclusively reference this target.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"]","description_kind":"plain","optional":true}},"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_scheduler_job":{"version":0,"block":{"attributes":{"attempt_deadline":{"type":"string","description":"The deadline for job attempts. If the request handler does not respond by this deadline then the request is\ncancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in\nexecution logs. Cloud Scheduler will retry the job according to the RetryConfig.\nThe allowed duration for this deadline is:\n* For HTTP targets, between 15 seconds and 30 minutes.\n* For App Engine HTTP targets, between 15 seconds and 24 hours.\n* **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human-readable description for the job.\nThis string must not contain more than 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the job.","description_kind":"plain","required":true},"paused":{"type":"bool","description":"Sets the job to a paused state. Jobs default to being enabled when this property is not set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the scheduler job resides. If it is not provided, Terraform will use the provider default.","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Describes the schedule on which the job will be executed.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the job.","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting schedule.\nThe value of this field must be a time zone name from the tz database.","description_kind":"plain","optional":true}},"block_types":{"app_engine_http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST or PUT.\nIt will result in invalid argument error to set a body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"HTTP request headers.\nThis map contains the header field names and values.\nHeaders can be set when the job is created.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"relative_uri":{"type":"string","description":"The relative URI.\nThe relative URL must begin with \"/\" and must be a valid HTTP relative URL.\nIt can contain a path, query string arguments, and \\# fragments.\nIf the relative URL is empty, then the root path \"/\" will be used.\nNo spaces are allowed, and the maximum length allowed is 2083 characters","description_kind":"plain","required":true}},"block_types":{"app_engine_routing":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"App instance.\nBy default, the job is sent to an instance which is available when the job is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\nBy default, the job is sent to the service which is the default service when the job is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\nBy default, the job is sent to the version which is the default version when the job is attempted.","description_kind":"plain","optional":true}},"description":"App Engine Routing setting for the job.","description_kind":"plain"},"max_items":1}},"description":"App Engine HTTP target.\nIf the job providers a App Engine HTTP target the cron will\nsend a request to the service instance","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST, PUT, or PATCH.\nIt is an error to set body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"This map contains the header field names and values.\nRepeated headers are not supported, but a header value can contain commas.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The full URI path that the request will be sent to.","description_kind":"plain","required":true}},"block_types":{"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token. If not specified,\n\"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OAuth token.\nThis type of authorization should be used when sending requests to a GCP endpoint.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified,\nthe URI specified in target will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OpenID Connect token.\nThis type of authorization should be used when sending requests to third party endpoints or Cloud Run.","description_kind":"plain"},"max_items":1}},"description":"HTTP target.\nIf the job providers a http_target the cron will\nsend a request to the targeted url","description_kind":"plain"},"max_items":1},"pubsub_target":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Attributes for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.","description_kind":"plain","optional":true},"data":{"type":"string","description":"The message payload for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.\n\n A base64-encoded string.","description_kind":"plain","optional":true},"topic_name":{"type":"string","description":"The full resource name for the Cloud Pub/Sub topic to which\nmessages will be published when a job is delivered. ~\u003e**NOTE:**\nThe topic name must be in the same format as required by PubSub's\nPublishRequest.name, e.g. 'projects/my-project/topics/my-topic'.","description_kind":"plain","required":true}},"description":"Pub/Sub target\nIf the job providers a Pub/Sub target the cron will publish\na message to the provided topic","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_backoff_duration":{"type":"string","description":"The maximum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\nA job's retry interval starts at minBackoffDuration,\nthen doubles maxDoublings times, then increases linearly,\nand finally retries retries at intervals of maxBackoffDuration up to retryCount times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"The time limit for retrying a failed job, measured from time when an execution was first attempted.\nIf specified with retryCount, the job will be retried until both limits are reached.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"min_backoff_duration":{"type":"string","description":"The minimum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"retry_count":{"type":"number","description":"The number of attempts that the system will make to run a\njob using the exponential backoff procedure described by maxDoublings.\nValues greater than 5 and negative values are not allowed.","description_kind":"plain","optional":true,"computed":true}},"description":"By default, if a job does not complete successfully,\nmeaning that an acknowledgement is not received from the handler,\nthen it will be retried with exponential backoff according to the settings","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the queue","description_kind":"plain","required":true},"name":{"type":"string","description":"The queue name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"app_engine_routing_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The host that the task is sent to.","description_kind":"plain","computed":true},"instance":{"type":"string","description":"App instance.\n\nBy default, the task is sent to an instance which is available when the task is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\n\nBy default, the task is sent to the service which is the default service when the task is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\n\nBy default, the task is sent to the version which is the default version when the task is attempted.","description_kind":"plain","optional":true}},"description":"Overrides for task-level appEngineRouting. These settings apply only\nto App Engine tasks in this queue","description_kind":"plain"},"max_items":1},"rate_limits":{"nesting_mode":"list","block":{"attributes":{"max_burst_size":{"type":"number","description":"The max burst size.\n\nMax burst size limits how fast tasks in queue are processed when many tasks are\nin the queue and the rate is high. This field allows the queue to have a high\nrate so processing starts shortly after a task is enqueued, but still limits\nresource usage when many tasks are enqueued in a short period of time.","description_kind":"plain","computed":true},"max_concurrent_dispatches":{"type":"number","description":"The maximum number of concurrent tasks that Cloud Tasks allows to\nbe dispatched for this queue. After this threshold has been\nreached, Cloud Tasks stops dispatching tasks until the number of\nconcurrent requests decreases.","description_kind":"plain","optional":true,"computed":true},"max_dispatches_per_second":{"type":"number","description":"The maximum rate at which tasks are dispatched from this queue.\n\nIf unspecified when the queue is created, Cloud Tasks will pick the default.","description_kind":"plain","optional":true,"computed":true}},"description":"Rate limits for task dispatches.\n\nThe queue's actual dispatch rate is the result of:\n\n* Number of tasks in the queue\n* User-specified throttling: rateLimits, retryConfig, and the queue's state.\n* System throttling due to 429 (Too Many Requests) or 503 (Service\n Unavailable) responses from the worker, high error rates, or to\n smooth sudden large traffic spikes.","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_attempts":{"type":"number","description":"Number of attempts per task.\n\nCloud Tasks will attempt the task maxAttempts times (that is, if\nthe first attempt fails, then there will be maxAttempts - 1\nretries). Must be \u003e= -1.\n\nIf unspecified when the queue is created, Cloud Tasks will pick\nthe default.\n\n-1 indicates unlimited attempts.","description_kind":"plain","optional":true,"computed":true},"max_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\n\nA task's retry interval starts at minBackoff, then doubles maxDoublings times,\nthen increases linearly, and finally retries retries at intervals of maxBackoff\nup to maxAttempts times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"If positive, maxRetryDuration specifies the time limit for\nretrying a failed task, measured from when the task was first\nattempted. Once maxRetryDuration time has passed and the task has\nbeen attempted maxAttempts times, no further attempts will be\nmade and the task will be deleted.\n\nIf zero, then the task age is unlimited.","description_kind":"plain","optional":true,"computed":true},"min_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings that determine the retry behavior.","description_kind":"plain"},"max_items":1},"stackdriver_logging_config":{"nesting_mode":"list","block":{"attributes":{"sampling_ratio":{"type":"number","description":"Specifies the fraction of operations to write to Stackdriver Logging.\nThis field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the\ndefault and means that no operations are logged.","description_kind":"plain","required":true}},"description":"Configuration options for writing logs to Stackdriver Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_bitbucket_server_config":{"version":0,"block":{"attributes":{"api_key":{"type":"string","description":"Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true},"config_id":{"type":"string","description":"The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name.","description_kind":"plain","required":true},"host_uri":{"type":"string","description":"Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed.\nIf you need to change it, please create another BitbucketServerConfig.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of this bitbucket server config.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the config.","description_kind":"plain","computed":true},"peered_network":{"type":"string","description":"The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection.\nThis should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty,\nno network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format\nprojects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username of the account Cloud Build will use on Bitbucket Server.","description_kind":"plain","required":true},"webhook_key":{"type":"string","description":"Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config.","description_kind":"plain","computed":true}},"block_types":{"connected_repositories":{"nesting_mode":"set","block":{"attributes":{"project_key":{"type":"string","description":"Identifier for the project storing the repository.","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Identifier for the repository.","description_kind":"plain","required":true}},"description":"Connected Bitbucket Server repositories for this config.","description_kind":"plain"}},"secrets":{"nesting_mode":"list","block":{"attributes":{"admin_access_token_version_name":{"type":"string","description":"The resource name for the admin access token's secret version.","description_kind":"plain","required":true},"read_access_token_version_name":{"type":"string","description":"The resource name for the read access token's secret version.","description_kind":"plain","required":true},"webhook_secret_version_name":{"type":"string","description":"Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true}},"description":"Secret Manager secrets needed by the config.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","optional":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","optional":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","optional":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","computed":true}},"block_types":{"approval_config":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.","description_kind":"plain","optional":true}},"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain"},"max_items":1},"bitbucket_server_trigger_config":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config_resource":{"type":"string","description":"The Bitbucket server config resource that this trigger config maps to.","description_kind":"plain","required":true},"project_key":{"type":"string","description":"Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.","description_kind":"plain","required":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Filter to match changes in pull requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the gitRef regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"Filter to match changes in refs like branches, tags.","description_kind":"plain"},"max_items":1}},"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain"},"max_items":1},"build":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.","description_kind":"plain","optional":true},"logs_bucket":{"type":"string","description":"Google Cloud Storage bucket where logs should be written.\nLogs file names will be of the format ${logsBucket}/log-${build_id}.txt.","description_kind":"plain","optional":true},"queue_ttl":{"type":"string","description":"TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a Build. These are not docker tags.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).","description_kind":"plain","optional":true}},"block_types":{"artifacts":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.","description_kind":"plain","optional":true}},"block_types":{"maven_artifacts":{"nesting_mode":"list","block":{"attributes":{"artifact_id":{"type":"string","description":"Maven artifactId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"Maven groupId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY\"\n\nArtifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Maven version value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true}},"description":"A Maven artifact to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"npm_packages":{"nesting_mode":"list","block":{"attributes":{"package_path":{"type":"string","description":"Path to the package.json. e.g. workspace/path/to/package","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY\"\n\nNpm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Npm package to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"objects":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace.","description_kind":"plain","optional":true},"timing":{"type":["list",["object",{"end_time":"string","start_time":"string"}]],"description":"Output only. Stores timing information for pushing all artifact objects.","description_kind":"plain","computed":true}},"description":"A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"},"max_items":1},"python_packages":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY\"\n\nFiles in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}}},"description":"Artifacts produced by the build that should be uploaded upon successful completion of all build steps.","description_kind":"plain"},"max_items":1},"available_secrets":{"nesting_mode":"list","block":{"block_types":{"secret_manager":{"nesting_mode":"list","block":{"attributes":{"env":{"type":"string","description":"Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.","description_kind":"plain","required":true},"version_name":{"type":"string","description":"Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*","description_kind":"plain","required":true}},"description":"Pairs a secret environment variable with a SecretVersion in Secret Manager.","description_kind":"plain"},"min_items":1}},"description":"Secrets and secret environment variables.","description_kind":"plain"},"max_items":1},"options":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.","description_kind":"plain","optional":true},"dynamic_substitutions":{"type":"bool","description":"Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"log_streaming_option":{"type":"string","description":"Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"]","description_kind":"plain","optional":true},"logging":{"type":"string","description":"Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"]","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Compute Engine machine type on which to run the build.","description_kind":"plain","optional":true},"requested_verify_option":{"type":"string","description":"Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"]","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.","description_kind":"plain","optional":true},"source_provenance_hash":{"type":["list","string"],"description":"Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"]","description_kind":"plain","optional":true},"substitution_option":{"type":"string","description":"Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"]","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.","description_kind":"plain","optional":true}},"description":"Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"Special options for this build.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Cloud KMS key name to use to decrypt these envs.","description_kind":"plain","required":true},"secret_env":{"type":["map","string"],"description":"Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.","description_kind":"plain","optional":true}},"description":"Secrets to decrypt using Cloud Key Management Service.","description_kind":"plain"}},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","required":true},"substitutions":{"type":["map","string"],"description":"Substitutions to use in a triggered build. Should only be used with triggers.run","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Location of the source in a Google Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source.","description_kind":"plain","required":true},"generation":{"type":"string","description":"Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used","description_kind":"plain","optional":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.","description_kind":"plain","required":true}},"description":"Location of the source in an archive file in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.","description_kind":"plain"},"max_items":1},"step":{"nesting_mode":"list","block":{"attributes":{"allow_exit_codes":{"type":["list","number"],"description":"Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.","description_kind":"plain","optional":true},"allow_failure":{"type":"bool","description":"Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.","description_kind":"plain","optional":true},"entrypoint":{"type":"string","description":"Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"id":{"type":"string","description":"Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.","description_kind":"plain","required":true},"script":{"type":"string","description":"A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.","description_kind":"plain","optional":true},"timing":{"type":"string","description":"Output only. Stores timing information for executing this\nbuild step.","description_kind":"plain","optional":true},"wait_for":{"type":["list","string"],"description":"The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.","description_kind":"plain","required":true}},"description":"List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"The operations to be performed on the workspace.","description_kind":"plain"},"min_items":1}},"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain"},"max_items":1},"git_file_source":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the file, with the repo root as the root of the path.","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true},"revision":{"type":"string","description":"The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true}},"description":"The file source describing the local or remote Build template.","description_kind":"plain"},"max_items":1},"github":{"nesting_mode":"list","block":{"attributes":{"enterprise_config_resource_name":{"type":"string","description":"The resource name of the github enterprise config that should be applied to this installation.\nFor example: \"projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}\"","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".","description_kind":"plain","optional":true},"owner":{"type":"string","description":"Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1}},"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain"},"max_items":1},"pubsub_config":{"nesting_mode":"list","block":{"attributes":{"service_account_email":{"type":"string","description":"Service account that will make the push request.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true},"subscription":{"type":"string","description":"Output only. Name of the subscription.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The name of the topic from which this subscription is receiving messages.","description_kind":"plain","required":true}},"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"repository_event_config":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The resource name of the Repo API resource.","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching Pull Requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching git pushes.","description_kind":"plain"},"max_items":1}},"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain"},"max_items":1},"source_to_build":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"The branch or tag to use. Must start with \"refs/\" (required).","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo.","description_kind":"plain","optional":true}},"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_template":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If\nomitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true,"computed":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository. If omitted, the name \"default\" is assumed.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true}},"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"webhook_config":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"Resource name for the secret required as a URL parameter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true}},"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuild_worker_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User specified annotations. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the request to create the `WorkerPool` was received.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Time at which the request to delete the `WorkerPool` was received.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-specified, human-readable name for the `WorkerPool`. If provided, this value must be 1-63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"User-defined name of the `WorkerPool`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. `WorkerPool` state. Possible values: STATE_UNSPECIFIED, PENDING, APPROVED, REJECTED, CANCELLED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A unique identifier for the `WorkerPool`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the request to update the `WorkerPool` was received.","description_kind":"plain","computed":true}},"block_types":{"network_config":{"nesting_mode":"list","block":{"attributes":{"peered_network":{"type":"string","description":"Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)","description_kind":"plain","required":true},"peered_network_ip_range":{"type":"string","description":"Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.","description_kind":"plain","optional":true}},"description":"Network configuration for the `WorkerPool`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Size of the disk attached to the worker, in GB. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If `0` is specified, Cloud Build will use a standard disk size.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of a worker, such as `n1-standard-1`. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use `n1-standard-1`.","description_kind":"plain","optional":true},"no_external_ip":{"type":"bool","description":"If true, workers are created without any public address, which prevents network egress to public IPs.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration to be used for a creating workers in the `WorkerPool`.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Output only. Installation state of the Connection.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the connection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the background.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"number","description":"GitHub App installation id.","description_kind":"plain","optional":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"number","description":"Id of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"number","description":"ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"The URL-friendly name of the GitHub App.","description_kind":"plain","optional":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"private_key_secret_version":{"type":"string","description":"SecretManager resource containing the private key of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"SecretManager resource containing the webhook secret of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.","description_kind":"plain","optional":true,"computed":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitLab Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the 'api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the minimum 'read_api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to gitlab.com or an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_repository":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the repository.","description_kind":"plain","required":true},"parent_connection":{"type":"string","description":"The connection for the resource","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remote_uri":{"type":"string","description":"Required. Git Clone HTTPS URI.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_automation":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash ('/'). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character ('[a-z0-9A-Z]') with dashes ('-'), underscores ('_'), dots ('.'), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots('.'), not longer than 253 characters in total, followed by a slash ('/'). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"delivery_pipeline":{"type":"string","description":"The delivery_pipeline for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the 'Automation'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The weak etag of the 'Automation' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 63 characters.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'Automation'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources.","description_kind":"plain","required":true},"suspended":{"type":"bool","description":"Optional. When Suspended, automation is deactivated from execution.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the 'Automation'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"block_types":{"advance_rollout_rule":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"source_phases":{"type":["list","string"],"description":"Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: '^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$'.","description_kind":"plain","optional":true},"wait":{"type":"string","description":"Optional. How long to wait after a rollout is finished.","description_kind":"plain","optional":true}},"description":"Optional. The 'AdvanceRolloutRule' will automatically advance a successful Rollout.","description_kind":"plain"},"max_items":1},"promote_release_rule":{"nesting_mode":"list","block":{"attributes":{"destination_phase":{"type":"string","description":"Optional. The starting phase of the rollout created by this operation. Default to the first phase.","description_kind":"plain","optional":true},"destination_target_id":{"type":"string","description":"Optional. The ID of the stage in the pipeline to which this 'Release' is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * \"@next\", the next target in the promotion sequence.","description_kind":"plain","optional":true},"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"wait":{"type":"string","description":"Optional. How long the release need to be paused until being promoted to the next target.","description_kind":"plain","optional":true}},"description":"Optional. 'PromoteReleaseRule' will automatically promote a release from the current target to a specified target.","description_kind":"plain"},"max_items":1}},"description":"Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution.","description_kind":"plain"},"min_items":1},"selector":{"nesting_mode":"list","block":{"block_types":{"targets":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"ID of the 'Target'. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * \"*\", all targets in a location.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Target labels.","description_kind":"plain","optional":true,"computed":true}},"description":"Contains attributes about a target.","description_kind":"plain"},"min_items":1}},"description":"Required. Selected resources to which the automation will be applied.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time at which the 'CustomTargetType' was created.","description_kind":"plain","computed":true},"custom_target_type_id":{"type":"string","description":"Resource id of the 'CustomTargetType'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the 'CustomTargetType'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The weak etag of the 'CustomTargetType' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the source.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'CustomTargetType'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Unique identifier of the 'CustomTargetType'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time at which the 'CustomTargetType' was updated.","description_kind":"plain","computed":true}},"block_types":{"custom_actions":{"nesting_mode":"list","block":{"attributes":{"deploy_action":{"type":"string","description":"The Skaffold custom action responsible for deploy operations.","description_kind":"plain","required":true},"render_action":{"type":"string","description":"The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via 'skaffold render'.","description_kind":"plain","optional":true}},"block_types":{"include_skaffold_modules":{"nesting_mode":"list","block":{"attributes":{"configs":{"type":["list","string"],"description":"The Skaffold Config modules to use from the specified source.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Git ref the package should be cloned from.","description_kind":"plain","optional":true},"repo":{"type":"string","description":"Git repository the package should be cloned from.","description_kind":"plain","required":true}},"description":"Remote git repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_storage":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the source to the Skaffold file.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Cloud Storage source paths to copy recursively. For example, providing 'gs://my-bucket/dir/configs/*' will result in Skaffold copying all files within the 'dir/configs' directory in the bucket 'my-bucket'.","description_kind":"plain","required":true}},"description":"Cloud Storage bucket containing Skaffold Config modules.","description_kind":"plain"},"max_items":1}},"description":"List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose.","description_kind":"plain"}}},"description":"Configures render and deploy for the 'CustomTargetType' using Skaffold custom actions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"condition":{"type":["list",["object",{"pipeline_ready_condition":["list",["object",{"status":"bool","update_time":"string"}]],"targets_present_condition":["list",["object",{"missing_targets":["list","string"],"status":"bool","update_time":"string"}]],"targets_type_condition":["list",["object",{"error_details":"string","status":"bool"}]]}]],"description":"Output only. Information around the state of the Delivery Pipeline.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Time at which the pipeline was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the `DeliveryPipeline`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `DeliveryPipeline`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"suspended":{"type":"bool","description":"When suspended, no new releases or rollouts can be created, but in-progress ones will complete.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `DeliveryPipeline`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the pipeline was updated.","description_kind":"plain","computed":true}},"block_types":{"serial_pipeline":{"nesting_mode":"list","block":{"block_types":{"stages":{"nesting_mode":"list","block":{"attributes":{"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this stage's `Target`.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"The target_id to which this stage points. This field refers exclusively to the last segment of a target name. For example, this field would just be `my-target` (rather than `projects/project/locations/location/targets/my-target`). The location of the `Target` is inferred to be the same as the location of the `DeliveryPipeline` that contains this `Stage`.","description_kind":"plain","optional":true}},"block_types":{"deploy_parameters":{"nesting_mode":"list","block":{"attributes":{"match_target_labels":{"type":["map","string"],"description":"Optional. Deploy parameters are applied to targets with match labels. If unspecified, deploy parameters are applied to all targets (including child targets of a multi-target).","description_kind":"plain","optional":true},"values":{"type":["map","string"],"description":"Required. Values are deploy parameters in key-value pairs.","description_kind":"plain","required":true}},"description":"Optional. The deploy parameters to use for the target in this stage.","description_kind":"plain"}},"strategy":{"nesting_mode":"list","block":{"block_types":{"canary":{"nesting_mode":"list","block":{"block_types":{"canary_deployment":{"nesting_mode":"list","block":{"attributes":{"percentages":{"type":["list","number"],"description":"Required. The percentage based deployments that will occur as a part of a `Rollout`. List is expected in ascending order and each integer n is 0 \u003c= n \u003c 100.","description_kind":"plain","required":true},"verify":{"type":"bool","description":"Whether to run verify tests after each percentage deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of the last phase. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of the first phase. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Configures the progressive based deployment for a Target.","description_kind":"plain"},"max_items":1},"custom_canary_deployment":{"nesting_mode":"list","block":{"block_types":{"phase_configs":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"Required. Percentage deployment for the phase.","description_kind":"plain","required":true},"phase_id":{"type":"string","description":"Required. The ID to assign to the `Rollout` phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain","required":true},"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this phase. These are in addition to the profiles list specified in the `DeliveryPipeline` stage.","description_kind":"plain","optional":true},"verify":{"type":"bool","description":"Whether to run verify tests after the deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of this phase. If this is not configured, postdeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of this phase. If this is not configured, predeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1}},"description":"Required. Configuration for each phase in the canary deployment in the order executed.","description_kind":"plain"},"min_items":1}},"description":"Configures the progressive based deployment for a Target, but allows customizing at the phase level where a phase represents each of the percentage deployments.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"block_types":{"cloud_run":{"nesting_mode":"list","block":{"attributes":{"automatic_traffic_control":{"type":"bool","description":"Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments.","description_kind":"plain","optional":true},"canary_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the canary revision while the canary phase is in progress.","description_kind":"plain","optional":true},"prior_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the prior revision while the canary phase is in progress.","description_kind":"plain","optional":true},"stable_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the final stable revision when the stable phase is applied.","description_kind":"plain","optional":true}},"description":"Cloud Run runtime configuration.","description_kind":"plain"},"max_items":1},"kubernetes":{"nesting_mode":"list","block":{"block_types":{"gateway_service_mesh":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified HTTPRoute and Service.","description_kind":"plain","required":true},"http_route":{"type":"string","description":"Required. Name of the Gateway API HTTPRoute.","description_kind":"plain","required":true},"route_update_wait_time":{"type":"string","description":"Optional. The time to wait for route updates to propagate. The maximum configurable time is 3 hours, in seconds format. If unspecified, there is no wait time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true},"stable_cutback_duration":{"type":"string","description":"Optional. The amount of time to migrate traffic back from the canary Service to the original Service during the stable phase deployment. If specified, must be between 15s and 3600s. If unspecified, there is no cutback time.","description_kind":"plain","optional":true}},"description":"Kubernetes Gateway API service mesh configuration.","description_kind":"plain"},"max_items":1},"service_networking":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified Service.","description_kind":"plain","required":true},"disable_pod_overprovisioning":{"type":"bool","description":"Optional. Whether to disable Pod overprovisioning. If Pod overprovisioning is disabled then Cloud Deploy will limit the number of total Pods used for the deployment strategy to the number of Pods the Deployment has on the cluster.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Service networking configuration.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes runtime configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Runtime specific configurations for the deployment strategy. The runtime configuration is used to determine how Cloud Deploy will split traffic to enable a progressive deployment.","description_kind":"plain"},"max_items":1}},"description":"Canary deployment strategy provides progressive percentage based deployments to a Target.","description_kind":"plain"},"max_items":1},"standard":{"nesting_mode":"list","block":{"attributes":{"verify":{"type":"bool","description":"Whether to verify a deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Standard deployment strategy executes a single deploy and allows verifying the deployment.","description_kind":"plain"},"max_items":1}},"description":"Optional. The strategy to use for a `Rollout` to this stage.","description_kind":"plain"},"max_items":1}},"description":"Each stage specifies configuration for a `Target`. The ordering of this list defines the promotion flow.","description_kind":"plain"}}},"description":"SerialPipeline defines a sequential set of stages for a `DeliveryPipeline`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the `Target` was created.","description_kind":"plain","computed":true},"deploy_parameters":{"type":["map","string"],"description":"Optional. The deploy parameters to use for this target.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Optional. Description of the `Target`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `Target`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"require_approval":{"type":"bool","description":"Optional. Whether or not the `Target` requires approval.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"Output only. Resource id of the `Target`.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `Target`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the `Target` was updated.","description_kind":"plain","computed":true}},"block_types":{"anthos_cluster":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Information specifying an Anthos Cluster.","description_kind":"plain"},"max_items":1},"execution_configs":{"nesting_mode":"list","block":{"attributes":{"artifact_storage":{"type":"string","description":"Optional. Cloud Storage location in which to store execution outputs. This can either be a bucket (\"gs://my-bucket\") or a path within a bucket (\"gs://my-bucket/my-dir\"). If unspecified, a default bucket located in the same region will be used.","description_kind":"plain","optional":true,"computed":true},"execution_timeout":{"type":"string","description":"Optional. Execution timeout for a Cloud Build Execution. This must be between 10m and 24h in seconds format. If unspecified, a default timeout of 1h is used.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. Google service account to use for execution. If unspecified, the project execution service account (-compute@developer.gserviceaccount.com) is used.","description_kind":"plain","optional":true,"computed":true},"usages":{"type":["list","string"],"description":"Required. Usages when this configuration should be applied.","description_kind":"plain","required":true},"worker_pool":{"type":"string","description":"Optional. The resource name of the `WorkerPool`, with the format `projects/{project}/locations/{location}/workerPools/{worker_pool}`. If this optional field is unspecified, the default Cloud Build pool will be used.","description_kind":"plain","optional":true}},"description":"Configurations for all execution that relates to this `Target`. Each `ExecutionEnvironmentUsage` value may only be used in a single configuration; using the same value multiple times is an error. When one or more configurations are specified, they must include the `RENDER` and `DEPLOY` `ExecutionEnvironmentUsage` values. When no configurations are specified, execution will use the default specified in `DefaultPool`.","description_kind":"plain"}},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true}},"description":"Information specifying a GKE Cluster.","description_kind":"plain"},"max_items":1},"multi_target":{"nesting_mode":"list","block":{"attributes":{"target_ids":{"type":["list","string"],"description":"Required. The target_ids of this multiTarget.","description_kind":"plain","required":true}},"description":"Information specifying a multiTarget.","description_kind":"plain"},"max_items":1},"run":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Required. The location where the Cloud Run Service should be located. Format is `projects/{project}/locations/{location}`.","description_kind":"plain","required":true}},"description":"Information specifying a Cloud Run deployment target.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_target_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddomains_registration":{"version":0,"block":{"attributes":{"contact_notices":{"type":["list","string"],"description":"The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"domain_name":{"type":"string","description":"Required. The domain name. Unicode domain names must be expressed in Punycode format.","description_kind":"plain","required":true},"domain_notices":{"type":["list","string"],"description":"The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issues":{"type":["list","string"],"description":"Output only. The set of issues with the Registration that require attention.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the Registration.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the Registration resource, in the format projects/*/locations/*/registrations/\u003cdomain_name\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"register_failure_reason":{"type":"string","description":"Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the Registration.","description_kind":"plain","computed":true},"supported_privacy":{"type":["list","string"],"description":"Output only. Set of options for the contactSettings.privacy field that this Registration supports.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"contact_settings":{"nesting_mode":"list","block":{"attributes":{"privacy":{"type":"string","description":"Required. Privacy setting for the contacts associated with the Registration.\nValues are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA","description_kind":"plain","required":true}},"block_types":{"admin_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"registrant_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"technical_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Settings for contact information linked to the Registration.","description_kind":"plain"},"min_items":1,"max_items":1},"dns_settings":{"nesting_mode":"list","block":{"block_types":{"custom_dns":{"nesting_mode":"list","block":{"attributes":{"name_servers":{"type":["list","string"],"description":"Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain\nname, with Unicode domain names expressed in Punycode format.","description_kind":"plain","required":true}},"block_types":{"ds_records":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm used to generate the referenced DNSKEY.","description_kind":"plain","optional":true},"digest":{"type":"string","description":"The digest generated from the referenced DNSKEY.","description_kind":"plain","optional":true},"digest_type":{"type":"string","description":"The hash function used to generate the digest of the referenced DNSKEY.","description_kind":"plain","optional":true},"key_tag":{"type":"number","description":"The key tag of the record. Must be set in range 0 -- 65535.","description_kind":"plain","optional":true}},"description":"The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide\nthe values to set here. If this field is empty, DNSSEC is disabled.","description_kind":"plain"}}},"description":"Configuration for an arbitrary DNS provider.","description_kind":"plain"},"max_items":1},"glue_records":{"nesting_mode":"list","block":{"attributes":{"host_name":{"type":"string","description":"Required. Domain name of the host in Punycode format.","description_kind":"plain","required":true},"ipv4_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true},"ipv6_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true}},"description":"The list of glue records for this Registration. Commonly empty.","description_kind":"plain"}}},"description":"Settings controlling the DNS configuration of the Registration.","description_kind":"plain"},"max_items":1},"management_settings":{"nesting_mode":"list","block":{"attributes":{"preferred_renewal_method":{"type":"string","description":"The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice.\nIf unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL.\nYou cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration\nresource has state ACTIVE or SUSPENDED.\n\nWhen preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of\nproblems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After\nthe problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","optional":true,"computed":true},"renewal_method":{"type":"string","description":"Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL,\nthe actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account\nor reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the\nrenewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","computed":true},"transfer_lock_state":{"type":"string","description":"Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings for management of the Registration, including renewal, billing, and transfer","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"yearly_price":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The three-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode is \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from\nregistrations.retrieveRegisterParameters or registrations.searchDomains calls.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"block_types":{"build_config":{"nesting_mode":"list","block":{"attributes":{"build":{"type":"string","description":"The Cloud Build name of the latest successful\ndeployment of the function.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key.","description_kind":"plain","optional":true,"computed":true},"entry_point":{"type":"string","description":"The name of the function (as defined in source code) that will be executed.\nDefaults to the resource name suffix, if not specified. For backward\ncompatibility, if function with given name is not found, then the system\nwill try to use function named \"function\". For Node.js this is name of a\nfunction exported by the module specified in source_location.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"User-provided build-time environment variables for the function.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function.","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does\nNOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If omitted, the\nproject ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in a Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source","description_kind":"plain","optional":true},"generation":{"type":"number","description":"Google Cloud Storage generation for the object. If the generation\nis omitted, the latest generation will be used.","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the function source code.","description_kind":"plain"},"max_items":1}},"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain"},"max_items":1},"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"Required. The type of event to observe.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of a Pub/Sub topic in the same project that will be used\nas the transport topic for the event delivery.","description_kind":"plain","optional":true,"computed":true},"retry_policy":{"type":"string","description":"Describes the retry policy in case of function's execution failure.\nRetried execution is charged as any other execution. Possible values: [\"RETRY_POLICY_UNSPECIFIED\", \"RETRY_POLICY_DO_NOT_RETRY\", \"RETRY_POLICY_RETRY\"]","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Optional. The email of the trigger's service account. The service account\nmust have permission to invoke Cloud Run services. If empty, defaults to the\nCompute Engine default service account: {project_number}-compute@developer.gserviceaccount.com.","description_kind":"plain","optional":true,"computed":true},"trigger":{"type":"string","description":"Output only. The resource name of the Eventarc trigger.","description_kind":"plain","computed":true},"trigger_region":{"type":"string","description":"The region that the trigger will be in. The trigger will only receive\nevents originating in this region. It can be the same\nregion as the function, a different region or multi-region, or the global\nregion. If not provided, defaults to the same region as the function.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_filters":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"'Required. The name of a CloudEvents attribute.\nCurrently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes.\nDo not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of\nthe filter. If not specified, only events that have an exact key-value\npair specified in the filter are matched.\nThe only allowed value is 'match-path-pattern'.\n[See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute.\nIf the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value.","description_kind":"plain","required":true}},"description":"Criteria used to filter events.","description_kind":"plain"}}},"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain"},"max_items":1},"service_config":{"nesting_mode":"list","block":{"attributes":{"all_traffic_on_latest_revision":{"type":"bool","description":"Whether 100% of traffic is routed to the latest revision. Defaults to true.","description_kind":"plain","optional":true},"available_cpu":{"type":"string","description":"The number of CPUs used in a single container instance. Default value is calculated from available memory.","description_kind":"plain","optional":true,"computed":true},"available_memory":{"type":"string","description":"The amount of memory available for a function.\nDefaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is\nsupplied the value is interpreted as bytes.","description_kind":"plain","optional":true,"computed":true},"environment_variables":{"type":["map","string"],"description":"Environment variables that shall be available during function execution.","description_kind":"plain","optional":true},"gcf_uri":{"type":"string","description":"URIs of the Service deployed","description_kind":"plain","computed":true},"ingress_settings":{"type":"string","description":"Available ingress settings. Defaults to \"ALLOW_ALL\" if unspecified. Default value: \"ALLOW_ALL\" Possible values: [\"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", \"ALLOW_INTERNAL_AND_GCLB\"]","description_kind":"plain","optional":true},"max_instance_count":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true,"computed":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.","description_kind":"plain","optional":true,"computed":true},"min_instance_count":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Name of the service associated with a Function.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"timeout_seconds":{"type":"number","description":"The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the Service deployed.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The Serverless VPC Access connector that this cloud function can connect to.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"Available egress settings. Possible values: [\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\", \"PRIVATE_RANGES_ONLY\", \"ALL_TRAFFIC\"]","description_kind":"plain","optional":true}},"block_types":{"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration.","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}}},"description":"Describes the Service being deployed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","optional":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","optional":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","optional":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.","description_kind":"plain","optional":true,"computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","optional":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","optional":true,"computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","optional":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","optional":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","optional":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"The type of event to observe. For example: \"google.storage.object.finalize\". See the documentation on calling Cloud Functions for a full reference of accepted triggers.","description_kind":"plain","required":true},"resource":{"type":"string","description":"The name or partial URI of the resource from which to observe events. For example, \"myBucket\" or \"projects/my-project/topics/my-topic\"","description_kind":"plain","required":true}},"block_types":{"failure_policy":{"nesting_mode":"list","block":{"attributes":{"retry":{"type":"bool","description":"Whether the function should be retried on failure. Defaults to false.","description_kind":"plain","required":true}},"description":"Specifies policy for failed executions","description_kind":"plain"},"max_items":1}},"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain"},"max_items":1},"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mount_path as \"/etc/secrets\" would mount the secret value files under the \"/etc/secrets\" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: \"/etc/secrets\" Restricted mount paths: \"/cloudsql\", \"/dev/log\", \"/pod\", \"/proc\", \"/var/log\".","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as \"/etc/secrets\" and path as \"/secret_foo\" would mount the secret value file at \"/etc/secrets/secret_foo\".","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is preferable to use \"latest\" version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the \"latest\" version of the secret will be made available in a file named after the secret under the mount point.","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}},"source_repository":{"nesting_mode":"list","block":{"attributes":{"deployed_url":{"type":"string","description":"The URL pointing to the hosted repository where the function was defined at the time of deployment.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The URL pointing to the hosted repository where the function is defined.","description_kind":"plain","required":true}},"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"airflow_uri":{"type":"string","description":"The URI of the Apache Airflow Web UI hosted within this environment.","description_kind":"plain","computed":true},"dag_gcs_prefix":{"type":"string","description":"The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using '/'-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix.","description_kind":"plain","computed":true},"environment_size":{"type":"string","description":"The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"gke_cluster":{"type":"string","description":"The Kubernetes Engine cluster used to run this environment.","description_kind":"plain","computed":true},"node_count":{"type":"number","description":"The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"resilience_mode":{"type":"string","description":"Whether high resilience is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.1.15-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_retention_config":{"nesting_mode":"list","block":{"block_types":{"task_logs_retention_config":{"nesting_mode":"list","block":{"attributes":{"storage_mode":{"type":"string","description":"Whether logs in cloud logging only is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4 and newer.","description_kind":"plain","optional":true}},"description":"Optional. The configuration setting for Task Logs.","description_kind":"plain"},"min_items":1}},"description":"The configuration setting for Airflow data retention mechanism. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4. or newer","description_kind":"plain"},"max_items":1},"database_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. Cloud SQL database preferred zone.","description_kind":"plain","optional":true}},"description":"The configuration of Cloud SQL instance that is used by the Apache Airflow software. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated.","description_kind":"plain","required":true}},"description":"The encryption options for the Composer environment and its dependencies.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to 'start_time'.","description_kind":"plain","required":true},"recurrence":{"type":"string","description":"Maintenance window recurrence. Format is a subset of RFC-5545 (https://tools.ietf.org/html/rfc5545) 'RRULE'. The only allowed values for 'FREQ' field are 'FREQ=DAILY' and 'FREQ=WEEKLY;BYDAY=...'. Example values: 'FREQ=WEEKLY;BYDAY=TU,WE', 'FREQ=DAILY'.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Start time of the first recurrence of the maintenance window.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Composer maintenance window.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not master authorized networks is enabled.","description_kind":"plain","required":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"cidr_block must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"display_name is a field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.","description_kind":"plain"}}},"description":"Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The disk size in GB used for node VMs. Minimum size is 20GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"enable_ip_masq_agent":{"type":"bool","description":"Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent","description_kind":"plain","optional":true,"computed":true},"ip_allocation_policy":{"type":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"description":"Configuration for controlling how IPs are allocated in the GKE cluster. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. The network must belong to the environment's project. If unspecified, the \"default\" network ID in the environment's project is used. If a Custom Subnet Network is provided, subnetwork must also be provided.","description_kind":"plain","optional":true,"computed":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all node VMs. Cannot be updated. If empty, defaults to [\"https://www.googleapis.com/auth/cloud-platform\"]. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the \"default\" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The Compute Engine subnetwork to be used for machine communications, specified as a self-link, relative resource name (e.g. \"projects/{project}/regions/{region}/subnetworks/{subnetwork}\"), or by name. If subnetwork is provided, network must also be provided and the subnetwork must belong to the enclosing environment's project and region.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with RFC1035. Cannot be updated.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine zone in which to deploy the VMs running the Apache Airflow software, specified as the zone name or relative resource name (e.g. \"projects/{project}/zones/{zone}\"). Must belong to the enclosing environment's project and region. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Kubernetes Engine cluster.","description_kind":"plain"},"max_items":1},"private_environment_config":{"nesting_mode":"list","block":{"attributes":{"cloud_composer_connection_subnetwork":{"type":"string","description":"When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_composer_network_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_sql_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"connection_type":{"type":"string","description":"Mode of internal communication within the Composer environment. Must be one of \"VPC_PEERING\" or \"PRIVATE_SERVICE_CONNECT\".","description_kind":"plain","optional":true,"computed":true},"enable_private_endpoint":{"type":"bool","description":"If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true},"enable_privately_used_public_ips":{"type":"bool","description":"When enabled, IPs from public (non-RFC1918) ranges can be used for ip_allocation_policy.cluster_ipv4_cidr_block and ip_allocation_policy.service_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.","description_kind":"plain","optional":true,"computed":true},"web_server_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Private IP Cloud Composer environment.","description_kind":"plain"},"max_items":1},"recovery_config":{"nesting_mode":"list","block":{"block_types":{"scheduled_snapshots_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket.","description_kind":"plain","required":true},"snapshot_creation_schedule":{"type":"string","description":"Snapshot schedule, in the unix-cron format.","description_kind":"plain","optional":true},"snapshot_location":{"type":"string","description":"the URI of a bucket folder where to save the snapshot.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"A time zone for the schedule. This value is a time offset and does not take into account daylight saving time changes. Valid values are from UTC-12 to UTC+12. Examples: UTC, UTC-01, UTC+03.","description_kind":"plain","optional":true}},"description":"The configuration settings for scheduled snapshots.","description_kind":"plain"},"max_items":1}},"description":"The recovery configuration settings for the Cloud Composer environment","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"airflow_config_overrides":{"type":["map","string"],"description":"Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\". Section names must not contain hyphens (\"-\"), opening square brackets (\"[\"), or closing square brackets (\"]\"). The property name must not be empty and cannot contain \"=\" or \";\". Section and property names cannot contain characters: \".\" Apache Airflow configuration property names must be written in snake_case. Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are blacklisted, and cannot be overridden.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: AIRFLOW_HOME C_FORCE_ROOT CONTAINER_NAME DAGS_FOLDER GCP_PROJECT GCS_BUCKET GKE_CLUSTER_NAME SQL_DATABASE SQL_INSTANCE SQL_PASSWORD SQL_PROJECT SQL_REGION SQL_USER.","description_kind":"plain","optional":true},"image_version":{"type":"string","description":"The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression composer-([0-9]+(\\.[0-9]+\\.[0-9]+(-preview\\.[0-9]+)?)?|latest)-airflow-([0-9]+(\\.[0-9]+(\\.[0-9]+)?)?). The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major version number or 'latest'. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. See documentation for more details and version list.","description_kind":"plain","optional":true,"computed":true},"pypi_packages":{"type":["map","string"],"description":"Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\"). Values are the lowercase extras and version specifier (e.g. \"==1.12.0\", \"[devel,gcp_api]\", \"[devel]\u003e=1.8.2, \u003c1.9.2\"). To specify a package without pinning it to a version specifier, use the empty string as the value.","description_kind":"plain","optional":true},"python_version":{"type":"string","description":"The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '2'. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3.","description_kind":"plain","optional":true,"computed":true},"scheduler_count":{"type":"number","description":"The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration settings for software inside the environment.","description_kind":"plain"},"max_items":1},"web_server_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values.","description_kind":"plain","required":true}},"description":"The configuration settings for the Airflow web server App Engine instance. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"web_server_network_access_control":{"nesting_mode":"list","block":{"block_types":{"allowed_ip_range":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of this ip range.","description_kind":"plain","optional":true},"value":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: 192.168.1.1 or 192.168.0.0/16 or 2001:db8::/32 or 2001:0db8:0000:0042:0000:8a2e:0370:7334. IP range prefixes should be properly truncated. For example, 1.2.3.4/24 should be truncated to 1.2.3.0/24. Similarly, for IPv6, 2001:db8::1/32 should be truncated to 2001:db8::/32.","description_kind":"plain","required":true}},"description":"A collection of allowed IP ranges with descriptions.","description_kind":"plain"}}},"description":"Network-level access control policy for the Airflow web server.","description_kind":"plain"},"max_items":1},"workloads_config":{"nesting_mode":"list","block":{"block_types":{"scheduler":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of schedulers.","description_kind":"plain","optional":true,"computed":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow scheduler replica","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow schedulers.","description_kind":"plain"},"max_items":1},"triggerer":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of triggerers.","description_kind":"plain","required":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true}},"description":"Configuration for resources used by Airflow triggerers.","description_kind":"plain"},"max_items":1},"web_server":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow web server.","description_kind":"plain"},"max_items":1},"worker":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"max_count":{"type":"number","description":"Maximum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"min_count":{"type":"number","description":"Minimum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow workers.","description_kind":"plain"},"max_items":1}},"description":"The workloads configuration settings for the GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain"},"max_items":1}},"description":"Configuration parameters for this environment.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Optional. Name of an existing Cloud Storage bucket to be used by the environment.","description_kind":"plain","required":true}},"description":"Configuration options for storage used by Composer environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"ipv6_endpoint_type":{"type":"string","description":"The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the address. This field\ncan only be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.","description_kind":"plain","optional":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"prefix_length":{"type":"number","description":"The prefix length if the resource represents an IP range.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The URL of the subnetwork in which to reserve the address. If an IP\naddress is specified, it must be within the subnetwork's IP range.\nThis field can only be used with INTERNAL type with\nGCE_ENDPOINT/DNS_RESOLVER purposes.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"The URLs of the resources that are using this address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_attached_disk":{"version":0,"block":{"attributes":{"device_name":{"type":"string","description":"Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine.","description_kind":"plain","optional":true,"computed":true},"disk":{"type":"string","description":"name or self_link of the disk that will be attached.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"name or self_link of the compute instance that the disk will be attached to. If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project that the referenced compute instance is a part of. If instance is referenced by its self_link the project defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone that the referenced compute instance is located within. If instance is referenced by its self_link the zone defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true},"zone":{"type":"string","description":"URL of the zone where the instance group resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","required":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"request_coalescing":{"type":"bool","description":"If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.","description_kind":"plain","optional":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","optional":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"},"max_items":5},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys.\nDefault parameters are always included. '\u0026' and '=' will\nbe percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket_signed_url_key":{"version":0,"block":{"attributes":{"backend_bucket":{"type":"string","description":"The backend bucket this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","optional":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].","description_kind":"plain","optional":true,"computed":true}},"description":"The set of backends that serve this BackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","required":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"}},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"locality_lb_policies":{"nesting_mode":"list","block":{"block_types":{"custom_policy":{"nesting_mode":"list","block":{"attributes":{"data":{"type":"string","description":"An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.","description_kind":"plain","required":true}},"description":"The configuration for a custom policy implemented by the user and\ndeployed with the client.","description_kind":"plain"},"max_items":1},"policy":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"]","description_kind":"plain","required":true}},"description":"The configuration for a built-in load balancing policy.","description_kind":"plain"},"max_items":1}},"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain"},"max_items":1},"security_settings":{"nesting_mode":"list","block":{"attributes":{"client_tls_policy":{"type":"string","description":"ClientTlsPolicy is a resource that specifies how a client should authenticate\nconnections to backends of a service. This resource itself does not affect\nconfiguration unless it is attached to a backend service resource.","description_kind":"plain","required":true},"subject_alt_names":{"type":["list","string"],"description":"A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.","description_kind":"plain","required":true}},"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service_signed_url_key":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"The backend service this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"rsa_encrypted_key":{"type":"string","description":"Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_async_replication":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"primary_disk":{"type":"string","description":"Primary disk for asynchronous replication.","description_kind":"plain","required":true}},"block_types":{"secondary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Secondary disk for asynchronous replication.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output-only. Status of replication on the secondary disk.","description_kind":"plain","computed":true}},"description":"Secondary disk for asynchronous replication.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_external_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for the external VPN gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redundancy_type":{"type":"string","description":"Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"interface":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.","description_kind":"plain","optional":true}},"description":"A list of interfaces on this external VPN gateway.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall":{"version":1,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"destination_ranges":{"type":["set","string"],"description":"If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.","description_kind":"plain","optional":true,"computed":true},"direction":{"type":"string","description":"Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","optional":true,"computed":true},"disabled":{"type":"bool","description":"Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the network to attach this firewall to.","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ranges":{"type":["set","string"],"description":"If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_service_accounts":{"type":["set","string"],"description":"If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_tags":{"type":["set","string"],"description":"If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["set","string"],"description":"A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.","description_kind":"plain","optional":true},"target_tags":{"type":["set","string"],"description":"A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.","description_kind":"plain","optional":true}},"block_types":{"allow":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.","description_kind":"plain"}},"deny":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"]","description_kind":"plain","required":true}},"description":"This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the firewall policy.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true},"short_name":{"type":"string","description":"User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_resources":{"type":["list","string"],"description":"A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","optional":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","optional":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","optional":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","optional":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true,"computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true,"computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service Directory service to register the forwarding rule under.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The IP address or beginning of the address range represented by this\nresource. This can be supplied as an input to reserve a specific\naddress or omitted to allow GCP to choose a valid one for you.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of the address to reserve.\n\n* EXTERNAL indicates public/external single IP address.\n* INTERNAL indicates internal IP ranges belonging to some network. Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the IP range. The IP range\nmust be in RFC1918 space. The network cannot be deleted if there are\nany reserved IP ranges referring to it.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true},"prefix_length":{"type":"number","description":"The prefix length of the IP range. If not present, it means the\naddress field is a single IP address.\n\nThis field is not applicable to addresses with addressType=INTERNAL\nwhen purpose=PRIVATE_SERVICE_CONNECT","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. Possible values include:\n\n* VPC_PEERING - for peer networks\n\n* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that the label must match. The value has a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service_directory_region":{"type":"string","description":"[Optional] Service Directory region to register this global forwarding rule under.\nDefault to \"us-central1\". Only used for PSC for Google APIs. All PSC for\nGoogle APIs Forwarding Rules on the same network should use the same Service\nDirectory region.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"global_network_endpoint_group":{"type":"string","description":"The global network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of the external endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Possible values: [\"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpn_interfaces":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID of this VPN gateway interface.","description_kind":"plain","optional":true},"interconnect_attachment":{"type":"string","description":"URL of the interconnect attachment resource. When the value\nof this field is present, the VPN Gateway will be used for\nIPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the\nspecified interconnect attachment resource.\n\nNot currently available publicly.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The external IP address for this VPN gateway interface.","description_kind":"plain","computed":true}},"description":"A list of interfaces on this VPN gateway.","description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_http_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_https_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description":"Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the image when restored onto a persistent disk (in GB).","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"family":{"type":"string","description":"The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Image.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"URL of the source image used to create this image. In order to create an image, you must provide the full or partial\nURL of one of the following:\n\n* The selfLink URL\n* This property\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"URL of the source snapshot used to create this image.\n\nIn order to create an image, you must provide the full or partial URL of one of the following:\n\n* The selfLink URL\n* This property\n* The sourceImage URL\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\", \"SEV_LIVE_MIGRATABLE_V2\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable images.","description_kind":"plain"}},"image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud\nKMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service\naccount is used.","description_kind":"plain","optional":true}},"description":"Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image)","description_kind":"plain"},"max_items":1},"raw_disk":{"nesting_mode":"list","block":{"attributes":{"container_type":{"type":"string","description":"The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"]","description_kind":"plain","optional":true},"sha1":{"type":"string","description":"An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.","description_kind":"plain","required":true}},"description":"The parameters of the raw disk image.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"min_items":1,"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"},"min_items":1},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_from_template":{"version":0,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true,"computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","optional":true,"computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true,"computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true,"computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true,"computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","optional":true,"computed":true},"source_instance_template":{"type":"string","description":"Name or self link of an instance template to create the instance based on.","description_kind":"plain","required":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true,"computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true,"computed":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true,"computed":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true,"computed":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"access_config":{"type":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain","optional":true,"computed":true},"alias_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"description":"An array of alias IP ranges for this network interface.","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true,"computed":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true,"computed":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true,"computed":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true,"computed":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true,"computed":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true,"computed":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description":"An optional textual description of the instance group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"The list of instances in the group, in self_link format. When adding instances they must all be in the same network and zone as the instance group.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance group. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network the instance group is in. If this is different from the network where the instances are in, the creation fails. Defaults to the network where the instances are in (if neither network nor instances is specified, this field will be blank).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The number of instances in the group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that this instance group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"named_port":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name which the port will be mapped to.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number to map the name to.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. If neither is set, defaults to 1","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. If neither is set, defaults to 1.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_instance_group_membership":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"An instance being added to the InstanceGroup","description_kind":"plain","required":true},"instance_group":{"type":"string","description":"Represents an Instance Group resource name that the instance belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the instance group resides.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_named_port":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the instance group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for this named port. The name must be 1-63 characters\nlong, and comply with RFC1035.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number, which can be a value between 1 and 65535.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone of the instance group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description":"A special URI of the created resource that uniquely identifies this instance template.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect_attachment":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment","description_kind":"plain","optional":true},"bandwidth":{"type":"string","description":"Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"]","description_kind":"plain","optional":true,"computed":true},"candidate_subnets":{"type":["list","string"],"description":"Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.","description_kind":"plain","optional":true},"cloud_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_availability_domain":{"type":"string","description":"Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.","description_kind":"plain","optional":true,"computed":true},"encryption":{"type":"string","description":"Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"]","description_kind":"plain","optional":true},"google_reference_id":{"type":"string","description":"Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect":{"type":"string","description":"URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.","description_kind":"plain","optional":true},"ipsec_internal_addresses":{"type":["list","string"],"description":"URL of addresses that have been reserved for the interconnect attachment,\nUsed only for interconnect attachment that has the encryption option as\nIPSEC.\n\nThe addresses must be RFC 1918 IP address ranges. When creating HA VPN\ngateway over the interconnect attachment, if the attachment is configured\nto use an RFC 1918 IP address, then the VPN gateway's IP address will be\nallocated from the IP address range specified here.\n\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN gateway\ninterface 0 will be allocated from the IP address specified for this\ninterconnect attachment.\n\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on this\ninterconnect attachment, the HA VPN gateway's IP address will be\nallocated from regional external IP address pool.","description_kind":"plain","optional":true},"mtu":{"type":"string","description":"Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a\nlowercase letter, and all following characters must be a dash, lowercase\nletter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"pairing_key":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\"","description_kind":"plain","computed":true},"partner_asn":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.","description_kind":"plain","computed":true},"private_interconnect_info":{"type":["list",["object",{"tag8021q":"number"}]],"description":"Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the regional interconnect attachment resides.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of the cloud router to be used for dynamic routing. This router must be in\nthe same region as this InterconnectAttachment. The InterconnectAttachment will\nautomatically connect the Interconnect to the network \u0026 region within which the\nCloud Router is configured.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this interconnect attachment to identify whether the IPv6\nfeature is enabled or not. If not specified, IPV4_ONLY will be used.\n\nThis field can be both set at interconnect attachments creation and update\ninterconnect attachment operations. Possible values: [\"IPV4_IPV6\", \"IPV4_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"[Output Only] The current state of this attachment's functionality.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"]","description_kind":"plain","optional":true,"computed":true},"vlan_tag8021q":{"type":"number","description":"The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_managed_ssl_certificate":{"version":0,"block":{"attributes":{"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subject_alternative_names":{"type":["list","string"],"description":"Domains associated with the certificate via Subject Alternative Name.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Enum field whose value is always 'MANAGED' - used to signal to the API\nwhich type this is. Default value: \"MANAGED\" Possible values: [\"MANAGED\"]","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"Domains for which a managed SSL certificate will be valid. Currently,\nthere can be up to 100 domains in this list.","description_kind":"plain","required":true}},"description":"Properties relevant to a managed certificate. These will be used if the\ncertificate is managed (as indicated by a value of 'MANAGED' in 'type').","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"auto_create_subnetworks":{"type":"bool","description":"When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.","description_kind":"plain","optional":true},"delete_default_routes_on_create":{"type":"bool","description":"If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. The resource must be\nrecreated to modify this field.","description_kind":"plain","optional":true},"enable_ula_internal_ipv6":{"type":"bool","description":"Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.","description_kind":"plain","optional":true},"gateway_ipv4":{"type":"string","description":"The gateway address for default routing out of the network. This value\nis selected by GCP.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description":"When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.","description_kind":"plain","optional":true,"computed":true},"mtu":{"type":"number","description":"Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_enforcement_order":{"type":"string","description":"Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"]","description_kind":"plain","optional":true},"numeric_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone of network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoints":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group these endpoints are part of.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_endpoints":{"nesting_mode":"set","block":{"attributes":{"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone as the network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true}},"description":"The network endpoints to be added to the enclosing network endpoint group\n(NEG). Each endpoint specifies an IP address and port, along with\nadditional information depending on the NEG type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","optional":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","optional":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","required":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering_routes_config":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to import the custom routes to the peer network.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the primary network for the peering.","description_kind":"plain","required":true},"peering":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_group":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_size":{"type":"number","description":"The initial number of nodes in the node group. One of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain","optional":true},"maintenance_policy":{"type":"string","description":"Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_template":{"type":"string","description":"The URL of the node template to which this node group belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"The total number of nodes in the node group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where this node group is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.","description_kind":"plain","optional":true,"computed":true},"min_nodes":{"type":"number","description":"Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]","description_kind":"plain","optional":true,"computed":true}},"description":"If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.\n\nOne of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"start_time":{"type":"string","description":"instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"contains properties for the timeframe of maintenance","description_kind":"plain"},"max_items":1},"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"]","description_kind":"plain","required":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number should be the same as the key of this project config in the project map.","description_kind":"plain","required":true}},"description":"A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"Share settings for the node group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_template":{"version":0,"block":{"attributes":{"cpu_overcommit_type":{"type":"string","description":"CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_affinity_labels":{"type":["map","string"],"description":"Labels to use for node affinity, which will be used in\ninstance scheduling.","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"node_type_flexibility":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"string","description":"Number of virtual CPUs to use.","description_kind":"plain","optional":true},"local_ssd":{"type":"string","description":"Use local SSD","description_kind":"plain","computed":true},"memory":{"type":"string","description":"Physical memory available to the node, defined in MB.","description_kind":"plain","optional":true}},"description":"Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.","description_kind":"plain"},"max_items":1},"server_binding":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"]","description_kind":"plain","required":true}},"description":"The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_packet_mirroring":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the packet mirroring rule","description_kind":"plain","required":true},"priority":{"type":"number","description":"Since only one rule can be active at a time, priority is\nused to break ties in the case of two rules that apply to\nthe same instances.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"collector_ilb":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the forwarding rule.","description_kind":"plain","required":true}},"description":"The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL)\nthat will be used as collector for mirrored traffic. The\nspecified forwarding rule must have is_mirroring_collector\nset to true.","description_kind":"plain"},"min_items":1,"max_items":1},"filter":{"nesting_mode":"list","block":{"attributes":{"cidr_ranges":{"type":["list","string"],"description":"IP CIDR ranges that apply as a filter on the source (ingress) or\ndestination (egress) IP in the IP header. Only IPv4 is supported.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"Direction of traffic to mirror. Default value: \"BOTH\" Possible values: [\"INGRESS\", \"EGRESS\", \"BOTH\"]","description_kind":"plain","optional":true},"ip_protocols":{"type":["list","string"],"description":"Possible IP protocols including tcp, udp, icmp and esp","description_kind":"plain","optional":true}},"description":"A filter for mirrored traffic. If unset, all traffic is mirrored.","description_kind":"plain"},"max_items":1},"mirrored_resources":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"All instances with these tags will be mirrored.","description_kind":"plain","optional":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the instances where this rule should be active.","description_kind":"plain","required":true}},"description":"All the listed instances will be mirrored. Specify at most 50.","description_kind":"plain"}},"subnetworks":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the subnetwork where this rule should be active.","description_kind":"plain","required":true}},"description":"All instances in one of these subnetworks will be mirrored.","description_kind":"plain"}}},"description":"A means of specifying which resources to mirror.","description_kind":"plain"},"min_items":1,"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The full self_link URL of the network where this rule is active.","description_kind":"plain","required":true}},"description":"Specifies the mirrored VPC network. Only packets in this network\nwill be mirrored. All mirrored VMs should have a NIC in the given\nnetwork. All mirrored subnetworks should belong to the given network.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The instance group manager this instance config is part of.","description_kind":"plain","required":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_default_network_tier":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The default network tier to be configured for the project. This field can take the following values: PREMIUM or STANDARD.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"A series of key value pairs.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata_item":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"The metadata key to set.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The value to set for the given metadata key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_advertised_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns_verification_ip":{"type":"string","description":"The IPv4 address to be used for reverse DNS verification.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_delegated_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"is_live_migration":{"type":"bool","description":"If true, the prefix will be live migrated.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"parent_prefix":{"type":"string","description":"The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A region where the prefix will reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this RegionBackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to HealthCheck resources for health checking\nthis RegionBackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates what kind of load balancing this regional backend service\nwill be used for. A backend service created for one type of load\nbalancing cannot be used with the other(s). For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"INTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network to which this backend service belongs.\nThis field can only be specified when the load balancing scheme is set to INTERNAL.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"A named port on a backend instance group representing the port for\ncommunication to the backend VMs in that group. Required when the\nloadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED\nand the backends are instance groups. The named port must be defined on each\nbackend instance group. This parameter has no meaning if the backends are NEGs. API sets a\ndefault of \"http\" if not given.\nMust be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this RegionBackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"SSL\", \"TCP\", \"UDP\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created backend service should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"CLIENT_IP_NO_DESTINATION\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"CONNECTION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\n~\u003e**NOTE**: This field cannot be set for\nINTERNAL region backend services (default loadBalancingScheme),\nbut is required for non-INTERNAL backend service. The total\ncapacity_scaler for all backends must be non-zero.\n\nA setting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"failover":{"type":"bool","description":"This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.","description_kind":"plain","optional":true,"computed":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\nCannot be set for INTERNAL backend services.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. Cannot be set\nfor INTERNAL backend services.\n\nThis is used to calculate the capacity of the group. Can be\nused in either CONNECTION or UTILIZATION balancing modes. For\nCONNECTION mode, either maxConnections or\nmaxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. Cannot be set for INTERNAL backend\nservices.\n\nThis is used to calculate the capacity of the group.\nCan be used in either CONNECTION or UTILIZATION balancing modes.\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group. Cannot be set\nfor INTERNAL backend services.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. Either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].\nCannot be set for INTERNAL backend services.","description_kind":"plain","optional":true}},"description":"The set of backends that serve this RegionBackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the 'load_balancing_scheme' is set to INTERNAL_MANAGED\nand the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing.\nThis field only applies when all of the following are true -\n * 'load_balancing_scheme' is set to INTERNAL_MANAGED\n * 'protocol' is set to HTTP, HTTPS, or HTTP2\n * 'locality_lb_policy' is set to MAGLEV or RING_HASH","description_kind":"plain"},"max_items":1},"failover_policy":{"nesting_mode":"list","block":{"attributes":{"disable_connection_drain_on_failover":{"type":"bool","description":"On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"drop_traffic_if_unhealthy":{"type":"bool","description":"This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"failover_ratio":{"type":"number","description":"The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.","description_kind":"plain","optional":true}},"description":"Policy for failovers.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the 'load_balancing_scheme' is set\nto INTERNAL_MANAGED and the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_commitment":{"version":0,"block":{"attributes":{"auto_renew":{"type":"bool","description":"Specifies whether to enable automatic renewal for the commitment.\nThe default value is false if not specified.\nIf the field is set to true, the commitment will be automatically renewed for either\none or three years according to the terms of the existing commitment.","description_kind":"plain","optional":true,"computed":true},"category":{"type":"string","description":"The category of the commitment. Category MACHINE specifies commitments composed of\nmachine resources such as VCPU or MEMORY, listed in resources. Category LICENSE\nspecifies commitments composed of software licenses, listed in licenseResources.\nNote that only MACHINE commitments should have a Type specified. Possible values: [\"LICENSE\", \"MACHINE\"]","description_kind":"plain","optional":true,"computed":true},"commitment_id":{"type":"number","description":"Unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"end_timestamp":{"type":"string","description":"Commitment end time in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"plan":{"type":"string","description":"The plan for this commitment, which determines duration and discount rate.\nThe currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). Possible values: [\"TWELVE_MONTH\", \"THIRTY_SIX_MONTH\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where this commitment may be used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"start_timestamp":{"type":"string","description":"Commitment start time in RFC3339 text format.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the commitment with regards to eventual expiration\n(each commitment has an end date defined).","description_kind":"plain","computed":true},"status_message":{"type":"string","description":"A human-readable explanation of the status.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of commitment, which affects the discount rate and the eligible resources.\nThe type could be one of the following value: 'MEMORY_OPTIMIZED', 'ACCELERATOR_OPTIMIZED',\n'GENERAL_PURPOSE_N1', 'GENERAL_PURPOSE_N2', 'GENERAL_PURPOSE_N2D', 'GENERAL_PURPOSE_E2',\n'GENERAL_PURPOSE_T2D', 'GENERAL_PURPOSE_C3', 'COMPUTE_OPTIMIZED_C2', 'COMPUTE_OPTIMIZED_C2D' and\n'GRAPHICS_OPTIMIZED_G2'","description_kind":"plain","optional":true,"computed":true}},"block_types":{"license_resource":{"nesting_mode":"list","block":{"attributes":{"amount":{"type":"string","description":"The number of licenses purchased.","description_kind":"plain","optional":true},"cores_per_license":{"type":"string","description":"Specifies the core range of the instance for which this license applies.","description_kind":"plain","optional":true},"license":{"type":"string","description":"Any applicable license URI.","description_kind":"plain","required":true}},"description":"The license specification required as part of a license commitment.","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.","description_kind":"plain","optional":true},"amount":{"type":"string","description":"The amount of the resource purchased (in a type-dependent unit,\nsuch as bytes). For vCPUs, this can just be an integer. For memory,\nthis must be provided in MB. Memory must be a multiple of 256 MB,\nwith up to 6.5GB of memory per every vCPU.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of resource for which this commitment applies.\nPossible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.","description_kind":"plain","optional":true}},"description":"A list of commitment amounts for particular resources.\nNote that VCPU and MEMORY resource commitments must occur together.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the regional disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created health check should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n\n* Empty serviceName means the overall status of all services at the backend.\n* Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\n\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","optional":true,"computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"instance_redistribution_type":{"type":"string","description":"The instance redistribution policy for regional managed instance groups. Valid values are: \"PROACTIVE\", \"NONE\". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.","description_kind":"plain","optional":true},"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for regional managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of network endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true},"region_network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","optional":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true}},"block_types":{"app_engine":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional serving service.\nThe service name must be 1-63 characters long, and comply with RFC1035.\nExample value: \"default\", \"my-service\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and version fields from a request URL.\nURL mask allows for routing to multiple App Engine services without\nhaving to create multiple Network Endpoint Groups and backend services.\n\nFor example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and\n\"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with\nURL mask \"-dot-appname.appspot.com/\". The URL mask will parse\nthem to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional serving version.\nThe version must be 1-63 characters long, and comply with RFC1035.\nExample value: \"v1\", \"v2\".","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_function":{"nesting_mode":"list","block":{"attributes":{"function":{"type":"string","description":"A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_run":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of this resource.","description_kind":"plain","optional":true,"computed":true},"region_network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true},"region_instance_group_manager":{"type":"string","description":"The region instance group manager this instance config is part of.","description_kind":"plain","required":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"A list of features enabled when the selected profile is CUSTOM. The\nmethod returns the set of features that can be specified in this\nlist. This field must be empty if the profile is not CUSTOM.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the regional SSL policy resides.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nAt least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.\nsslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the Region SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the RegionBackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target TCP proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The full or partial URL of the defaultService resource to which traffic is directed if\nnone of the hostRules match. If defaultRouteAction is additionally specified, advanced\nrouting actions like URL Rewrites, etc. take effect prior to sending the request to the\nbackend. However, if defaultService is specified, defaultRouteAction cannot contain any\nweightedBackendServices. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService must be set.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the url map should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the RegionBackendService resource being mirrored to.\nThe backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.\nServerless NEG backends are not currently supported as a mirrored backend service.","description_kind":"plain","optional":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response before sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request before forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add the response before sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this HostRule. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"A reference to a RegionBackendService resource. This will be used if\nnone of the pathRules defined by this PathMatcher is matched by\nthe URL's path portion.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"A reference to expected RegionBackendService resource the given URL should be mapped to.","description_kind":"plain","required":true}},"description":"The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","optional":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"block_types":{"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Type of sharing for this shared-reservation Possible values: [\"LOCAL\", \"SPECIFIC_PROJECTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number, should be same as the key of this project config in the project map.","description_kind":"plain","optional":true}},"description":"A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"The share setting for reservations.","description_kind":"plain"},"max_items":1},"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of resources that are allocated.","description_kind":"plain","required":true},"in_use_count":{"type":"number","description":"How many instances are in use.","description_kind":"plain","computed":true}},"block_types":{"instance_properties":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The name of the machine type to reserve.","description_kind":"plain","required":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to\nthis instance.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.","description_kind":"plain","required":true}},"description":"Guest accelerator type and count.","description_kind":"plain"}},"local_ssds":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The size of the disk in base-2 GB.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"]","description_kind":"plain","optional":true}},"description":"The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.","description_kind":"plain"}}},"description":"The instance properties for the reservation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Reservation for instances with specific machine shapes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"disk_consistency_group_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable disk consistency on the resource policy.","description_kind":"plain","required":true}},"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain"},"max_items":1},"group_placement_policy":{"nesting_mode":"list","block":{"attributes":{"availability_domain_count":{"type":"number","description":"The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network","description_kind":"plain","optional":true},"collocation":{"type":"string","description":"Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"]","description_kind":"plain","optional":true},"vm_count":{"type":"number","description":"Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.","description_kind":"plain","optional":true}},"description":"Resource policy for instances used for placement configuration.","description_kind":"plain"},"max_items":1},"instance_schedule_policy":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The expiration time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","required":true}},"block_types":{"vm_start_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for starting instances.","description_kind":"plain"},"max_items":1},"vm_stop_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for stopping instances.","description_kind":"plain"},"max_items":1}},"description":"Resource policy for scheduling instance operations.","description_kind":"plain"},"max_items":1},"snapshot_schedule_policy":{"nesting_mode":"list","block":{"block_types":{"retention_policy":{"nesting_mode":"list","block":{"attributes":{"max_retention_days":{"type":"number","description":"Maximum age of the snapshot that is allowed to be kept.","description_kind":"plain","required":true},"on_source_disk_delete":{"type":"string","description":"Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"]","description_kind":"plain","optional":true}},"description":"Retention policy applied to snapshots created by this resource policy.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"days_in_cycle":{"type":"number","description":"Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"The policy will execute every nth day at the specified time.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"hours_in_cycle":{"type":"number","description":"The number of hours between snapshots.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT.\neg: 21:00","description_kind":"plain","required":true}},"description":"The policy will execute every nth hour starting at the specified time.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"block_types":{"day_of_weeks":{"nesting_mode":"set","block":{"attributes":{"day":{"type":"string","description":"The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.","description_kind":"plain","required":true}},"description":"May contain up to seven (one for each day of the week) snapshot times.","description_kind":"plain"},"min_items":1,"max_items":7}},"description":"Allows specifying a snapshot time for each day of the week.","description_kind":"plain"},"max_items":1}},"description":"Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.","description_kind":"plain"},"min_items":1,"max_items":1},"snapshot_properties":{"nesting_mode":"list","block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.","description_kind":"plain","optional":true},"guest_flush":{"type":"bool","description":"Whether to perform a 'guest aware' snapshot.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key-value pairs.","description_kind":"plain","optional":true},"storage_locations":{"type":["set","string"],"description":"Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional)","description_kind":"plain","optional":true}},"description":"Properties with which the snapshots are created, such as labels.","description_kind":"plain"},"max_items":1}},"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_route":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"dest_range":{"type":"string","description":"The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network that this route applies to.","description_kind":"plain","required":true},"next_hop_gateway":{"type":"string","description":"URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.","description_kind":"plain","optional":true},"next_hop_ilb":{"type":"string","description":"The IP address or URL to a forwarding rule of type\nloadBalancingScheme=INTERNAL that should handle matching\npackets.\n\nWith the GA provider you can only specify the forwarding\nrule as a partial or full URL. For example, the following\nare all valid values:\n* 10.128.0.56\n* https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule\n* regions/region/forwardingRules/forwardingRule\n\nWhen the beta provider, you can also specify the IP address\nof a forwarding rule from the same VPC or any peered VPC.\n\nNote that this can only be used when the destinationRange is\na public (non-RFC 1918) IP CIDR range.","description_kind":"plain","optional":true},"next_hop_instance":{"type":"string","description":"URL to an instance that should handle matching packets.\nYou can specify this as a full or partial URL. For example:\n* 'https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance'\n* 'projects/project/zones/zone/instances/instance'\n* 'zones/zone/instances/instance'\n* Just the instance name, with the zone in 'next_hop_instance_zone'.","description_kind":"plain","optional":true},"next_hop_instance_zone":{"type":"string","description":"The zone of the instance specified in next_hop_instance. Omit if next_hop_instance is specified as a URL.","description_kind":"plain","optional":true,"computed":true},"next_hop_ip":{"type":"string","description":"Network IP address of an instance that should handle matching packets.","description_kind":"plain","optional":true,"computed":true},"next_hop_network":{"type":"string","description":"URL to a Network that should handle matching packets.","description_kind":"plain","computed":true},"next_hop_vpn_tunnel":{"type":"string","description":"URL to a VpnTunnel that should handle matching packets.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A list of instance tags to which this route applies.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"bgp":{"nesting_mode":"list","block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS","description_kind":"plain","optional":true},"asn":{"type":"number","description":"Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.","description_kind":"plain","required":true},"keepalive_interval":{"type":"number","description":"The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}}},"description":"BGP information specific to this router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_interface":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"The name or resource link to the VLAN interconnect for this interface. Changing this forces a new interface to be created. Only one of interconnect_attachment, subnetwork or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"ip_range":{"type":"string","description":"The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the interface, required by GCE. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance. Changing this forces a new interface to be created.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which this interface's router belongs. If it is not provided, the provider project is used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"redundant_interface":{"type":"string","description":"The name of the interface that is redundant to this interface. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the router this interface will be attached to. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"subnetwork":{"type":"string","description":"The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. Changing this forces a new interface to be created. Only one of subnetwork, interconnect_attachment or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"vpn_tunnel":{"type":"string","description":"The name or resource link to the VPN tunnel this interface will be linked to. Changing this forces a new interface to be created. Only one of vpn_tunnel, interconnect_attachment or subnetwork can be specified.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","optional":true,"computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","optional":true,"computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","optional":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","optional":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","required":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","optional":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","optional":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","optional":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs.","description_kind":"plain","required":true},"filter":{"type":"string","description":"Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"]","description_kind":"plain","required":true}},"description":"Configuration for logging on NAT","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this rule.","description_kind":"plain","optional":true},"match":{"type":"string","description":"CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"","description_kind":"plain","required":true},"rule_number":{"type":"number","description":"An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.","description_kind":"plain","required":true}},"block_types":{"action":{"nesting_mode":"list","block":{"attributes":{"source_nat_active_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources used for this NAT rule.\nThese IP addresses must be valid static external IP addresses assigned to the project.\nThis field is used for public NAT.","description_kind":"plain","optional":true},"source_nat_drain_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained.\nThese IPs must be valid static external IPs that have been assigned to the NAT.\nThese IPs should be used for updating/patching a NAT rule only.\nThis field is used for public NAT.","description_kind":"plain","optional":true}},"description":"The action to be enforced for traffic that matches this rule.","description_kind":"plain"},"max_items":1}},"description":"A list of rules associated with this NAT.","description_kind":"plain"}},"subnetwork":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Self-link of subnetwork to NAT","description_kind":"plain","required":true},"secondary_ip_range_names":{"type":["set","string"],"description":"List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat","description_kind":"plain","optional":true},"source_ip_ranges_to_nat":{"type":["set","string"],"description":"List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.","description_kind":"plain","required":true}},"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_peer":{"version":0,"block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom\nmode, which currently supports the following option:\n\n* 'ALL_SUBNETS': Advertises all of the router's own VPC subnets.\nThis excludes any routes learned for subnets that use VPC Network\nPeering.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.","description_kind":"plain","optional":true},"advertised_route_priority":{"type":"number","description":"The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.","description_kind":"plain","optional":true},"enable_ipv6":{"type":"bool","description":"Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Name of the interface the BGP peer is associated with.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"management_type":{"type":"string","description":"The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of this BGP peer. The name must be 1-63 characters long,\nand comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_asn":{"type":"number","description":"Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.","description_kind":"plain","required":true},"peer_ip_address":{"type":"string","description":"IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.","description_kind":"plain","optional":true,"computed":true},"peer_ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this BgpPeer will be configured.","description_kind":"plain","required":true},"router_appliance_instance":{"type":"string","description":"The URI of the VM instance that is used as third-party router appliances\nsuch as Next Gen Firewalls, Virtual Routers, or Router Appliances.\nThe VM instance must be located in zones contained in the same region as\nthis Cloud Router. The VM instance is the peer side of the BGP session.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}},"bfd":{"nesting_mode":"list","block":{"attributes":{"min_receive_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.","description_kind":"plain","optional":true},"min_transmit_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.","description_kind":"plain","optional":true},"multiplier":{"type":"number","description":"The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.","description_kind":"plain","optional":true},"session_initialization_mode":{"type":"string","description":"The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"]","description_kind":"plain","required":true}},"description":"BFD configuration for the BGP peering.","description_kind":"plain"},"max_items":1},"md5_authentication_key":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Value of the key.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"[REQUIRED] Name used to identify the key.\nMust be unique within a router. Must be referenced by exactly one bgpPeer. Must comply with RFC1035.","description_kind":"plain","required":true}},"description":"Present if MD5 authentication is enabled for the peering. Must be the name\nof one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"adaptive_protection_config":{"nesting_mode":"list","block":{"block_types":{"layer_7_ddos_defense_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"If set to true, enables CAAP for L7 DDoS detection.","description_kind":"plain","optional":true},"rule_visibility":{"type":"string","description":"Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".","description_kind":"plain","optional":true}},"description":"Layer 7 DDoS Defense Config of this security policy","description_kind":"plain"},"max_items":1}},"description":"Adaptive Protection Config of this security policy.","description_kind":"plain"},"max_items":1},"advanced_options_config":{"nesting_mode":"list","block":{"attributes":{"json_parsing":{"type":"string","description":"JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".","description_kind":"plain","optional":true,"computed":true},"user_ip_request_headers":{"type":["set","string"],"description":"An optional list of case-insensitive request header names to use for resolving the callers client IP address.","description_kind":"plain","optional":true}},"block_types":{"json_custom_config":{"nesting_mode":"list","block":{"attributes":{"content_types":{"type":["set","string"],"description":"A list of custom Content-Type header values to apply the JSON parsing.","description_kind":"plain","required":true}},"description":"Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.","description_kind":"plain"},"max_items":1}},"description":"Advanced Options Config of this security policy.","description_kind":"plain"},"max_items":1},"recaptcha_options_config":{"nesting_mode":"list","block":{"attributes":{"redirect_site_key":{"type":"string","description":"A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.","description_kind":"plain","required":true}},"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain"},"max_items":1},"rule":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Action to take when match matches the request.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this rule. Max size is 64.","description_kind":"plain","optional":true},"preview":{"type":"bool","description":"When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"},"min_items":1}},"description":"Additional actions that are performed on headers.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["set","string"],"description":"Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).","description_kind":"plain","required":true}},"description":"The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.","description_kind":"plain","required":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.","description_kind":"plain","required":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1}},"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_service_attachment":{"version":0,"block":{"attributes":{"connected_endpoints":{"type":["list",["object",{"endpoint":"string","status":"string"}]],"description":"An array of the consumer forwarding rules connected to this service\nattachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference to use for this service attachment. Valid\nvalues include \"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\".","description_kind":"plain","required":true},"consumer_reject_lists":{"type":["list","string"],"description":"An array of projects that are not allowed to connect to this service\nattachment.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"domain_names":{"type":["list","string"],"description":"If specified, the domain name will be used during the integration between\nthe PSC connected endpoints and the Cloud DNS. For example, this is a\nvalid domain name: \"p.mycompany.com.\". Current max number of domain names\nsupported is 1.","description_kind":"plain","optional":true},"enable_proxy_protocol":{"type":"bool","description":"If true, enable the proxy protocol which is for supplying client TCP/IP\naddress data in TCP connections that traverse proxies on their way to\ndestination servers.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"nat_subnets":{"type":["list","string"],"description":"An array of subnets that is provided for NAT in this service attachment.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconcile_connections":{"type":"bool","description":"This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints.\n\nIf false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified .\nIf true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the resource resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target_service":{"type":"string","description":"The URL of a forwarding rule that represents the service identified by\nthis service attachment.","description_kind":"plain","required":true}},"block_types":{"consumer_accept_lists":{"nesting_mode":"set","block":{"attributes":{"connection_limit":{"type":"number","description":"The number of consumer forwarding rules the consumer project can\ncreate.","description_kind":"plain","required":true},"project_id_or_num":{"type":"string","description":"A project that is allowed to connect to this service attachment.","description_kind":"plain","required":true}},"description":"An array of projects that are allowed to connect to this service\nattachment.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_host_project":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC host project","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_service_project":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host_project":{"type":"string","description":"The ID of a host project to associate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC service project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","required":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain"},"max_items":1},"source_disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.","description_kind":"plain","optional":true},"external_ipv6_prefix":{"type":"string","description":"The range of external IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during updates of this resource.","description_kind":"plain","deprecated":true,"computed":true},"gateway_address":{"type":"string","description":"The gateway address for default routes to reach destination addresses\noutside this subnetwork.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description":"The internal IPv6 address range that is assigned to this subnetwork.","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.","description_kind":"plain","required":true},"ipv6_access_type":{"type":"string","description":"The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"ipv6_cidr_range":{"type":"string","description":"The range of internal IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially\ncreating the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this subnet belongs to.\nOnly networks that are in the distributed mode can have subnetworks.","description_kind":"plain","required":true},"private_ip_google_access":{"type":"bool","description":"When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.","description_kind":"plain","optional":true,"computed":true},"private_ipv6_google_access":{"type":"string","description":"The private IPv6 google access type for the VMs in this subnet.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', 'PRIVATE_SERVICE_CONNECT' or 'PRIVATE_NAT'([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)).\nA subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nA subnetwork with purpose set to 'PRIVATE_NAT' is used as source range for Private NAT gateways.\nNote that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers.\nIf unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The GCP region for this subnetwork.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The role of subnetwork.\nCurrently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: [\"ACTIVE\", \"BACKUP\"]","description_kind":"plain","optional":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description":"An array of configurations for secondary IP ranges for VM instances\ncontained in this subnetwork. The primary IP of such VM must belong\nto the primary ipCidrRange of the subnetwork. The alias IPs may belong\nto either primary or secondary ranges.\n\n**Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid\nbreaking users during the 0.12 upgrade. To explicitly send a list\nof zero objects you must use the following syntax:\n'example=[]'\nFor more details about this behavior, see [this section](https://www.terraform.io/docs/configuration/attr-as-blocks.html#defining-a-fixed-object-collection-value).","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_interval":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"]","description_kind":"plain","optional":true},"filter_expr":{"type":"string","description":"Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.","description_kind":"plain","optional":true},"metadata":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"]","description_kind":"plain","optional":true},"metadata_fields":{"type":["set","string"],"description":"List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.","description_kind":"plain","optional":true}},"description":"This field denotes the VPC flow logging options for this subnetwork. If\nlogging is enabled, logs are exported to Cloud Logging. Flow logging\nisn't supported if the subnet 'purpose' field is set to subnetwork is\n'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_target_grpc_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource\nis created. The name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long\nand match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL with id for the resource.","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"URL to the UrlMap resource that defines the mapping from URL to\nthe BackendService. The protocol field in the BackendService\nmust be set to GRPC.","description_kind":"plain","optional":true},"validate_for_proxyless":{"type":"bool","description":"If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"quic_override":{"type":"string","description":"Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates can not be defined together.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_instance":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The Compute instance VM handling traffic for this target instance.\nAccepts the instance self-link, relative path\n(e.g. 'projects/project/zones/zone/instances/instance') or name. If\nname is given, the zone will default to the given zone or\nthe provider-default zone and the project will default to the\nprovider-level project.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"nat_policy":{"type":"string","description":"NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description":"URL of the zone where the target instance resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_pool":{"version":0,"block":{"attributes":{"backup_pool":{"type":"string","description":"URL to the backup target pool. Must also set failover_ratio.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Textual description field.","description_kind":"plain","optional":true},"failover_ratio":{"type":"number","description":"Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).","description_kind":"plain","optional":true},"health_checks":{"type":["list","string"],"description":"List of zero or one health check name or self_link. Only legacy google_compute_http_health_check is supported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"List of instances in the pool. They can be given as URLs, or in the form of \"zone/name\". Note that the instances need not exist at the time of target pool creation, so there is no need to use the Terraform interpolators to create a dependency on the instances from the target pool.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by GCE. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Where the target pool resides. Defaults to project region.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_ssl_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resources that are used to authenticate\nconnections between users and the load balancer. At least one\nSSL certificate must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetSslProxy resource. If not set, the TargetSslProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given rules match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase\nletter, and all following characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions\nlike URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend.\nIf defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService\nis set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained. The default is set to false.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid hostnames, except * will\nmatch any string of ([a-z0-9-.]*). In that case, * must be the first character\nand must be followed in the pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of the URL if the\nhostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given paths match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket to use if any of the given paths match.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n* unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0] - -3 will match. - 0 will\nnot match. - 0.25 will not match. - -3someString will not match. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n - MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n - MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction\nis not set, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set\nto false, the URL scheme of the redirected request will remain the same as that\nof the request. This must only be set for UrlMaps used in TargetHttpProxys.\nSetting this true for TargetHttpsProxy is not permitted. Defaults to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. Only one of pathRedirect or prefixRedirect must be\nspecified. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained. Defaults to false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket link that should be matched by this test.","description_kind":"plain","required":true}},"description":"The list of expected URL mapping tests. Request to update this UrlMap will\nsucceed only if all of the test cases pass. You can specify a maximum of 100\ntests per UrlMap.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_tunnel":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"detailed_status":{"type":"string","description":"Detailed status message for the VPN tunnel.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ike_version":{"type":"number","description":"IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this VpnTunnel.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"local_traffic_selector":{"type":["set","string"],"description":"Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63\ncharacters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\nmust be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_external_gateway":{"type":"string","description":"URL of the peer side external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_external_gateway_interface":{"type":"number","description":"The interface ID of the external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_gcp_gateway":{"type":"string","description":"URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.\nIf provided, the VPN tunnel will automatically use the same vpn_gateway_interface\nID in the peer GCP VPN gateway.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"peer_ip":{"type":"string","description":"IP address of the peer VPN gateway. Only IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.","description_kind":"plain","optional":true,"computed":true},"remote_traffic_selector":{"type":["set","string"],"description":"Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of router resource to be used for dynamic routing.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.","description_kind":"plain","required":true,"sensitive":true},"shared_secret_hash":{"type":"string","description":"Hash of the shared secret.","description_kind":"plain","computed":true},"target_vpn_gateway":{"type":"string","description":"URL of the Target VPN gateway with which this VPN tunnel is\nassociated.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tunnel_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"vpn_gateway":{"type":"string","description":"URL of the VPN gateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is created.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"vpn_gateway_interface":{"type":"number","description":"The interface ID of the VPN gateway with which this VPN tunnel is associated.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time this note was created.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"Time of expiration for this note. Leave empty if note does not expire.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The type of analysis this note describes","description_kind":"plain","computed":true},"long_description":{"type":"string","description":"A detailed description of the note","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the note.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"related_note_names":{"type":["set","string"],"description":"Names of other notes related to this note.","description_kind":"plain","optional":true},"short_description":{"type":"string","description":"A one sentence description of the note.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time this note was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation_authority":{"nesting_mode":"list","block":{"block_types":{"hint":{"nesting_mode":"list","block":{"attributes":{"human_readable_name":{"type":"string","description":"The human readable name of this Attestation Authority, for\nexample \"qa\".","description_kind":"plain","required":true}},"description":"This submessage provides human-readable hints about the purpose of\nthe AttestationAuthority. Because the name of a Note acts as its\nresource reference, it is important to disambiguate the canonical\nname of the Note (which might be a UUID for security purposes)\nfrom \"readable\" names more suitable for debug output. Note that\nthese hints should NOT be used to look up AttestationAuthorities\nin security sensitive contexts, such as when looking up\nAttestations to verify.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Note kind that represents a logical attestation \"role\" or \"authority\".\nFor example, an organization might have one AttestationAuthority for\n\"QA\" and one for \"build\". This Note is intended to act strictly as a\ngrouping mechanism for the attached Occurrences (Attestations). This\ngrouping mechanism also provides a security boundary, since IAM ACLs\ngate the ability for a principle to attach an Occurrence to a given\nNote. It also provides a single point of lookup to find all attached\nAttestation Occurrences, even if they don't all live in the same\nproject.","description_kind":"plain"},"min_items":1,"max_items":1},"related_url":{"nesting_mode":"set","block":{"attributes":{"label":{"type":"string","description":"Label to describe usage of the URL","description_kind":"plain","optional":true},"url":{"type":"string","description":"Specific URL associated with the resource.","description_kind":"plain","required":true}},"description":"URLs associated with this note and related metadata.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_analysis_occurrence":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The note kind which explicitly denotes which of the occurrence\ndetails are specified. This field can be used as a filter in list\nrequests.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the occurrence.","description_kind":"plain","computed":true},"note_name":{"type":"string","description":"The analysis note associated with this occurrence, in the form of\nprojects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a\nfilter in list requests.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remediation":{"type":"string","description":"A description of actions that can be taken to remedy the note.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"Required. Immutable. A URI that represents the resource for which\nthe occurrence applies. For example,\nhttps://gcr.io/project/image@sha256:123abc for a Docker image.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation":{"nesting_mode":"list","block":{"attributes":{"serialized_payload":{"type":"string","description":"The serialized payload that is verified by one or\nmore signatures. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"signatures":{"nesting_mode":"set","block":{"attributes":{"public_key_id":{"type":"string","description":"The identifier for the public key that verifies this\nsignature. MUST be an RFC3986 conformant\nURI. * When possible, the key id should be an\nimmutable reference, such as a cryptographic digest.\nExamples of valid values:\n\n* OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\n for more details on this scheme.\n * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'\n* RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"","description_kind":"plain","required":true},"signature":{"type":"string","description":"The content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be\nunambiguously provided with the Signature during\nverification. A wrapper message might provide the\npayload explicitly. Alternatively, a message might\nhave a canonical serialization that can always be\nunambiguously computed to derive the payload.","description_kind":"plain","optional":true}},"description":"One or more signatures over serializedPayload.\nVerifier implementations should consider this attestation\nmessage verified if at least one signature verifies\nserializedPayload. See Signature in common.proto for more\ndetails on signature structure and verification.","description_kind":"plain"},"min_items":1}},"description":"Occurrence that represents a single \"attestation\". The authenticity\nof an attestation can be verified using the attached signature.\nIf the verifier trusts the public key of the signer, then verifying\nthe signature is sufficient to establish trust. In this circumstance,\nthe authority to which this attestation is attached is primarily\nuseful for lookup (how to find this attestation if you already\nknow the authority and artifact to be verified) and intent (for\nwhich authority this attestation was intended to sign.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_attached_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster_region":{"type":"string","description":"Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine what flags to send on delete.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"distribution":{"type":"string","description":"The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\".","description_kind":"plain","required":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"errors":{"type":["list",["object",{"message":"string"}]],"description":"A set of errors found in the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_version":{"type":"string","description":"The Kubernetes version of the cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"platform_version":{"type":"string","description":"The platform version for the cluster (e.g. '1.23.0-gke.1').","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"attributes":{"admin_groups":{"type":["list","string"],"description":"Groups that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the groups. Up to ten admin groups can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true},"admin_users":{"type":["list","string"],"description":"Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Configure Binary Authorization evaluation mode. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization configuration.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","required":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"logging_config":{"nesting_mode":"list","block":{"block_types":{"component_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"]","description_kind":"plain","optional":true}},"description":"The configuration of the logging components","description_kind":"plain"},"max_items":1}},"description":"Logging configuration.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"managed_prometheus_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Managed Collection.","description_kind":"plain","optional":true}},"description":"Enable Google Cloud Managed Service for Prometheus in the cluster.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration.","description_kind":"plain"},"max_items":1},"oidc_config":{"nesting_mode":"list","block":{"attributes":{"issuer_url":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'","description_kind":"plain","required":true},"jwks":{"type":"string","description":"OIDC verification keys in JWKS format (RFC 7517).","description_kind":"plain","optional":true}},"description":"OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"block_types":{"kubernetes_secret":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Namespace of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true}},"description":"The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.","description_kind":"plain"},"max_items":1}},"description":"Support for proxy configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM instance pofile to assign to each control plane replica.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"subnet_ids":{"type":["list","string"],"description":"The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling .","description_kind":"plain","required":true}},"block_types":{"aws_services_authentication":{"nesting_mode":"list","block":{"attributes":{"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.","description_kind":"plain","required":true},"role_session_name":{"type":"string","description":"Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`.","description_kind":"plain","optional":true,"computed":true}},"description":"Authentication configuration for management of AWS resources.","description_kind":"plain"},"min_items":1,"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain"},"min_items":1,"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"per_node_pool_sg_rules_disabled":{"type":"bool","description":"Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.","description_kind":"plain","optional":true},"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"vpc_id":{"type":"string","description":"The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The awsCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The lifecycle state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The subnet where the node pool node run.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version to run on this node pool (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the NodePool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the NodePool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM role assigned to nodes in the pool.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to nodes in this pool. The manager will automatically create security groups with minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. Key/value metadata to assign to each underlying AWS resource. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_metrics_collection":{"nesting_mode":"list","block":{"attributes":{"granularity":{"type":"string","description":"The frequency at which EC2 Auto Scaling sends aggregated data to AWS CloudWatch. The only valid value is \"1Minute\".","description_kind":"plain","required":true},"metrics":{"type":["list","string"],"description":"The metrics to enable. For a list of valid metrics, see https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html. If you specify granularity and don't specify any metrics, all metrics are enabled.","description_kind":"plain","optional":true}},"description":"Optional. Configuration related to CloudWatch metrics collection on the Auto Scaling group of the node pool. When unspecified, metrics collection is disabled.","description_kind":"plain"},"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Template for the root volume provisioned for node pool nodes. Volumes will be provisioned in the availability zone assigned to the node pool subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. The SSH configuration.","description_kind":"plain"},"max_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for the taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for the taint.","description_kind":"plain","required":true}},"description":"Optional. The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_settings":{"nesting_mode":"list","block":{"block_types":{"surge_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Settings for surge update.","description_kind":"plain"},"max_items":1}},"description":"Optional. Update settings control the speed and disruption of the node pool update.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_azure_client":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"Output only. The PEM encoded x509 certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this resource was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the client.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_region":{"type":"string","description":"The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.","description_kind":"plain","required":true},"client":{"type":"string","description":"Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/\u003cproject-number\u003e/locations/\u003cregion\u003e/azureClients/\u003cclient-id\u003e`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"resource_group_id":{"type":"string","description":"The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions/*/resourceGroups/*`","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"azure_services_authentication":{"nesting_mode":"list","block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID for Authentication configuration.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID for Authentication configuration.","description_kind":"plain","required":true}},"description":"Azure authentication configuration for management of Azure resources","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the control plane VMs are deployed. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying control plane Azure resources.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.","description_kind":"plain","required":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-id\u003e/providers/Microsoft.KeyVault/vaults/\u003ckey-vault-id\u003e/keys/\u003ckey-name\u003e` Encryption will always take the latest version of the key and hence specific version is not supported.","description_kind":"plain","required":true}},"description":"Optional. Configuration related to application-layer secrets encryption.","description_kind":"plain"},"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"replica_placements":{"nesting_mode":"list","block":{"attributes":{"azure_availability_zone":{"type":"string","description":"For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.","description_kind":"plain","required":true},"subnet_id":{"type":"string","description":"For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true}},"description":"Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.","description_kind":"plain"}},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.","description_kind":"plain","required":true},"virtual_network_id":{"type":"string","description":"The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions/*/resourceGroups/*/providers/Microsoft.Network/virtualNetworks/*` This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_availability_zone":{"type":"string","description":"Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to `1`.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The azureCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently pending changes to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the node pool VMs run. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the node pool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the node pool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying Azure resources for this node pool. This currently only includes Virtual Machine Scale Sets. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. See (/anthos/clusters/docs/azure/reference/supported-vms) for options. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each node pool machine. When unspecified, it defaults to a 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the node pool machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","optional":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","optional":true,"computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","optional":true,"computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","optional":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","optional":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","optional":true,"computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","optional":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","optional":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","optional":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","optional":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true,"computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","optional":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","optional":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","optional":true,"computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","optional":true,"computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"cloudrun_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description_kind":"plain","optional":true}},"description":"The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.","description_kind":"plain"},"max_items":1},"config_connector_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The of the Config Connector addon.","description_kind":"plain"},"max_items":1},"dns_cache_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gce_persistent_disk_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.","description_kind":"plain"},"max_items":1},"gcp_filestore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gcs_fuse_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gke_backup_agent_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"horizontal_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"http_load_balancing":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"network_policy_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.","description_kind":"plain"},"max_items":1}},"description":"The configuration for addons supported by GKE.","description_kind":"plain"},"max_items":1},"authenticator_groups_config":{"nesting_mode":"list","block":{"attributes":{"security_group":{"type":"string","description":"The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.","description_kind":"plain","required":true}},"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Binary Authorization for this cluster.","description_kind":"plain","deprecated":true,"optional":true},"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"cluster_autoscaling":{"nesting_mode":"list","block":{"attributes":{"autoscaling_profile":{"type":"string","description":"Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_provisioning_defaults":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The default image type used by NAP once a new node pool is being created.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["list","string"],"description":"Scopes that are used by NAP when creating node pools.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true}},"block_types":{"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.","description_kind":"plain","optional":true,"computed":true},"auto_upgrade":{"type":"bool","description":"Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.","description_kind":"plain","optional":true,"computed":true},"upgrade_options":{"type":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]],"description":"Specifies the Auto Upgrade knobs for the node pool.","description_kind":"plain","computed":true}},"description":"NodeManagement configuration for this NodePool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.","description_kind":"plain","optional":true},"max_unavailable":{"type":"number","description":"The maximum number of nodes that can be simultaneously unavailable during the upgrade process.","description_kind":"plain","optional":true},"strategy":{"type":"string","description":"Update strategy of the node pool.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Standard policy for the blue-green upgrade.","description_kind":"plain"},"max_items":1}},"description":"Settings for blue-green upgrade strategy.","description_kind":"plain"},"max_items":1}},"description":"Specifies the upgrade settings for NAP created node pools","description_kind":"plain"},"max_items":1}},"description":"Contains defaults for a node pool created by NAP.","description_kind":"plain"},"max_items":1},"resource_limits":{"nesting_mode":"list","block":{"attributes":{"maximum":{"type":"number","description":"Maximum amount of the resource in the cluster.","description_kind":"plain","optional":true},"minimum":{"type":"number","description":"Minimum amount of the resource in the cluster.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.","description_kind":"plain","required":true}},"description":"Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.","description_kind":"plain"}}},"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this cluster.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain"},"max_items":1},"cost_management_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.","description_kind":"plain","required":true}},"description":"Cost management configuration for the cluster.","description_kind":"plain"},"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_name":{"type":"string","description":"The key to use to encrypt/decrypt secrets.","description_kind":"plain","optional":true},"state":{"type":"string","description":"ENCRYPTED or DECRYPTED.","description_kind":"plain","required":true}},"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain"},"max_items":1},"default_snat_status":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.","description_kind":"plain","required":true}},"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain"},"max_items":1},"dns_config":{"nesting_mode":"list","block":{"attributes":{"cluster_dns":{"type":"string","description":"Which in-cluster DNS provider should be used.","description_kind":"plain","optional":true},"cluster_dns_domain":{"type":"string","description":"The suffix used for all cluster service records.","description_kind":"plain","optional":true},"cluster_dns_scope":{"type":"string","description":"The scope of access to cluster DNS records.","description_kind":"plain","optional":true}},"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain"},"max_items":1},"enable_k8s_beta_apis":{"nesting_mode":"list","block":{"attributes":{"enabled_apis":{"type":["set","string"],"description":"Enabled Kubernetes Beta APIs.","description_kind":"plain","required":true}},"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Full resource name of the registered fleet membership of the cluster.","description_kind":"plain","computed":true},"membership_id":{"type":"string","description":"Short name of the fleet membership, for example \"member-1\".","description_kind":"plain","computed":true},"membership_location":{"type":"string","description":"Location of the fleet membership, for example \"us-central1\".","description_kind":"plain","computed":true},"pre_registered":{"type":"bool","description":"Whether the cluster has been registered via the fleet API.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The Fleet host project of the cluster.","description_kind":"plain","optional":true}},"description":"Fleet configuration of the cluster.","description_kind":"plain"},"max_items":1},"gateway_api_config":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The Gateway API release channel to use for Gateway API.","description_kind":"plain","required":true}},"description":"Configuration for GKE Gateway API controller.","description_kind":"plain"},"max_items":1},"identity_service_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable the Identity Service component.","description_kind":"plain","optional":true}},"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain"},"max_items":1},"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"services_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set","description_kind":"plain","optional":true}},"block_types":{"additional_pod_ranges_config":{"nesting_mode":"list","block":{"attributes":{"pod_range_names":{"type":["set","string"],"description":"Name for pod secondary ipv4 range which has the actual range defined ahead.","description_kind":"plain","required":true}},"description":"AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for cluster level pod cidr overprovision. Default is disabled=false.","description_kind":"plain"},"max_items":1}},"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain"},"max_items":1},"logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.","description_kind":"plain","required":true}},"description":"Logging configuration for the cluster.","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"daily_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description_kind":"plain","computed":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM”, where HH : [00-23] and MM : [00-59] GMT.","description_kind":"plain"},"max_items":1},"maintenance_exclusion":{"nesting_mode":"set","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"exclusion_name":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"block_types":{"exclusion_options":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"The scope of automatic upgrades to restrict in the exclusion window.","description_kind":"plain","required":true}},"description":"Maintenance exclusion related options.","description_kind":"plain"},"max_items":1}},"description":"Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.","description_kind":"plain"},"max_items":20},"recurring_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"recurrence":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window for recurring maintenance operations.","description_kind":"plain"},"max_items":1}},"description":"The maintenance policy to use for the cluster.","description_kind":"plain"},"max_items":1},"master_auth":{"nesting_mode":"list","block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"Base64 encoded private key used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true,"sensitive":true},"cluster_ca_certificate":{"type":"string","description":"Base64 encoded public certificate that is the root of trust for the cluster.","description_kind":"plain","computed":true}},"block_types":{"client_certificate_config":{"nesting_mode":"list","block":{"attributes":{"issue_client_certificate":{"type":"bool","description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain","required":true}},"description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"gcp_public_cidrs_access_enabled":{"type":"bool","description":"Whether master is accessbile via Google Compute Engine Public IP addresses.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"External networks that can access the Kubernetes cluster master through HTTPS.","description_kind":"plain"}}},"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain"},"max_items":1},"mesh_certificates":{"nesting_mode":"list","block":{"attributes":{"enable_certificates":{"type":"bool","description":"When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","required":true}},"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_datapath_observability_config":{"nesting_mode":"list","block":{"attributes":{"enable_metrics":{"type":"bool","description":"Whether or not the advanced datapath metrics are enabled.","description_kind":"plain","required":true},"enable_relay":{"type":"bool","description":"Whether or not Relay is enabled.","description_kind":"plain","optional":true},"relay_mode":{"type":"string","description":"Mode used to make Relay available.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"description":"Configuration of Advanced Datapath Observability features.","description_kind":"plain"},"max_items":1},"managed_prometheus":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the managed collection is enabled.","description_kind":"plain","required":true}},"description":"Configuration for Google Cloud Managed Services for Prometheus.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration for the cluster.","description_kind":"plain"},"max_items":1},"network_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether network policy is enabled on the cluster.","description_kind":"plain","required":true},"provider":{"type":"string","description":"The selected network policy provider.","description_kind":"plain","optional":true}},"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"node_pool":{"nesting_mode":"list","block":{"attributes":{"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain"}},"node_pool_auto_config":{"nesting_mode":"list","block":{"block_types":{"network_tags":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"List of network tags applied to auto-provisioned node pools.","description_kind":"plain","optional":true}},"description":"Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.","description_kind":"plain"},"max_items":1}},"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain"},"max_items":1},"node_pool_defaults":{"nesting_mode":"list","block":{"block_types":{"node_config_defaults":{"nesting_mode":"list","block":{"attributes":{"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true}},"description":"Subset of NodeConfig message that has defaults.","description_kind":"plain"},"max_items":1}},"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the notification config is enabled","description_kind":"plain","required":true},"topic":{"type":"string","description":"The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":["list","string"],"description":"Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT","description_kind":"plain","required":true}},"description":"Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent","description_kind":"plain"},"max_items":1}},"description":"Notification config for Cloud Pub/Sub","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain"},"max_items":1},"private_cluster_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_endpoint":{"type":"bool","description":"When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.","description_kind":"plain","optional":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.","description_kind":"plain","optional":true,"computed":true},"peering_name":{"type":"string","description":"The name of the peering between this cluster and the Google owned VPC.","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The internal IP address of this cluster's master endpoint.","description_kind":"plain","computed":true},"private_endpoint_subnetwork":{"type":"string","description":"Subnetwork in cluster's network where master's endpoint will be provisioned.","description_kind":"plain","optional":true},"public_endpoint":{"type":"string","description":"The external IP address of this cluster's master endpoint.","description_kind":"plain","computed":true}},"block_types":{"master_global_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the cluster master is accessible globally or not.","description_kind":"plain","required":true}},"description":"Controls cluster master global access settings.","description_kind":"plain"},"max_items":1}},"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain"},"max_items":1},"release_channel":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.","description_kind":"plain","required":true}},"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain"},"max_items":1},"resource_usage_export_config":{"nesting_mode":"list","block":{"attributes":{"enable_network_egress_metering":{"type":"bool","description":"Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.","description_kind":"plain","optional":true},"enable_resource_consumption_metering":{"type":"bool","description":"Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of a BigQuery Dataset.","description_kind":"plain","required":true}},"description":"Parameters for using BigQuery as the destination of resource usage export.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.","description_kind":"plain","optional":true,"computed":true},"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain"},"max_items":1},"service_external_ips_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, services with exterenal ips specified will be allowed.","description_kind":"plain","required":true}},"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vertical_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables vertical pod autoscaling.","description_kind":"plain","required":true}},"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain"},"max_items":1},"workload_identity_config":{"nesting_mode":"list","block":{"attributes":{"workload_pool":{"type":"string","description":"The workload pool to attach all Kubernetes service accounts to.","description_kind":"plain","optional":true}},"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_node_pool":{"version":1,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster to create the node pool for. Cluster must be present in location provided for zonal clusters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) of the cluster.","description_kind":"plain","optional":true,"computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which to create the node pool. If blank, the provider-configured project will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_registry":{"version":0,"block":{"attributes":{"bucket_self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_entry":{"version":0,"block":{"attributes":{"bigquery_date_sharded_spec":{"type":["list",["object",{"dataset":"string","shard_count":"number","table_prefix":"string"}]],"description":"Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD.\nContext: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding.","description_kind":"plain","computed":true},"bigquery_table_spec":{"type":["list",["object",{"table_source_type":"string","table_spec":["list",["object",{"grouped_entry":"string"}]],"view_spec":["list",["object",{"view_query":"string"}]]}]],"description":"Specification that applies to a BigQuery table. This is only valid on entries of type TABLE.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Entry description, which can consist of several sentences or paragraphs that describe entry contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display information such as title and description. A short name to identify the entry,\nfor example, \"Analytics Data - Jan 2011\".","description_kind":"plain","optional":true},"entry_group":{"type":"string","description":"The name of the entry group this entry is in.","description_kind":"plain","required":true},"entry_id":{"type":"string","description":"The id of the entry to create.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integrated_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub.","description_kind":"plain","computed":true},"linked_resource":{"type":"string","description":"The resource this metadata entry refers to.\nFor Google Cloud Platform resources, linkedResource is the full name of the resource.\nFor example, the linkedResource for a table resource from BigQuery is:\n//bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId\nOutput only when Entry is of type in the EntryType enum. For entries with userSpecifiedType,\nthis field is optional and defaults to an empty string.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The Data Catalog resource name of the entry in URL format.\nExample: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}.\nNote that this Entry and its child resources may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"schema":{"type":"string","description":"Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema\nattached to it. See\nhttps://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema\nfor what fields this schema can contain.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the entry. Only used for Entries with types in the EntryType enum.\nCurrently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: [\"FILESET\"]","description_kind":"plain","optional":true},"user_specified_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog does not integrate with.\nuserSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers,\nand underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true},"user_specified_type":{"type":"string","description":"Entry type if it does not fit any of the input-allowed values listed in EntryType enum above.\nWhen creating an entry, users should check the enum values first, if nothing matches the entry\nto be created, then provide a custom value, for example \"my_special_type\".\nuserSpecifiedType strings must begin with a letter or underscore and can only contain letters,\nnumbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true}},"block_types":{"gcs_fileset_spec":{"nesting_mode":"list","block":{"attributes":{"file_patterns":{"type":["list","string"],"description":"Patterns to identify a set of files in Google Cloud Storage.\nSee [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames)\nfor more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns:\n\n* gs://bucket_name/dir/*: matches all files within bucket_name/dir directory.\n* gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories.\n* gs://bucket_name/file*: matches files prefixed by file in bucket_name\n* gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name\n* gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name\n* gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name\n* gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b\n* gs://another_bucket/a.txt: matches gs://another_bucket/a.txt","description_kind":"plain","required":true},"sample_gcs_file_specs":{"type":["list",["object",{"file_path":"string","size_bytes":"number"}]],"description":"Sample files contained in this fileset, not all files contained in this fileset are represented here.","description_kind":"plain","computed":true}},"description":"Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Entry group description, which can consist of several sentences or paragraphs that describe entry group contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A short name to identify the entry group, for example, \"analytics data - jan 2011\".","description_kind":"plain","optional":true},"entry_group_id":{"type":"string","description":"The id of the entry group to create. The id must begin with a letter or underscore,\ncontain only English letters, numbers and underscores, and be at most 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"EntryGroup location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag":{"version":0,"block":{"attributes":{"child_policy_tags":{"type":["list","string"],"description":"Resource names of child policy tags of this policy tag.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\"","description_kind":"plain","computed":true},"parent_policy_tag":{"type":"string","description":"Resource name of this policy tag's parent policy tag.\nIf empty, it means this policy tag is a top level policy tag.\nIf not set, defaults to an empty string.","description_kind":"plain","optional":true},"taxonomy":{"type":"string","description":"Taxonomy the policy tag is associated with","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag":{"version":0,"block":{"attributes":{"column":{"type":"string","description":"Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an\nindividual column based on that schema.\n\nFor attaching a tag to a nested column, use '.' to separate the column names. Example:\n'outer_column.inner_column'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag in URL format. Example:\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id}\nwhere tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to\nall entries in that group.","description_kind":"plain","optional":true},"template":{"type":"string","description":"The resource name of the tag template that this tag uses. Example:\nprojects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}\nThis field cannot be modified after creation.","description_kind":"plain","required":true},"template_displayname":{"type":"string","description":"The display name of the tag template.","description_kind":"plain","computed":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"bool_value":{"type":"bool","description":"Holds the value for a tag field with boolean type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of this field","description_kind":"plain","computed":true},"double_value":{"type":"number","description":"Holds the value for a tag field with double type.","description_kind":"plain","optional":true},"enum_value":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","optional":true},"field_name":{"type":"string","description_kind":"plain","required":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag. For example, a higher value can indicate\na more important field. The value can be negative. Multiple fields can have the same order, and field orders\nwithin a tag do not have to be sequential.","description_kind":"plain","computed":true},"string_value":{"type":"string","description":"Holds the value for a tag field with string type.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"Holds the value for a tag field with timestamp type.","description_kind":"plain","optional":true}},"description":"This maps the ID of a tag field to the value of and additional information about that field.\nValid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name for this template.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Template location region.","description_kind":"plain","optional":true,"computed":true},"tag_template_id":{"type":"string","description":"The id of the tag template to create.","description_kind":"plain","required":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description for this field.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The display name for this field.","description_kind":"plain","optional":true,"computed":true},"field_id":{"type":"string","description_kind":"plain","required":true},"is_required":{"type":"bool","description":"Whether this is a required field. Defaults to false.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}","description_kind":"plain","computed":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag template.\nA higher value indicates a more important field. The value can be negative.\nMultiple fields can have the same order, and field orders within a tag do not have to be sequential.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"type":{"nesting_mode":"list","block":{"attributes":{"primitive_type":{"type":"string","description":"Represents primitive types - string, bool etc.\n Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: [\"DOUBLE\", \"STRING\", \"BOOL\", \"TIMESTAMP\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enum_type":{"nesting_mode":"list","block":{"block_types":{"allowed_values":{"nesting_mode":"set","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","required":true}},"description":"The set of allowed values for this enum. The display names of the\nvalues must be case-insensitively unique within this set. Currently,\nenum values can only be added to the list of allowed values. Deletion\nand renaming of enum values are not supported.\nCan have up to 500 allowed values.","description_kind":"plain"},"min_items":1}},"description":"Represents an enum type.\n Exactly one of 'primitive_type' or 'enum_type' must be set","description_kind":"plain"},"max_items":1}},"description":"The type of value this tag field can contain.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy":{"version":0,"block":{"attributes":{"activated_policy_types":{"type":["list","string"],"description":"A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"]","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this taxonomy.\nThe taxonomy display name must be unique within an organization.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Taxonomy location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance":{"version":0,"block":{"attributes":{"api_endpoint":{"type":"string","description":"Endpoint on which the REST APIs is accessible.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"dataproc_service_account":{"type":"string","description":"User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of the instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name for an instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_rbac":{"type":"bool","description":"Option to enable granular role-based access control.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Option to enable Stackdriver Logging.","description_kind":"plain","optional":true},"enable_stackdriver_monitoring":{"type":"bool","description":"Option to enable Stackdriver Monitoring.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket generated by Data Fusion in the customer project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for instance to use to annotate any related underlying resources,\nsuch as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"options":{"type":["map","string"],"description":"Map of additional options used to configure the behavior of Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"p4_service_account":{"type":"string","description":"P4 service account for the customer project.","description_kind":"plain","computed":true},"private_instance":{"type":"bool","description":"Specifies whether the Data Fusion instance should be private. If set to\ntrue, all Data Fusion nodes will have private IP addresses and will not be\nable to access the public internet.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"service_endpoint":{"type":"string","description":"Endpoint on which the Data Fusion UI and REST APIs are accessible.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this Data Fusion instance.\n- CREATING: Instance is being created\n- RUNNING: Instance is running and ready for requests\n- FAILED: Instance creation failed\n- DELETING: Instance is being deleted\n- UPGRADING: Instance is being upgraded\n- RESTARTING: Instance is being restarted","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of this Data Fusion instance if available.","description_kind":"plain","computed":true},"tenant_project_id":{"type":"string","description":"The name of the tenant project.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Represents the type of Data Fusion instance. Each type is configured with\nthe default settings for processing and memory.\n- BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines\nusing point and click UI. However, there are certain limitations, such as fewer number\nof concurrent pipelines, no support for streaming pipelines, etc.\n- ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features\navailable, such as support for streaming pipelines, higher number of concurrent pipelines, etc.\n- DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but\nwith restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration\npipelines at low cost. Possible values: [\"BASIC\", \"ENTERPRISE\", \"DEVELOPER\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time the instance was last updated in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"version":{"type":"string","description":"Current version of the Data Fusion.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"CDC\", \"HEALTHCARE\", \"CCAI_INSIGHTS\"]","description_kind":"plain","required":true},"state":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true}},"description":"List of accelerators enabled for this CDF instance.\n\nIf accelerators are enabled it is possible a permadiff will be created with the Options field.\nUsers will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes).","description_kind":"plain"}},"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"event_publish_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Option to enable Event Publishing.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}","description_kind":"plain","required":true}},"description":"Option to enable and pass metadata for event publishing.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"ip_allocation":{"type":"string","description":"The IP range in CIDR notation to use for the managed Data Fusion instance\nnodes. This range must not overlap with any other ranges used in the Data Fusion instance network.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the network in the project with which the tenant project\nwill be peered for executing pipelines. In case of shared VPC where the network resides in another host\nproject the network should specified in the form of projects/{host-project-id}/global/networks/{network}","description_kind":"plain","required":true}},"description":"Network configuration options. These are required when a private Data Fusion instance is to be created.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_fusion_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_loss_prevention_deidentify_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"deidentify_config":{"nesting_mode":"list","block":{"block_types":{"image_transformations":{"nesting_mode":"list","block":{"block_types":{"transforms":{"nesting_mode":"list","block":{"block_types":{"all_info_types":{"nesting_mode":"list","block":{"description":"Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes.","description_kind":"plain"},"max_items":1},"all_text":{"nesting_mode":"list","block":{"description":"Apply transformation to all text that doesn't match an infoType.","description_kind":"plain"},"max_items":1},"redaction_color":{"nesting_mode":"list","block":{"attributes":{"blue":{"type":"number","description":"The amount of blue in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"green":{"type":"number","description":"The amount of green in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"red":{"type":"number","description":"The amount of red in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true}},"description":"The color to use when redacting content from an image. If not specified, the default is black.","description_kind":"plain"},"max_items":1},"selected_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"},"min_items":1}},"description":"Apply transformation to the selected infoTypes.","description_kind":"plain"},"max_items":1}},"description":"For determination of how redaction of images should occur.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as an image and redact.","description_kind":"plain"},"max_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"attributes":{"replace_with_info_type_config":{"type":"bool","description":"Replace each matching finding with the name of the info type.","description_kind":"plain","optional":true}},"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character.\nMasking can start from the beginning or end of the string.","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"Range of shift in days. Negative means shift to earlier in time.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends).\nNegative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"An integer value.","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a\nyear by itself or a year and month where the day is not significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Primitive transformation to apply to the infoType.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as free-form text and apply the same free text transformation everywhere","description_kind":"plain"},"max_items":1},"record_transformations":{"nesting_mode":"list","block":{"block_types":{"field_transformations":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against.\nThe 'value' block must only contain one argument. For example when a condition is evaluated against a string-type field, only 'string_value' should be set.\nThis argument is mandatory, except for conditions using the 'EXISTS' operator.","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression.","description_kind":"plain"},"max_items":1}},"description":"Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation.\nExample Use Cases:\n- Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.\n- Redact a field if the date of birth field is greater than 85.","description_kind":"plain"},"max_items":1},"fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId.\nFieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".","description_kind":"plain"},"min_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"},"min_items":1}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking. Only one of this or 'common_characters_to_ignore' must be specified.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Only one of this or 'characters_to_skip' must be specified. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Only one of this, 'custom_alphabet' or 'radix' must be specified. Possible values: [\"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''. Only one of this, 'common_alphabet' or 'radix' must be specified.","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\]. Only one of this, 'custom_alphabet' or 'common_alphabet' must be specified.","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"replace_with_info_type_config":{"nesting_mode":"list","block":{"description":"Replace each matching finding with the name of the info type.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","required":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the contents of the field as free text, and selectively transform content that matches an InfoType.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a specified value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Transform the record by applying various field transformations.","description_kind":"plain"}},"record_suppressions":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against. [Mandatory, except for EXISTS tests.]","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression, consisting of an operator and conditions.","description_kind":"plain"},"max_items":1}},"description":"A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.","description_kind":"plain"},"max_items":1}},"description":"Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.","description_kind":"plain"}}},"description":"Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the deidentify template","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_inspect_template":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the inspect template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the inspect template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the inspect template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the inspect template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"inspect_config":{"nesting_mode":"list","block":{"attributes":{"content_options":{"type":["list","string"],"description":"List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: [\"CONTENT_TEXT\", \"CONTENT_IMAGE\"]","description_kind":"plain","optional":true},"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","required":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","required":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","required":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"},"min_items":1},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider.","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider.","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.\nFor tabular data, the context includes the column name.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_job_trigger":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the job trigger.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the job trigger.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_run_time":{"type":"string","description":"The timestamp of the last time this trigger executed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the job trigger. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the trigger, either in the format 'projects/{{project}}'\nor 'projects/{{project}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Whether the trigger is currently active. Default value: \"HEALTHY\" Possible values: [\"PAUSED\", \"HEALTHY\", \"CANCELLED\"]","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The trigger id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+.\nThe maximum length is 100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"inspect_job":{"nesting_mode":"list","block":{"attributes":{"inspect_template_name":{"type":"string","description":"The name of the template to run when this job is triggered.","description_kind":"plain","optional":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"deidentify":{"nesting_mode":"list","block":{"attributes":{"cloud_storage_output":{"type":"string","description":"User settable Cloud Storage bucket and folders to store de-identified files.\n\nThis field must be set for cloud storage deidentification.\n\nThe output Cloud Storage bucket must be different from the input bucket.\n\nDe-identified files will overwrite files in the output path.\n\nForm of: gs://bucket/folder/ or gs://bucket","description_kind":"plain","required":true},"file_types_to_transform":{"type":["list","string"],"description":"List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed.\n\nIf empty, all supported files will be transformed. Supported types may be automatically added over time.\n\nIf a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Possible values: [\"IMAGE\", \"TEXT_FILE\", \"CSV\", \"TSV\"]","description_kind":"plain","optional":true}},"block_types":{"transformation_config":{"nesting_mode":"list","block":{"attributes":{"deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the default de-identify template.","description_kind":"plain","optional":true},"image_redact_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for images.","description_kind":"plain","optional":true},"structured_deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables.","description_kind":"plain","optional":true}},"description":"User specified deidentify templates and configs for structured, unstructured, and image files.","description_kind":"plain"},"max_items":1},"transformation_details_storage_config":{"nesting_mode":"list","block":{"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","optional":true}},"description":"The BigQuery table in which to store the output.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Config for storing transformation details.","description_kind":"plain"},"max_items":1}},"description":"Create a de-identified copy of the requested table or files.","description_kind":"plain"},"max_items":1},"job_notification_emails":{"nesting_mode":"list","block":{"description":"Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.","description_kind":"plain"},"max_items":1},"pub_sub":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to.","description_kind":"plain","required":true}},"description":"Publish a message into a given Pub/Sub topic when the job completes.","description_kind":"plain"},"max_items":1},"publish_findings_to_cloud_data_catalog":{"nesting_mode":"list","block":{"description":"Publish findings of a DlpJob to Data Catalog.","description_kind":"plain"},"max_items":1},"publish_summary_to_cscc":{"nesting_mode":"list","block":{"description":"Publish the result summary of a DlpJob to the Cloud Security Command Center.","description_kind":"plain"},"max_items":1},"publish_to_stackdriver":{"nesting_mode":"list","block":{"description":"Enable Stackdriver metric dlp.googleapis.com/findingCount.","description_kind":"plain"},"max_items":1},"save_findings":{"nesting_mode":"list","block":{"block_types":{"output_config":{"nesting_mode":"list","block":{"attributes":{"output_schema":{"type":"string","description":"Schema used for writing the findings for Inspect jobs. This field is only used for\nInspect and must be unspecified for Risk jobs. Columns are derived from the Finding\nobject. If appending to an existing table, any columns from the predefined schema\nthat are missing will be added. No columns in the existing table will be deleted.\n\nIf unspecified, then all available columns will be used for a new table or an (existing)\ntable with no schema, and no changes will be made to an existing table that has a schema.\nOnly for use with external storage. Possible values: [\"BASIC_COLUMNS\", \"GCS_COLUMNS\", \"DATASTORE_COLUMNS\", \"BIG_QUERY_COLUMNS\", \"ALL_COLUMNS\"]","description_kind":"plain","optional":true}},"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table. If is not set a new one will be generated for you with the following format:\n'dlp_googleapis_yyyy_mm_dd_[dlp_job_id]'. Pacific timezone will be used for generating the date details.","description_kind":"plain","optional":true}},"description":"Information on the location of the target BigQuery Table.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to store output","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk","description_kind":"plain"},"max_items":1}},"description":"Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in [attribute-as-blocks mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html).","description_kind":"plain"}},"inspect_config":{"nesting_mode":"list","block":{"attributes":{"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","optional":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","optional":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","optional":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"}},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"block_types":{"big_query_options":{"nesting_mode":"list","block":{"attributes":{"rows_limit":{"type":"number","description":"Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted.\nIf not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be\nspecified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"rows_limit_percent":{"type":"number","description":"Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of\nrowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either\nrowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. Default value: \"TOP\" Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"excluded_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field excluded from scanning.","description_kind":"plain","required":true}},"description":"References to fields excluded from scanning.\nThis allows you to skip inspection of entire columns which you know have no findings.","description_kind":"plain"}},"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of a BigQuery field to be returned with the findings.","description_kind":"plain","required":true}},"description":"Specifies the BigQuery fields that will be returned with findings.\nIf not specified, no identifying fields will be returned for findings.","description_kind":"plain"}},"included_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field to which scanning is limited.","description_kind":"plain","required":true}},"description":"Limit scanning only to these fields.","description_kind":"plain"}},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining BigQuery table and row identifiers.","description_kind":"plain"},"max_items":1},"cloud_storage_options":{"nesting_mode":"list","block":{"attributes":{"bytes_limit_per_file":{"type":"number","description":"Max number of bytes to scan from a file. If a scanned file's size is bigger than this value\nthen the rest of the bytes are omitted.","description_kind":"plain","optional":true},"bytes_limit_per_file_percent":{"type":"number","description":"Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"file_types":{"type":["list","string"],"description":"List of file type groups to include in the scan. If empty, all files are scanned and available data\nformat processors are applied. In addition, the binary content of the selected files is always scanned as well.\nImages are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: [\"BINARY_FILE\", \"TEXT_FILE\", \"IMAGE\", \"WORD\", \"PDF\", \"AVRO\", \"CSV\", \"TSV\", \"POWERPOINT\", \"EXCEL\"]","description_kind":"plain","optional":true},"files_limit_percent":{"type":"number","description":"Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile.\nIf not specified, scanning would start from the top. Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The Cloud Storage url of the file(s) to scan, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard\nin the path is allowed.\n\nIf the url ends in a trailing slash, the bucket or directory represented by the url will be scanned\nnon-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is\nequivalent to 'gs://mybucket/*', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/*'.","description_kind":"plain","optional":true}},"block_types":{"regex_file_set":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The name of a Cloud Storage bucket.","description_kind":"plain","required":true},"exclude_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to exclude. All files in the bucket that match at\nleast one of these regular expressions will be excluded from the scan.","description_kind":"plain","optional":true},"include_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to include. All files in the bucket\nthat match at least one of these regular expressions will be included in the set of files,\nexcept for those that also match an item in excludeRegex. Leaving this field empty will\nmatch all files by default (this is equivalent to including .* in the list)","description_kind":"plain","optional":true}},"description":"The regex-filtered set of files to scan.","description_kind":"plain"},"max_items":1}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a file or a set of files within a Google Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"datastore_options":{"nesting_mode":"list","block":{"block_types":{"kind":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the Datastore kind.","description_kind":"plain","required":true}},"description":"A representation of a Datastore kind.","description_kind":"plain"},"min_items":1,"max_items":1},"partition_id":{"nesting_mode":"list","block":{"attributes":{"namespace_id":{"type":"string","description":"If not empty, the ID of the namespace to which the entities belong.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the project to which the entities belong.","description_kind":"plain","required":true}},"description":"Datastore partition ID. A partition ID identifies a grouping of entities. The grouping\nis always by project and namespace, however the namespace ID may be empty.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a data set within Google Cloud Datastore.","description_kind":"plain"},"max_items":1},"hybrid_options":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A short description of where the data is coming from. Will be stored once in the job. 256 max length.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"To organize findings, these labels will be added to each finding.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nLabel values must be between 0 and 63 characters long and must conform to the regular expression '([a-z]([-a-z0-9]*[a-z0-9])?)?'.\n\nNo more than 10 labels can be associated with a given finding.\n\nExamples:\n* '\"environment\" : \"production\"'\n* '\"pipeline\" : \"etl\"'","description_kind":"plain","optional":true},"required_finding_label_keys":{"type":["list","string"],"description":"These are labels that each inspection request must include within their 'finding_labels' map. Request\nmay contain others, but any missing one of these will be rejected.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nNo more than 10 keys can be required.","description_kind":"plain","optional":true}},"block_types":{"table_options":{"nesting_mode":"list","block":{"block_types":{"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The columns that are the primary keys for table objects included in ContentItem. A copy of this\ncell's value will stored alongside alongside each finding so that the finding can be traced to\nthe specific row it came from. No more than 3 may be provided.","description_kind":"plain"}}},"description":"If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.","description_kind":"plain"},"max_items":1}},"description":"Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.","description_kind":"plain"},"max_items":1},"timespan_config":{"nesting_mode":"list","block":{"attributes":{"enable_auto_population_of_timespan_config":{"type":"bool","description":"When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid\nscanning files that have not been modified since the last time the JobTrigger executed. This will\nbe based on the time of the execution of the last run of the JobTrigger or the timespan endTime\nused in the last run of the JobTrigger.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.","description_kind":"plain","optional":true}},"block_types":{"timestamp_field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery.\n\nFor BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was\nmodified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp\nfield are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column.\n\nFor Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the\ntimestamp property does not exist or its value is empty or invalid.","description_kind":"plain","required":true}},"description":"Specification of the field containing the timestamp of scanned items.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the timespan of the items to include in scanning","description_kind":"plain"},"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Controls what and how to inspect for findings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"triggers":{"nesting_mode":"list","block":{"block_types":{"manual":{"nesting_mode":"list","block":{"description":"For use with hybrid jobs. Jobs must be manually created and finished.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"recurrence_period_duration":{"type":"string","description":"With this option a job is started a regular periodic basis. For example: every day (86400 seconds).\n\nA scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs.\n\nThis value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Schedule for triggered jobs","description_kind":"plain"},"max_items":1}},"description":"What event needs to occur for a new job to be started.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_data_loss_prevention_stored_info_type":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the info type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the info type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the info type. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the info type in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"stored_info_type_id":{"type":"string","description":"The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100\ncharacters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"large_custom_dictionary":{"nesting_mode":"list","block":{"block_types":{"big_query_field":{"nesting_mode":"list","block":{"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Designated field in the BigQuery table.","description_kind":"plain"},"min_items":1,"max_items":1},"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"max_items":1},"cloud_storage_file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The url, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard in the path is allowed.","description_kind":"plain","required":true}},"description":"Set of files containing newline-delimited lists of dictionary phrases.","description_kind":"plain"},"max_items":1},"output_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API.\nIf any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_pipeline_pipeline":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the pipeline was initially created. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_count":{"type":"number","description":"Number of jobs.","description_kind":"plain","computed":true},"last_update_time":{"type":"string","description":"The timestamp when the pipeline was last modified. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"\"The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID.\"\n\"- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects.\"\n\"LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions.\"\n\"PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location.\"","description_kind":"plain","required":true},"pipeline_sources":{"type":["map","string"],"description":"The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region","description_kind":"plain","optional":true},"scheduler_service_account_email":{"type":"string","description":"Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state Possible values: [\"STATE_UNSPECIFIED\", \"STATE_RESUMING\", \"STATE_ACTIVE\", \"STATE_STOPPING\", \"STATE_ARCHIVED\", \"STATE_PAUSED\"]","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype Possible values: [\"PIPELINE_TYPE_UNSPECIFIED\", \"PIPELINE_TYPE_BATCH\", \"PIPELINE_TYPE_STREAMING\"]","description_kind":"plain","required":true}},"block_types":{"schedule_info":{"nesting_mode":"list","block":{"attributes":{"next_job_time":{"type":"string","description":"When the next Scheduler job is going to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"schedule":{"type":"string","description":"Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed.","description_kind":"plain","optional":true}},"description":"Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workload":{"nesting_mode":"list","block":{"block_types":{"dataflow_flex_template_request":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The regional endpoint to which to direct the request. For example, us-central1, us-west1.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description":"If true, the request is validated but not actually executed. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"launch_parameter":{"nesting_mode":"list","block":{"attributes":{"container_spec_gcs_path":{"type":"string","description":"Cloud Storage path to a file with a JSON-serialized ContainerSpec as content.","description_kind":"plain","optional":true},"job_name":{"type":"string","description":"The job name to use for the created job. For an update job request, the job name should be the same as the existing running job.","description_kind":"plain","required":true},"launch_options":{"type":["map","string"],"description":"Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"'The parameters for the Flex Template. Example: {\"numWorkers\":\"5\"}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mappings":{"type":["map","string"],"description":"'Use this to pass transform name mappings for streaming update jobs. Example: {\"oldTransformName\":\"newTransformName\",...}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"flexrs_goal":{"type":"string","description":"Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal Possible values: [\"FLEXRS_UNSPECIFIED\", \"FLEXRS_SPEED_OPTIMIZED\", \"FLEXRS_COST_OPTIMIZED\"]","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the Flex Template job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"Parameter to launch a job from a Flex Template.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the flex launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest","description_kind":"plain"},"max_items":1},"dataflow_launch_template_request":{"nesting_mode":"list","block":{"attributes":{"gcs_path":{"type":"string","description":"A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The regional endpoint to which to direct the request.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description_kind":"plain","optional":true}},"block_types":{"launch_parameters":{"nesting_mode":"list","block":{"attributes":{"job_name":{"type":"string","description":"The job name to use for the created job.","description_kind":"plain","required":true},"parameters":{"type":["map","string"],"description":"The runtime parameters to pass to the job.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mapping":{"type":["map","string"],"description":"Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"bypass_temp_dir_validation":{"type":"bool","description":"Whether to bypass the safety checks for the job's temporary directory. Use with caution.","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true,"computed":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"The parameters of the template to launch. This should be part of the body of the POST request.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters","description_kind":"plain"},"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the standard launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest","description_kind":"plain"},"max_items":1}},"description":"Workload information for creating new jobs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_database_migration_service_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The ID of the connection profile.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dbprovider":{"type":"string","description":"The database provider.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The connection profile display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the connection profile should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"alloydb":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The AlloyDB cluster ID that this connection profile is associated with.","description_kind":"plain","required":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels for the AlloyDB cluster created by DMS.","description_kind":"plain","optional":true},"vpc_network":{"type":"string","description":"Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.","description_kind":"plain","required":true}},"block_types":{"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates if the initialUser.password field has been set.","description_kind":"plain","computed":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","required":true}},"description":"Required. Input only. Initial user to setup during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"primary_instance_settings":{"nesting_mode":"list","block":{"attributes":{"database_flags":{"type":["map","string"],"description":"Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The database username.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels for the AlloyDB primary instance created by DMS.","description_kind":"plain","optional":true},"private_ip":{"type":"string","description":"Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","required":true}},"description":"Configuration for the machines that host the underlying database engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for the cluster's primary instance","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination AlloyDB cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.","description_kind":"plain"},"max_items":1},"cloudsql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"Output only. The Cloud SQL instance ID that this connection profile is associated with.","description_kind":"plain","computed":true},"private_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's private IP.","description_kind":"plain","computed":true},"public_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's public IP.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. Possible values: [\"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true},"auto_storage_increase":{"type":"bool","description":"If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.\nIf the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.","description_kind":"plain","optional":true},"cmek_key_name":{"type":"string","description":"The KMS key name used for the csql instance.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The Cloud SQL default instance level collation.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"string","description":"The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"The type of storage. Possible values: [\"PD_SSD\", \"PD_HDD\"]","description_kind":"plain","optional":true},"database_flags":{"type":["map","string"],"description":"The database flags passed to the Cloud SQL instance at startup.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The database engine type and version.\nCurrently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the given Cloud SQL instance. Possible values: [\"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"root_password":{"type":"string","description":"Input only. Initial root password.","description_kind":"plain","optional":true,"sensitive":true},"root_password_set":{"type":"bool","description":"Output only. Indicates If this connection profile root password is stored.","description_kind":"plain","computed":true},"source_id":{"type":"string","description":"The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID","description_kind":"plain","required":true},"storage_auto_resize_limit":{"type":"string","description":"The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).\nFor more information, see https://cloud.google.com/sql/docs/mysql/instance-settings","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.","description_kind":"plain","optional":true}},"block_types":{"ip_config":{"nesting_mode":"list","block":{"attributes":{"enable_ipv4":{"type":"bool","description":"Whether the instance should be assigned an IPv4 address or not.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.\nThis setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP should be enforced or not.","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time when this access control entry expires in RFC 3339 format.","description_kind":"plain","optional":true},"label":{"type":"string","description":"A label to identify this entry.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Input only. The time-to-leave of this access control entry.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The allowlisted value for the access control list.","description_kind":"plain","required":true}},"description":"The list of external networks that are allowed to connect to the instance using the IP.","description_kind":"plain"}}},"description":"The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination Cloud SQL database.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for MySQL databases.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"database_service":{"type":"string","description":"Required. Database service for the Oracle connection.","description_kind":"plain","required":true},"host":{"type":"string","description":"Required. The IP or hostname of the source Oracle database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source Oracle database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Required. Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"Input only. SSH password. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel, default value is 22.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"Input only. SSH private key. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Required. Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"Required. The resource name (URI) of the private connection.","description_kind":"plain","required":true}},"description":"Configuration for using a private network to communicate with the source database","description_kind":"plain"},"max_items":1},"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"static_service_ip_connectivity":{"nesting_mode":"list","block":{"description":"This object has no nested fields.\n\nStatic IP address connectivity configured on service project.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for Oracle databases.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"network_architecture":{"type":"string","description":"Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for PostgreSQL databases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_database_migration_service_private_connection":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc_name":{"type":"string","description":"Fully qualified name of the VPC that Database Migration Service will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween databasemigrationservice and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataflow_job":{"version":1,"block":{"attributes":{"additional_experiments":{"type":["set","string"],"description":"List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_streaming_engine":{"type":"bool","description":"Indicates if the job should use the streaming engine feature.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_configuration":{"type":"string","description":"The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".","description_kind":"plain","optional":true},"job_id":{"type":"string","description":"The unique ID of this job.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. NOTE: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource, required by Dataflow.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which VMs will be assigned. If it is not provided, \"default\" will be used.","description_kind":"plain","optional":true},"on_delete":{"type":"string","description":"One of \"drain\" or \"cancel\". Specifies behavior of deletion during terraform destroy.","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Key/Value pairs to be passed to the Dataflow job (as used in the template).","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created job should run.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The Service Account email used to create the job.","description_kind":"plain","optional":true},"skip_wait_on_job_termination":{"type":"bool","description":"If true, treat DRAINING and CANCELLING as terminal job states and do not wait for further changes before removing from terraform state and moving on. WARNING: this will lead to job name conflicts if you do not ensure that the job names are different, e.g. by embedding a release ID or by using a random_id.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The current state of the resource, selected from the JobState enum.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork to which VMs will be assigned. Should be of the form \"regions/REGION/subnetworks/SUBNETWORK\".","description_kind":"plain","optional":true},"temp_gcs_location":{"type":"string","description":"A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.","description_kind":"plain","required":true},"template_gcs_path":{"type":"string","description":"The Google Cloud Storage path to the Dataflow job template.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"transform_name_mapping":{"type":["map","string"],"description":"Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of this job, selected from the JobType enum.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone in which the created job should run. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the asset was created.","description_kind":"plain","computed":true},"dataplex_zone":{"type":"string","description":"The zone for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the asset.","description_kind":"plain","optional":true},"discovery_status":{"type":["list",["object",{"last_run_duration":"string","last_run_time":"string","message":"string","state":"string","stats":["list",["object",{"data_items":"number","data_size":"number","filesets":"number","tables":"number"}]],"update_time":"string"}]],"description":"Output only. Status of the discovery feature applied to data referenced by this asset.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the asset.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the asset.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"resource_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the resource referenced by this asset.","description_kind":"plain","computed":true},"security_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the security policy applied to resource referenced by this asset.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the asset was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data referenced by this asset. When this spec is left unset, the asset will use the spec set on the parent zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: `projects/{project_number}/buckets/{bucket_id}` `projects/{project_number}/datasets/{dataset_id}`","description_kind":"plain","optional":true},"read_access_mode":{"type":"string","description":"Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resource that is referenced by this asset.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset_iam_binding":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_member":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the scan was created.","description_kind":"plain","computed":true},"data_scan_id":{"type":"string","description":"DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the scan.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job_end_time":"string","latest_job_start_time":"string"}]],"description":"Status of the data scan execution.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the scan. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the data scan should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the DataScan.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of DataScan.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the scan was last updated.","description_kind":"plain","computed":true}},"block_types":{"data":{"nesting_mode":"list","block":{"attributes":{"entity":{"type":"string","description":"The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be:\n(Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type \"TABLE\" for DataProfileScan/DataQualityScan.","description_kind":"plain","optional":true}},"description":"The data source for DataScan.","description_kind":"plain"},"min_items":1,"max_items":1},"data_profile_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"exclude_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to exclude from data profile.\nIf specified, the fields will be excluded from data profile, regardless of 'include_fields' value.","description_kind":"plain"},"max_items":1},"include_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to include in data profile.\nIf not specified, all fields at the time of profile scan job execution are included, except for ones listed in 'exclude_fields'.","description_kind":"plain"},"max_items":1},"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataProfileScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1}},"description":"DataProfileScan related setting.","description_kind":"plain"},"max_items":1},"data_quality_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataQualityScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"The unnested column which this rule is evaluated against.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the rule.\nThe maximum length is 1,024 characters.","description_kind":"plain","optional":true},"dimension":{"type":"string","description":"The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are [\"COMPLETENESS\", \"ACCURACY\", \"CONSISTENCY\", \"VALIDITY\", \"UNIQUENESS\", \"INTEGRITY\"]","description_kind":"plain","required":true},"ignore_null":{"type":"bool","description":"Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A mutable name for the rule.\nThe name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-).\nThe maximum length is 63 characters.\nMust start with a letter.\nMust end with a number or a letter.","description_kind":"plain","optional":true},"threshold":{"type":"number","description":"The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0).","description_kind":"plain","optional":true}},"block_types":{"non_null_expectation":{"nesting_mode":"list","block":{"description":"ColumnMap rule which evaluates whether each column value is null.","description_kind":"plain"},"max_items":1},"range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"strict_max_enabled":{"type":"bool","description":"Whether each value needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether each value needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnMap rule which evaluates whether each column value lies between a specified range.","description_kind":"plain"},"max_items":1},"regex_expectation":{"nesting_mode":"list","block":{"attributes":{"regex":{"type":"string","description":"A regular expression the column value is expected to match.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value matches a specified regex.","description_kind":"plain"},"max_items":1},"row_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether each row passes the specified condition.","description_kind":"plain"},"max_items":1},"set_expectation":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Expected values for the column value.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value is contained by a specified set.","description_kind":"plain"},"max_items":1},"statistic_range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"statistic":{"type":"string","description":"column statistics. Possible values: [\"STATISTIC_UNDEFINED\", \"MEAN\", \"MIN\", \"MAX\"]","description_kind":"plain","required":true},"strict_max_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range.","description_kind":"plain"},"max_items":1},"table_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether the provided expression is true.","description_kind":"plain"},"max_items":1},"uniqueness_expectation":{"nesting_mode":"list","block":{"description":"Row-level rule which evaluates whether each column value is unique.","description_kind":"plain"},"max_items":1}},"description":"The list of rules to evaluate against a data source. At least one rule is required.","description_kind":"plain"}}},"description":"DataQualityScan related setting.","description_kind":"plain"},"max_items":1},"execution_spec":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table.","description_kind":"plain","optional":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"block_types":{"on_demand":{"nesting_mode":"list","block":{"description":"The scan runs once via dataScans.run API.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule for running scans periodically. This field is required for Schedule scans.","description_kind":"plain","required":true}},"description":"The scan is scheduled to run periodically.","description_kind":"plain"},"max_items":1}},"description":"Spec related to how often and when a scan should be triggered.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"DataScan execution settings.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_datascan_iam_binding":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_member":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the lake.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the lake was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the lake.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User-defined labels for the lake.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"metastore_status":{"type":["list",["object",{"endpoint":"string","message":"string","state":"string","update_time":"string"}]],"description":"Output only. Metastore status of the lake.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the lake.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account associated with this lake. This service account must be authorized to access or operate on resources managed by the lake.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the lake was last updated.","description_kind":"plain","computed":true}},"block_types":{"metastore":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional. A relative reference to the Dataproc Metastore (https://cloud.google.com/dataproc-metastore/docs) service associated with the lake: `projects/{project_id}/locations/{location_id}/services/{service_id}`","description_kind":"plain","optional":true}},"description":"Optional. Settings to manage lake and Dataproc Metastore service instance association.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_lake_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the task was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the task.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job":["list",["object",{"end_time":"string","message":"string","name":"string","retry_count":"number","service":"string","service_job":"string","start_time":"string","state":"string","uid":"string"}]],"update_time":"string"}]],"description":"Configuration for the cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the task.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake in which the task will be created in.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the task will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the task.","description_kind":"plain","computed":true},"task_id":{"type":"string","description":"The task Id of the task.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the task was last updated.","description_kind":"plain","computed":true}},"block_types":{"execution_spec":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["map","string"],"description":"The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}.","description_kind":"plain","optional":true},"max_job_execution_lifetime":{"type":"string","description":"The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account to use to execute a task. If not provided, the default Compute service account for the project is used.","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1},"notebook":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"notebook":{"type":"string","description":"Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value).","description_kind":"plain","required":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"python_script_file":{"type":"string","description":"The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"sql_script":{"type":"string","description":"The query text. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true},"sql_script_file":{"type":"string","description":"A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_spec":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Trigger type of the user-specified Task Possible values: [\"ON_DEMAND\", \"RECURRING\"]","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the zone.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the zone was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the zone.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the zone.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the zone. This ID will be different if the zone is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the zone was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data in this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"location_type":{"type":"string","description":"Required. Immutable. The location type of the resources that are allowed to be attached to the assets within this zone. Possible values: LOCATION_TYPE_UNSPECIFIED, SINGLE_REGION, MULTI_REGION","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resources that are referenced by the assets within this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_zone_iam_binding":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_member":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the autoscaling policy should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The \"resource name\" of the autoscaling policy.","description_kind":"plain","computed":true},"policy_id":{"type":"string","description":"The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 50 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"basic_algorithm":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"string","description":"Duration between scaling events. A scaling period starts after the\nupdate operation from the previous event has completed.\n\nBounds: [2m, 1d]. Default: 2m.","description_kind":"plain","optional":true}},"block_types":{"yarn_config":{"nesting_mode":"list","block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"Timeout for YARN graceful decommissioning of Node Managers. Specifies the\nduration to wait for jobs to complete before forcefully removing workers\n(and potentially interrupting jobs). Only applicable to downscaling operations.\n\nBounds: [0s, 1d].","description_kind":"plain","required":true},"scale_down_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nremove workers. A scale-down factor of 1 will result in scaling down so that there\nis no available memory remaining after the update (more aggressive scaling).\nA scale-down factor of 0 disables removing workers, which can be beneficial for\nautoscaling a single job.\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_down_min_worker_fraction":{"type":"number","description":"Minimum scale-down threshold as a fraction of total cluster size before scaling occurs.\nFor example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must\nrecommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0\nmeans the autoscaler will scale down on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true},"scale_up_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nadd workers. A scale-up factor of 1.0 will result in scaling up so that there\nis no pending memory remaining after the update (more aggressive scaling).\nA scale-up factor closer to 0 will result in a smaller magnitude of scaling up\n(less aggressive scaling).\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_up_min_worker_fraction":{"type":"number","description":"Minimum scale-up threshold as a fraction of total cluster size before scaling\noccurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler\nmust recommend at least a 2-worker scale-up for the cluster to scale. A threshold of\n0 means the autoscaler will scale up on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true}},"description":"YARN autoscaling configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Basic algorithm for autoscaling.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group. Note that by default, clusters will not use\nsecondary workers. Required for secondary workers if the minimum secondary instances is set.\nBounds: [minInstances, ). Defaults to 0.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for secondary workers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group.","description_kind":"plain","required":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for primary workers.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"graceful_decommission_timeout":{"type":"string","description":"The timeout duration which allows graceful decomissioning when you change the number of worker nodes directly through a terraform apply","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The list of the labels (key/value pairs) configured on the resource and to be applied to instances in the cluster.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the cluster will exist. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the cluster and associated nodes will be created in. Defaults to global.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":" The name of the cloud storage bucket ultimately used to house the staging data for the cluster. If staging_bucket is specified, it will contain this value, otherwise it will be the auto generated name.","description_kind":"plain","computed":true},"staging_bucket":{"type":"string","description":"The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. Note: If you don't explicitly specify a staging_bucket then GCP will auto create / assign one for you. However, you are not guaranteed an auto generated bucket which is solely dedicated to your cluster; it may be shared with other clusters in the same region/zone also choosing to use the auto generation option.","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"The Cloud Storage temp bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. Note: If you don't explicitly specify a temp_bucket then GCP will auto create / assign one for you.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy_uri":{"type":"string","description":"The autoscaling policy used by the cluster.","description_kind":"plain","required":true}},"description":"The autoscaling policy config associated with the cluster.","description_kind":"plain"},"max_items":1},"auxiliary_node_groups":{"nesting_mode":"list","block":{"attributes":{"node_group_id":{"type":"string","description":"A node group ID. Generated if not specified. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of from 3 to 33 characters.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The Node group resource name.","description_kind":"plain","computed":true},"roles":{"type":["list","string"],"description":"Node group roles.","description_kind":"plain","required":true}},"block_types":{"node_group_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of auxiliary node group instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the auxiliary node group. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of auxiliary nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The node group instance group configuration.","description_kind":"plain"},"max_items":1}},"description":"Node group configuration.","description_kind":"plain"},"min_items":1}},"description":"The node group settings.","description_kind":"plain"}},"dataproc_metric_config":{"nesting_mode":"list","block":{"block_types":{"metrics":{"nesting_mode":"list","block":{"attributes":{"metric_overrides":{"type":["set","string"],"description":"Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect.","description_kind":"plain","optional":true},"metric_source":{"type":"string","description":"A source for the collection of Dataproc OSS metrics (see [available OSS metrics] (https://cloud.google.com//dataproc/docs/guides/monitoring#available_oss_metrics)).","description_kind":"plain","required":true}},"description":"Metrics sources to enable.","description_kind":"plain"},"min_items":1}},"description":"The config for Dataproc metrics.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","required":true}},"description":"The Customer managed encryption keys settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"The flag to enable http access to specific ports on the cluster from external sources (aka Component Gateway). Defaults to false.","description_kind":"plain","required":true},"http_ports":{"type":["map","string"],"description":"The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"The config settings for port access on the cluster. Structure defined below.","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all instances in the cluster will only have internal IP addresses. Note: Private Google Access (also known as privateIpGoogleAccess) must be enabled on the subnetwork that the cluster will be launched in.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"A map of the Compute Engine metadata entries to add to all instances","description_kind":"plain","optional":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to the cluster will be part of. Conflicts with subnetwork. If neither is specified, this defaults to the \"default\" network.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs under the service_account specified. These can be either FQDNs, or scope aliases.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork the cluster will be part of. Conflicts with network.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to instances in the cluster. Tags are used to identify valid sources or targets for network firewalls.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP zone where your data is stored and used (i.e. where the master and the worker nodes will be created in). If region is set to 'global' (default) then zone is mandatory, otherwise GCP is able to make use of Auto Zone Placement to determine this automatically for you. Note: This setting additionally determines and restricts which computing resources are available for use with other configs such as cluster_config.master_config.machine_type and cluster_config.worker_config.machine_type.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group_uri":{"type":"string","description":"The URI of a sole-tenant that the cluster will be created on.","description_kind":"plain","required":true}},"description":"Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Type of reservation to consume.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether instances have integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether instances have Secure Boot enabled.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether instances have the vTPM enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster.","description_kind":"plain"},"max_items":1},"initialization_action":{"nesting_mode":"list","block":{"attributes":{"script":{"type":"string","description":"The script to be executed during initialization of the cluster. The script must be a GCS file with a gs:// prefix.","description_kind":"plain","required":true},"timeout_sec":{"type":"number","description":"The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300).","description_kind":"plain","optional":true}},"description":"Commands to execute on each node after config is completed. You can specify multiple versions of these.","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"The duration to keep the cluster alive while idling (no jobs running). After this TTL, the cluster will be deleted. Valid range: [10m, 14d].","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Time when the cluster became idle (most recent job finished) and became eligible for deletion due to idleness.","description_kind":"plain","computed":true}},"description":"The settings for auto deletion cluster schedule.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's master instance.","description_kind":"plain"},"max_items":1},"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","required":true}},"description":"Specifies a Metastore configuration.","description_kind":"plain"},"max_items":1},"preemptible_worker_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of preemptible instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"num_instances":{"type":"number","description":"Specifies the number of preemptible nodes to create. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"preemptibility":{"type":"string","description":"Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.","description_kind":"plain","optional":true}},"block_types":{"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each preemptible worker node, specified in GB. The smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each preemptible worker node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each preemptible worker node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1},"instance_flexibility_policy":{"nesting_mode":"list","block":{"attributes":{"instance_selection_results":{"type":["list",["object",{"machine_type":"string","vm_count":"number"}]],"description":"A list of instance selection results in the group.","description_kind":"plain","computed":true}},"block_types":{"instance_selection_list":{"nesting_mode":"list","block":{"attributes":{"machine_types":{"type":["list","string"],"description":"Full machine-type names, e.g. \"n1-standard-16\".","description_kind":"plain","optional":true,"computed":true},"rank":{"type":"number","description":"Preference of this instance selection. Lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference.","description_kind":"plain","optional":true,"computed":true}},"description":"List of instance selection options that the group will use when creating new VMs.","description_kind":"plain"}}},"description":"Instance flexibility Policy allowing a mixture of VM shapes and provisioning models.","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the additional (aka preemptible) instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster\nKerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Flag to indicate whether to Kerberize the cluster.","description_kind":"plain","optional":true},"kdc_db_key_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing\nthe password to the user provided keystore. For the self-signed certificate, this password is generated\nby Dataproc","description_kind":"plain","optional":true},"keystore_uri":{"type":"string","description":"The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"kms_key_uri":{"type":"string","description":"The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","required":true},"realm":{"type":"string","description":"The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password_uri":{"type":"string","description":"The cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","required":true},"tgt_lifetime_hours":{"type":"number","description":"The lifetime of the ticket granting ticket, in hours.","description_kind":"plain","optional":true},"truststore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"truststore_uri":{"type":"string","description":"The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true}},"description":"Kerberos related configuration","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Security related configuration.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"The Cloud Dataproc image version to use for the cluster - this controls the sets of software versions installed onto the nodes when you create clusters. If not specified, defaults to the latest version.","description_kind":"plain","optional":true,"computed":true},"optional_components":{"type":["set","string"],"description":"The set of optional components to activate on the cluster.","description_kind":"plain","optional":true},"override_properties":{"type":["map","string"],"description":"A list of override and additional properties (key/value pairs) used to modify various aspects of the common configuration files used when creating a cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A list of the properties used to set the daemon config files. This will include any values supplied by the user via cluster_config.software_config.override_properties","description_kind":"plain","computed":true}},"description":"The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"min_num_instances":{"type":"number","description":"The minimum number of primary worker instances to create.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's worker instances.","description_kind":"plain"},"max_items":1}},"description":"Allows you to configure various aspects of the cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_cluster_config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket.","description_kind":"plain","optional":true}},"block_types":{"auxiliary_services_config":{"nesting_mode":"list","block":{"block_types":{"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"The Hive Metastore configuration for this workload.","description_kind":"plain","optional":true}},"description":"The Hive Metastore configuration for this workload.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Auxiliary services configuration for a Cluster.","description_kind":"plain"},"max_items":1},"kubernetes_cluster_config":{"nesting_mode":"list","block":{"attributes":{"kubernetes_namespace":{"type":"string","description":"A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.","description_kind":"plain","optional":true}},"block_types":{"gke_cluster_config":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_target":{"type":"string","description":"A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","optional":true}},"block_types":{"node_pool_target":{"nesting_mode":"list","block":{"attributes":{"node_pool":{"type":"string","description":"The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{nodePool}'","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"The roles associated with the GKE node pool.","description_kind":"plain","required":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"locations":{"type":["set","string"],"description":"The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes in the node pool. Must be \u003e= minNodeCount, and must be \u003e 0.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true}},"description":"The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.","description_kind":"plain"},"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Compute Engine machine type.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\" or \"Intel Sandy Bridge\".","description_kind":"plain","optional":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances. Preemptible nodes cannot be used in a node pool with the CONTROLLER role or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).","description_kind":"plain","optional":true},"spot":{"type":"bool","description":"Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.","description_kind":"plain","optional":true}},"description":"The node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"Input only. The configuration for the GKE node pool.","description_kind":"plain"},"max_items":1}},"description":"GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget.","description_kind":"plain"}}},"description":"The configuration for running the Dataproc cluster on GKE.","description_kind":"plain"},"min_items":1,"max_items":1},"kubernetes_software_config":{"nesting_mode":"list","block":{"attributes":{"component_version":{"type":["map","string"],"description":"The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image.","description_kind":"plain","optional":true,"computed":true}},"description":"The software configuration for this Dataproc cluster running on Kubernetes.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for running the Dataproc cluster on Kubernetes.","description_kind":"plain"},"max_items":1}},"description":"The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a Dataproc-on-GKE cluster. Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtualClusterConfig must be specified.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_binding":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_member":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job":{"version":0,"block":{"attributes":{"driver_controls_files_uri":{"type":"string","description":"Output-only. If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.","description_kind":"plain","computed":true},"driver_output_resource_uri":{"type":"string","description":"Output-only. A URI pointing to the location of the stdout of the job's driver program","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the job is first cancelled before issuing the delete.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the cluster can be found and jobs subsequently run against. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Cloud Dataproc region. This essentially determines which clusters are available for this job to be submitted to. If not specified, defaults to global.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"details":"string","state":"string","state_start_time":"string","substate":"string"}]],"description":"The status of the job.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"hadoop_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of Hadoop job","description_kind":"plain"},"max_items":1},"hive_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Hive command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"The config of hive job","description_kind":"plain"},"max_items":1},"pig_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Pig command: name=[value]).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pag job.","description_kind":"plain"},"max_items":1},"placement":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the cluster where the job will be submitted","description_kind":"plain","required":true},"cluster_uuid":{"type":"string","description":"Output-only. A cluster UUID generated by the Cloud Dataproc service when the job is submitted","description_kind":"plain","computed":true}},"description":"The config of job placement.","description_kind":"plain"},"min_items":1,"max_items":1},"presto_config":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Presto client tags to attach to this query.","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The format in which query output will be displayed. See the Presto documentation for supported output formats.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values. Used to set Presto session properties Equivalent to using the --session flag in the Presto CLI.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of presto job","description_kind":"plain"},"max_items":1},"pyspark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pySpark job.","description_kind":"plain"},"max_items":1},"reference":{"nesting_mode":"list","block":{"attributes":{"job_id":{"type":"string","description":"The job ID, which must be unique within the project. The job ID is generated by the server upon job submission or provided by the user as a means to perform retries without creating duplicate jobs","description_kind":"plain","optional":true,"computed":true}},"description":"The reference of the job","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true},"max_failures_total":{"type":"number","description":"Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of the Spark job.","description_kind":"plain"},"max_items":1},"sparksql_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Cloud Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of SparkSql job","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The fully qualified customer provided Cloud KMS key name to use for customer data encryption.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","required":true}},"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain"},"max_items":1},"hive_metastore_config":{"nesting_mode":"list","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml).\nThe mappings override system defaults (some keys cannot be overridden)","description_kind":"plain","optional":true,"computed":true},"endpoint_protocol":{"type":"string","description":"The protocol to use for the metastore service endpoint. If unspecified, defaults to 'THRIFT'. Default value: \"THRIFT\" Possible values: [\"THRIFT\", \"GRPC\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Hive metastore schema version.","description_kind":"plain","required":true}},"block_types":{"auxiliary_versions":{"nesting_mode":"set","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides.\nIf keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence.","description_kind":"plain","optional":true},"key":{"type":"string","description_kind":"plain","required":true},"version":{"type":"string","description":"The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version.","description_kind":"plain","required":true}},"description":"A mapping of Hive metastore version to the auxiliary version configuration.\nWhen specified, a secondary Hive metastore service is created along with the primary service.\nAll auxiliary versions must be less than the service's primary version.\nThe key is the auxiliary service name and it must match the regular expression a-z?.\nThis means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen.","description_kind":"plain"}},"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"krb5_config_gcs_uri":{"type":"string","description":"A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly.","description_kind":"plain","required":true},"principal":{"type":"string","description":"A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form \"primary/instance@REALM\", but there is no exact format.","description_kind":"plain","required":true}},"block_types":{"keytab":{"nesting_mode":"list","block":{"attributes":{"cloud_secret":{"type":"string","description":"The relative resource name of a Secret Manager secret version, in the following form:\n\n\"projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}\".","description_kind":"plain","required":true}},"description":"A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information used to configure the Hive metastore service as a service principal in a Kerberos realm.","description_kind":"plain"},"max_items":1}},"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"The day of week, when the window starts. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"hour_of_day":{"type":"number","description":"The hour of day (0-23) when the window starts.","description_kind":"plain","required":true}},"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain"},"max_items":1},"metadata_integration":{"nesting_mode":"list","block":{"block_types":{"data_catalog_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog.","description_kind":"plain","required":true}},"description":"The integration config for the Data Catalog service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"consumers":{"nesting_mode":"list","block":{"attributes":{"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.\nIt is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.\nThere must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:\n'projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}","description_kind":"plain","required":true}},"description":"The consumer-side network configuration for the Dataproc Metastore instance.","description_kind":"plain"},"min_items":1}},"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain"},"max_items":1},"scaling_config":{"nesting_mode":"list","block":{"attributes":{"instance_size":{"type":"string","description":"Metastore instance sizes. Possible values: [\"EXTRA_SMALL\", \"SMALL\", \"MEDIUM\", \"LARGE\", \"EXTRA_LARGE\"]","description_kind":"plain","optional":true},"scaling_factor":{"type":"number","description":"Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0.","description_kind":"plain","optional":true}},"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain"},"max_items":1},"telemetry_config":{"nesting_mode":"list","block":{"attributes":{"log_format":{"type":"string","description":"The output format of the Dataproc Metastore service's logs. Default value: \"JSON\" Possible values: [\"LEGACY\", \"JSON\"]","description_kind":"plain","optional":true}},"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataproc_workflow_template":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time template was created.","description_kind":"plain","computed":true},"dag_timeout":{"type":"string","description":"Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label **keys** must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be empty, but, if present, must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workflow template, as described in https://cloud.google.com/apis/design/resource_names. * For `projects.regions.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/regions/{region}/workflowTemplates/{template_id}` * For `projects.locations.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/locations/{location}/workflowTemplates/{template_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time template was last updated.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Output only. The current version of this workflow template.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"jobs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.","description_kind":"plain","optional":true},"prerequisite_step_ids":{"type":["list","string"],"description":"Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.","description_kind":"plain","optional":true},"step_id":{"type":"string","description":"Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.","description_kind":"plain","required":true}},"block_types":{"hadoop_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hadoop job.","description_kind":"plain"},"max_items":1},"hive_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Hive queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hive job.","description_kind":"plain"},"max_items":1},"pig_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains the Pig queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Pig job.","description_kind":"plain"},"max_items":1},"presto_job":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Optional. Presto client tags to attach to this query","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Presto job.","description_kind":"plain"},"max_items":1},"pyspark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a PySpark job.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.","description_kind":"plain","optional":true},"max_failures_total":{"type":"number","description":"Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.","description_kind":"plain","optional":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Spark job.","description_kind":"plain"},"max_items":1},"spark_r_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkR job.","description_kind":"plain"},"max_items":1},"spark_sql_job":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkSql job.","description_kind":"plain"},"max_items":1}},"description":"Required. The Directed Acyclic Graph of Jobs to submit.","description_kind":"plain"},"min_items":1},"parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Brief description of the parameter. Must not exceed 1024 characters.","description_kind":"plain","optional":true},"fields":{"type":["list","string"],"description":"Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.","description_kind":"plain","required":true}},"block_types":{"validation":{"nesting_mode":"list","block":{"block_types":{"regex":{"nesting_mode":"list","block":{"attributes":{"regexes":{"type":["list","string"],"description":"Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).","description_kind":"plain","required":true}},"description":"Validation based on regular expressions.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Required. List of allowed values for the parameter.","description_kind":"plain","required":true}},"description":"Validation based on a list of allowed values.","description_kind":"plain"},"max_items":1}},"description":"Optional. Validation rules to be applied to this parameter's value.","description_kind":"plain"},"max_items":1}},"description":"Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.","description_kind":"plain"}},"placement":{"nesting_mode":"list","block":{"block_types":{"cluster_selector":{"nesting_mode":"list","block":{"attributes":{"cluster_labels":{"type":["map","string"],"description":"Required. The cluster labels. Cluster must have all labels to match.","description_kind":"plain","required":true},"zone":{"type":"string","description":"Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.","description_kind":"plain"},"max_items":1},"managed_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.","description_kind":"plain","optional":true}},"description":"Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"gce_pd_kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","optional":true}},"description":"Optional. Encryption settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.","description_kind":"plain","optional":true},"http_ports":{"type":["map","string"],"description":"Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"Optional. Port/endpoint configuration for this cluster","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).","description_kind":"plain","optional":true},"network":{"type":"string","description":"Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`","description_kind":"plain","optional":true},"private_ipv6_google_access":{"type":"string","description":"Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group":{"type":"string","description":"Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`","description_kind":"plain","required":true}},"description":"Optional. Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION","description_kind":"plain","optional":true},"key":{"type":"string","description":"Optional. Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Optional. Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Optional. Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.","description_kind":"plain","optional":true}},"description":"Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Optional. The shared Compute Engine config settings for all instances in a cluster.","description_kind":"plain"},"max_items":1},"initialization_actions":{"nesting_mode":"list","block":{"attributes":{"executable_file":{"type":"string","description":"Required. Cloud Storage URI of executable file.","description_kind":"plain","optional":true},"execution_timeout":{"type":"string","description":"Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.","description_kind":"plain","optional":true}},"description":"Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"auto_delete_ttl":{"type":"string","description":"Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","computed":true}},"description":"Optional. Lifecycle setting for the cluster.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for the master instance in a cluster.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for additional worker instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.","description_kind":"plain","optional":true},"kdc_db_key":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"keystore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"Optional. The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","optional":true},"realm":{"type":"string","description":"Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","optional":true},"tgt_lifetime_hours":{"type":"number","description":"Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.","description_kind":"plain","optional":true},"truststore":{"type":"string","description":"Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"truststore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true}},"description":"Optional. Kerberos related configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Security settings for the cluster.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.","description_kind":"plain","optional":true},"optional_components":{"type":["list","string"],"description":"Optional. The set of components to activate on the cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).","description_kind":"plain","optional":true}},"description":"Optional. The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Required. The cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A cluster that is managed by the workflow.","description_kind":"plain"},"max_items":1}},"description":"Required. WorkflowTemplate scheduling information.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastore_index":{"version":0,"block":{"attributes":{"ancestor":{"type":"string","description":"Policy for including ancestors in the index. Default value: \"NONE\" Possible values: [\"NONE\", \"ALL_ANCESTORS\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_id":{"type":"string","description":"The index id.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"The entity kind which the index applies to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"direction":{"type":"string","description":"The direction the index should optimize for sorting. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The property name to index.","description_kind":"plain","required":true}},"description":"An ordered list of properties to index on.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The connection profile identifier.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this connection profile is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"bigquery_profile":{"nesting_mode":"list","block":{"description":"BigQuery warehouse profile.","description_kind":"plain"},"max_items":1},"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"SSH password.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"SSH private key.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"Forward SSH tunnel connectivity.","description_kind":"plain"},"max_items":1},"gcs_profile":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The Cloud Storage bucket name.","description_kind":"plain","required":true},"root_path":{"type":"string","description":"The root path inside the Cloud Storage bucket.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket profile.","description_kind":"plain"},"max_items":1},"mysql_profile":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the MySQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the MySQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the MySQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the MySQL connection.","description_kind":"plain","required":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM-encoded certificate of the CA that signed the source database\nserver's certificate.","description_kind":"plain","optional":true,"sensitive":true},"ca_certificate_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true},"client_certificate":{"type":"string","description":"PEM-encoded certificate that will be used by the replica to\nauthenticate against the source database server. If this field\nis used then the 'clientKey' and the 'caCertificate' fields are\nmandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_certificate_set":{"type":"bool","description":"Indicates whether the clientCertificate field is set.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'client_certificate' and the\n'ca_certificate' fields are mandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_key_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true}},"description":"SSL configuration for the MySQL connection.","description_kind":"plain"},"max_items":1}},"description":"MySQL database profile.","description_kind":"plain"},"max_items":1},"oracle_profile":{"nesting_mode":"list","block":{"attributes":{"connection_attributes":{"type":["map","string"],"description":"Connection string attributes","description_kind":"plain","optional":true},"database_service":{"type":"string","description":"Database for the Oracle connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the Oracle connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Oracle connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the Oracle connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the Oracle connection.","description_kind":"plain","required":true}},"description":"Oracle database profile.","description_kind":"plain"},"max_items":1},"postgresql_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the PostgreSQL connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the PostgreSQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the PostgreSQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the PostgreSQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the PostgreSQL connection.","description_kind":"plain","required":true}},"description":"PostgreSQL database profile.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"A reference to a private connection resource. Format: 'projects/{project}/locations/{location}/privateConnections/{name}'","description_kind":"plain","required":true}},"description":"Private connectivity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_private_connection":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc":{"type":"string","description":"Fully qualified name of the VPC that Datastream will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween Datastream and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_datastream_stream":{"version":0,"block":{"attributes":{"customer_managed_encryption_key":{"type":"string","description":"A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data\nwill be encrypted using an internal Stream-specific encryption key provisioned through KMS.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Stream. Set this field to 'RUNNING' to start the stream, and 'PAUSED' to pause the stream.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this stream is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The stream's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the stream.","description_kind":"plain","computed":true},"stream_id":{"type":"string","description":"The stream identifier.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"backfill_all":{"nesting_mode":"list","block":{"block_types":{"mysql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"oracle_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"postgresql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1}},"description":"Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded.","description_kind":"plain"},"max_items":1},"backfill_none":{"nesting_mode":"list","block":{"description":"Backfill strategy to disable automatic backfill for the Stream's objects.","description_kind":"plain"},"max_items":1},"destination_config":{"nesting_mode":"list","block":{"attributes":{"destination_connection_profile":{"type":"string","description":"Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"bigquery_destination_config":{"nesting_mode":"list","block":{"attributes":{"data_freshness":{"type":"string","description":"The guaranteed data freshness (in seconds) when querying tables created by the stream.\nEditing this field will only affect new tables created in the future, but existing tables\nwill not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true}},"block_types":{"single_target_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID in the format projects/{project}/datasets/{dataset_id} or\n{project}:{dataset_id}","description_kind":"plain","required":true}},"description":"A single target dataset to which all data will be streamed.","description_kind":"plain"},"max_items":1},"source_hierarchy_datasets":{"nesting_mode":"list","block":{"block_types":{"dataset_template":{"nesting_mode":"list","block":{"attributes":{"dataset_id_prefix":{"type":"string","description":"If supplied, every created dataset will have its name prefixed by the provided value.\nThe prefix and name will be separated by an underscore. i.e. _.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery\ntable. The BigQuery Service Account associated with your project requires access to this\nencryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}.\nSee https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee https://cloud.google.com/bigquery/docs/locations for supported locations.","description_kind":"plain","required":true}},"description":"Dataset template used for dynamic dataset creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1},"gcs_destination_config":{"nesting_mode":"list","block":{"attributes":{"file_rotation_interval":{"type":"string","description":"The maximum duration for which new events are added before a file is closed and a new file is created.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true,"computed":true},"file_rotation_mb":{"type":"number","description":"The maximum file size to be saved in the bucket.","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path inside the Cloud Storage bucket to write data to.","description_kind":"plain","optional":true}},"block_types":{"avro_file_format":{"nesting_mode":"list","block":{"description":"AVRO file format configuration.","description_kind":"plain"},"max_items":1},"json_file_format":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"Compression of the loaded JSON file. Possible values: [\"NO_COMPRESSION\", \"GZIP\"]","description_kind":"plain","optional":true},"schema_file_format":{"type":"string","description":"The schema file format along JSON data files. Possible values: [\"NO_SCHEMA_FILE\", \"AVRO_SCHEMA_FILE\"]","description_kind":"plain","optional":true}},"description":"JSON file format configuration.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"Destination connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"source_config":{"nesting_mode":"list","block":{"attributes":{"source_connection_profile":{"type":"string","description":"Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"mysql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"oracle_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"drop_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"stream_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"postgresql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non\nnegative. If not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"publication":{"type":"string","description":"The name of the publication that includes the set of all tables\nthat are defined in the stream's include_objects.","description_kind":"plain","required":true},"replication_slot":{"type":"string","description":"The name of the logical replication slot that's configured with\nthe pgoutput plugin.","description_kind":"plain","required":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"PostgreSQL data source configuration.","description_kind":"plain"},"max_items":1}},"description":"Source connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_deployment_manager_deployment":{"version":0,"block":{"attributes":{"create_policy":{"type":"string","description":"Set the policy to use for creating new resources. Only used on\ncreate and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or\n'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist,\nthe deployment will fail. Note that updating this field does not\nactually affect the deployment, just how it is updated. Default value: \"CREATE_OR_ACQUIRE\" Possible values: [\"ACQUIRE\", \"CREATE_OR_ACQUIRE\"]","description_kind":"plain","optional":true},"delete_policy":{"type":"string","description":"Set the policy to use for deleting new resources on update/delete.\nValid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE',\nresource is deleted after removal from Deployment Manager. If\n'ABANDON', the resource is only removed from Deployment Manager\nand is not actually deleted. Note that updating this field does not\nactually change the deployment, just how it is updated. Default value: \"DELETE\" Possible values: [\"ABANDON\", \"DELETE\"]","description_kind":"plain","optional":true},"deployment_id":{"type":"string","description":"Unique identifier for deployment. Output only.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional user-provided description of deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"manifest":{"type":"string","description":"Output only. URL of the manifest representing the last manifest that\nwas successfully deployed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the deployment","description_kind":"plain","required":true},"preview":{"type":"bool","description":"If set to true, a deployment is created with \"shell\" resources\nthat are not actually instantiated. This allows you to preview a\ndeployment. It can be updated to false to actually deploy\nwith real resources.\n ~\u003e**NOTE:** Deployment Manager does not allow update\nof a deployment in preview (unless updating to preview=false). Thus,\nTerraform will force-recreate deployments if either preview is updated\nto true or if other fields are updated while preview is true.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Output only. Server defined URL for the resource.","description_kind":"plain","computed":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":"Key for label.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of label.","description_kind":"plain","optional":true}},"description":"Key-value pairs to apply to this labels.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full YAML contents of your configuration file.","description_kind":"plain","required":true}},"description":"The root configuration file to use for this deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"imports":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full contents of the template that you want to import.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the template to import, as declared in the YAML\nconfiguration.","description_kind":"plain","optional":true}},"description":"Specifies import files for this configuration. This can be\nused to import templates or other files. For example, you might\nimport a text file in order to use the file in a template.","description_kind":"plain"}}},"description":"Parameters that define your deployment, including the deployment\nconfiguration and relevant templates.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_agent":{"version":0,"block":{"attributes":{"api_version":{"type":"string","description":"API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query\ndifferent service endpoints for different API versions. However, bots connectors and webhook calls will follow\nthe specified API version.\n* API_VERSION_V1: Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", \"API_VERSION_V2_BETA_1\"]","description_kind":"plain","optional":true,"computed":true},"avatar_uri":{"type":"string","description":"The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered\ninto this field, the Dialogflow will save the image in the backend. The address of the backend image returned\nfrom the API will be shown in the [avatarUriBackend] field.","description_kind":"plain","optional":true},"avatar_uri_backend":{"type":"string","description":"The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar,\nthe [avatarUri] field can be used.","description_kind":"plain","computed":true},"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent,\nyou can tune the machine learning classification threshold. If the returned score value is less than the threshold\nvalue, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be\ntriggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the\ndefault of 0.3 is used.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this agent.","description_kind":"plain","required":true},"enable_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_mode":{"type":"string","description":"Determines how intents are detected from user queries.\n* MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates\nsyntax and composite entities.\n* MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones\nusing @sys.any or very large developer entities. Possible values: [\"MATCH_MODE_HYBRID\", \"MATCH_MODE_ML_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the defaultLanguageCode).","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The agent tier. If not specified, TIER_STANDARD is assumed.\n* TIER_STANDARD: Standard tier.\n* TIER_ENTERPRISE: Enterprise tier (Essentials).\n* TIER_ENTERPRISE_PLUS: Enterprise tier (Plus).\nNOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between\nthe Terraform state and Dialogflow if the agent tier is changed outside of Terraform. Possible values: [\"TIER_STANDARD\", \"TIER_ENTERPRISE\", \"TIER_ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_agent":{"version":0,"block":{"attributes":{"avatar_uri":{"type":"string","description":"The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the agent, unique within the location.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location this agent is located in.\n\n~\u003e **Note:** The first time you are deploying an Agent in your project you must configure location settings.\n This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console.\n Another options is to use global location so you don't need to manually configure location settings.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the agent.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the default_language_code).","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"git_integration_settings":{"nesting_mode":"list","block":{"block_types":{"github_settings":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"string","description":"The access token used to authenticate the access to the GitHub repository.","description_kind":"plain","optional":true,"sensitive":true},"branches":{"type":["list","string"],"description":"A list of branches configured to be used from Dialogflow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The unique repository display name for the GitHub repository.","description_kind":"plain","optional":true},"repository_uri":{"type":"string","description":"The GitHub repository URI related to the agent.","description_kind":"plain","optional":true},"tracking_branch":{"type":"string","description":"The branch of the GitHub repository tracked for this agent.","description_kind":"plain","optional":true}},"description":"Settings of integration with GitHub.","description_kind":"plain"},"max_items":1}},"description":"Git integration settings for this agent.","description_kind":"plain"},"max_items":1},"speech_to_text_settings":{"nesting_mode":"list","block":{"attributes":{"enable_speech_adaptation":{"type":"bool","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","optional":true}},"description":"Settings related to speech recognition.","description_kind":"plain"},"max_items":1},"text_to_speech_settings":{"nesting_mode":"list","block":{"attributes":{"synthesize_speech_configs":{"type":"string","description":"Configuration of how speech should be synthesized, mapping from [language](https://cloud.google.com/dialogflow/cx/docs/reference/language) to [SynthesizeSpeechConfig](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents#synthesizespeechconfig).\nThese settings affect:\n* The phone gateway synthesize configuration set via Agent.text_to_speech_settings.\n* How speech is synthesized when invoking session APIs. 'Agent.text_to_speech_settings' only applies if 'OutputAudioConfig.synthesize_speech_config' is not specified.","description_kind":"plain","optional":true}},"description":"Settings related to speech synthesizing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_entity_type":{"version":0,"block":{"attributes":{"auto_expansion_mode":{"type":"string","description":"Represents kinds of entities.\n* AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity.\n* AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: [\"AUTO_EXPANSION_MODE_DEFAULT\", \"AUTO_EXPANSION_MODE_UNSPECIFIED\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the entity type, unique within the agent.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates whether the entity type can be automatically expanded.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value.\n* KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language of the following fields in entityType:\nEntityType.entities.value\nEntityType.entities.synonyms\nEntityType.excluded_phrases.value\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a entity type for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging.","description_kind":"plain","optional":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions.\nFor KIND_LIST entity types: This collection must contain exactly one synonym equal to value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions.\nFor KIND_MAP entity types: A canonical value to be used in place of synonyms.\nFor KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","optional":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"},"min_items":1},"excluded_phrases":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The word or phrase to be excluded.","description_kind":"plain","optional":true}},"description":"Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion.\nIf the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_environment":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the environment (unique in an agent). Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the environment.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Agent to create an Environment for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Update time of this environment. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_configs":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}.","description_kind":"plain","required":true}},"description":"A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_dialogflow_cx_flow":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the flow.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_start_flow":{"type":"bool","description":"Marks this as the [Default Start Flow](https://cloud.google.com/dialogflow/cx/docs/concept/flow#start) for an agent. When you create an agent, the Default Start Flow is created automatically.\nThe Default Start Flow cannot be deleted; deleting the 'google_dialogflow_cx_flow' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_flow' resources linked to the same agent with 'is_default_start_flow = true' because they will compete to control a single Default Start Flow resource in GCP.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in flow:\nFlow.event_handlers.trigger_fulfillment.messages\nFlow.event_handlers.trigger_fulfillment.conditional_cases\nFlow.transition_routes.trigger_fulfillment.messages\nFlow.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the flow.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a flow for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"A flow's transition route group serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A flow's event handlers serve two purposes:\nThey are responsible for handling events (e.g. no match, webhook errors) in the flow.\nThey are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow.\nUnlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored.","description_kind":"plain"}},"nlu_settings":{"nesting_mode":"list","block":{"attributes":{"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold.\nIf the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used.","description_kind":"plain","optional":true},"model_training_mode":{"type":"string","description":"Indicates NLU model training mode.\n* MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode.\n* MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: [\"MODEL_TRAINING_MODE_AUTOMATIC\", \"MODEL_TRAINING_MODE_MANUAL\"]","description_kind":"plain","optional":true},"model_type":{"type":"string","description":"Indicates the type of NLU model.\n* MODEL_TYPE_STANDARD: Use standard NLU model.\n* MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: [\"MODEL_TYPE_STANDARD\", \"MODEL_TYPE_ADVANCED\"]","description_kind":"plain","optional":true}},"description":"NLU related settings of the flow.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A flow's transition routes serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying \"help\" or \"can I talk to a human?\", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow.\n\nTransitionRoutes are evalauted in the following order:\n TransitionRoutes with intent specified.\n TransitionRoutes with only condition specified.\n TransitionRoutes with intent specified are inherited by pages in the flow.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_intent":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_negative_intent":{"type":"bool","description":"Marks this as the [Default Negative Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#negative) for an agent. When you create an agent, a Default Negative Intent is created automatically.\nThe Default Negative Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_negative_intent = true' because they will compete to control a single Default Negative Intent resource in GCP.","description_kind":"plain","optional":true},"is_default_welcome_intent":{"type":"bool","description":"Marks this as the [Default Welcome Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#welcome) for an agent. When you create an agent, a Default Welcome Intent is created automatically.\nThe Default Welcome Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_welcome_intent = true' because they will compete to control a single Default Welcome Intent resource in GCP.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation.\nAdding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event.\nTo manage the fallback intent, set 'is_default_negative_intent = true'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes.\nPrefix \"sys-\" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. \"sys-head\" means the intent is a head intent. \"sys.contextual\" means the intent is a contextual intent.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in intent:\nIntent.training_phrases.parts.text\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create an intent for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\nIf the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console.\nIf the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","required":true},"id":{"type":"string","description":"The unique identifier of the parameter. This field is used by training phrases to annotate their parts.","description_kind":"plain","required":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging.\nNote: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true}},"description":"The collection of parameters associated with the intent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"training_phrases":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The unique identifier of the training phrase.","description_kind":"plain","computed":true},"repeat_count":{"type":"number","description":"Indicates how many times this example was added to the intent.","description_kind":"plain","optional":true}},"block_types":{"parts":{"nesting_mode":"list","block":{"attributes":{"parameter_id":{"type":"string","description":"The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The text for this part.","description_kind":"plain","required":true}},"description":"The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase.\nNote: The API does not automatically annotate training phrases like the Dialogflow Console does.\nNote: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated.\nIf the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set.\nIf you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways:\nPart.text is set to a part of the phrase that has no parameters.\nPart.text is set to a part of the phrase that you want to annotate, and the parameterId field is set.","description_kind":"plain"},"min_items":1}},"description":"The collection of training phrases the agent is trained on to identify the intent.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_page":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in page:\n\nPage.entry_fulfillment.messages\nPage.entry_fulfillment.conditional_cases\nPage.event_handlers.trigger_fulfillment.messages\nPage.event_handlers.trigger_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.messages\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.reprompt_event_handlers.messages\nPage.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases\nPage.transition_routes.trigger_fulfillment.messages\nPage.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The flow to create a page for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page.\nIf multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -\u003e page's transition route group -\u003e flow's transition routes.\nIf multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"entry_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the session is entering the page.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"Handlers associated with the page to handle events such as webhook errors, no match or no input.","description_kind":"plain"}},"form":{"nesting_mode":"list","block":{"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"default_value":{"type":"string","description":"The default value of an optional parameter. If the parameter is required, the default value will be ignored.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the parameter, unique within the form.","description_kind":"plain","optional":true},"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","optional":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log.\nIf redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true},"required":{"type":"bool","description":"Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them.\nRequired parameters must be filled before form filling concludes.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"fill_behavior":{"nesting_mode":"list","block":{"block_types":{"initial_prompt_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter.","description_kind":"plain"},"max_items":1},"reprompt_event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are:\n* sys.no-match-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-match-default\n* sys.no-input-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-input-default\n* sys.invalid-parameter\n[initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter.\nIf the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on.\nA sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed.\nA sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt.\nIf the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted.","description_kind":"plain"}}},"description":"Defines fill behavior for the parameter.","description_kind":"plain"},"max_items":1}},"description":"Parameters to collect from the user.","description_kind":"plain"}}},"description":"The form associated with the page, used for collecting parameters relevant to the page.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow.\nWhen we are in a certain page, the TransitionRoutes are evalauted in the following order:\nTransitionRoutes defined in the page with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in flow with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in the page with only condition specified.\nTransitionRoutes defined in the transition route groups with only condition specified.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_security_settings":{"version":0,"block":{"attributes":{"deidentify_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.\nNote: deidentifyTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the security settings, unique within the location.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.\nNote: inspectTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location these settings are located in. Settings can only be applied to an agent in the same location.\nSee [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the settings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purge_data_types":{"type":["list","string"],"description":"List of types of data to remove when retention settings triggers purge. Possible values: [\"DIALOGFLOW_HISTORY\"]","description_kind":"plain","optional":true},"redaction_scope":{"type":"string","description":"Defines what types of data to redact. If not set, defaults to not redacting any kind of data.\n* REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk. Possible values: [\"REDACT_DISK_STORAGE\"]","description_kind":"plain","optional":true},"redaction_strategy":{"type":"string","description":"Defines how we redact data. If not set, defaults to not redacting.\n* REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted. Possible values: [\"REDACT_WITH_SERVICE\"]","description_kind":"plain","optional":true},"retention_strategy":{"type":"string","description":"Defines how long we retain persisted data that contains sensitive info. Only one of 'retention_window_days' and 'retention_strategy' may be set.\n* REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends. Possible values: [\"REMOVE_AFTER_CONVERSATION\"]","description_kind":"plain","optional":true},"retention_window_days":{"type":"number","description":"Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.\nOnly one of 'retention_window_days' and 'retention_strategy' may be set.","description_kind":"plain","optional":true}},"block_types":{"audio_export_settings":{"nesting_mode":"list","block":{"attributes":{"audio_export_pattern":{"type":"string","description":"Filename pattern for exported audio.","description_kind":"plain","optional":true},"audio_format":{"type":"string","description":"File format for exported audio file. Currently only in telephony recordings.\n* MULAW: G.711 mu-law PCM with 8kHz sample rate.\n* MP3: MP3 file format.\n* OGG: OGG Vorbis. Possible values: [\"MULAW\", \"MP3\", \"OGG\"]","description_kind":"plain","optional":true},"enable_audio_redaction":{"type":"bool","description":"Enable audio redaction if it is true.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.","description_kind":"plain","optional":true}},"description":"Controls audio export settings for post-conversation analytics when ingesting audio to conversations.\nIf retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.\nIf audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.\nThis setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).","description_kind":"plain"},"max_items":1},"insights_export_settings":{"nesting_mode":"list","block":{"attributes":{"enable_insights_export":{"type":"bool","description":"If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.","description_kind":"plain","required":true}},"description":"Controls conversation exporting settings to Insights after conversation is completed.\nIf retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_test_case":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the test was created. A timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The human-readable name of the test case, unique within the agent. Limit of 200 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_test_result":{"type":["list",["object",{"conversation_turns":["list",["object",{"user_input":["list",["object",{"enable_sentiment_analysis":"bool","injected_parameters":"string","input":["list",["object",{"dtmf":["list",["object",{"digits":"string","finish_digit":"string"}]],"event":["list",["object",{"event":"string"}]],"language_code":"string","text":["list",["object",{"text":"string"}]]}]],"is_webhook_enabled":"bool"}]],"virtual_agent_output":["list",["object",{"current_page":["list",["object",{"display_name":"string","name":"string"}]],"differences":["list",["object",{"description":"string","type":"string"}]],"session_parameters":"string","status":["list",["object",{"code":"number","details":"string","message":"string"}]],"text_responses":["list",["object",{"text":["list","string"]}]],"triggered_intent":["list",["object",{"display_name":"string","name":"string"}]]}]]}]],"environment":"string","name":"string","test_result":"string","test_time":"string"}]],"description":"The latest test result.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the test case.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/testCases/\u003cTestCase ID\u003e.","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Additional freeform notes about the test case. Limit of 400 characters.","description_kind":"plain","optional":true},"parent":{"type":"string","description":"The agent to create the test case for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags are short descriptions that users may apply to test cases for organizational and filtering purposes.\nEach tag should start with \"#\" and has a limit of 30 characters","description_kind":"plain","optional":true}},"block_types":{"test_case_conversation_turns":{"nesting_mode":"list","block":{"block_types":{"user_input":{"nesting_mode":"list","block":{"attributes":{"enable_sentiment_analysis":{"type":"bool","description":"Whether sentiment analysis is enabled.","description_kind":"plain","optional":true},"injected_parameters":{"type":"string","description":"Parameters that need to be injected into the conversation during intent detection.","description_kind":"plain","optional":true},"is_webhook_enabled":{"type":"bool","description":"If webhooks should be allowed to trigger in response to the user utterance. Often if parameters are injected, webhooks should not be enabled.","description_kind":"plain","optional":true}},"block_types":{"input":{"nesting_mode":"list","block":{"attributes":{"language_code":{"type":"string","description":"The language of the input. See [Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) for a list of the currently supported language codes.\nNote that queries in the same session do not necessarily need to specify the same language.","description_kind":"plain","optional":true}},"block_types":{"dtmf":{"nesting_mode":"list","block":{"attributes":{"digits":{"type":"string","description":"The dtmf digits.","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The finish digit (if any).","description_kind":"plain","optional":true}},"description":"The DTMF event to be handled.","description_kind":"plain"},"max_items":1},"event":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"Name of the event.","description_kind":"plain","required":true}},"description":"The event to be triggered.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"text":{"type":"string","description":"The natural language text to be processed. Text length must not exceed 256 characters.","description_kind":"plain","required":true}},"description":"The natural language text to be processed.","description_kind":"plain"},"max_items":1}},"description":"User input. Supports text input, event input, dtmf input in the test case.","description_kind":"plain"},"max_items":1}},"description":"The user input.","description_kind":"plain"},"max_items":1},"virtual_agent_output":{"nesting_mode":"list","block":{"attributes":{"session_parameters":{"type":"string","description":"The session parameters available to the bot at this point.","description_kind":"plain","optional":true}},"block_types":{"current_page":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Page](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages#Page) on which the utterance was spoken.","description_kind":"plain"},"max_items":1},"text_responses":{"nesting_mode":"list","block":{"attributes":{"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text responses from the agent for the turn.","description_kind":"plain"}},"triggered_intent":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Intent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents#Intent) that triggered the response.","description_kind":"plain"},"max_items":1}},"description":"The virtual agent output.","description_kind":"plain"},"max_items":1}},"description":"The conversation turns uttered when the test case was created, in chronological order. These include the canonical set of agent utterances that should occur when the agent is working properly.","description_kind":"plain"}},"test_config":{"nesting_mode":"list","block":{"attributes":{"flow":{"type":"string","description":"Flow name to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"page":{"type":"string","description":"The page to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"tracking_parameters":{"type":["list","string"],"description":"Session parameters to be compared when calculating differences.","description_kind":"plain","optional":true}},"description":"Config for the test case.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the version. Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation.","description_kind":"plain","computed":true},"nlu_settings":{"type":["list",["object",{"classification_threshold":"number","model_training_mode":"string","model_type":"string"}]],"description":"The NLU settings of the flow at version creation.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Flow to create an Version for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this version.\n* RUNNING: Version is not ready to serve (e.g. training is running).\n* SUCCEEDED: Training has succeeded and this version is ready to serve.\n* FAILED: Version training failed.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_webhook":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Indicates whether the webhook is disabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the webhook, unique within the agent.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the webhook.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a webhook for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Webhook execution timeout.","description_kind":"plain","optional":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"Configuration for a generic web service.","description_kind":"plain"},"max_items":1},"service_directory":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"The name of Service Directory service.","description_kind":"plain","required":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"The name of Service Directory service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for a Service Directory service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_entity_type":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The name of this entity type to be displayed on the console.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates the kind of entity type.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value.\n* KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity\ntypes can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/agent/entityTypes/\u003cEntity type ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym\ncould be green onions.\nFor KIND_LIST entity types:\n* This collection must contain exactly one synonym equal to value.","description_kind":"plain","required":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value\ncould be scallions.\nFor KIND_MAP entity types:\n* A reference value to be used in place of synonyms.\nFor KIND_LIST entity types:\n* A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","required":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_fulfillment":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the fulfillment, unique within the agent.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether fulfillment is enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the fulfillment.\nFormat: projects/\u003cProject ID\u003e/agent/fulfillment - projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agent/fulfillment","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"features":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of the feature that enabled for fulfillment.\n* SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: [\"SMALLTALK\"]","description_kind":"plain","required":true}},"description":"The field defines whether the fulfillment is enabled for certain features.","description_kind":"plain"}},"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password for HTTP Basic authentication.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with fulfillment requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The fulfillment URI for receiving POST requests. It must use https protocol.","description_kind":"plain","required":true},"username":{"type":"string","description":"The user name for HTTP Basic authentication.","description_kind":"plain","optional":true}},"description":"Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_intent":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The name of the action associated with the intent.\nNote: The action name must not contain whitespaces.","description_kind":"plain","optional":true,"computed":true},"default_response_platforms":{"type":["list","string"],"description":"The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED\n(i.e. default platform). Possible values: [\"FACEBOOK\", \"SLACK\", \"TELEGRAM\", \"KIK\", \"SKYPE\", \"LINE\", \"VIBER\", \"ACTIONS_ON_GOOGLE\", \"GOOGLE_HANGOUTS\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this intent to be displayed on the console.","description_kind":"plain","required":true},"events":{"type":["list","string"],"description":"The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of\nthe contexts must be present in the active user session for an event to trigger this intent. See the\n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details.","description_kind":"plain","optional":true},"followup_intent_info":{"type":["list",["object",{"followup_intent_name":"string","parent_followup_intent_name":"string"}]],"description":"Information about all followup intents that have this intent as a direct or indirect parent. We populate this field\nonly in the output.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"input_context_names":{"type":["list","string"],"description":"The list of context names required for this intent to be triggered.\nFormat: projects/\u003cProject ID\u003e/agent/sessions/-/contexts/\u003cContext ID\u003e.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent.","description_kind":"plain","optional":true,"computed":true},"ml_disabled":{"type":"bool","description":"Indicates whether Machine Learning is disabled for the intent.\nNote: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML\nONLY match mode. Also, auto-markup in the UI is turned off.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent_followup_intent_name":{"type":"string","description":"The unique identifier of the parent intent in the chain of followup intents.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\n - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds\n to the Normal priority in the console.\n - If the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reset_contexts":{"type":"bool","description":"Indicates whether to delete all contexts in the current session when this intent is matched.","description_kind":"plain","optional":true,"computed":true},"root_followup_intent_name":{"type":"string","description":"The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup\nintents chain for this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"webhook_state":{"type":"string","description":"Indicates whether webhooks are enabled for the intent.\n* WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent.\n* WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot\nfilling prompt is forwarded to the webhook. Possible values: [\"WEBHOOK_STATE_ENABLED\", \"WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_chat_engine":{"version":0,"block":{"attributes":{"chat_engine_metadata":{"type":["list",["object",{"dialogflow_agent":"string"}]],"description":"Additional information of the Chat Engine.","description_kind":"plain","computed":true},"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. Multiple DataStores in the same Collection can be associated here. All listed DataStores must be 'SOLUTION_TYPE_CHAT'. Adding or removing data stores will force recreation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"The ID to use for chat engine.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the chat engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"chat_engine_config":{"nesting_mode":"list","block":{"block_types":{"agent_creation_config":{"nesting_mode":"list","block":{"attributes":{"business":{"type":"string","description":"Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) for a list of the currently supported language codes.","description_kind":"plain","required":true},"location":{"type":"string","description":"Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of the agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris.","description_kind":"plain","required":true}},"description":"The configuration to generate the Dialogflow agent that is associated to this Engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configurations for a chat Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_data_store":{"version":0,"block":{"attributes":{"content_config":{"type":"string","description":"The content config of the data store. Possible values: [\"NO_CONTENT\", \"CONTENT_REQUIRED\", \"PUBLIC_WEBSITE\"]","description_kind":"plain","required":true},"create_advanced_site_search":{"type":"bool","description":"If true, an advanced data store for site search will be created. If the\ndata store is not configured as site search (GENERIC vertical and\nPUBLIC_WEBSITE contentConfig), this flag will be ignored.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Timestamp when the DataStore was created.","description_kind":"plain","computed":true},"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"default_schema_id":{"type":"string","description":"The id of the default Schema associated with this data store.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the data store. This field must be a UTF-8 encoded\nstring with a length limit of 128 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the data store registers. Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the data store. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"solution_types":{"type":["list","string"],"description":"The solutions that the data store enrolls. Possible values: [\"SOLUTION_TYPE_RECOMMENDATION\", \"SOLUTION_TYPE_SEARCH\", \"SOLUTION_TYPE_CHAT\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_search_engine":{"version":0,"block":{"attributes":{"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. For SOLUTION_TYPE_SEARCH type of engines, they can only associate with at most one data store.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Required. The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"Unique ID to use for Search Engine App.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the search engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.cd","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"search_engine_config":{"nesting_mode":"list","block":{"attributes":{"search_add_ons":{"type":["list","string"],"description":"The add-on that this search engine enables. Possible values: [\"SEARCH_ADD_ON_LLM\"]","description_kind":"plain","optional":true},"search_tier":{"type":"string","description":"The search feature tier of this engine. Defaults to SearchTier.SEARCH_TIER_STANDARD if not specified. Default value: \"SEARCH_TIER_STANDARD\" Possible values: [\"SEARCH_TIER_STANDARD\", \"SEARCH_TIER_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Configurations for a Search Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The DNS name of this managed zone, for instance \"example.com.\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Set this true to delete all records in the zone.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this ManagedZone.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"User assigned name for this resource.\nMust be unique within the project.","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description":"Delegate your managed_zone to these virtual name servers;\ndefined by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"]","description_kind":"plain","optional":true}},"block_types":{"cloud_logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_logging":{"type":"bool","description":"If set, enable query logging for this ManagedZone. False by default, making logging opt-in.","description_kind":"plain","required":true}},"description":"Cloud logging configuration","description_kind":"plain"},"max_items":1},"dnssec_config":{"nesting_mode":"list","block":{"attributes":{"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true},"non_existence":{"type":"string","description":"Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"]","description_kind":"plain","optional":true}},"block_types":{"default_key_specs":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"]","description_kind":"plain","optional":true},"key_length":{"type":"number","description":"Length of the keys in bits","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"]","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true}},"description":"Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.","description_kind":"plain"}}},"description":"DNSSEC configuration","description_kind":"plain"},"max_items":1},"forwarding_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address of a target name server.","description_kind":"plain","required":true}},"description":"List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.","description_kind":"plain"},"min_items":1}},"description":"The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.","description_kind":"plain"},"max_items":1},"peering_config":{"nesting_mode":"list","block":{"block_types":{"target_network":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The network with which to peer.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.","description_kind":"plain"},"max_items":1},"private_visibility_config":{"nesting_mode":"list","block":{"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to bind to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you\nmay experience issues with this resource while updating. If you've defined a 'networks' block and\nadd another 'networks' block while keeping the old block, Terraform will see an incorrect diff\nand apply an incorrect update to the resource. If you encounter this issue, remove all 'networks'\nblocks in an update and then apply another update adding all of them back simultaneously.","description_kind":"plain"}}},"description":"For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"enable_inbound_forwarding":{"type":"bool","description":"Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User assigned name for this policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"alternative_name_server_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address to forward to.","description_kind":"plain","required":true}},"description":"Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.","description_kind":"plain"},"min_items":1}},"description":"Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.","description_kind":"plain"},"max_items":1},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"List of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description":"The name of the zone in which this record set will reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The DNS name this record set will apply to.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \\\" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \\\"\\\" inside the Terraform configuration string (e.g. \"first255characters\\\"\\\"morecharacters\").","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"plain","optional":true},"type":{"type":"string","description":"The DNS record set type.","description_kind":"plain","required":true}},"block_types":{"routing_policy":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing":{"type":"bool","description":"Specifies whether to enable fencing for geo queries.","description_kind":"plain","optional":true}},"block_types":{"geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Geo location based routing policy.","description_kind":"plain"}},"primary_backup":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing_for_backups":{"type":"bool","description":"Specifies whether to enable fencing for backup geo queries.","description_kind":"plain","optional":true},"trickle_ratio":{"type":"number","description":"Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.","description_kind":"plain","optional":true}},"block_types":{"backup_geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The backup geo targets, which provide a regional failover policy for the otherwise global primary targets.","description_kind":"plain"},"min_items":1},"primary":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of global primary targets to be health checked.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.","description_kind":"plain"},"max_items":1},"wrr":{"nesting_mode":"list","block":{"attributes":{"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true},"weight":{"type":"number","description":"The ratio of traffic routed to the target.","description_kind":"plain","required":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of `rrdatas` or `health_checked_targets` can be set.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Weighted Round Robin based routing policy.","description_kind":"plain"}}},"description":"The configuration for steering traffic based on query. You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_response_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the response policy, such as 'My new response policy'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy_name":{"type":"string","description":"The user assigned name for this Response Policy, such as 'myresponsepolicy'.","description_kind":"plain","required":true}},"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The fully qualified URL of the VPC network to bind to.\nThis should be formatted like\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_response_policy_rule":{"version":0,"block":{"attributes":{"dns_name":{"type":"string","description":"The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy":{"type":"string","description":"Identifies the response policy addressed by this request.","description_kind":"plain","required":true},"rule_name":{"type":"string","description":"An identifier for this rule. Must be unique with the ResponsePolicy.","description_kind":"plain","required":true}},"block_types":{"local_data":{"nesting_mode":"list","block":{"block_types":{"local_datas":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"For example, www.example.com.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description":"As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Number of seconds that this ResourceRecordSet can be cached by\nresolvers.","description_kind":"plain","optional":true},"type":{"type":"string","description":"One of valid DNS resource types. Possible values: [\"A\", \"AAAA\", \"CAA\", \"CNAME\", \"DNSKEY\", \"DS\", \"HTTPS\", \"IPSECVPNKEY\", \"MX\", \"NAPTR\", \"NS\", \"PTR\", \"SOA\", \"SPF\", \"SRV\", \"SSHFP\", \"SVCB\", \"TLSA\", \"TXT\"]","description_kind":"plain","required":true}},"description":"All resource record sets for this selector, one per resource record type. The name must match the dns_name.","description_kind":"plain"},"min_items":1}},"description":"Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;\nin particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name. Must be unique.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the processor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor_default_version":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"processor":{"type":"string","description":"The processor to set the version on.","description_kind":"plain","required":true},"version":{"type":"string","description":"The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel.\nApply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_document_schema":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name of the schema given by the user.","description_kind":"plain","required":true},"document_is_folder":{"type":"bool","description":"Tells whether the document is a folder or a typical document.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the document schema.","description_kind":"plain","computed":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"property_type_options":{"nesting_mode":"list","block":{"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1}},"description":"Nested structured data property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text/string property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_location":{"version":0,"block":{"attributes":{"access_control_mode":{"type":"string","description":"The access control mode for accessing the customer data. Possible values: [\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\", \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_BYOID\", \"ACL_MODE_UNIVERSAL_ACCESS\"]","description_kind":"plain","required":true},"database_type":{"type":"string","description":"The type of database used to store customer data. Possible values: [\"DB_INFRA_SPANNER\", \"DB_CLOUD_SQL_POSTGRES\"]","description_kind":"plain","required":true},"document_creator_default_role":{"type":"string","description":"The default role for the person who create a document. Possible values: [\"DOCUMENT_ADMIN\", \"DOCUMENT_EDITOR\", \"DOCUMENT_VIEWER\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"The KMS key used for CMEK encryption. It is required that\nthe kms key is in the same region as the endpoint. The\nsame key will be used for all provisioned resources, if\nencryption is available. If the kmsKey is left empty, no\nencryption will be enforced.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the instance is to be provisioned. It takes the form projects/{projectNumber}/locations/{location}.","description_kind":"plain","required":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_cluster":{"version":0,"block":{"attributes":{"cluster_ca_certificate":{"type":"string","description":"The PEM-encoded public certificate of the cluster's CA.","description_kind":"plain","computed":true,"sensitive":true},"control_plane_version":{"type":"string","description":"The control plane release version.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node used if a maximum value is not\nspecified explicitly for a node pool in this cluster. If unspecified, the\nKubernetes default value will be used.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of the Kubernetes API server.","description_kind":"plain","computed":true},"external_load_balancer_ipv4_address_pools":{"type":["list","string"],"description":"Address pools for cluster data plane external load balancing.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the edgecloud cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"maintenance_events":{"type":["list",["object",{"create_time":"string","end_time":"string","operation":"string","schedule":"string","start_time":"string","state":"string","target_version":"string","type":"string","update_time":"string","uuid":"string"}]],"description":"All the maintenance events scheduled for the cluster, including the ones\nongoing, planned for the future and done in the past (up to 90 days).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The GDCE cluster name.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes. This field can be empty\nif the cluster does not have any worker nodes.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the Kubernetes API server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel a cluster is subscribed to. Possible values: [\"RELEASE_CHANNEL_UNSPECIFIED\", \"NONE\", \"REGULAR\"]","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Indicates the status of the cluster.","description_kind":"plain","computed":true},"target_version":{"type":"string","description":"The target cluster version. For example: \"1.5.0\".","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"An active Google username.","description_kind":"plain","required":true}},"description":"User that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster. Currently, this is a singular field, but will\nbe expanded to allow multiple admins in the future.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"RBAC policy that will be applied and managed by GEC.","description_kind":"plain"},"min_items":1,"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"local":{"nesting_mode":"list","block":{"attributes":{"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to host control\nplane nodes. The filtering language accepts strings like \"name=\u003cname\u003e\",\nand is documented here: [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes to serve as replicas of the Control Plane.\nOnly 1 and 3 are supported.","description_kind":"plain","optional":true,"computed":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true},"shared_deployment_policy":{"type":"string","description":"Policy configuration about how user applications are deployed. Possible values: [\"SHARED_DEPLOYMENT_POLICY_UNSPECIFIED\", \"ALLOWED\", \"DISALLOWED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Local control plane configuration.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote control plane configuration.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the cluster control plane.","description_kind":"plain"},"max_items":1},"control_plane_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g.\nprojects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}\nto use for protecting control plane disks. If not specified, a\nGoogle-managed key will be used instead.","description_kind":"plain","optional":true,"computed":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting control\nplane disks. Only applicable if kms_key is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then\nnodes may go offline as they cannot access their local data. This can be\ncaused by a lack of permissions to use the key, or if the key is disabled\nor deleted.","description_kind":"plain","computed":true},"kms_status":{"type":["list",["object",{"code":"number","message":"string"}]],"description":"Error status returned by Cloud KMS when using this key. This field may be\npopulated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'.\nIf populated, this field contains the error status reported by Cloud KMS.","description_kind":"plain","computed":true}},"description":"Remote control plane disk encryption options. This field is only used when\nenabling CMEK support.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster.\nMembership names are formatted as\n'projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The name of the Fleet host project where this cluster will be registered.\nProject names are formatted as\n'projects/\u003cproject-number\u003e'.","description_kind":"plain","required":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"window":{"nesting_mode":"list","block":{"block_types":{"recurring_window":{"nesting_mode":"list","block":{"attributes":{"recurrence":{"type":"string","description":"An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how\nthis window recurs. They go on for the span of time between the start and\nend time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Represents an arbitrary window of time that recurs.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the maintenance window in which maintenance may be performed.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Cluster-wide maintenance policy configuration.","description_kind":"plain"},"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"cluster_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all pods in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6.","description_kind":"plain","computed":true},"services_ipv4_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"services_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all services in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"system_addons_config":{"nesting_mode":"list","block":{"block_types":{"ingress":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Whether Ingress is disabled.","description_kind":"plain","optional":true,"computed":true},"ipv4_vip":{"type":"string","description":"Ingress VIP.","description_kind":"plain","optional":true,"computed":true}},"description":"Config for the Ingress add-on which allows customers to create an Ingress\nobject to manage external access to the servers in a cluster. The add-on\nconsists of istiod and istio-ingress.","description_kind":"plain"},"max_items":1}},"description":"Config that customers are allowed to define for GDCE system add-ons.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_node_pool":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The name of the target Distributed Cloud Edge Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the node pool was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to join the node pool.\nThe filtering language accepts strings like \"name=\u003cname\u003e\", and is\ndocumented in more detail in [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the node pool.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"The number of nodes in the pool.","description_kind":"plain","required":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the node pool was last updated.","description_kind":"plain","computed":true}},"block_types":{"local_disk_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks.\nIf not specified, a Google-managed key will be used instead.","description_kind":"plain","optional":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data.\nThis can be caused by a lack of permissions to use the key, or if the key is disabled or deleted.","description_kind":"plain","computed":true}},"description":"Local disk encryption options. This field is only used when enabling CMEK support.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"\"The Kubernetes node labels\"","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for each node in the NodePool","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_vpn_connection":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the VPN connection was created.","description_kind":"plain","computed":true},"details":{"type":["list",["object",{"cloud_router":["list",["object",{"name":"string"}]],"cloud_vpns":["list",["object",{"gateway":"string"}]],"error":"string","state":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_high_availability":{"type":"bool","description":"Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Google Cloud Platform location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of VPN connection","description_kind":"plain","required":true},"nat_gateway_ip":{"type":"string","description":"NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster.\nThis is empty if NAT is not used.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The VPN connection Cloud Router name.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the VPN connection was last updated.","description_kind":"plain","computed":true},"vpc":{"type":"string","description":"The network ID of VPC to connect to.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_project":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project of the VPC to connect to. If not specified, it is the same as the cluster project.","description_kind":"plain","optional":true}},"description":"Project detail of the VPC network. Required if VPC is in a different project than the cluster project.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_edgenetwork_network":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"mtu":{"type":"number","description":"IP (L3) MTU value of the network. Default value is '1500'. Possible values are: '1500', '9000'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","computed":true},"network_id":{"type":"string","description":"A unique ID that identifies this network.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgenetwork_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_cidr":{"type":["list","string"],"description":"The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"ipv6_cidr":{"type":["list","string"],"description":"The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'","description_kind":"plain","computed":true},"network":{"type":"string","description":"The ID of the network to which this router belongs.\nMust be of the form: 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current stage of the resource to the device by config push.","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"A unique ID that identifies this subnet.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID for this subnetwork. If not specified, one is assigned automatically.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service":{"version":1,"block":{"attributes":{"apis":{"type":["list",["object",{"methods":["list",["object",{"name":"string","request_type":"string","response_type":"string","syntax":"string"}]],"name":"string","syntax":"string","version":"string"}]],"description":"A list of API objects.","description_kind":"plain","computed":true},"config_id":{"type":"string","description":"The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.","description_kind":"plain","computed":true},"dns_address":{"type":"string","description":"The address at which the service can be found - usually the same as the service name.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["object",{"address":"string","name":"string"}]],"description":"A list of Endpoint objects.","description_kind":"plain","computed":true},"grpc_config":{"type":"string","description":"The full text of the Service Config YAML file (Example located here). If provided, must also provide protoc_output_base64. open_api config must not be provided.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"openapi_config":{"type":"string","description":"The full text of the OpenAPI YAML configuration as described here. Either this, or both of grpc_config and protoc_output_base64 must be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project ID that the service belongs to. If not provided, provider project is used.","description_kind":"plain","optional":true,"computed":true},"protoc_output_base64":{"type":"string","description":"The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_binding":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_member":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_essential_contacts_contact":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address to send notifications to. This does not need to be a Google account.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_tag":{"type":"string","description":"The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.","description_kind":"plain","required":true},"name":{"type":"string","description":"The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}","description_kind":"plain","computed":true},"notification_category_subscriptions":{"type":["list","string"],"description":"The categories of notifications that the contact will receive communications for.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_channel":{"version":0,"block":{"attributes":{"activation_token":{"type":"string","description":"Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the channel. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{project}/topics/{topic_id}`.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE","description_kind":"plain","computed":true},"third_party_provider":{"type":"string","description":"The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: `projects/{project}/locations/{location}/providers/{provider_id}`.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_google_channel_config":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the config. Must be in the format of, `projects/{project}/locations/{location}/googleChannelConfig`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_trigger":{"version":0,"block":{"attributes":{"channel":{"type":"string","description":"Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.","description_kind":"plain","optional":true},"conditions":{"type":["map","string"],"description":"Output only. The reason(s) why a trigger is in FAILED state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"event_data_content_type":{"type":"string","description":"Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User labels attached to the triggers that can be used to group resources.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the trigger. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"cloud_function":{"type":"string","description":"The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value.","description_kind":"plain","computed":true},"workflow":{"type":"string","description":"The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`","description_kind":"plain","optional":true}},"block_types":{"cloud_run_service":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"region":{"type":"string","description":"Required. The region the Cloud Run service is deployed in.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.","description_kind":"plain","required":true}},"description":"Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.","description_kind":"plain"},"max_items":1},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.","description_kind":"plain","required":true},"location":{"type":"string","description":"Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Required. The namespace the GKE service is running in.","description_kind":"plain","required":true},"path":{"type":"string","description":"Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the GKE service.","description_kind":"plain","required":true}},"description":"A GKE service capable of receiving events. The service should be running in the same project as the trigger.","description_kind":"plain"},"max_items":1},"http_endpoint":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS.","description_kind":"plain","required":true}},"description":"An HTTP endpoint destination described by an URI.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"network_attachment":{"type":"string","description":"Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`","description_kind":"plain","required":true}},"description":"Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type.","description_kind":"plain"},"max_items":1}},"description":"Required. Destination specifies where the events should be sent to.","description_kind":"plain"},"min_items":1,"max_items":1},"matching_criteria":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.","description_kind":"plain","required":true}},"description":"Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transport":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"subscription":{"type":"string","description":"Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.","description_kind":"plain","optional":true}},"description":"The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.","description_kind":"plain"},"max_items":1}},"description":"Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_filestore_backup":{"version":0,"block":{"attributes":{"capacity_gb":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"download_bytes":{"type":"string","description":"Amount of bytes that will be downloaded if the backup is restored.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_file_share":{"type":"string","description":"Name of the file share in the source Cloud Filestore instance that the backup is created from.","description_kind":"plain","required":true},"source_instance":{"type":"string","description":"The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup.","description_kind":"plain","required":true},"source_instance_tier":{"type":"string","description":"The service tier of the source Cloud Filestore instance that this backup is created from.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The backup state.","description_kind":"plain","computed":true},"storage_bytes":{"type":"string","description":"The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","required":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"file_shares":{"nesting_mode":"list","block":{"attributes":{"capacity_gb":{"type":"number","description":"File share capacity in GiB. This must be at least 1024 GiB\nfor the standard tier, or 2560 GiB for the premium tier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the fileshare (16 characters or less)","description_kind":"plain","required":true},"source_backup":{"type":"string","description":"The resource name of the backup, in the format\nprojects/{projectId}/locations/{locationId}/backups/{backupId},\nthat this file share has been restored from.","description_kind":"plain","optional":true}},"block_types":{"nfs_export_options":{"nesting_mode":"list","block":{"attributes":{"access_mode":{"type":"string","description":"Either READ_ONLY, for allowing only read requests on the exported directory,\nor READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"anon_gid":{"type":"number","description":"An integer representing the anonymous group id with a default value of 65534.\nAnon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"anon_uid":{"type":"number","description":"An integer representing the anonymous user id with a default value of 65534.\nAnon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"ip_ranges":{"type":["list","string"],"description":"List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share.\nOverlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned.\nThe limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.","description_kind":"plain","optional":true},"squash_mode":{"type":"string","description":"Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH,\nfor not allowing root access. The default is NO_ROOT_SQUASH. Default value: \"NO_ROOT_SQUASH\" Possible values: [\"NO_ROOT_SQUASH\", \"ROOT_SQUASH\"]","description_kind":"plain","optional":true}},"description":"Nfs Export Options. There is a limit of 10 export options per file share.","description_kind":"plain"},"max_items":10}},"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"networks":{"nesting_mode":"list","block":{"attributes":{"connect_mode":{"type":"string","description":"The network connect mode of the Filestore instance.\nIf not provided, the connect mode defaults to\nDIRECT_PEERING. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"A list of IPv4 or IPv6 addresses.","description_kind":"plain","computed":true},"modes":{"type":["list","string"],"description":"IP versions for which the instance has\nIP addresses assigned. Possible values: [\"ADDRESS_MODE_UNSPECIFIED\", \"MODE_IPV4\", \"MODE_IPV6\"]","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the GCE VPC network to which the\ninstance is connected.","description_kind":"plain","required":true},"reserved_ip_range":{"type":"string","description":"A /29 CIDR block that identifies the range of IP\naddresses reserved for this instance.","description_kind":"plain","optional":true,"computed":true}},"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_snapshot":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filesystem_used_bytes":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The resource name of the filestore instance.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the snapshot. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The snapshot state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_app_attest_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the App Attest configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_debug_token":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of a\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id),\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id),\nor [Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id)","description_kind":"plain","required":true},"debug_token_id":{"type":"string","description":"The last segment of the resource name of the debug token.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A human readable display name used to identify this debug token.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token":{"type":"string","description":"The secret token itself. Must be provided during creation, and must be a UUID4,\ncase insensitive. You may use a method of your choice such as random/random_uuid\nto generate the token.\n\nThis field is immutable once set, and cannot be updated. You can, however, delete\nthis debug token to revoke it.\n\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_play_integrity_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the Play Integrity configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from Play Integrity artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_enterprise_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA Enterprise configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_key":{"type":"string","description":"The score-based site key created in reCAPTCHA Enterprise used to invoke reCAPTCHA and generate the reCAPTCHA tokens for your application.\n\n**Important**: This is not the siteSecret (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key.","description_kind":"plain","required":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_v3_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA V3 configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_secret":{"type":"string","description":"The site secret used to identify your service for reCAPTCHA v3 verification.\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true},"site_secret_set":{"type":"bool","description":"Whether the siteSecret was previously set. Since we will never return the siteSecret field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA V3 artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_service_config":{"version":0,"block":{"attributes":{"enforcement_mode":{"type":"string","description":"The App Check enforcement mode for a service supported by App Check. Valid values are\n\n(Unset)\nFirebase App Check is not enforced for the service, nor are App Check metrics collected.\nThough the service is not protected by App Check in this mode, other applicable protections,\nsuch as user authorization, are still enforced. An unconfigured service is in this mode by default.\nThis is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the\nenforcement to OFF for this service.\n\nUNENFORCED\nFirebase App Check is not enforced for the service. App Check metrics are collected to help you\ndecide when to turn on enforcement for the service. Though the service is not protected by App Check\nin this mode, other applicable protections, such as user authorization, are still enforced.\n\nENFORCED\nFirebase App Check is enforced for the service. The service will reject any request that attempts to\naccess your project's resources if it does not have valid App Check token attached, with some exceptions\ndepending on the service; for example, some services will still allow requests bearing the developer's\nprivileged service account credentials without an App Check token. App Check metrics continue to be\ncollected to help you detect issues with your App Check integration and monitor the composition of your\ncallers. While the service is protected by App Check, other applicable protections, such as user\nauthorization, continue to be enforced at the same time.\n\nUse caution when choosing to enforce App Check on a Firebase service. If your users have not updated\nto an App Check capable version of your app, their apps will no longer be able to use your Firebase\nservices that are enforcing App Check. App Check metrics can help you decide whether to enforce App\nCheck on your Firebase services.\n\nIf your app has not launched yet, you should enable enforcement immediately, since there are no outdated\nclients in use. Possible values: [\"UNENFORCED\", \"ENFORCED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The fully-qualified resource name of the service enforcement configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The identifier of the service to configure enforcement. Currently, the following service IDs are supported:\n firebasestorage.googleapis.com (Cloud Storage for Firebase)\n firebasedatabase.googleapis.com (Firebase Realtime Database)\n firestore.googleapis.com (Cloud Firestore)\n identitytoolkit.googleapis.com (Authentication)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_release":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the release was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: `projects/{project_id}/releases/{release_id}`\\Firestore Rules Releases will **always** have the name 'cloud.firestore'","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"ruleset_name":{"type":"string","description":"Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Time the release was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_ruleset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the `Ruleset` was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["list",["object",{"services":["list","string"]}]],"description":"Output only. The metadata for this ruleset.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output only. Name of the `Ruleset`. The ruleset_id is auto generated by the service. Format: `projects/{project_id}/rulesets/{ruleset_id}`","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"language":{"type":"string","description":"`Language` of the `Source` bundle. If unspecified, the language will default to `FIREBASE_RULES`. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS","description_kind":"plain","optional":true}},"block_types":{"files":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"Textual Content.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint (e.g. github sha) associated with the `File`.","description_kind":"plain","optional":true},"name":{"type":"string","description":"File name.","description_kind":"plain","required":true}},"description":"`File` set constituting the `Source` bundle.","description_kind":"plain"},"min_items":1}},"description":"`Source` for the `Ruleset`.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_backup_schedule":{"version":0,"block":{"attributes":{"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique backup schedule identifier across all locations and databases for the given project. Format:\n'projects/{{project}}/databases/{{database}}/backupSchedules/{{backupSchedule}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retention":{"type":"string","description":"At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".\n\nFor a daily backup recurrence, set this to a value up to 7 days. If you set a weekly backup recurrence, set this to a value up to 14 weeks.","description_kind":"plain","required":true}},"block_types":{"daily_recurrence":{"nesting_mode":"list","block":{"description":"For a schedule that runs daily at a specified time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"weekly_recurrence":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"The day of week to run. Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"For a schedule that runs weekly on a specific day and time.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_database":{"version":0,"block":{"attributes":{"app_engine_integration_mode":{"type":"string","description":"The App Engine integration mode to use for this database. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"concurrency_mode":{"type":"string","description":"The concurrency control mode to use for this database. Possible values: [\"OPTIMISTIC\", \"PESSIMISTIC\", \"OPTIMISTIC_WITH_ENTITY_GROUPS\"]","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. The timestamp at which this database was created.","description_kind":"plain","computed":true},"delete_protection_state":{"type":"string","description":"State of delete protection for the database.\nWhen delete protection is enabled, this database cannot be deleted.\nThe default value is 'DELETE_PROTECTION_STATE_UNSPECIFIED', which is currently equivalent to 'DELETE_PROTECTION_DISABLED'.\n**Note:** Additionally, to delete this database using 'terraform destroy', 'deletion_policy' must be set to 'DELETE'. Possible values: [\"DELETE_PROTECTION_STATE_UNSPECIFIED\", \"DELETE_PROTECTION_ENABLED\", \"DELETE_PROTECTION_DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Deletion behavior for this database.\nIf the deletion policy is 'ABANDON', the database will be removed from Terraform state but not deleted from Google Cloud upon destruction.\nIf the deletion policy is 'DELETE', the database will both be removed from Terraform state and deleted from Google Cloud upon destruction.\nThe default value is 'ABANDON'.\nSee also 'delete_protection'.","description_kind":"plain","optional":true},"earliest_version_time":{"type":"string","description":"Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod.\nThis value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an\nup-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_prefix":{"type":"string","description":"Output only. The keyPrefix for this database.\nThis keyPrefix is used, in combination with the project id (\"~\") to construct the application id\nthat is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes.\nThis value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The location of the database. Available locations are listed at\nhttps://cloud.google.com/firestore/docs/locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID to use for the database, which will become the final\ncomponent of the database's resource name. This value should be 4-63\ncharacters. Valid characters are /[a-z][0-9]-/ with first character\na letter and the last a letter or a number. Must not be\nUUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/.\n\"(default)\" database id is also valid.","description_kind":"plain","required":true},"point_in_time_recovery_enablement":{"type":"string","description":"Whether to enable the PITR feature on this database.\nIf 'POINT_IN_TIME_RECOVERY_ENABLED' is selected, reads are supported on selected versions of the data from within the past 7 days.\nversionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour\nand reads against 1-minute snapshots beyond 1 hour and within 7 days.\nIf 'POINT_IN_TIME_RECOVERY_DISABLED' is selected, reads are supported on any version of the data from within the past 1 hour. Default value: \"POINT_IN_TIME_RECOVERY_DISABLED\" Possible values: [\"POINT_IN_TIME_RECOVERY_ENABLED\", \"POINT_IN_TIME_RECOVERY_DISABLED\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the database.\nSee https://cloud.google.com/datastore/docs/firestore-or-datastore\nfor information about how to choose. Possible values: [\"FIRESTORE_NATIVE\", \"DATASTORE_MODE\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. The system-generated UUID4 for this Database.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp at which this database was most recently updated.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"Output only. The period during which past versions of data are retained in the database.\nAny read or query can specify a readTime within this window, and will read the state of the database at that time.\nIf the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_document":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 format.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"document_id":{"type":"string","description":"The client-assigned document ID to use for this document during creation.","description_kind":"plain","required":true},"fields":{"type":"string","description":"The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}'","description_kind":"plain","computed":true},"path":{"type":"string","description":"A relative path to the collection this document exists within","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Last update timestamp in RFC3339 format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_field":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The id of the collection group to configure.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"field":{"type":"string","description":"The id of the field to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this field. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"index_config":{"nesting_mode":"list","block":{"block_types":{"indexes":{"nesting_mode":"set","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=, !=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Collection scoped queries require you specify\nthe collection at query time. Collection group scope allows queries across all\ncollections with the same id. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"description":"The indexes to configure on the field. Order or array contains must be specified.","description_kind":"plain"}}},"description":"The single field index configuration for this field.\nCreating an index configuration for this field will override any inherited configuration with the\nindexes specified. Configuring the index configuration with an empty block disables all indexes on\nthe field.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"ttl_config":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"The state of TTL (time-to-live) configuration for documents that have this Field set.","description_kind":"plain","computed":true}},"description":"The TTL configuration for this Field. If set to an empty block (i.e. 'ttl_config {}'), a TTL policy is configured based on the field. If unset, a TTL policy is not configured (or will be disabled upon updating the resource).","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_index":{"version":0,"block":{"attributes":{"api_scope":{"type":"string","description":"The API scope at which a query is run. Default value: \"ANY_API\" Possible values: [\"ANY_API\", \"DATASTORE_MODE_API\"]","description_kind":"plain","optional":true},"collection":{"type":"string","description":"The collection being indexed.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\", \"COLLECTION_RECURSIVE\"]","description_kind":"plain","optional":true}},"block_types":{"fields":{"nesting_mode":"list","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"field_path":{"type":"string","description":"Name of the field.","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true}},"description":"The fields supported by this index. The last field entry is always for\nthe field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the\nsame direction as that of the last field defined. If the final field\nin a composite index is not directional, the '__name__' will be\nordered '\"ASCENDING\"' (unless explicitly specified otherwise).","description_kind":"plain"},"min_items":2},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The folder id from the name \"folders/{folder_id}\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Folder. Its format is folders/{folder_id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Folder has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"ID of the folder of the access approval settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"folders/{folder_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n * all\n * App Engine\n * BigQuery\n * Cloud Bigtable\n * Cloud Key Management Service\n * Compute Engine\n * Cloud Dataflow\n * Cloud Identity and Access Management\n * Cloud Pub/Sub\n * Cloud Storage\n * Persistent Disk\n\nNote: These values are supported as input, but considered a legacy format:\n * all\n * appengine.googleapis.com\n * bigquery.googleapis.com\n * bigtable.googleapis.com\n * cloudkms.googleapis.com\n * compute.googleapis.com\n * dataflow.googleapis.com\n * iam.googleapis.com\n * pubsub.googleapis.com\n * storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_folder_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The source cluster from which Backups will be created via this BackupPlan.","description_kind":"plain","required":true},"deactivated":{"type":"bool","description":"This flag indicates whether this BackupPlan has been deactivated.\nSetting this field to True locks the BackupPlan such that no further updates will be allowed\n(except deletes), including the deactivated field itself. It also prevents any new Backups\nfrom being created via this BackupPlan (including scheduled Backups).","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"User specified descriptive string for this BackupPlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"etag is used for optimistic concurrency control as a way to help prevent simultaneous\nupdates of a backup plan from overwriting each other. It is strongly suggested that\nsystems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates\nin order to avoid race conditions: An etag is returned in the response to backupPlans.get,\nand systems are expected to put that etag in the request to backupPlans.patch or\nbackupPlans.delete to ensure that their change will be applied to the same version of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Backup Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protected_pod_count":{"type":"number","description":"The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State of the BackupPlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why BackupPlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, include all namespaced resources.","description_kind":"plain","optional":true},"include_secrets":{"type":"bool","description":"This flag specifies whether Kubernetes Secret resources should be included\nwhen they fall into the scope of Backups.","description_kind":"plain","optional":true,"computed":true},"include_volume_data":{"type":"bool","description":"This flag specifies whether volume data should be backed up when PVCs are\nincluded in the scope of a Backup.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_key":{"nesting_mode":"list","block":{"attributes":{"gcp_kms_encryption_key":{"type":"string","description":"Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*","description_kind":"plain","required":true}},"description":"This defines a customer managed encryption key that will be used to encrypt the \"config\"\nportion (the Kubernetes resources) of Backups created via this plan.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of namespaced Kubernetes Resources.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"If set, include just the resources in the listed namespaces.","description_kind":"plain"},"max_items":1}},"description":"Defines the configuration of Backups created via this BackupPlan.","description_kind":"plain"},"max_items":1},"backup_schedule":{"nesting_mode":"list","block":{"attributes":{"cron_schedule":{"type":"string","description":"A standard cron string that defines a repeating schedule for\ncreating Backups via this BackupPlan.\nIf this is defined, then backupRetainDays must also be defined.","description_kind":"plain","optional":true},"paused":{"type":"bool","description":"This flag denotes whether automatic Backup creation is paused for this BackupPlan.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines a schedule for automatic Backup creation via this BackupPlan.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"backup_delete_lock_days":{"type":"number","description":"Minimum age for a Backup created via this BackupPlan (in days).\nMust be an integer value between 0-90 (inclusive).\nA Backup created under this BackupPlan will not be deletable\nuntil it reaches Backup's (create time + backup_delete_lock_days).\nUpdating this field of a BackupPlan does not affect existing Backups.\nBackups created after a successful update will inherit this new value.","description_kind":"plain","optional":true,"computed":true},"backup_retain_days":{"type":"number","description":"The default maximum age of a Backup created via this BackupPlan.\nThis field MUST be an integer value \u003e= 0 and \u003c= 365. If specified,\na Backup created under this BackupPlan will be automatically deleted\nafter its age reaches (createTime + backupRetainDays).\nIf not specified, Backups created under this BackupPlan will NOT be\nsubject to automatic deletion. Updating this field does NOT affect\nexisting Backups under it. Backups created AFTER a successful update\nwill automatically pick up the new value.\nNOTE: backupRetainDays must be \u003e= backupDeleteLockDays.\nIf cronSchedule is defined, then this must be \u003c= 360 * the creation interval.]","description_kind":"plain","optional":true,"computed":true},"locked":{"type":"bool","description":"This flag denotes whether the retention policy of this BackupPlan is locked.\nIf set to True, no further update is allowed on this policy, including\nthe locked field itself.","description_kind":"plain","optional":true,"computed":true}},"description":"RetentionPolicy governs lifecycle of Backups created under this plan.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan":{"version":0,"block":{"attributes":{"backup_plan":{"type":"string","description":"A reference to the BackupPlan from which Backups may be used\nas the source for Restores created via this RestorePlan.","description_kind":"plain","required":true},"cluster":{"type":"string","description":"The source cluster from which Restores will be created via this RestorePlan.","description_kind":"plain","required":true},"description":{"type":"string","description":"User specified descriptive string for this RestorePlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Restore Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The State of the RestorePlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why RestorePlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"restore_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, restore all namespaced resources in the Backup.\nSetting this field to False will result in an error.","description_kind":"plain","optional":true},"cluster_resource_conflict_policy":{"type":"string","description":"Defines the behavior for handling the situation where cluster-scoped resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'CLUSTER_RESOURCE_CONFLICT_POLICY_UNSPECIFIED'\nif 'clusterResourceRestoreScope' is anyting other than 'noGroupKinds'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#clusterresourceconflictpolicy\nfor more information on each policy option. Possible values: [\"USE_EXISTING_VERSION\", \"USE_BACKUP_VERSION\"]","description_kind":"plain","optional":true},"namespaced_resource_restore_mode":{"type":"string","description":"Defines the behavior for handling the situation where sets of namespaced resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#namespacedresourcerestoremode\nfor more information on each mode. Possible values: [\"DELETE_AND_RESTORE\", \"FAIL_ON_CONFLICT\"]","description_kind":"plain","optional":true},"no_namespaces":{"type":"bool","description":"Do not restore any namespaced resources if set to \"True\".\nSpecifying this field to \"False\" is not allowed.","description_kind":"plain","optional":true},"volume_data_restore_policy":{"type":"string","description":"Specifies the mechanism to be used to restore volume data.\nThis should be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nIf not specified, it will be treated as 'NO_VOLUME_DATA_RESTORATION'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","optional":true}},"block_types":{"cluster_resource_restore_scope":{"nesting_mode":"list","block":{"attributes":{"all_group_kinds":{"type":"bool","description":"If True, all valid cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true},"no_group_kinds":{"type":"bool","description":"If True, no cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true}},"block_types":{"excluded_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to NOT restore from the backup.\nIf specified, all valid cluster-scoped resources will be restored except\nfor those specified in the list.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain"}},"selected_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to restore from the backup.\nIf specified, only the selected resources will be restored.\nMutually exclusive to any other field in the 'clusterResourceRestoreScope'.","description_kind":"plain"}}},"description":"Identifies the cluster-scoped resources to restore from the Backup.","description_kind":"plain"},"max_items":1},"excluded_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces excluded from restoration.\nAll namespaces except those in this list will be restored.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of selected ProtectedApplications to restore.\nThe listed ProtectedApplications and all the resources\nto which they refer will be restored.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces to restore from the Backup.\nThe listed Namespaces and all resources contained in them will be restored.","description_kind":"plain"},"max_items":1},"transformation_rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description is a user specified string description\nof the transformation rule.","description_kind":"plain","optional":true}},"block_types":{"field_actions":{"nesting_mode":"list","block":{"attributes":{"from_path":{"type":"string","description":"A string containing a JSON Pointer value that references the\nlocation in the target document to move the value from.","description_kind":"plain","optional":true},"op":{"type":"string","description":"Specifies the operation to perform. Possible values: [\"REMOVE\", \"MOVE\", \"COPY\", \"ADD\", \"TEST\", \"REPLACE\"]","description_kind":"plain","required":true},"path":{"type":"string","description":"A string containing a JSON-Pointer value that references a\nlocation within the target document where the operation is performed.","description_kind":"plain","optional":true},"value":{"type":"string","description":"A string that specifies the desired value in string format\nto use for transformation.","description_kind":"plain","optional":true}},"description":"A list of transformation rule actions to take against candidate\nresources. Actions are executed in order defined - this order\nmatters, as they could potentially interfere with each other and\nthe first operation could affect the outcome of the second operation.","description_kind":"plain"},"min_items":1},"resource_filter":{"nesting_mode":"list","block":{"attributes":{"json_path":{"type":"string","description":"This is a JSONPath expression that matches specific fields of\ncandidate resources and it operates as a filtering parameter\n(resources that are not matched with this expression will not\nbe candidates for transformation).","description_kind":"plain","optional":true},"namespaces":{"type":["list","string"],"description":"(Filtering parameter) Any resource subject to transformation must\nbe contained within one of the listed Kubernetes Namespace in the\nBackup. If this field is not provided, no namespace filtering will\nbe performed (all resources in all Namespaces, including all\ncluster-scoped resources, will be candidates for transformation).\nTo mix cluster-scoped and namespaced resources in the same rule,\nuse an empty string (\"\") as one of the target namespaces.","description_kind":"plain","optional":true}},"block_types":{"group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"(Filtering parameter) Any resource subject to transformation must\nbelong to one of the listed \"types\". If this field is not provided,\nno type filtering will be performed\n(all resources of all types matching previous filtering parameters\nwill be candidates for transformation).","description_kind":"plain"}}},"description":"This field is used to specify a set of fields that should be used to\ndetermine which resources in backup should be acted upon by the\nsupplied transformation rule actions, and this will ensure that only\nspecific resources are affected by transformation rule actions.","description_kind":"plain"},"max_items":1}},"description":"A list of transformation rules to be applied against Kubernetes\nresources as they are selected for restoration from a Backup.\nRules are executed in order defined - this order matters,\nas changes made by a rule may impact the filtering logic of subsequent\nrules. An empty list means no transformation will occur.","description_kind":"plain"}}},"description":"Defines the configuration of Restores created via this RestorePlan.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"block_types":{"fleet_default_member_config":{"nesting_mode":"list","block":{"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","optional":true}},"block_types":{"config_sync":{"nesting_mode":"list","block":{"attributes":{"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in hierarchical or unstructured mode","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS Proxy to be used when communicating with the Git repo","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true}},"description":"Git repo configuration for the cluster","description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","deprecated":true,"optional":true}},"description":"OCI repo configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"ConfigSync configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"Config Management spec","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Whether to automatically manage Service Mesh Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","required":true}},"description":"Service Mesh spec","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Configures the version of Policy Controller","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation Possible values: [\"INSTALL_SPEC_UNSPECIFIED\", \"INSTALL_SPEC_NOT_INSTALLED\", \"INSTALL_SPEC_ENABLED\", \"INSTALL_SPEC_SUSPENDED\", \"INSTALL_SPEC_DETACHED\"]","description_kind":"plain","required":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component":{"type":"string","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: [\"AFFINITY_UNSPECIFIED\", \"NO_AFFINITY\", \"ANTI_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_toleration":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":"Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. Possible values: [\"MONITORING_BACKEND_UNSPECIFIED\", \"PROMETHEUS\", \"CLOUD_MONITORING\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Monitoring specifies the configuration of monitoring Policy Controller.","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle":{"type":"string","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"Configures which bundles to install and their corresponding install specs.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: [\"INSTALATION_UNSPECIFIED\", \"NOT_INSTALLED\", \"ALL\"]","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Configuration of Policy Controller","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller spec","description_kind":"plain"},"max_items":1}},"description":"Optional. Fleet Default Membership Configuration.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"block_types":{"clusterupgrade":{"nesting_mode":"list","block":{"attributes":{"upstream_fleets":{"type":["list","string"],"description":"Specified if other fleet should be considered as a source of upgrades. Currently, at most one upstream fleet is allowed. The fleet name should be either fleet project number or id.","description_kind":"plain","required":true}},"block_types":{"gke_upgrade_overrides":{"nesting_mode":"list","block":{"block_types":{"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"min_items":1,"max_items":1},"upgrade":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the upgrade, e.g., \"k8s_control_plane\". It should be a valid upgrade name. It must not exceet 99 characters.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the upgrade, e.g., \"1.22.1-gke.100\". It should be a valid version. It must not exceet 99 characters.","description_kind":"plain","required":true}},"description":"Which upgrade to override.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration overrides for individual upgrades.","description_kind":"plain"}},"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"max_items":1}},"description":"Clusterupgrade feature spec.","description_kind":"plain"},"max_items":1},"fleetobservability":{"nesting_mode":"list","block":{"block_types":{"logging_config":{"nesting_mode":"list","block":{"block_types":{"default_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the default routing config to logs not specified in other configs.","description_kind":"plain"},"max_items":1},"fleet_scope_logs_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the routing config to all logs for all fleet scopes.","description_kind":"plain"},"max_items":1}},"description":"Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.","description_kind":"plain"},"max_items":1}},"description":"Fleet Observability feature spec.","description_kind":"plain"},"max_items":1},"multiclusteringress":{"nesting_mode":"list","block":{"attributes":{"config_membership":{"type":"string","description":"Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: 'projects/foo-proj/locations/global/memberships/bar'","description_kind":"plain","required":true}},"description":"Multicluster Ingress-specific spec.","description_kind":"plain"},"max_items":1}},"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_feature_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_membership":{"version":0,"block":{"attributes":{"feature":{"type":"string","description":"The name of the feature","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the feature","description_kind":"plain","required":true},"membership":{"type":"string","description":"The name of the membership","description_kind":"plain","required":true},"membership_location":{"type":"string","description":"The location of the membership","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project of the feature","description_kind":"plain","optional":true,"computed":true}},"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of ACM to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"binauthz":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether binauthz is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"**DEPRECATED** Binauthz configuration for the cluster. This field will be ignored and should not be set.","description_kind":"plain"},"max_items":1},"config_sync":{"nesting_mode":"list","block":{"attributes":{"metrics_gcp_service_account_email":{"type":"string","description":"The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in \"hierarchical\" or \"unstructured\" mode.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secretType is gcpServiceAccount.","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS proxy to be used when communicating with the Git repo.","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth.","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. ","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds(int64 format) between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"Config Sync configuration for the cluster.","description_kind":"plain"},"max_items":1},"hierarchy_controller":{"nesting_mode":"list","block":{"attributes":{"enable_hierarchical_resource_quota":{"type":"bool","description":"Whether hierarchical resource quota is enabled in this cluster.","description_kind":"plain","optional":true},"enable_pod_tree_labels":{"type":"bool","description":"Whether pod tree labels are enabled in this cluster.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether Hierarchy Controller is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"Hierarchy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1},"policy_controller":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"string","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true},"template_library_installed":{"type":"bool","description":"Installs the default template library along with Policy Controller.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1}},"description":"Config Management-specific spec.","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"control_plane":{"type":"string","description":"**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL","description_kind":"plain","deprecated":true,"optional":true},"management":{"type":"string","description":"Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL","description_kind":"plain","optional":true}},"description":"Manage Mesh Features","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of Policy Controller to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation. Possible values: INSTALL_SPEC_UNSPECIFIED, INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, INSTALL_SPEC_DETACHED","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller-specific spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_fleet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time the fleet was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the fleet was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"The state of the fleet resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource. This is unique across all\nFleet resources. If a Fleet resource is deleted and another\nresource with the same name is created, it gets a different uid.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the fleet was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"default_cluster_config":{"nesting_mode":"list","block":{"block_types":{"binary_authorization_config":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. Possible values: [\"DISABLED\", \"POLICY_BINDINGS\"]","description_kind":"plain","optional":true}},"block_types":{"policy_bindings":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The relative resource name of the binauthz platform policy to audit. GKE\nplatform policies have the following format:\n'projects/{project_number}/platforms/gke/policies/{policy_id}'.","description_kind":"plain","optional":true}},"description":"Binauthz policies that apply to this cluster.","description_kind":"plain"}}},"description":"Enable/Disable binary authorization features for the cluster.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets which mode to use for Security Posture features. Possible values: [\"DISABLED\", \"BASIC\"]","description_kind":"plain","optional":true},"vulnerability_mode":{"type":"string","description":"Sets which mode to use for vulnerability scanning. Possible values: [\"VULNERABILITY_DISABLED\", \"VULNERABILITY_BASIC\", \"VULNERABILITY_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Enable/Disable Security Posture features for the cluster.","description_kind":"plain"},"max_items":1}},"description":"The default cluster configurations to apply across the fleet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this membership.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership.\nThe default value is 'global'.","description_kind":"plain","optional":true},"membership_id":{"type":"string","description":"The client-provided identifier of the membership.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the membership.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"authority":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://' and // be a valid\nwith length \u003c2000 characters. For example: 'https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster' (must be 'locations' rather than 'zones'). If the cluster is provisioned with Terraform, this is '\"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}\"'.","description_kind":"plain","required":true}},"description":"Authority encodes how Google will recognize identities from this Membership.\nSee the workload identity documentation for more details:\nhttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity","description_kind":"plain"},"max_items":1},"endpoint":{"nesting_mode":"list","block":{"block_types":{"gke_cluster":{"nesting_mode":"list","block":{"attributes":{"resource_link":{"type":"string","description":"Self-link of the GCP resource for the GKE cluster.\nFor example: '//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster'.\nIt can be at the most 1000 characters in length. If the cluster is provisioned with Terraform,\nthis can be '\"//container.googleapis.com/${google_container_cluster.my-cluster.id}\"' or\n'google_container_cluster.my-cluster.id'.","description_kind":"plain","required":true}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_namespace":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Namespace was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Namespace.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the namespace","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Namespace-level cluster namespace labels. These labels are applied\nto the related namespace of the member clusters bound to the parent\nScope. Scope-level labels ('namespace_labels' in the Fleet Scope\nresource) take precedence over Namespace-level labels if they share\na key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The name of the Scope instance.","description_kind":"plain","required":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_namespace_id":{"type":"string","description":"The client-provided identifier of the namespace.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the namespace resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Scope was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Scope was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Scope.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the scope","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Scope-level cluster namespace labels. For the member clusters bound\nto the Scope, these labels are applied to each namespace under the\nScope. Scope-level labels take precedence over Namespace-level\nlabels ('namespace_labels' in the Fleet Namespace resource) if they\nshare a key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"The client-provided identifier of the scope.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the scope resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Scope was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_hub_scope_rbac_role_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the RBAC Role Binding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the RBAC Role Binding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\ngroup is the group, as seen by the kubernetes cluster.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this ScopeRBACRoleBinding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the RBAC Role Binding","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_rbac_role_binding_id":{"type":"string","description":"The client-provided identifier of the RBAC Role Binding.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the RBAC Role Binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the RBAC Role Binding was updated in UTC.","description_kind":"plain","computed":true},"user":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\nuser is the name of the user as seen by the kubernetes cluster, example\n\"alice\" or \"alice@domain.tld\"","description_kind":"plain","optional":true}},"block_types":{"role":{"nesting_mode":"list","block":{"attributes":{"predefined_role":{"type":"string","description":"PredefinedRole is an ENUM representation of the default Kubernetes Roles Possible values: [\"UNKNOWN\", \"ADMIN\", \"EDIT\", \"VIEW\"]","description_kind":"plain","optional":true}},"description":"Role to bind to the principal.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_admin_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Admin Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal Admin Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Admin Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal admin cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal Admin Cluster.","description_kind":"plain","computed":true}},"block_types":{"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the Admin Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal Admin Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nExamples: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nExamples: http://domain\nWARNING: Do not provide credentials in the format\nhttp://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The Admin Cluster this Bare Metal User Cluster belongs to.\nThis is the full resource name of the Admin Cluster's hub membership.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. If unspecified,\ndefaults to DISABLED. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization related configurations.","description_kind":"plain"},"max_items":1},"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the User Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"bgp_lb_config":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) of the cluster.\nThis field can be updated after cluster creation.","description_kind":"plain","required":true}},"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"string","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"bgp_peer_configs":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) for the network that contains the\nexternal peer device.","description_kind":"plain","required":true},"control_plane_nodes":{"type":["list","string"],"description":"The IP address of the control plane node that connects to the external\npeer.\nIf you don't specify any control plane nodes, all control plane nodes\ncan connect to the external peer. If you specify one or more IP addresses,\nonly the nodes specified participate in peering sessions.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the external peer device.","description_kind":"plain","required":true}},"description":"The list of BGP peers that the cluster will connect to.\nAt least one peer must be configured for each control plane node.\nControl plane nodes will connect to these peers to advertise the control\nplane VIP. The Services load balancer also uses these peers by default.\nThis field can be updated after cluster creation.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"registry_burst":{"type":"number","description":"The maximum size of bursty pulls, temporarily allows pulls to burst to this\nnumber, while still not exceeding registry_pull_qps.\nThe value must not be a negative number.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 10.","description_kind":"plain","optional":true},"registry_pull_qps":{"type":"number","description":"The limit of registry pulls per second.\nSetting this value to 0 means no limit.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 5.","description_kind":"plain","optional":true},"serialize_image_pulls_disabled":{"type":"bool","description":"Prevents the Kubelet from pulling multiple images at a time.\nWe recommend *not* changing the default value on nodes that run docker\ndaemon with version \u003c 1.9 or an Another Union File System (Aufs) storage\nbackend. Issue https://github.com/kubernetes/kubernetes/issues/10959 has\nmore details.","description_kind":"plain","optional":true}},"description":"The modifiable kubelet configurations for the baremetal machines.","description_kind":"plain"},"max_items":1},"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the node pool running data plane load balancing. L2 connectivity\nis required among nodes in this pool. If missing, the control plane node\npool is used for data plane load balancing.","description_kind":"plain"},"max_items":1}},"description":"Configuration for BGP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the load balancer's node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal User Cluster.","description_kind":"plain","required":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this Bare Metal User Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enables the use of advanced Anthos networking features, such as Bundled\nLoad Balancing with BGP or the egress NAT gateway.\nSetting configuration for advanced networking features will automatically\nset this flag.","description_kind":"plain","optional":true}},"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"multiple_network_interfaces_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable multiple network interfaces for your pods.\nWhen set network_config.advanced_networking is automatically\nset to true.","description_kind":"plain","optional":true}},"description":"Configuration for multiple network interfaces.","description_kind":"plain"},"max_items":1},"sr_iov_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to install the SR-IOV operator.","description_kind":"plain","optional":true}},"description":"Configuration for SR-IOV.","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"container_runtime":{"type":"string","description":"The available runtimes that can be used to run containers in a Bare Metal User Cluster. Possible values: [\"CONTAINER_RUNTIME_UNSPECIFIED\", \"DOCKER\", \"CONTAINERD\"]","description_kind":"plain","optional":true,"computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"os_environment_config":{"nesting_mode":"list","block":{"attributes":{"package_repo_excluded":{"type":"bool","description":"Whether the package repo should not be included when initializing\nbare metal machines.","description_kind":"plain","required":true}},"description":"OS environment related configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nExamples: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nExamples: http://domain\nWARNING: Do not provide credentials in the format\nhttp://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies which upgrade policy to use. Possible values: [\"SERIAL\", \"CONCURRENT\"]","description_kind":"plain","optional":true}},"description":"The cluster upgrade policy.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the Bare Metal Node Pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal node pool name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed node pool status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Node Pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"},"min_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"Node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_vmware_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The admin cluster this VMware User Cluster belongs to.\nThis is the full resource name of the admin cluster's hub membership.\nIn the future, references to other resource types might be allowed if\nadmin clusters are modeled as their own resources.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the VMware User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which VMware User Cluster was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time at which VMware User Cluster was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this VMware User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_control_plane_v2":{"type":"bool","description":"Enable control plane V2. Default to false.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The DNS name of VMware User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet configuration for the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the VMware OnPremUserCluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\n\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The VMware cluster name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"The Anthos clusters on the VMware version for your user cluster.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the VMware User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the VMware User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which VMware User Cluster was last updated.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"ValidationCheck represents the result of the preflight check job.","description_kind":"plain","computed":true},"vm_tracking_enabled":{"type":"bool","description":"Enable VM tracking.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"anti_affinity_groups":{"nesting_mode":"list","block":{"attributes":{"aag_config_disabled":{"type":"bool","description":"Spread nodes across at least three physical hosts (requires at least three\nhosts).\nEnabled by default.","description_kind":"plain","required":true}},"description":"AAGConfig specifies whether to spread VMware User Cluster nodes across at\nleast three physical hosts in the datacenter.","description_kind":"plain"},"max_items":1},"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster.","description_kind":"plain"}}},"description":"RBAC policy that will be applied and managed by GKE On-Prem.","description_kind":"plain"},"max_items":1},"auto_repair_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether auto repair is enabled.","description_kind":"plain","required":true}},"description":"Configuration for auto repairing.","description_kind":"plain"},"max_items":1},"control_plane_node":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"number","description":"The number of CPUs for each admin cluster node that serve as control planes\nfor this VMware User Cluster. (default: 4 CPUs)","description_kind":"plain","optional":true},"memory":{"type":"number","description":"The megabytes of memory for each admin cluster node that serves as a\ncontrol plane for this VMware User Cluster (default: 8192 MB memory).","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of control plane nodes for this VMware User Cluster.\n(default: 1 replica).","description_kind":"plain","optional":true},"vsphere_config":{"type":["list",["object",{"datastore":"string","storage_policy_name":"string"}]],"description":"Vsphere-specific config.","description_kind":"plain","computed":true}},"block_types":{"auto_resize_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable control plane node auto resizing.","description_kind":"plain","required":true}},"description":"AutoResizeConfig provides auto resizing configurations.","description_kind":"plain"},"max_items":1}},"description":"VMware User Cluster control plane nodes must have either 1 or 3 replicas.","description_kind":"plain"},"min_items":1,"max_items":1},"dataplane_v2":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enable advanced networking which requires dataplane_v2_enabled to be set true.","description_kind":"plain","optional":true},"dataplane_v2_enabled":{"type":"bool","description":"Enables Dataplane V2.","description_kind":"plain","optional":true},"windows_dataplane_v2_enabled":{"type":"bool","description":"Enable Dataplane V2 for clusters with Windows nodes.","description_kind":"plain","optional":true}},"description":"VmwareDataplaneV2Config specifies configuration for Dataplane V2.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"f5_config":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The load balancer's IP address.","description_kind":"plain","optional":true},"partition":{"type":"string","description":"he preexisting partition to be used by the load balancer. T\nhis partition is usually created for the admin cluster for example:\n'my-f5-admin-partition'.","description_kind":"plain","optional":true},"snat_pool":{"type":"string","description":"The pool name. Only necessary, if using SNAT.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for F5 Big IP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_node_port":{"type":"number","description":"NodePort for control plane service. The Kubernetes API server in the admin\ncluster is implemented as a Service of type NodePort (ex. 30968).","description_kind":"plain","optional":true,"computed":true},"ingress_http_node_port":{"type":"number","description":"NodePort for ingress service's http. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 32527).","description_kind":"plain","optional":true,"computed":true},"ingress_https_node_port":{"type":"number","description":"NodePort for ingress service's https. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 30139).","description_kind":"plain","optional":true,"computed":true},"konnectivity_server_node_port":{"type":"number","description":"NodePort for konnectivity server service running as a sidecar in each\nkube-apiserver pod (ex. 30564).","description_kind":"plain","optional":true,"computed":true}},"description":"Manually configured load balancers.","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address\nmust be either in the CIDR form (1.2.3.0/24) or range\nform (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for\nthose special IP addresses.","description_kind":"plain","optional":true,"computed":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true,"computed":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1}},"description":"Configuration for MetalLB typed load balancers.","description_kind":"plain"},"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this cluster.","description_kind":"plain","optional":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this cluster.","description_kind":"plain","optional":true}},"description":"The VIPs used by the load balancer.","description_kind":"plain"},"max_items":1}},"description":"Load Balancer configuration.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges.\nOnly a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address\nfrom these ranges. Only a single range is supported.. This field\ncannot be changed after creation.","description_kind":"plain","required":true},"vcenter_network":{"type":"string","description":"vcenter_network specifies vCenter network name. Inherited from the admin cluster.","description_kind":"plain","computed":true}},"block_types":{"control_plane_v2_config":{"nesting_mode":"list","block":{"block_types":{"control_plane_ip_block":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","optional":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","optional":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","optional":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"}}},"description":"Static IP addresses for the control plane nodes.","description_kind":"plain"},"max_items":1}},"description":"Configuration for control plane V2 mode.","description_kind":"plain"},"max_items":1},"dhcp_ip_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"enabled is a flag to mark if DHCP IP allocation is\nused for VMware user clusters.","description_kind":"plain","required":true}},"description":"Configuration settings for a DHCP IP configuration.","description_kind":"plain"},"max_items":1},"host_config":{"nesting_mode":"list","block":{"attributes":{"dns_search_domains":{"type":["list","string"],"description":"DNS search domains.","description_kind":"plain","optional":true},"dns_servers":{"type":["list","string"],"description":"DNS servers.","description_kind":"plain","optional":true},"ntp_servers":{"type":["list","string"],"description":"NTP servers.","description_kind":"plain","optional":true}},"description":"Represents common network settings irrespective of the host's IP address.","description_kind":"plain"},"max_items":1},"static_ip_config":{"nesting_mode":"list","block":{"block_types":{"ip_blocks":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","required":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","required":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","required":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"},"min_items":1}},"description":"Represents the configuration values for static IP allocation to nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration settings for a static IP configuration.","description_kind":"plain"},"max_items":1}},"description":"The VMware User Cluster network configuration.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"attributes":{"vsphere_csi_disabled":{"type":"bool","description":"Whether or not to deploy vSphere CSI components in the VMware User Cluster.\nEnabled by default.","description_kind":"plain","required":true}},"description":"Storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"control_plane_only":{"type":"bool","description":"Controls whether the upgrade applies to the control plane only.","description_kind":"plain","optional":true}},"description":"Specifies upgrade policy for the cluster.","description_kind":"plain"},"max_items":1},"vcenter":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The vCenter IP address.","description_kind":"plain","computed":true},"ca_cert_data":{"type":"string","description":"Contains the vCenter CA certificate public key for SSL verification.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The name of the vCenter cluster for the user cluster.","description_kind":"plain","optional":true},"datacenter":{"type":"string","description":"The name of the vCenter datacenter for the user cluster.","description_kind":"plain","optional":true},"datastore":{"type":"string","description":"The name of the vCenter datastore for the user cluster.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The name of the vCenter folder for the user cluster.","description_kind":"plain","optional":true},"resource_pool":{"type":"string","description":"The name of the vCenter resource pool for the user cluster.","description_kind":"plain","optional":true},"storage_policy_name":{"type":"string","description":"The name of the vCenter storage policy for the user cluster.","description_kind":"plain","optional":true}},"description":"VmwareVCenterConfig specifies vCenter config for the user cluster.\nInherited from the admin cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_vmware_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the node pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The vmware node pool name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"Anthos version for the node pool. Defaults to the user cluster version.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"vmware_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"VMware disk size to be used during creation.","description_kind":"plain","optional":true},"cpus":{"type":"number","description":"The number of CPUs for each node in the node pool.","description_kind":"plain","optional":true},"enable_load_balancer":{"type":"bool","description":"Allow node pool traffic to be load balanced. Only works for clusters with\nMetalLB load balancers.","description_kind":"plain","optional":true},"image":{"type":"string","description":"The OS image name in vCenter, only valid when using Windows.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The OS image to be used for each node in a node pool.\nCurrently 'cos', 'ubuntu', 'ubuntu_containerd' and 'windows' are supported.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node.\nThese will added in addition to any default label(s) that\nKubernetes may apply to the node.\nIn case of conflict in label keys, the applied set may differ depending on\nthe Kubernetes version -- it's best to assume the behavior is undefined\nand conflicts should be avoided.","description_kind":"plain","optional":true,"computed":true},"memory_mb":{"type":"number","description":"The megabytes of memory for each node in the node pool.","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of nodes in the node pool.","description_kind":"plain","optional":true}},"block_types":{"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Available taint effects. Possible values: [\"EFFECT_UNSPECIFIED\", \"NO_SCHEDULE\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","required":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}},"vsphere_config":{"nesting_mode":"list","block":{"attributes":{"datastore":{"type":"string","description":"The name of the vCenter datastore. Inherited from the user cluster.","description_kind":"plain","optional":true},"host_groups":{"type":["list","string"],"description":"Vsphere host groups to apply to all VMs in the node pool","description_kind":"plain","optional":true}},"block_types":{"tags":{"nesting_mode":"list","block":{"attributes":{"category":{"type":"string","description":"The Vsphere tag category.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The Vsphere tag name.","description_kind":"plain","optional":true}},"description":"Tags to apply to VMs.","description_kind":"plain"}}},"description":"Specifies the vSphere config for node pool.","description_kind":"plain"},"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"node_pool_autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_replicas":{"type":"number","description":"Maximum number of replicas in the NodePool.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"Minimum number of replicas in the NodePool.","description_kind":"plain","required":true}},"description":"Node Pool autoscaling config for the node pool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_consent_ttl":{"type":"string","description":"Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_consent_create_on_update":{"type":"bool","description":"If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Consent stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}'\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}'\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this ConsentStore, for example:\n\"consent1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_binding":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_member":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dataset":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the Dataset.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Dataset.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"The default timezone used by this dataset. Must be a either a valid IANA time zone name such as\n\"America/New_York\" or empty, which defaults to UTC. This is used for parsing times in resources\n(e.g., HL7 messages) where no explicit timezone is specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dicom_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize DICOM stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the DicomStore.\n\n** Changing this property may recreate the Dicom store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_binding":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_member":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_fhir_store":{"version":0,"block":{"attributes":{"complex_data_type_reference_parsing":{"type":"string","description":"Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED by default after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. Possible values: [\"COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED\", \"DISABLED\", \"ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_search_handling_strict":{"type":"bool","description":"If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters.\nIf false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters.\nThe handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient.","description_kind":"plain","optional":true},"disable_referential_integrity":{"type":"bool","description":"Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store\ncreation. The default value is false, meaning that the API will enforce referential integrity and fail the\nrequests that will result in inconsistent state in the FHIR store. When this field is set to true, the API\nwill skip referential integrity check. Consequently, operations that rely on references, such as\nPatient.get$everything, will not return all the results if broken references exist.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"disable_resource_versioning":{"type":"bool","description":"Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation\nof FHIR store. If set to false, which is the default behavior, all write operations will cause historical\nversions to be recorded automatically. The historical versions can be fetched through the history APIs, but\ncannot be updated. If set to true, no historical versions will be kept. The server will send back errors for\nattempts to read the historical versions.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_history_import":{"type":"bool","description":"Whether to allow the bulk import API to accept history bundles and directly insert historical resource\nversions into the FHIR store. Importing resource histories creates resource interactions that appear to have\noccurred in the past, which clients may not want to allow. If set to false, history bundles within an import\nwill fail with an error.\n\n** Changing this property may recreate the FHIR store (removing all data) **\n\n** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **","description_kind":"plain","optional":true},"enable_update_create":{"type":"bool","description":"Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update\noperation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through\nthe Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit\nlogs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient\nidentifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub\nnotifications.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize FHIR stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the FhirStore.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The FHIR specification version. Possible values: [\"DSTU2\", \"STU3\", \"R4\"]","description_kind":"plain","required":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"stream_configs":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"Supply a FHIR resource type (such as \"Patient\" or \"Observation\"). See\nhttps://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats\nan empty list as an intent to stream all the supported resource types in this FHIR store.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_uri":{"type":"string","description":"BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId","description_kind":"plain","required":true}},"block_types":{"schema_config":{"nesting_mode":"list","block":{"attributes":{"recursive_structure_depth":{"type":"number","description":"The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem\nresource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called\nconcept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default\nvalue 2. The maximum depth allowed is 5.","description_kind":"plain","required":true},"schema_type":{"type":"string","description":"Specifies the output schema type.\n * ANALYTICS: Analytics schema defined by the FHIR community.\n See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.\n * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.\n * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: \"ANALYTICS\" Possible values: [\"ANALYTICS\", \"ANALYTICS_V2\", \"LOSSLESS\"]","description_kind":"plain","optional":true}},"block_types":{"last_updated_partition_config":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of partitioning. Possible values: [\"PARTITION_TYPE_UNSPECIFIED\", \"HOUR\", \"DAY\", \"MONTH\", \"YEAR\"]","description_kind":"plain","required":true}},"description":"The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.","description_kind":"plain"},"max_items":1}},"description":"The configuration for the exported BigQuery schema.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The destination BigQuery structure that contains both the dataset location and corresponding schema config.\nThe output is organized in one table per resource type. The server reuses the existing tables (if any) that\nare named after the resource types, e.g. \"Patient\", \"Observation\". When there is no existing table for a given\nresource type, the server attempts to create one.\nSee the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of streaming configs that configure the destinations of streaming export for every resource mutation in\nthis FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next\nresource mutation is streamed to the new location in addition to the existing ones. When a location is removed\nfrom the list, the server stops streaming to that location. Before adding a new config, you must add the required\nbigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on\nthe order of dozens of seconds) is expected before the results show up in the streaming destination.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize HL7v2 stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Hl7V2Store.\n\n** Changing this property may recreate the Hl7v2 store (removing all data) **","description_kind":"plain","required":true},"reject_duplicate_message":{"type":"bool","description":"Determines whether duplicate messages are allowed.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Restricts notifications sent for messages matching a filter. If this is empty, all messages\nare matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings\n\nFields/functions available for filtering are:\n\n* messageType, from the MSH-9.1 field. For example, NOT messageType = \"ADT\".\n* send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date \u003c \"2017-01-02\".\n* sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime \u003c \"2017-01-02T00:00:00-05:00\".\n* sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = \"ABC\".\n* PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId(\"123456\", \"MRN\").\n* labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels.\"priority\"=\"high\". The operator :* can be used to assert the existence of a label. For example, labels.\"priority\":*.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.\n\nIf a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver","description_kind":"plain","required":true}},"description":"A list of notification configs. Each configuration uses a filter to determine whether to publish a\nmessage (both Ingest \u0026 Create) on the corresponding notification destination. Only the message name\nis sent as part of the notification. Supplied by the client.","description_kind":"plain"}},"parser_config":{"nesting_mode":"list","block":{"attributes":{"allow_null_header":{"type":"bool","description":"Determines whether messages with no header are allowed.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"JSON encoded string for schemas used to parse messages in this\nstore if schematized parsing is desired.","description_kind":"plain","optional":true},"segment_terminator":{"type":"string","description":"Byte(s) to be used as the segment terminator. If this is unset, '\\r' will be used as segment terminator.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The version of the unschematized parser to be used when a custom 'schema' is not set. Default value: \"V1\" Possible values: [\"V1\", \"V2\", \"V3\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iam_access_boundary_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"access_boundary_rule":{"nesting_mode":"list","block":{"attributes":{"available_permissions":{"type":["list","string"],"description":"A list of permissions that may be allowed for use on the specified resource.","description_kind":"plain","optional":true},"available_resource":{"type":"string","description":"The full resource name of a Google Cloud resource entity.","description_kind":"plain","optional":true}},"block_types":{"availability_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The availability condition further constrains the access allowed by the access boundary rule.","description_kind":"plain"},"max_items":1}},"description":"An access boundary rule in an IAM policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_deny_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"deny_rule":{"nesting_mode":"list","block":{"attributes":{"denied_permissions":{"type":["list","string"],"description":"The permissions that are explicitly denied by this rule. Each permission uses the format '{service-fqdn}/{resource}.{verb}',\nwhere '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'.","description_kind":"plain","optional":true},"denied_principals":{"type":["list","string"],"description":"The identities that are prevented from using one or more permissions on Google Cloud resources.","description_kind":"plain","optional":true},"exception_permissions":{"type":["list","string"],"description":"Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.\nIf a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.\nThe excluded permissions can be specified using the same syntax as deniedPermissions.","description_kind":"plain","optional":true},"exception_principals":{"type":["list","string"],"description":"The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.\nFor example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.","description_kind":"plain","optional":true}},"block_types":{"denial_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A deny rule in an IAM deny policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A user-specified description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,\nor use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the pool.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Immutable. The resource name of the parent. Format: 'organizations/{org-id}'.","description_kind":"plain","required":true},"session_duration":{"type":"string","description":"Duration that the Google Cloud access tokens, console sign-in sessions,\nand 'gcloud' sign-in sessions from this pool are valid.\nMust be greater than 15 minutes (900s) and less than 12 hours (43200s).\nIf 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).\nA duration in seconds with up to nine fractional digits, ending with ''s''. Example: \"'3.5s'\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"Output only. The state of the pool.\n * STATE_UNSPECIFIED: State unspecified.\n * ACTIVE: The pool is active, and may be used in Google Cloud policies.\n * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted\n after approximately 30 days. You can restore a soft-deleted pool using\n [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).\n You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.\n While a pool is deleted, you cannot use it to exchange tokens, or use\n existing tokens to access resources. If the pool is undeleted, existing\n tokens grant access again.","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,\ndigits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"access_restrictions":{"nesting_mode":"list","block":{"attributes":{"disable_programmatic_signin":{"type":"bool","description":"Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.\nSee [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).","description_kind":"plain","optional":true}},"block_types":{"allowed_services":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the service.\nExample: console.cloud.google","description_kind":"plain","optional":true}},"description":"Services allowed for web sign-in with the workforce pool.\nIf not set by default there are no restrictions.","description_kind":"plain"}}},"description":"Configure access restrictions on the workforce pool users. This is an optional field. If specified web\nsign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"A [Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n 'google.profile_photo' and 'google.display_name' are not supported.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters.\nIf unspecified, all valid authentication credentials will be accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from the authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings.\n This is also the subject that appears in Cloud Logging logs. This is a required field and\n the mapped subject cannot exceed 127 bytes.\n * 'google.groups': Groups the authenticating user belongs to. You can grant groups access to\n resources using an IAM 'principalSet' binding; access applies to all members of the group.\n * 'google.display_name': The name of the authenticated user. This is an optional field and\n the mapped display name cannot exceed 100 bytes. If not set, 'google.subject' will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n * 'google.profile_photo': The URL that specifies the authenticated user's thumbnail photo.\n This is an optional field. When set, the image will be visible as the user's profile picture.\n If not set, a generic user icon will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}', where {custom_attribute}\nis the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.\nThe maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a workforce pool\nto Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor OIDC providers, you must supply a custom mapping that includes the 'google.subject' attribute.\nFor example, the following maps the sub claim of the incoming credential to the 'subject' attribute\non a Google token:\n'''\n{\"google.subject\": \"assertion.sub\"}\n'''\n\nAn object containing a list of '\"key\": value' pairs.\nExample: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-specified description of the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the provider.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}'","description_kind":"plain","computed":true},"provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name.\nThis value must be 4-32 characters, and may contain the characters [a-z0-9-].\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently\n deleted after approximately 30 days. You can restore a soft-deleted provider using\n [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name.\nThe IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.\nIt must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"oidc":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID. Must match the audience claim of the JWT issued by the identity provider.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URI. Must be a valid URI using the 'https' scheme.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true,"sensitive":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The optional client secret. Required to enable Authorization Code flow for web sign-in.","description_kind":"plain"},"max_items":1},"web_sso_config":{"nesting_mode":"list","block":{"attributes":{"additional_scopes":{"type":["list","string"],"description":"Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the 'openid', 'profile' and 'email' scopes that are supported by the identity provider are requested.\nEach additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.","description_kind":"plain","optional":true},"assertion_claims_behavior":{"type":"string","description":"The behavior for how OIDC Claims are included in the 'assertion' object used for attribute mapping and attribute condition.\n* MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.\n* ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values: [\"MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\", \"ONLY_ID_TOKEN_CLAIMS\"]","description_kind":"plain","required":true},"response_type":{"type":"string","description":"The Response Type to request for in the OIDC Authorization Request for web sign-in.\n\nThe 'CODE' Response Type is recommended to avoid the Implicit Flow, for security reasons.\n* CODE: The 'response_type=code' selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.\n* ID_TOKEN: The 'response_type=id_token' selection uses the Implicit Flow for web sign-in. Possible values: [\"CODE\", \"ID_TOKEN\"]","description_kind":"plain","required":true}},"description":"Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.","description_kind":"plain"},"max_items":1}},"description":"Represents an OpenId Connect 1.0 identity provider.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.\nThe xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\nThe max size of the acceptable xml document will be bounded to 128k characters.\n\nThe metadata xml document should satisfy the following constraints:\n1) Must contain an Identity Provider Entity ID.\n2) Must contain at least one non-expired signing key certificate.\n3) For each signing key:\n a) Valid from should be no more than 7 days from now.\n b) Valid to should be no more than 10 years in the future.\n4) Up to 3 IdP signing keys are allowed in the metadata xml.\n\nWhen updating the provider's metadata xml, at least one non-expired signing key\nmust overlap with the existing metadata. This requirement is skipped if there are\nno non-expired signing keys present in the existing metadata.","description_kind":"plain","required":true}},"description":"Represents a SAML identity provider.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use\nexisting tokens to access resources. If the pool is re-enabled, existing tokens grant\naccess again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the pool. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the pool as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pool.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The pool is active, and may be used in Google Cloud policies.\n* DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after\n approximately 30 days. You can restore a soft-deleted pool using\n UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is\n permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or\n use existing tokens to access resources. If the pool is undeleted, existing tokens grant\n access again.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"[A Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters. If\nunspecified, all valid authentication credential are accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups'\nvalue of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value\n in IAM bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters.\n * 'google.groups': Groups the external identity belongs to. You can grant groups\n access to resources using an IAM 'principalSet' binding; access applies to all\n members of the group.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}',\nwhere '{custom_attribute}' is the name of the custom attribute to be mapped. You can\ndefine a maximum of 50 custom attributes. The maximum length of a mapped attribute key\nis 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a\nworkload to Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor AWS providers, the following rules apply:\n - If no attribute mapping is defined, the following default mapping applies:\n '''\n {\n \"google.subject\":\"assertion.arn\",\n \"attribute.aws_role\":\n \"assertion.arn.contains('assumed-role')\"\n \" ? assertion.arn.extract('{account_arn}assumed-role/')\"\n \" + 'assumed-role/'\"\n \" + assertion.arn.extract('assumed-role/{role_name}/')\"\n \" : assertion.arn\",\n }\n '''\n - If any custom attribute mappings are defined, they must include a mapping to the\n 'google.subject' attribute.\n\nFor OIDC providers, the following rules apply:\n - Custom attribute mappings must be defined, and must include a mapping to the\n 'google.subject' attribute. For example, the following maps the 'sub' claim of the\n incoming credential to the 'subject' attribute on a Google token.\n '''\n {\"google.subject\": \"assertion.sub\"}\n '''","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description for the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the provider as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active, and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted\n after approximately 30 days. You can restore a soft-deleted provider using\n UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider\n until it is permanently deleted.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID used for the pool, which is the final component of the pool resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"workload_identity_pool_provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name. This\nvalue must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"attributes":{"account_id":{"type":"string","description":"The AWS account ID.","description_kind":"plain","required":true}},"description":"An Amazon Web Services identity provider. Not compatible with the property oidc or saml.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"allowed_audiences":{"type":["list","string"],"description":"Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange\nrequests are rejected if the token audience does not match one of the configured\nvalues. Each audience may be at most 256 characters. A maximum of 10 audiences may\nbe configured.\n\nIf this list is empty, the OIDC token audience must be equal to the full canonical\nresource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.\nFor example:\n'''\n//iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\nhttps://iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\n'''","description_kind":"plain","optional":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URL.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"description":"An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.","description_kind":"plain","required":true}},"description":"An SAML 2.0 identity provider. Not compatible with the property oidc or aws.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_brand":{"version":0,"block":{"attributes":{"application_title":{"type":"string","description":"Application name displayed on OAuth consent screen.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'\nNOTE: The name can also be expressed as 'projects/{project_id}/brands/{brand_id}', e.g. when importing.\nNOTE: The brand identification corresponds to the project number as only one\nbrand can be created per project.","description_kind":"plain","computed":true},"org_internal_only":{"type":"bool","description":"Whether the brand is only intended for usage inside the GSuite organization only.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"support_email":{"type":"string","description":"Support email displayed on the OAuth consent screen. Can be either a\nuser or group email. When a user email is specified, the caller must\nbe the user with the associated email address. When a group email is\nspecified, the caller can be either a user or a service account which\nis an owner of the specified group in Cloud Identity.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_identity_platform_config":{"version":0,"block":{"attributes":{"authorized_domains":{"type":["list","string"],"description":"List of domains authorized for OAuth redirects.","description_kind":"plain","optional":true,"computed":true},"autodelete_anonymous_users":{"type":"bool","description":"Whether anonymous users will be auto-deleted after a period of 30 days","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blocking_functions":{"nesting_mode":"list","block":{"block_types":{"forward_inbound_credentials":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's access token.","description_kind":"plain","optional":true},"id_token":{"type":"bool","description":"Whether to pass the user's OIDC identity provider's ID token.","description_kind":"plain","optional":true},"refresh_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's refresh token.","description_kind":"plain","optional":true}},"description":"The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.","description_kind":"plain"},"max_items":1},"triggers":{"nesting_mode":"set","block":{"attributes":{"event_type":{"type":"string","description_kind":"plain","required":true},"function_uri":{"type":"string","description":"HTTP URI trigger for the Cloud Function.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"When the trigger was changed.","description_kind":"plain","computed":true}},"description":"Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\".","description_kind":"plain"},"min_items":1}},"description":"Configuration related to blocking functions.","description_kind":"plain"},"max_items":1},"client":{"nesting_mode":"list","block":{"attributes":{"api_key":{"type":"string","description":"API key that can be used when making requests for this project.","description_kind":"plain","computed":true,"sensitive":true},"firebase_subdomain":{"type":"string","description":"Firebase subdomain.","description_kind":"plain","computed":true}},"block_types":{"permissions":{"nesting_mode":"list","block":{"attributes":{"disabled_user_deletion":{"type":"bool","description":"When true, end users cannot delete their account on the associated project through any of our API methods","description_kind":"plain","optional":true},"disabled_user_signup":{"type":"bool","description":"When true, end users cannot sign up for a new account on the associated project through any of our API methods","description_kind":"plain","optional":true}},"description":"Configuration related to restricting a user's ability to affect their account.","description_kind":"plain"},"max_items":1}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"mfa":{"nesting_mode":"list","block":{"attributes":{"enabled_providers":{"type":["list","string"],"description":"A list of usable second factors for this project. Possible values: [\"PHONE_SMS\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"provider_configs":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"totp_provider_config":{"nesting_mode":"list","block":{"attributes":{"adjacent_intervals":{"type":"number","description":"The allowed number of adjacent intervals that will be used for verification to avoid clock skew.","description_kind":"plain","optional":true}},"description":"TOTP MFA provider config for this project.","description_kind":"plain"},"max_items":1}},"description":"A list of usable second factors for this project along with their configurations.\nThis field does not support phone based MFA, for that use the 'enabledProviders' field.","description_kind":"plain"}}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"monitoring":{"nesting_mode":"list","block":{"block_types":{"request_logging":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether logging is enabled for this project or not.","description_kind":"plain","optional":true}},"description":"Configuration for logging requests made to this project to Stackdriver Logging","description_kind":"plain"},"max_items":1}},"description":"Configuration related to monitoring project activity.","description_kind":"plain"},"max_items":1},"multi_tenant":{"nesting_mode":"list","block":{"attributes":{"allow_tenants":{"type":"bool","description":"Whether this project can have tenants or not.","description_kind":"plain","optional":true},"default_tenant_location":{"type":"string","description":"The default cloud parent org or folder that the tenant project should be created under.\nThe parent resource name should be in the format of \"/\", such as \"folders/123\" or \"organizations/456\".\nIf the value is not set, the tenant will be created under the same organization or folder as the agent project.","description_kind":"plain","optional":true}},"description":"Configuration related to multi-tenant functionality.","description_kind":"plain"},"max_items":1},"quota":{"nesting_mode":"list","block":{"block_types":{"sign_up_quota_config":{"nesting_mode":"list","block":{"attributes":{"quota":{"type":"number","description":"A sign up APIs quota that customers can override temporarily.","description_kind":"plain","optional":true},"quota_duration":{"type":"string","description":"How long this quota will be active for. It is measurred in seconds, e.g., Example: \"9.615s\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"When this quota will take affect.","description_kind":"plain","optional":true}},"description":"Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to quotas.","description_kind":"plain"},"max_items":1},"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","required":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","required":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"sms_region_config":{"nesting_mode":"list","block":{"block_types":{"allow_by_default":{"nesting_mode":"list","block":{"attributes":{"disallowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.","description_kind":"plain"},"max_items":1},"allowlist_only":{"nesting_mode":"list","block":{"attributes":{"allowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of only allowing regions by explicitly adding them to an allowlist.","description_kind":"plain"},"max_items":1}},"description":"Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the DefaultSupportedIdpConfig resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The IdP's x509 certificate.","description_kind":"plain","optional":true}},"description":"The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","optional":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","optional":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_project_default_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource. Example: \"projects/my-awesome-project/config\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","optional":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","optional":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"google_identity_platform_tenant":{"version":0,"block":{"attributes":{"allow_password_signup":{"type":"bool","description":"Whether to allow email/password user authentication.","description_kind":"plain","optional":true},"disable_auth":{"type":"bool","description":"Whether authentication is disabled for the tenant. If true, the users under\nthe disabled tenant are not allowed to sign-in. Admins of the disabled tenant\nare not able to manage its users.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name of the tenant.","description_kind":"plain","required":true},"enable_email_link_signin":{"type":"bool","description":"Whether to enable email link user authentication.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the tenant that is generated by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the default supported IDP config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this DefaultSupportedIdpConfig resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this inbound SAML config resource exists","description_kind":"plain","required":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The x509 certificate","description_kind":"plain","optional":true}},"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","required":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","required":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this OIDC IDP configuration resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_connection":{"version":0,"block":{"attributes":{"connection_revision":{"type":"string","description":"Connection revision. This field is only updated when the connection is created or updated by User.","description_kind":"plain","computed":true},"connector_version":{"type":"string","description":"connectorVersion of the Connector.","description_kind":"plain","required":true},"connector_version_infra_config":{"type":["list",["object",{"ratelimit_threshold":"string"}]],"description":"This configuration provides infra configs like rate limit threshold which need to be configurable for every connector version.","description_kind":"plain","computed":true},"connector_version_launch_stage":{"type":"string","description":"Flag to mark the version indicating the launch stage.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An arbitrary description for the Conection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"eventing_enablement_type":{"type":"string","description":"Eventing enablement type. Will be nil if eventing is not enabled. Possible values: [\"EVENTING_AND_CONNECTION\", \"ONLY_EVENTING\"]","description_kind":"plain","optional":true},"eventing_runtime_data":{"type":["list",["object",{"events_listener_endpoint":"string","status":["list",["object",{"description":"string","state":"string"}]]}]],"description":"Eventing Runtime Data.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Connection needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Connection needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Service account needed for runtime plane to access Google Cloud resources.","description_kind":"plain","optional":true,"computed":true},"service_directory":{"type":"string","description":"The name of the Service Directory service name. Used for Private Harpoon to resolve the ILB address.\ne.g. \"projects/cloud-connectors-e2e-testing/locations/us-central1/namespaces/istio-system/services/istio-ingressgateway-connectors\"","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"description":"string","state":"string","status":"string"}]],"description":"Status of the Integration Connector.","description_kind":"plain","computed":true},"subscription_type":{"type":"string","description":"This subscription type enum states the subscription type of the project.","description_kind":"plain","computed":true},"suspended":{"type":"bool","description":"Suspended indicates if a user has suspended a connection or not.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\", \"OAUTH2_JWT_BEARER\", \"OAUTH2_CLIENT_CREDENTIALS\", \"SSH_PUBLIC_KEY\", \"OAUTH2_AUTH_CODE_FLOW\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"oauth2_auth_code_flow":{"nesting_mode":"list","block":{"attributes":{"auth_uri":{"type":"string","description":"Auth URL for Authorization Code Flow.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"Client ID for user-provided OAuth app.","description_kind":"plain","optional":true},"enable_pkce":{"type":"bool","description":"Whether to enable PKCE when the user performs the auth code flow.","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description":"Scopes the connection will request when the user performs the auth code flow.","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Client secret for user-provided OAuth app.","description_kind":"plain"},"max_items":1}},"description":"Parameters to support Oauth 2.0 Auth Code Grant Authentication.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"Secret version of Password for Authentication.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing the client secret.","description_kind":"plain"},"max_items":1}},"description":"OAuth3 Client Credentials for Authentication.","description_kind":"plain"},"max_items":1},"oauth2_jwt_bearer":{"nesting_mode":"list","block":{"block_types":{"client_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing a PKCS#8 PEM-encoded private key associated with the Client Certificate.\nThis private key will be used to sign JWTs used for the jwt-bearer authorization grant.\nSpecified in the form as: projects/*/secrets/*/versions/*.","description_kind":"plain"},"max_items":1},"jwt_claims":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Value for the \"aud\" claim.","description_kind":"plain","optional":true},"issuer":{"type":"string","description":"Value for the \"iss\" claim.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"Value for the \"sub\" claim.","description_kind":"plain","optional":true}},"description":"JwtClaims providers fields to generate the token.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 JWT Bearer for Authentication.","description_kind":"plain"},"max_items":1},"ssh_public_key":{"nesting_mode":"list","block":{"attributes":{"cert_type":{"type":"string","description":"Format of SSH Client cert.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The user account used to authenticate.","description_kind":"plain","required":true}},"block_types":{"ssh_client_cert":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"SSH Client Cert. It should contain both public and private key.","description_kind":"plain"},"max_items":1},"ssh_client_cert_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password (passphrase) for ssh client certificate if it has one.","description_kind":"plain"},"max_items":1}},"description":"SSH Public Key for Authentication.","description_kind":"plain"},"max_items":1},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","required":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"authConfig for the connection.","description_kind":"plain"},"max_items":1},"config_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"Config Variables for the connection.","description_kind":"plain"}},"destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The key is the destination identifier that is supported by the Connector.","description_kind":"plain","required":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"For publicly routable host.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port is the target port number that is accepted by the destination.","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"PSC service attachments. Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","optional":true}},"description":"The destinations for the key.","description_kind":"plain"}}},"description":"Define the Connectors target endpoint.","description_kind":"plain"}},"eventing_config":{"nesting_mode":"list","block":{"attributes":{"enrichment_enabled":{"type":"bool","description":"Enrichment Enabled.","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","optional":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"authConfig for Eventing Configuration.","description_kind":"plain"},"max_items":1},"registration_destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Key for the connection","description_kind":"plain","optional":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Host","description_kind":"plain","optional":true},"port":{"type":"number","description":"port number","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"Service Attachment","description_kind":"plain","optional":true}},"description":"destinations for the connection","description_kind":"plain"}}},"description":"registrationDestinationConfig","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Eventing Configuration of a connection","description_kind":"plain"},"max_items":1},"lock_config":{"nesting_mode":"list","block":{"attributes":{"locked":{"type":"bool","description":"Indicates whether or not the connection is locked.","description_kind":"plain","required":true},"reason":{"type":"string","description":"Describes why a connection is locked.","description_kind":"plain","optional":true}},"description":"Determines whether or no a connection is locked. If locked, a reason must be specified.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enabled represents whether logging is enabled or not for a connection.","description_kind":"plain","required":true}},"description":"Log configuration for the connection.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true}},"description":"Node configuration for the connection.","description_kind":"plain"},"max_items":1},"ssl_config":{"nesting_mode":"list","block":{"attributes":{"client_cert_type":{"type":"string","description":"Type of Client Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"server_cert_type":{"type":"string","description":"Type of Server Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"trust_model":{"type":"string","description":"Enum for Trust Model Possible values: [\"PUBLIC\", \"PRIVATE\", \"INSECURE\"]","description_kind":"plain","optional":true},"type":{"type":"string","description":"Enum for controlling the SSL Type (TLS/MTLS) Possible values: [\"TLS\", \"MTLS\"]","description_kind":"plain","required":true},"use_ssl":{"type":"bool","description":"Bool for enabling SSL","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"Additional SSL related field values.","description_kind":"plain"}},"client_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Certificate","description_kind":"plain"},"max_items":1},"client_private_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Private Key","description_kind":"plain"},"max_items":1},"client_private_key_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret containing the passphrase protecting the Client Private Key","description_kind":"plain"},"max_items":1},"private_server_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Private Server Certificate. Needs to be specified if trust model is PRIVATE.","description_kind":"plain"},"max_items":1}},"description":"SSL Configuration of a connection","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_endpoint_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"The Private Service Connect connection endpoint ip.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_attachment":{"type":"string","description":"The path of the service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","optional":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_template":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.","description_kind":"plain","required":true},"protection_level":{"type":"string","description":"The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".","description_kind":"plain","optional":true}},"description":"A template describing settings for new crypto key versions.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_binding":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_member":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.","description_kind":"plain","computed":true},"attestation":{"type":["list",["object",{"cert_chains":["list",["object",{"cavium_certs":"string","google_card_certs":"string","google_partition_certs":"string"}]],"content":"string","external_protection_level_options":["list",["object",{"ekm_connection_key_path":"string","external_key_uri":"string"}]],"format":"string"}]],"description":"Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly provided for key versions with protectionLevel HSM.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The name of the cryptoKey associated with the CryptoKeyVersions.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"generate_time":{"type":"string","description":"The time this CryptoKeyVersion key material was generated","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name for this CryptoKeyVersion.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the CryptoKeyVersion. Possible values: [\"PENDING_GENERATION\", \"ENABLED\", \"DISABLED\", \"DESTROYED\", \"DESTROY_SCHEDULED\", \"PENDING_IMPORT\", \"IMPORT_FAILED\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_key_ring_import_job":{"version":0,"block":{"attributes":{"attestation":{"type":["list",["object",{"content":"string","format":"string"}]],"description":"Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.\nUse this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly present if the chosen ImportMethod is one with a protection level of HSM.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"The time at which this resource is scheduled for expiration and can no longer be used.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_job_id":{"type":"string","description":"It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}","description_kind":"plain","required":true},"import_method":{"type":"string","description":"The wrapping method to be used for incoming key material. Possible values: [\"RSA_OAEP_3072_SHA1_AES_256\", \"RSA_OAEP_4096_SHA1_AES_256\"]","description_kind":"plain","required":true},"key_ring":{"type":"string","description":"The KeyRing that this import job belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The protection level of the ImportJob. This must match the protectionLevel of the\nversionTemplate on the CryptoKey you attempt to import into. Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\"]","description_kind":"plain","required":true},"public_key":{"type":["list",["object",{"pem":"string"}]],"description":"The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the ImportJob, indicating if it can be used.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description":"The additional authenticated data used for integrity checks during encryption and decryption.","description_kind":"plain","optional":true,"sensitive":true},"ciphertext":{"type":"string","description":"Contains the result of encrypting the provided plaintext, encoded in base64.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The full name of the CryptoKey that will be used to encrypt the provided plaintext.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description":"The plaintext to be encrypted.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_billing_account_bucket_config":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_billing_account_exclusion":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_billing_account_sink":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The billing account exported to the sink.","description_kind":"plain","required":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_folder_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder to be exported to the sink. Note that either [FOLDER_ID] or \"folders/[FOLDER_ID]\" is accepted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_linked_dataset":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket to which the linked dataset is attached.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\"\nand \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this link. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"Output only. The linked dataset lifecycle state.","description_kind":"plain","computed":true},"link_id":{"type":"string","description":"The id of the linked dataset.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the linked dataset.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the linked dataset. The name can have up to 100 characters. A valid link id\n(at the end of the link name) must only have alphanumeric characters and underscores within it.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the linked dataset.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID\nof the link, so the link must match the naming restrictions of BigQuery datasets\n(alphanumeric characters and underscores only). The dataset will have a resource path of\n\"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]\"","description_kind":"plain","computed":true}},"description":"The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along\nwith it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery\nViews corresponding to the LogViews in the bucket.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket of the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the view.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this view.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the view. For example: \\'projects/my-project/locations/global/buckets/my-bucket/views/my-view\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the view.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_metric":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects\nare supported. The bucket has to be in the same project as the metric.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this metric, which is used in documentation. The maximum length of the\ndescription is 8000 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this metric is disabled and it does not generate any points.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which\nis used to match log entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key string to an extractor expression which is used to extract data from a log\nentry field and assign as the label value. Each label key specified in the LabelDescriptor must\nhave an associated extractor expression in this map. The syntax of the extractor expression is\nthe same as for the valueExtractor field.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The client-assigned metric identifier. Examples - \"error_count\", \"nginx/requests\".\nMetric identifiers are limited to 100 characters and can include only the following\ncharacters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash\ncharacter (/) denotes a hierarchy of name pieces, and it cannot be the first character\nof the name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"value_extractor":{"type":"string","description":"A valueExtractor is required when using a distribution logs-based metric to extract the values to\nrecord from a log entry. Two functions are supported for value extraction - EXTRACT(field) or\nREGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which\nthe value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax\n(https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified\nlog entry field. The value of the field is converted to a string before applying the regex. It is an\nerror to specify a regex that does not include exactly one capture group.","description_kind":"plain","optional":true}},"block_types":{"bucket_options":{"nesting_mode":"list","block":{"block_types":{"explicit_buckets":{"nesting_mode":"list","block":{"attributes":{"bounds":{"type":["list","number"],"description":"The values must be monotonically increasing.","description_kind":"plain","required":true}},"description":"Specifies a set of buckets with arbitrary widths.","description_kind":"plain"},"max_items":1},"exponential_buckets":{"nesting_mode":"list","block":{"attributes":{"growth_factor":{"type":"number","description":"Must be greater than 1.","description_kind":"plain","required":true},"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"scale":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies an exponential sequence of buckets that have a width that is proportional to the value of\nthe lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.","description_kind":"plain"},"max_items":1},"linear_buckets":{"nesting_mode":"list","block":{"attributes":{"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"offset":{"type":"number","description":"Lower bound of the first bucket.","description_kind":"plain","required":true},"width":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies a linear sequence of buckets that all have the same width (except overflow and underflow).\nEach bucket represents a constant absolute uncertainty on the specific value in the bucket.","description_kind":"plain"},"max_items":1}},"description":"The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it\ndescribes the bucket boundaries used to create a histogram of the extracted values.","description_kind":"plain"},"max_items":1},"metric_descriptor":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case\nwithout an ending period, for example \"Request count\". This field is optional but it is\nrecommended to be set for any metrics associated with user-visible concepts, such as Quota.","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to DELTA. Possible values: [\"DELTA\", \"GAUGE\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"unit":{"type":"string","description":"The unit in which the metric value is reported. It is only applicable if the valueType is\n'INT64', 'DOUBLE', or 'DISTRIBUTION'. The supported units are a subset of\n[The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to INT64. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\", \"MONEY\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The label key.","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"BOOL\", \"INT64\", \"STRING\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. For\nexample, the appengine.googleapis.com/http/server/response_latencies metric type has a label\nfor the HTTP response code, response_code, so you can look at latencies for successful responses\nor just for responses that failed.","description_kind":"plain"}}},"description":"The optional metric descriptor associated with the logs-based metric.\nIf unspecified, it uses a default metric descriptor with a DELTA metric kind,\nINT64 value type, with no labels and a unit of \"1\". Such a metric counts the\nnumber of log entries matching the filter expression.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_organization_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve or configure settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization to be exported to the sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_project_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"enable_analytics":{"type":"bool","description":"Enable log analytics for the bucket. Cannot be disabled once enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"locked":{"type":"bool","description":"Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"project":{"type":"string","description":"The parent project that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_project_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_logging_project_sink":{"version":0,"block":{"attributes":{"custom_writer_identity":{"type":"string","description":"A service account provided by the caller that will be used to write the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are routing logs to a destination outside this sink's project. If not specified, a Logging service account will automatically be generated.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project to create the sink in. If omitted, the project associated with the provider is used.","description_kind":"plain","optional":true,"computed":true},"unique_writer_identity":{"type":"bool","description":"Whether or not to create a unique identity associated with this sink. If false (the legacy behavior), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (default), then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.","description_kind":"plain","optional":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_looker_instance":{"version":0,"block":{"attributes":{"consumer_network":{"type":"string","description":"Network name in the consumer project in the format of: projects/{project}/global/networks/{network}\nNote that the consumer network may be in a different GCP project than the consumer\nproject that is hosting the Looker Instance.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"egress_public_ip":{"type":"string","description":"Public Egress IP (IPv4).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_private_ip":{"type":"string","description":"Private Ingress IP (IPv4).","description_kind":"plain","computed":true},"ingress_public_ip":{"type":"string","description":"Public Ingress IP (IPv4).","description_kind":"plain","computed":true},"looker_uri":{"type":"string","description":"Looker instance URI which can be used to access the Looker Instance UI.","description_kind":"plain","computed":true},"looker_version":{"type":"string","description":"The Looker version that the instance is using.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"platform_edition":{"type":"string","description":"Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:\n- LOOKER_CORE_TRIAL: trial instance\n- LOOKER_CORE_STANDARD: pay as you go standard instance\n- LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance\n- LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance\n- LOOKER_CORE_EMBED_ANNUAL: subscription embed instance Default value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]","description_kind":"plain","optional":true},"private_ip_enabled":{"type":"bool","description":"Whether private IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_ip_enabled":{"type":"bool","description":"Whether public IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the Looker region of the instance.","description_kind":"plain","optional":true,"computed":true},"reserved_range":{"type":"string","description":"Name of a reserved IP address range within the consumer network, to be used for\nprivate service access connection. User may or may not specify this in a request.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time the instance was updated in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true}},"block_types":{"admin_settings":{"nesting_mode":"list","block":{"attributes":{"allowed_email_domains":{"type":["list","string"],"description":"Email domain allowlist for the instance.\n\nDefine the email domains to which your users can deliver Looker (Google Cloud core) content.\nUpdating this list will restart the instance. Updating the allowed email domains from terraform\nmeans the value provided will be considered as the entire list and not an amendment to the\nexisting list of allowed email domains.","description_kind":"plain","optional":true}},"description":"Looker instance Admin settings.","description_kind":"plain"},"max_items":1},"custom_domain":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name","description_kind":"plain","optional":true},"state":{"type":"string","description":"Status of the custom domain.","description_kind":"plain","computed":true}},"description":"Custom domain settings for a Looker instance.","description_kind":"plain"},"max_items":1},"deny_maintenance_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance denial period for this instance.\n\nYou must allow at least 14 days of maintenance availability\nbetween any two deny maintenance periods.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Name of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","optional":true},"kms_key_name_version":{"type":"string","description":"Full name and version of the CMEK key currently in use to encrypt Looker data.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Status of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","computed":true}},"description":"Looker instance encryption settings.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"Required. Day of the week for this MaintenanceWindow (in UTC).\n\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance window for an instance.\n\nMaintenance of your instance takes place once a month, and will require\nyour instance to be restarted during updates, which will temporarily\ndisrupt service.","description_kind":"plain"},"max_items":1},"oauth_config":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID for the Oauth config.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for the Oauth config.","description_kind":"plain","required":true}},"description":"Looker Instance OAuth login settings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_metadata":{"nesting_mode":"list","block":{"attributes":{"additional_developer_user_count":{"type":"number","description":"Number of additional Developer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_standard_user_count":{"type":"number","description":"Number of additional Standard Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_viewer_user_count":{"type":"number","description":"Number of additional Viewer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true}},"description":"Metadata about users for a Looker instance.\n\nThese settings are only available when platform edition LOOKER_CORE_STANDARD is set.\n\nThere are ten Standard and two Developer users included in the cost of the product.\nYou can allocate additional Standard, Viewer, and Developer users for this instance.\nIt is an optional step and can be modified later.\n\nWith the Standard edition of Looker (Google Cloud core), you can provision up to 50\ntotal users, distributed across Viewer, Standard, and Developer.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_memcache_instance":{"version":0,"block":{"attributes":{"authorized_network":{"type":"string","description":"The full name of the GCE network to connect the instance to. If not provided,\n'default' will be used.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"discovery_endpoint":{"type":"string","description":"Endpoint for Discovery API","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-visible name for the instance.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Output only. Published maintenance schedule.","description_kind":"plain","computed":true},"memcache_full_version":{"type":"string","description":"The full version of memcached server running on this instance.","description_kind":"plain","computed":true},"memcache_nodes":{"type":["list",["object",{"host":"string","node_id":"string","port":"number","state":"string","zone":"string"}]],"description":"Additional information about the instance state, if available.","description_kind":"plain","computed":true},"memcache_version":{"type":"string","description":"The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\", \"MEMCACHE_1_6_15\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"Number of nodes in the memcache instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Memcache instance. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range_id":{"type":["list","string"],"description":"Contains the name of allocated IP address ranges associated with\nthe private service access connection for example, \"test-default\"\nassociated with IP range 10.0.0.0/29.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zones":{"type":["set","string"],"description":"Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.","description_kind":"plain"},"min_items":1}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"memcache_parameters":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"This is a unique ID associated with this set of parameters.","description_kind":"plain","computed":true},"params":{"type":["map","string"],"description":"User-defined set of parameters to use in the memcache process.","description_kind":"plain","optional":true}},"description":"User-specified parameters for this memcache instance.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"Number of CPUs per node.","description_kind":"plain","required":true},"memory_size_mb":{"type":"number","description":"Memory size in Mebibytes for each memcache node.","description_kind":"plain","required":true}},"description":"Configuration for memcache nodes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the group.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"Required. User specified ID for the group. It will become the last component of the group name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression: '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the group.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the group.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the group was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_preference_set":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the preference set was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the preference set.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-friendly display name. Maximum length is 63 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the preference set.","description_kind":"plain","computed":true},"preference_set_id":{"type":"string","description":"Required. User specified ID for the preference set. It will become the last component of the preference set name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the preference set was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nCOMMITMENT_PLAN_NONE\nCOMMITMENT_PLAN_ONE_YEAR\nCOMMITMENT_PLAN_THREE_YEARS","description_kind":"plain","optional":true},"sizing_optimization_strategy":{"type":"string","description":"Sizing optimization strategy specifies the preferred strategy used when extrapolating usage data to calculate insights and recommendations for a virtual machine. If you are unsure which value to set, a moderate sizing optimization strategy is often a good value to start with. \n Possible values:\n SIZING_OPTIMIZATION_STRATEGY_UNSPECIFIED\nSIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE\nSIZING_OPTIMIZATION_STRATEGY_MODERATE\nSIZING_OPTIMIZATION_STRATEGY_AGGRESSIVE","description_kind":"plain","optional":true},"target_product":{"type":"string","description":"Target product for assets using this preference set. Specify either target product or business goal, but not both. \n Possible values:\n COMPUTE_MIGRATION_TARGET_PRODUCT_UNSPECIFIED\nCOMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE\nCOMPUTE_MIGRATION_TARGET_PRODUCT_VMWARE_ENGINE\nCOMPUTE_MIGRATION_TARGET_PRODUCT_SOLE_TENANCY","description_kind":"plain","optional":true}},"block_types":{"compute_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"license_type":{"type":"string","description":"License type to consider when calculating costs for virtual machine insights and recommendations. If unspecified, costs are calculated based on the default licensing plan. \n Possible values:\n LICENSE_TYPE_UNSPECIFIED\nLICENSE_TYPE_DEFAULT\nLICENSE_TYPE_BRING_YOUR_OWN_LICENSE","description_kind":"plain","optional":true}},"block_types":{"machine_preferences":{"nesting_mode":"list","block":{"block_types":{"allowed_machine_series":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"string","description":"Code to identify a Compute Engine machine series. Consult https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for more details on the available series.","description_kind":"plain","optional":true}},"description":"Compute Engine machine series to consider for insights and recommendations. If empty, no restriction is applied on the machine series.","description_kind":"plain"}}},"description":"The type of machines to consider when calculating virtual machine migration insights and recommendations. Not all machine types are available in all zones and regions.","description_kind":"plain"},"max_items":1}},"description":"The user preferences relating to Compute Engine target platform.","description_kind":"plain"},"max_items":1},"region_preferences":{"nesting_mode":"list","block":{"attributes":{"preferred_regions":{"type":["list","string"],"description":"A list of preferred regions, ordered by the most preferred region first. Set only valid Google Cloud region names. See https://cloud.google.com/compute/docs/regions-zones for available regions.","description_kind":"plain","optional":true}},"description":"The user preferences relating to target regions.","description_kind":"plain"},"max_items":1},"sole_tenancy_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nON_DEMAND\nCOMMITMENT_1_YEAR\nCOMMITMENT_3_YEAR","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 2.0 inclusive.","description_kind":"plain","optional":true},"host_maintenance_policy":{"type":"string","description":"Sole Tenancy nodes maintenance policy. \n Possible values:\n HOST_MAINTENANCE_POLICY_UNSPECIFIED\nHOST_MAINTENANCE_POLICY_DEFAULT\nHOST_MAINTENANCE_POLICY_RESTART_IN_PLACE\nHOST_MAINTENANCE_POLICY_MIGRATE_WITHIN_NODE_GROUP","description_kind":"plain","optional":true}},"block_types":{"node_types":{"nesting_mode":"list","block":{"attributes":{"node_name":{"type":"string","description":"Name of the Sole Tenant node. Consult https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes","description_kind":"plain","optional":true}},"description":"A list of sole tenant node types. An empty list means that all possible node types will be considered.","description_kind":"plain"}}},"description":"Preferences concerning Sole Tenancy nodes and VMs.","description_kind":"plain"},"max_items":1},"vmware_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nON_DEMAND\nCOMMITMENT_1_YEAR_MONTHLY_PAYMENTS\nCOMMITMENT_3_YEAR_MONTHLY_PAYMENTS\nCOMMITMENT_1_YEAR_UPFRONT_PAYMENT\nCOMMITMENT_3_YEAR_UPFRONT_PAYMENT","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 8.0, with 0.1 increment.","description_kind":"plain","optional":true},"memory_overcommit_ratio":{"type":"number","description":"Memory overcommit ratio. Acceptable values are 1.0, 1.25, 1.5, 1.75 and 2.0.","description_kind":"plain","optional":true},"storage_deduplication_compression_ratio":{"type":"number","description":"The Deduplication and Compression ratio is based on the logical (Used Before) space required to store data before applying deduplication and compression, in relation to the physical (Used After) space required after applying deduplication and compression. Specifically, the ratio is the Used Before space divided by the Used After space. For example, if the Used Before space is 3 GB, but the physical Used After space is 1 GB, the deduplication and compression ratio is 3x. Acceptable values are between 1.0 and 4.0.","description_kind":"plain","optional":true}},"description":"The user preferences relating to Google Cloud VMware Engine target platform.","description_kind":"plain"},"max_items":1}},"description":"VirtualMachinePreferences enables you to create sets of assumptions, for example, a geographical location and pricing track, for your migrated virtual machines. The set of preferences influence recommendations for migrating virtual machine assets.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_ml_engine_model":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"The description specified for the model when it was created.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"One or more labels that you can add, to organize your models.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the model.","description_kind":"plain","required":true},"online_prediction_console_logging":{"type":"bool","description":"If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging","description_kind":"plain","optional":true},"online_prediction_logging":{"type":"bool","description":"If true, online prediction access logs are sent to StackDriver Logging.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"regions":{"type":["list","string"],"description":"The list of regions where the model is going to be deployed.\nCurrently only one region per model is supported","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"default_version":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name specified for the version when it was created.","description_kind":"plain","required":true}},"description":"The default version of the model. This version will be used to handle\nprediction requests that do not specify a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_alert_policy":{"version":0,"block":{"attributes":{"combiner":{"type":"string","description":"How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"]","description_kind":"plain","required":true},"creation_record":{"type":["list",["object",{"mutate_time":"string","mutated_by":"string"}]],"description":"A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether or not the policy is enabled. The default is true.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]","description_kind":"plain","computed":true},"notification_channels":{"type":["list","string"],"description":"Identifies the notification channels to which notifications should be\nsent when incidents are opened or closed or when new violations occur\non an already opened incident. Each element of this array corresponds\nto the name field in each of the NotificationChannel objects that are\nreturned from the notificationChannels.list method. The syntax of the\nentries in this field is\n'projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The severity of an alert policy indicates how important incidents generated\nby that policy are. The severity level will be displayed on the Incident\ndetail page and in notifications. Possible values: [\"CRITICAL\", \"ERROR\", \"WARNING\"]","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"alert_strategy":{"nesting_mode":"list","block":{"attributes":{"auto_close":{"type":"string","description":"If an alert policy that was active has no data for this long, any open incidents will close.","description_kind":"plain","optional":true}},"block_types":{"notification_channel_strategy":{"nesting_mode":"list","block":{"attributes":{"notification_channel_names":{"type":["list","string"],"description":"The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"renotify_interval":{"type":"string","description":"The frequency at which to send reminder notifications for open incidents.","description_kind":"plain","optional":true}},"description":"Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.","description_kind":"plain"}},"notification_rate_limit":{"nesting_mode":"list","block":{"attributes":{"period":{"type":"string","description":"Not more than one notification per period.","description_kind":"plain","optional":true}},"description":"Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.","description_kind":"plain"},"max_items":1}},"description":"Control over how this alert policy's notification channels are notified.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.","description_kind":"plain","computed":true}},"block_types":{"condition_absent":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.","description_kind":"plain","required":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.","description_kind":"plain"}},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.","description_kind":"plain"},"max_items":1}},"description":"A condition that checks that a time series\ncontinues to receive new data points.","description_kind":"plain"},"max_items":1},"condition_matched_log":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A logs-based filter.","description_kind":"plain","required":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.","description_kind":"plain","optional":true}},"description":"A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.","description_kind":"plain"},"max_items":1},"condition_monitoring_query_language":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"Monitoring Query Language query that outputs a boolean stream.","description_kind":"plain","required":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A Monitoring Query Language query that outputs a boolean stream","description_kind":"plain"},"max_items":1},"condition_prometheus_query_language":{"nesting_mode":"list","block":{"attributes":{"alert_rule":{"type":"string","description":"The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.","description_kind":"plain","optional":true},"evaluation_interval":{"type":"string","description":"How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy","description_kind":"plain","optional":true},"query":{"type":"string","description":"The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.","description_kind":"plain","required":true},"rule_group":{"type":"string","description":"The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future. This field is optional.","description_kind":"plain","optional":true}},"description":"A condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.","description_kind":"plain"},"max_items":1},"condition_threshold":{"nesting_mode":"list","block":{"attributes":{"comparison":{"type":"string","description":"The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"]","description_kind":"plain","required":true},"denominator_filter":{"type":"string","description":"A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"threshold_value":{"type":"number","description":"A value against which to compare the time\nseries.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.","description_kind":"plain"}},"denominator_aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.","description_kind":"plain"}},"forecast_options":{"nesting_mode":"list","block":{"attributes":{"forecast_horizon":{"type":"string","description":"The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.","description_kind":"plain","required":true}},"description":"When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.","description_kind":"plain"},"max_items":1},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A condition that compares a time series against a\nthreshold.","description_kind":"plain"},"max_items":1}},"description":"A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.","description_kind":"plain"},"min_items":1},"documentation":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"The format of the content field. Presently, only the value\n\"text/markdown\" is supported.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"The subject line of the notification. The subject line may not\nexceed 10,240 bytes. In notifications generated by this policy the contents\nof the subject line after variable expansion will be truncated to 255 bytes\nor shorter at the latest UTF-8 character boundary.","description_kind":"plain","optional":true}},"description":"Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_custom_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"telemetry":{"nesting_mode":"list","block":{"attributes":{"resource_name":{"type":"string","description":"The full name of the resource that defines this service.\nFormatted as described in\nhttps://cloud.google.com/apis/design/resource_names.","description_kind":"plain","optional":true}},"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_dashboard":{"version":0,"block":{"attributes":{"dashboard_json":{"type":"string","description":"The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_group":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A user-assigned name for this group, used only for display\npurposes.","description_kind":"plain","required":true},"filter":{"type":"string","description":"The filter used to determine which monitored resources\nbelong to this group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_cluster":{"type":"bool","description":"If true, the members of this group are considered to be a\ncluster. The system can perform additional analysis on\ngroups that are clusters.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for this group. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\".","description_kind":"plain","computed":true},"parent_name":{"type":"string","description":"The name of the group's parent, if it has one. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\". For\ngroups with no parent, parentName is the empty string, \"\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_metric_descriptor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A detailed description of the metric, which can be used in documentation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"launch_stage":{"type":"string","description":"The launch stage of the metric definition. Possible values: [\"LAUNCH_STAGE_UNSPECIFIED\", \"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"METRIC_KIND_UNSPECIFIED\", \"GAUGE\", \"DELTA\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"monitored_resource_types":{"type":["set","string"],"description":"If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the metric descriptor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/.","description_kind":"plain","required":true},"unit":{"type":"string","description":"The units in which the metric value is reported. It is only applicable if the\nvalueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of\nthe stored metric values.\n\nDifferent systems may scale the values to be more easily displayed (so a value of\n0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as\n3.5MBy). However, if the unit is KBy, then the value of the metric is always in\nthousands of bytes, no matter how it may be displayed.\n\nIf you want a custom metric to record the exact number of CPU-seconds used by a job,\nyou can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently\n1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as\n12005.\n\nAlternatively, if you want a custom metric to record data in a more granular way, you\ncan create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value\n12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024).\nThe supported units are a subset of The Unified Code for Units of Measure standard.\nMore info can be found in the API documentation\n(https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors).","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]*","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"STRING\", \"BOOL\", \"INT64\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels.","description_kind":"plain"}},"metadata":{"nesting_mode":"list","block":{"attributes":{"ingest_delay":{"type":"string","description":"The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true},"sample_period":{"type":"string","description":"The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true}},"description":"Metadata which can be used to guide usage of the metric.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_monitored_project":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when this 'MonitoredProject' was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metrics_scope":{"type":"string","description":"Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the 'MonitoredProject'. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: 'locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER}'","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","required":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"block_types":{"sensitive_labels":{"nesting_mode":"list","block":{"attributes":{"auth_token":{"type":"string","description":"An authorization token for a notification channel. Channel types that support this field include: slack","description_kind":"plain","optional":true,"sensitive":true},"password":{"type":"string","description":"An password for a notification channel. Channel types that support this field include: webhook_basicauth","description_kind":"plain","optional":true,"sensitive":true},"service_key":{"type":"string","description":"An servicekey token for a notification channel. Channel types that support this field include: pagerduty","description_kind":"plain","optional":true,"sensitive":true}},"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"basic_service":{"nesting_mode":"list","block":{"attributes":{"service_labels":{"type":["map","string"],"description":"Labels that specify the resource that emits the monitoring data\nwhich is used for SLO reporting of this 'Service'.","description_kind":"plain","optional":true},"service_type":{"type":"string","description":"The type of service that this basic service defines, e.g.\nAPP_ENGINE service type","description_kind":"plain","optional":true}},"description":"A well-known service type, defined by its service type and service labels.\nValid values of service types and services labels are described at\nhttps://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_slo":{"version":0,"block":{"attributes":{"calendar_period":{"type":"string","description":"A calendar period, semantically \"since the start of the current\n\u003ccalendarPeriod\u003e\". Possible values: [\"DAY\", \"WEEK\", \"FORTNIGHT\", \"MONTH\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Name used for UI elements listing this SLO.","description_kind":"plain","optional":true},"goal":{"type":"number","description":"The fraction of service that must be good in order for this objective\nto be met. 0 \u003c goal \u003c= 0.999","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rolling_period_days":{"type":"number","description":"A rolling time period, semantically \"in the past X days\".\nMust be between 1 to 30 days, inclusive.","description_kind":"plain","optional":true},"service":{"type":"string","description":"ID of the service to which this SLO belongs.","description_kind":"plain","required":true},"slo_id":{"type":"string","description":"The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"basic_sli":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic Service-Level Indicator (SLI) on a well-known service type.\nPerformance will be computed on the basis of pre-defined metrics.\n\nSLIs are used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"request_based_sli":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided.\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1}},"description":"A request-based SLI defines a SLI for which atomic units of\nservice are counted directly.\n\nA SLI describes a good service.\nIt is used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"windows_based_sli":{"nesting_mode":"list","block":{"attributes":{"good_bad_metric_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nwith ValueType = BOOL. The window is good if any true values\nappear in the window. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain","optional":true},"window_period":{"type":"string","description":"Duration over which window quality is evaluated, given as a\nduration string \"{X}s\" representing X seconds. Must be an\ninteger fraction of a day and at least 60s.","description_kind":"plain","optional":true}},"block_types":{"good_total_ratio_threshold":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"number","description":"If window performance \u003e= threshold, the window is counted\nas good.","description_kind":"plain","optional":true}},"block_types":{"basic_sli_performance":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to 'true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1},"performance":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.","description_kind":"plain"},"max_items":1}},"description":"Request-based SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1}},"description":"Criterion that describes a window as good if its performance is\nhigh enough. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1},"metric_mean_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nThe provided TimeSeries must have ValueType = INT64 or\nValueType = DOUBLE and MetricKind = GAUGE. Mean value 'X'\nshould satisfy 'range.min \u003c= X \u003c= range.max'\nunder good service.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Mean value 'X' of 'time_series'\nvalues should satisfy 'range.min \u003c= X \u003c= range.max' for a\ngood service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *averaged* across returned streams.\nOne of 'good_bad_metric_filter',\n\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.\nAverage value X of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"max_items":1},"metric_sum_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nquality. The provided TimeSeries must have\nValueType = INT64 or ValueType = DOUBLE and\nMetricKind = GAUGE.\n\nSummed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Summed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *summed* across returned streams.\nSummed value 'X' of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.\n\nOne of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1}},"description":"A windows-based SLI defines the criteria for time windows.\ngood_service is defined based off the count of these time windows\nfor which the provided service was of good quality.\n\nA SLI describes a good service. It is used to measure and calculate\nthe quality of the Service's performance with respect to a single\naspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_monitoring_uptime_check_config":{"version":0,"block":{"attributes":{"checker_type":{"type":"string","description":"The checker type to use for the check. If the monitored resource type is 'servicedirectory_service', 'checker_type' must be set to 'VPC_CHECKERS'. Possible values: [\"STATIC_IP_CHECKERS\", \"VPC_CHECKERS\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique resource name for this UptimeCheckConfig. The format is 'projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]'.","description_kind":"plain","computed":true},"period":{"type":"string","description":"How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selected_regions":{"type":["list","string"],"description":"The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). [See the accepted formats]( https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration)","description_kind":"plain","required":true},"uptime_check_id":{"type":"string","description":"The id of the uptime check","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data to be used for organizing and identifying the 'UptimeCheckConfig' objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"content_matchers":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"String or regex content to match (max 1024 bytes)","description_kind":"plain","required":true},"matcher":{"type":"string","description":"The type of content matcher that will be applied to the server output, compared to the content string when the check is run. Default value: \"CONTAINS_STRING\" Possible values: [\"CONTAINS_STRING\", \"NOT_CONTAINS_STRING\", \"MATCHES_REGEX\", \"NOT_MATCHES_REGEX\", \"MATCHES_JSON_PATH\", \"NOT_MATCHES_JSON_PATH\"]","description_kind":"plain","optional":true}},"block_types":{"json_path_matcher":{"nesting_mode":"list","block":{"attributes":{"json_matcher":{"type":"string","description":"Options to perform JSONPath content matching. Default value: \"EXACT_MATCH\" Possible values: [\"EXACT_MATCH\", \"REGEX_MATCH\"]","description_kind":"plain","optional":true},"json_path":{"type":"string","description":"JSONPath within the response output pointing to the expected 'ContentMatcher::content' to match against.","description_kind":"plain","required":true}},"description":"Information needed to perform a JSONPath content match. Used for 'ContentMatcherOption::MATCHES_JSON_PATH' and 'ContentMatcherOption::NOT_MATCHES_JSON_PATH'.","description_kind":"plain"},"max_items":1}},"description":"The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required.","description_kind":"plain"}},"http_check":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"The request body associated with the HTTP POST request. If 'content_type' is 'URL_ENCODED', the body passed in must be URL-encoded. Users can provide a 'Content-Length' header via the 'headers' field or the API will do so. If the 'request_method' is 'GET' and 'body' is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. 'foo=bar' in URL-encoded form is 'foo%3Dbar' and in base64 encoding is 'Zm9vJTI1M0RiYXI='.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"The content type to use for the check. Possible values: [\"TYPE_UNSPECIFIED\", \"URL_ENCODED\", \"USER_PROVIDED\"]","description_kind":"plain","optional":true},"custom_content_type":{"type":"string","description":"A user provided content type header to use for the check. The invalid configurations outlined in the 'content_type' field apply to custom_content_type', as well as the following 1. 'content_type' is 'URL_ENCODED' and 'custom_content_type' is set. 2. 'content_type' is 'USER_PROVIDED' and 'custom_content_type' is not set.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in [RFC 2616 (page 31)](https://www.w3.org/Protocols/rfc2616/rfc2616.txt). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.","description_kind":"plain","optional":true,"computed":true},"mask_headers":{"type":"bool","description":"Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if 'mask_headers' is set to 'true' then the headers will be obscured with '******'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with '/', a '/' will be prepended automatically. Optional (defaults to '/').","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with 'host' (specified within the ['monitored_resource'](#nested_monitored_resource)) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).","description_kind":"plain","optional":true,"computed":true},"request_method":{"type":"string","description":"The HTTP request method to use for the check. If set to 'METHOD_UNSPECIFIED' then 'request_method' defaults to 'GET'. Default value: \"GET\" Possible values: [\"METHOD_UNSPECIFIED\", \"GET\", \"POST\"]","description_kind":"plain","optional":true},"use_ssl":{"type":"bool","description":"If true, use HTTPS instead of HTTP to run the check.","description_kind":"plain","optional":true},"validate_ssl":{"type":"bool","description":"Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where 'monitored_resource' is set to 'uptime_url'. If 'use_ssl' is 'false', setting 'validate_ssl' to 'true' has no effect.","description_kind":"plain","optional":true}},"block_types":{"accepted_response_status_codes":{"nesting_mode":"list","block":{"attributes":{"status_class":{"type":"string","description":"A class of status codes to accept. Possible values: [\"STATUS_CLASS_1XX\", \"STATUS_CLASS_2XX\", \"STATUS_CLASS_3XX\", \"STATUS_CLASS_4XX\", \"STATUS_CLASS_5XX\", \"STATUS_CLASS_ANY\"]","description_kind":"plain","optional":true},"status_value":{"type":"number","description":"A status code to accept.","description_kind":"plain","optional":true}},"description":"If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299.","description_kind":"plain"}},"auth_info":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password to authenticate.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"The username to authenticate.","description_kind":"plain","required":true}},"description":"The authentication information. Optional when creating an HTTP check; defaults to empty.","description_kind":"plain"},"max_items":1},"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to an HTTP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make an HTTP or HTTPS check.","description_kind":"plain"},"max_items":1},"monitored_resource":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels 'project_id', 'instance_id', and 'zone'.","description_kind":"plain","required":true},"type":{"type":"string","description":"The monitored resource type. This field must match the type field of a ['MonitoredResourceDescriptor'](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is 'gce_instance'. For a list of types, see [Monitoring resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list).","description_kind":"plain","required":true}},"description":"The [monitored resource]\n(https://cloud.google.com/monitoring/api/resources) associated with the\nconfiguration. The following monitored resource types are supported for\nuptime checks:\n* 'aws_ec2_instance'\n* 'aws_elb_load_balancer'\n* 'gae_app\n* 'gce_instance'\n* 'k8s_service'\n* 'servicedirectory_service'\n* 'uptime_url'","description_kind":"plain"},"max_items":1},"resource_group":{"nesting_mode":"list","block":{"attributes":{"group_id":{"type":"string","description":"The group of resources being monitored. Should be the 'name' of a group","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The resource type of the group members. Possible values: [\"RESOURCE_TYPE_UNSPECIFIED\", \"INSTANCE\", \"AWS_ELB_LOAD_BALANCER\"]","description_kind":"plain","optional":true}},"description":"The group resource associated with the configuration.","description_kind":"plain"},"max_items":1},"synthetic_monitor":{"nesting_mode":"list","block":{"block_types":{"cloud_function_v2":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The fully qualified name of the cloud function resource.","description_kind":"plain","required":true}},"description":"Target a Synthetic Monitor GCFv2 Instance","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A Synthetic Monitor deployed to a Cloud Functions V2 instance.","description_kind":"plain"},"max_items":1},"tcp_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the 'monitored_resource') to construct the full URL.","description_kind":"plain","required":true}},"block_types":{"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to a TCP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make a TCP check.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_active_directory":{"version":0,"block":{"attributes":{"aes_encryption":{"type":"bool","description":"Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.","description_kind":"plain","optional":true},"backup_operators":{"type":["list","string"],"description":"Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"Comma separated list of DNS server IP addresses for the Active Directory domain.","description_kind":"plain","required":true},"domain":{"type":"string","description":"Fully qualified domain name for the Active Directory domain.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encrypt_dc_connections":{"type":"bool","description":"If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kdc_hostname":{"type":"string","description":"Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1","description_kind":"plain","optional":true},"kdc_ip":{"type":"string","description":"IP address of the Active Directory server used as Kerberos Key Distribution Center.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_signing":{"type":"bool","description":"Specifies whether or not the LDAP traffic needs to be signed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Active Directory pool. Needs to be unique per location.","description_kind":"plain","required":true},"net_bios_prefix":{"type":"string","description":"NetBIOS name prefix of the server to be created.\nA five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:\n'\\\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\\SHARE_NAME'","description_kind":"plain","required":true},"nfs_users_with_ldap":{"type":"bool","description":"Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.\nThis option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).","description_kind":"plain","optional":true},"organizational_unit":{"type":"string","description":"Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.\nDefaults to 'CN=Computers' if left empty.","description_kind":"plain","optional":true,"computed":true},"password":{"type":"string","description":"Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_operators":{"type":["list","string"],"description":"Domain accounts that require elevated privileges such as 'SeSecurityPrivilege' to manage security logs. Comma-separated list.","description_kind":"plain","optional":true},"site":{"type":"string","description":"Specifies an Active Directory site to manage domain controller selection.\nUse when Active Directory domain controllers in multiple regions are configured. Defaults to 'Default-First-Site-Name' if left empty.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Active Directory policy (not the Active Directory itself).","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"The state details of the Active Directory.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_policy":{"version":0,"block":{"attributes":{"assigned_volume_count":{"type":"number","description":"The total number of volumes assigned by this backup policy.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup policy. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"daily_backup_limit":{"type":"number","description":"Number of daily backups to keep. Note that the minimum daily backup limit is 2.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"If enabled, make backups automatically according to the schedules.\nThis will be applied to all volumes that have this policy attached and enforced on volume level.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"monthly_backup_limit":{"type":"number","description":"Number of monthly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the backup policy. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the backup policy.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"weekly_backup_limit":{"type":"number","description":"Number of weekly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_vault":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the backup vault. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location (region) of the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup vault. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Backup Vault.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_kmsconfig":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Resource name of the KMS key to use. Only regional keys are supported. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description for the CMEK policy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instructions":{"type":"string","description":"Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access.\n\nTo make the policy work, a CMEK policy check is required, which verifies key access.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the policy location. CMEK policies apply to the whole region.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the CMEK policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Service account which needs to have access to the provided KMS key.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_storage_pool":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Specifies the Active Directory policy to be used. Format: 'projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"capacity_gib":{"type":"string","description":"Capacity of the storage pool (in GiB).","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports if volumes in the pool are encrypted using a Google-managed encryption key or CMEK.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_config":{"type":"string","description":"Specifies the CMEK policy to be used for volume encryption. Format: 'projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"When enabled, the volumes uses Active Directory as LDAP name service for UID/GID lookups. Required to enable extended group support for NFSv3,\nusing security identifiers for NFSv4.1 or principal names for kerberized NFSv4.1.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the storage pool. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the storage pool. Possible values: [\"PREMIUM\", \"EXTREME\", \"STANDARD\"]","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"volume_capacity_gib":{"type":"string","description":"Size allocated to volumes in the storage pool (in GiB).","description_kind":"plain","computed":true},"volume_count":{"type":"number","description":"Number of volume in the storage pool.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Reports the resource name of the Active Directory policy being used. Inherited from storage pool.","description_kind":"plain","computed":true},"capacity_gib":{"type":"string","description":"Capacity of the volume (in GiB).","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Create time of the volume. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the volume should be deleted forcefully.\nVolumes may have nested snapshot resources. Deleting such a volume will fail.\nSetting this parameter to FORCE will delete volumes including nested snapshots.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports the data-at-rest encryption type of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"has_replication":{"type":"bool","description":"Indicates whether the volume is part of a volume replication relationship.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kerberos_enabled":{"type":"bool","description":"Flag indicating if the volume is a kerberos volume or not, export policy rules control kerberos security modes (krb5, krb5i, krb5p).","description_kind":"plain","optional":true},"kms_config":{"type":"string","description":"Reports the CMEK policy resurce name being used for volume encryption. Inherited from storage pool.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Name of the pool location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"mount_options":{"type":["list",["object",{"export":"string","export_full":"string","instructions":"string","protocol":"string"}]],"description":"Reports mount instructions for this volume.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'. Inherited from storage pool.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocols":{"type":["list","string"],"description":"The protocol of the volume. Allowed combinations are '['NFSV3']', '['NFSV4']', '['SMB']', '['NFSV3', 'NFSV4']', '['SMB', 'NFSV3']' and '['SMB', 'NFSV4']'. Possible values: [\"NFSV3\", \"NFSV4\", \"SMB\"]","description_kind":"plain","required":true},"psa_range":{"type":"string","description":"Name of the Private Service Access allocated range. Inherited from storage pool.","description_kind":"plain","computed":true},"restricted_actions":{"type":["list","string"],"description":"List of actions that are restricted on this volume. Possible values: [\"DELETE\"]","description_kind":"plain","optional":true},"security_style":{"type":"string","description":"Security Style of the Volume. Use UNIX to use UNIX or NFSV4 ACLs for file permissions.\nUse NTFS to use NTFS ACLs for file permissions. Can only be set for volumes which use SMB together with NFS as protocol. Possible values: [\"NTFS\", \"UNIX\"]","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"share_name":{"type":"string","description":"Share name (SMB) or export path (NFS) of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"smb_settings":{"type":["list","string"],"description":"Settings for volumes with SMB access. Possible values: [\"ENCRYPT_DATA\", \"BROWSABLE\", \"CHANGE_NOTIFY\", \"NON_BROWSABLE\", \"OPLOCKS\", \"SHOW_SNAPSHOT\", \"SHOW_PREVIOUS_VERSIONS\", \"ACCESS_BASED_ENUMERATION\", \"CONTINUOUSLY_AVAILABLE\"]","description_kind":"plain","optional":true},"snapshot_directory":{"type":"bool","description":"If enabled, a NFS volume will contain a read-only .snapshot directory which provides access to each of the volume's snapshots. Will enable \"Previous Versions\" support for SMB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the volume.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the volume.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"Name of the storage pool to create the volume in. Pool needs enough spare capacity to accomodate the volume.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unix_permissions":{"type":"string","description":"Unix permission the mount point will be created with. Default is 0770. Applicable for UNIX security style volumes only.","description_kind":"plain","optional":true,"computed":true},"used_gib":{"type":"string","description":"Used capacity of the volume (in GiB). This is computed periodically and it does not represent the realtime usage.","description_kind":"plain","computed":true}},"block_types":{"export_policy":{"nesting_mode":"list","block":{"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"Defines the access type for clients matching the 'allowedClients' specification. Possible values: [\"READ_ONLY\", \"READ_WRITE\", \"READ_NONE\"]","description_kind":"plain","optional":true},"allowed_clients":{"type":"string","description":"Defines the client ingress specification (allowed clients) as a comma seperated list with IPv4 CIDRs or IPv4 host addresses.","description_kind":"plain","optional":true},"has_root_access":{"type":"string","description":"If enabled, the root user (UID = 0) of the specified clients doesn't get mapped to nobody (UID = 65534). This is also known as no_root_squash.","description_kind":"plain","optional":true},"kerberos5_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. The 'kerberos5ReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5i_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5i_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. The 'kerberos5iReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5p_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5p_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"nfsv3":{"type":"bool","description":"Enable to apply the export rule to NFSV3 clients.","description_kind":"plain","optional":true},"nfsv4":{"type":"bool","description":"Enable to apply the export rule to NFSV4.1 clients.","description_kind":"plain","optional":true}},"description":"Export rules (up to 5) control NFS volume access.","description_kind":"plain"},"min_items":1}},"description":"Export policy of the volume for NFSV3 and/or NFSV4.1 access.","description_kind":"plain"},"max_items":1},"restore_parameters":{"nesting_mode":"list","block":{"attributes":{"source_backup":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/backupVaults/{{backupVaultId}}/backups/{{backup}}'.","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/volumes/{{volume}}/snapshots/{{snapshot}}'.","description_kind":"plain","optional":true}},"description":"Used to create this volume from a snapshot (= cloning) or an backup.","description_kind":"plain"},"max_items":1},"snapshot_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables automated snapshot creation according to defined schedule. Default is false.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain","optional":true}},"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the daily schedule.","description_kind":"plain","required":true}},"description":"Daily schedule policy.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the hourly schedule.","description_kind":"plain","required":true}},"description":"Hourly schedule policy.","description_kind":"plain"},"max_items":1},"monthly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_month":{"type":"string","description":"Set the day or days of the month to make a snapshot (1-31). Accepts a comma separated number of days. Defaults to '1'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the monthly schedule","description_kind":"plain","required":true}},"description":"Monthly schedule policy.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Set the day or days of the week to make a snapshot. Accepts a comma separated days of the week. Defaults to 'Sunday'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the weekly schedule.","description_kind":"plain","required":true}},"description":"Weekly schedule policy.","description_kind":"plain"},"max_items":1}},"description":"Snapshot policy defines the schedule for automatic snapshot creation.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_replication":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"delete_destination_volume":{"type":"bool","description":"A destination volume is created as part of replication creation. The destination volume will not became\nunder Terraform management unless you import it manually. If you delete the replication, this volume\nwill remain.\nSetting this parameter to true will delete the *current* destination volume when destroying the\nreplication. If you reversed the replication direction, this will be your former source volume!\nFor production use, it is recommended to keep this parameter false to avoid accidental volume\ndeletion. Handle with care. Default is false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An description of this resource.","description_kind":"plain","optional":true},"destination_volume":{"type":"string","description":"Full resource name of destination volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_stopping":{"type":"bool","description":"Only replications with mirror_state=MIRRORED can be stopped. A replication in mirror_state=TRANSFERRING\ncurrently receives an update and stopping the update might be undesirable. Set this parameter to true\nto stop anyway. All data transferred to the destination will be discarded and content of destination\nvolume will remain at the state of the last successful update. Default is false.","description_kind":"plain","optional":true},"healthy":{"type":"bool","description":"Condition of the relationship. Can be one of the following:\n - true: The replication relationship is healthy. It has not missed the most recent scheduled transfer.\n - false: The replication relationship is not healthy. It has missed the most recent scheduled transfer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of region for this resource. The resource needs to be created in the region of the destination volume.","description_kind":"plain","required":true},"mirror_state":{"type":"string","description":"Indicates the state of the mirror between source and destination volumes. Depending on the amount of data\nin your source volume, PREPARING phase can take hours or days. mirrorState = MIRRORED indicates your baseline\ntransfer ended and destination volume became accessible read-only. TRANSFERRING means a MIRRORED volume\ncurrently receives an update. Updated every 5 minutes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the replication. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replication_enabled":{"type":"bool","description":"Set to false to stop/break the mirror. Stopping the mirror makes the destination volume read-write\nand act independently from the source volume.\nSet to true to enable/resume the mirror. WARNING: Resuming a mirror overwrites any changes\ndone to the destination volume with the content of the source volume.","description_kind":"plain","optional":true},"replication_schedule":{"type":"string","description":"Specifies the replication interval. Possible values: [\"EVERY_10_MINUTES\", \"HOURLY\", \"DAILY\"]","description_kind":"plain","required":true},"role":{"type":"string","description":"Reverting a replication can swap source and destination volume roles. This field indicates if the 'location' hosts\nthe source or destination volume. For resume and revert and resume operations it is critical to understand\nwhich volume is the source volume, since it will overwrite changes done to the destination volume.","description_kind":"plain","computed":true},"source_volume":{"type":"string","description":"Full resource name of source volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"state":{"type":"string","description":"Indicates the state of replication resource. State of the mirror itself is indicated in mirrorState.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the replication resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_stats":{"type":["list",["object",{"lag_duration":"string","last_transfer_bytes":"string","last_transfer_duration":"string","last_transfer_end_time":"string","last_transfer_error":"string","total_transfer_duration":"string","transfer_bytes":"string","update_time":"string"}]],"description":"Replication transfer statistics. All statistics are updated every 5 minutes.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the existing source volume.","description_kind":"plain","required":true},"wait_for_mirror":{"type":"bool","description":"Replication resource state is independent of mirror_state. With enough data, it can take many hours\nfor mirror_state to reach MIRRORED. If you want Terraform to wait for the mirror to finish on\ncreate/stop/resume operations, set this parameter to true. Default is false.","description_kind":"plain","optional":true}},"block_types":{"destination_volume_parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description for the destination volume.","description_kind":"plain","optional":true},"share_name":{"type":"string","description":"Share name for destination volume. If not specified, name of source volume's share name will be used.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"Name of an existing storage pool for the destination volume with format: 'projects/{{project}}/locations/{{location}}/storagePools/{{poolId}}'","description_kind":"plain","required":true},"volume_id":{"type":"string","description":"Name for the destination volume to be created. If not specified, the name of the source volume will be used.","description_kind":"plain","optional":true,"computed":true}},"description":"Destination volume parameters.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_snapshot":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description for the snapshot.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the snapshot location. Snapshots are child resources of volumes and live in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the snapshot.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"used_bytes":{"type":"number","description":"Storage used to store blocks unique to this snapshot.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the volume to create the snapshot in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_hub":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the hub.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Immutable. The name of the hub. Hub names must be unique. They use the following form: `projects/{project_number}/locations/global/hubs/{hub_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"routing_vpcs":{"type":["list",["object",{"uri":"string"}]],"description":"The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_policy_based_route":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of this resource.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"next_hop_ilb_ip":{"type":"string","description":"The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.","description_kind":"plain","optional":true},"next_hop_other_routes":{"type":"string","description":"Other routes that will be referenced to determine the next hop of the packet. Possible values: [\"DEFAULT_ROUTING\"]","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"warnings":{"type":["list",["object",{"code":"string","data":["map","string"],"warning_message":"string"}]],"description":"If potential misconfigurations are detected for this route, this field will be populated with warning messages.","description_kind":"plain","computed":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"dest_range":{"type":"string","description":"The destination IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true},"ip_protocol":{"type":"string","description":"The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.","description_kind":"plain","optional":true},"protocol_version":{"type":"string","description":"Internet protocol versions this policy-based route applies to. Possible values: [\"IPV4\"]","description_kind":"plain","required":true},"src_range":{"type":"string","description":"The source IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true}},"description":"The filter to match L4 traffic.","description_kind":"plain"},"min_items":1,"max_items":1},"interconnect_attachment":{"nesting_mode":"list","block":{"attributes":{"region":{"type":"string","description":"Cloud region to install this policy-based route on for Interconnect attachments. Use 'all' to install it on all Interconnect attachments.","description_kind":"plain","required":true}},"description":"The interconnect attachments that this policy-based route applies to.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR.","description_kind":"plain","required":true}},"description":"VM instances to which this policy-based route applies to.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_connectivity_service_connection_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"infrastructure":{"type":"string","description":"The type of underlying resources used to create the connection.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the ServiceConnectionPolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names","description_kind":"plain","required":true},"network":{"type":"string","description":"The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"consumer_address":"string","consumer_forwarding_rule":"string","consumer_target_project":"string","error":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"error_info":["list",["object",{"domain":"string","metadata":["map","string"],"reason":"string"}]],"error_type":"string","gce_operation":"string","psc_connection_id":"string","state":"string"}]],"description":"Information about each Private Service Connect connection.","description_kind":"plain","computed":true},"service_class":{"type":"string","description":"The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.\nIt is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"psc_config":{"nesting_mode":"list","block":{"attributes":{"limit":{"type":"string","description":"Max number of PSC connections for this policy.","description_kind":"plain","optional":true},"subnetworks":{"type":["list","string"],"description":"IDs of the subnetworks or fully qualified identifiers for the subnetworks","description_kind":"plain","required":true}},"description":"Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_spoke":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the spoke was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the spoke.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hub":{"type":"string","description":"Immutable. The URI of the hub that this spoke is attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the spoke. Spoke names must be unique.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the spoke was last updated.","description_kind":"plain","computed":true}},"block_types":{"linked_interconnect_attachments":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked interconnect attachment resources","description_kind":"plain","required":true}},"description":"A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.","description_kind":"plain"},"max_items":1},"linked_router_appliance_instances":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The IP address on the VM to use for peering.","description_kind":"plain","optional":true},"virtual_machine":{"type":"string","description":"The URI of the virtual machine resource","description_kind":"plain","optional":true}},"description":"The list of router appliance instances","description_kind":"plain"},"min_items":1}},"description":"The URIs of linked Router appliance resources","description_kind":"plain"},"max_items":1},"linked_vpc_network":{"nesting_mode":"list","block":{"attributes":{"exclude_export_ranges":{"type":["list","string"],"description":"IP ranges encompassing the subnets to be excluded from peering.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the VPC network resource.","description_kind":"plain","required":true}},"description":"VPC network that is associated with the spoke.","description_kind":"plain"},"max_items":1},"linked_vpn_tunnels":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked VPN tunnel resources.","description_kind":"plain","required":true}},"description":"The URIs of linked VPN tunnel resources","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_connectivity_test":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The user-supplied description of the Connectivity Test.\nMaximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the connectivity test.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"IP Protocol of the test. When not provided, \"TCP\" is assumed.","description_kind":"plain","optional":true},"related_projects":{"type":["list","string"],"description":"Other projects that may be relevant for reachability analysis.\nThis is applicable to scenarios where a test can cross project\nboundaries.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n1. Only the IP address is specified, and the IP address is within\na GCP project. 2. When you are using Shared VPC and the IP address\nthat you provide is from the service project. In this case, the\nnetwork that the IP address resides in is defined in the host\nproject.","description_kind":"plain","optional":true}},"description":"Required. Destination specification of the Connectivity Test.\n\nYou can use a combination of destination IP address, Compute\nEngine VM instance, or VPC network to uniquely identify the\ndestination location.\n\nEven if the destination IP address is not unique, the source IP\nlocation is unique. Usually, the analysis can infer the destination\nendpoint from route information.\n\nIf the destination you specify is a VM instance and the instance has\nmultiple network interfaces, then you must also specify either a\ndestination IP address or VPC network to identify the destination\ninterface.\n\nA reachability analysis proceeds even if the destination location\nis ambiguous. However, the result can include endpoints that you\ndon't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"source":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"Type of the network where the endpoint is located. Possible values: [\"GCP_NETWORK\", \"NON_GCP_NETWORK\"]","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n\n1. Only the IP address is specified, and the IP address is\n within a GCP project.\n2. When you are using Shared VPC and the IP address\n that you provide is from the service project. In this case,\n the network that the IP address resides in is defined in the\n host project.","description_kind":"plain","optional":true}},"description":"Required. Source specification of the Connectivity Test.\n\nYou can use a combination of source IP address, virtual machine\n(VM) instance, or Compute Engine network to uniquely identify the\nsource location.\n\nExamples: If the source IP address is an internal IP address within\na Google Cloud Virtual Private Cloud (VPC) network, then you must\nalso specify the VPC network. Otherwise, specify the VM instance,\nwhich already contains its internal IP address and VPC network\ninformation.\n\nIf the source of the test is within an on-premises network, then\nyou must provide the destination VPC network.\n\nIf the source endpoint is a Compute Engine VM instance with multiple\nnetwork interfaces, the instance itself is not sufficient to\nidentify the endpoint. So, you must also specify the source IP\naddress or VPC network.\n\nA reachability analysis proceeds even if the source location is\nambiguous. However, the test result may include endpoints that\nyou don't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group":{"version":0,"block":{"attributes":{"capacity":{"type":"number","description":"Capacity of the Address Group.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"items":{"type":["list","string"],"description":"List of items.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the AddressGroup resource.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the AddressGroup resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the Address Group. Possible values are \"IPV4\" or \"IPV6\". Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_network_security_gateway_security_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}\ngatewaySecurityPolicy should match the pattern:(^a-z?$).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy_rule":{"version":0,"block":{"attributes":{"application_matcher":{"type":"string","description":"CEL expression for matching on L7/application level criteria.","description_kind":"plain","optional":true},"basic_profile":{"type":"string","description":"Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values: [\"BASIC_PROFILE_UNSPECIFIED\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether the rule is enforced.","description_kind":"plain","required":true},"gateway_security_policy":{"type":"string","description":"The name of the gatewat security policy this rule belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}\nrule should match the pattern: (^a-z?$).","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority of the rule. Lower number corresponds to higher precedence.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"session_matcher":{"type":"string","description":"CEL expression for matching on session criteria.","description_kind":"plain","required":true},"tls_inspection_enabled":{"type":"bool","description":"Flag to enable TLS inspection of traffic matching on. Can only be true if the\nparent GatewaySecurityPolicy references a TLSInspectionConfig.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_url_lists":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time when the security policy was created.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the url lists.","description_kind":"plain","required":true},"name":{"type":"string","description":"Short name of the UrlList resource to be created.\nThis value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. 'urlList'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Time when the security policy was updated.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"values":{"type":["list","string"],"description":"FQDNs and URLs.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_keyset":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*\nwhich means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"managed":{"type":"bool","description":"Set to true to have the CDN automatically manage this public key value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).\nRepresentations or encodings of the public key other than this will be rejected with an error.","description_kind":"plain","optional":true,"sensitive":true}},"description":"An ordered list of Ed25519 public keys to use for validating signed requests.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.\nYou may specify no more than one Google-managed public key.\nIf you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.\n\nEd25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.\nEnsure that the private key is kept secret, and that only authorized users can add public keys to a keyset.","description_kind":"plain"},"max_items":3},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"validation_shared_keys":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the secret version in Secret Manager.\n\nThe resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.\nThe secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.\n* If you are using HMAC-SHA1, we suggest 20-byte secrets.\n* If you are using HMAC-SHA256, we suggest 32-byte secrets.\nSee RFC 2104, Section 3 for more details on these recommendations.","description_kind":"plain","required":true}},"description":"An ordered list of shared keys to use for validating signed requests.\nShared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.\nYou can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.","description_kind":"plain"},"max_items":3}},"description_kind":"plain"}},"google_network_services_edge_cache_origin":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"failover_origin":{"type":"string","description":"The Origin resource to try when the current origin cannot be reached.\nAfter maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.\n\nThe value of timeout.maxAttemptsTimeout dictates the timeout across all origins.\nA reference to a Topic resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_attempts":{"type":"number","description":"The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.\n\nOnce maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,\nretryConditions and failoverOrigin to control its own cache fill failures.\n\nThe total number of allowed attempts to cache fill across this and failover origins is limited to four.\nThe total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.\n\nThe last valid, non-retried response from all origins will be returned to the client.\nIf no origin returns a valid response, an HTTP 502 will be returned to the client.\n\nDefaults to 1. Must be a value greater than 0 and less than 4.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"origin_address":{"type":"string","description":"A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.\n\nThis address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname\n\nWhen providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.\nIf a Cloud Storage bucket is provided, it must be in the canonical \"gs://bucketname\" format. Other forms, such as \"storage.googleapis.com\", will be rejected.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port to connect to the origin on.\nDefaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security \u0026 performance.\n\nWhen using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: [\"HTTP2\", \"HTTPS\", \"HTTP\"]","description_kind":"plain","optional":true,"computed":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more retry conditions for the configured origin.\n\nIf the failure mode during a connection attempt to the origin matches the configured retryCondition(s),\nthe origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.\n\nThe default retryCondition is \"CONNECT_FAILURE\".\n\nretryConditions apply to this origin, and not subsequent failoverOrigin(s),\nwhich may specify their own retryConditions and maxAttempts.\n\nValid values are:\n\n- CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts.\n- HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.\n- GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n- RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)\n- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.\n- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: [\"CONNECT_FAILURE\", \"HTTP_5XX\", \"GATEWAY_ERROR\", \"RETRIABLE_4XX\", \"NOT_FOUND\", \"FORBIDDEN\"]","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"The access key ID your origin uses to identify the key.","description_kind":"plain","required":true},"origin_region":{"type":"string","description":"The name of the AWS region that your origin is in.","description_kind":"plain","required":true},"secret_access_key_version":{"type":"string","description":"The Secret Manager secret version of the secret access key used by your origin.\n\nThis is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require.","description_kind":"plain","required":true}},"description":"Enable AWS Signature Version 4 origin authentication.","description_kind":"plain"},"max_items":1},"origin_override_action":{"nesting_mode":"list","block":{"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.\n\nBy default, added header values are appended\nto the response or request headers with the\nsame field names. The added values are\nseparated by commas.\n\nTo overwrite existing values, set 'replace' to 'true'.","description_kind":"plain","optional":true}},"description":"Describes a header to add.\n\nYou may add a maximum of 25 request headers.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding and removing\nheaders, for request handled by this origin.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected\norigin, the request's host header is replaced with\ncontents of the hostRewrite.\n\nThis value must be between 1 and 255 characters.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for request that are\nhandled by this origin.","description_kind":"plain"},"max_items":1}},"description":"The override actions, including url rewrites and header\nadditions, for requests that use this origin.","description_kind":"plain"},"max_items":1},"origin_redirect":{"nesting_mode":"list","block":{"attributes":{"redirect_conditions":{"type":["list","string"],"description":"The set of redirect response codes that the CDN\nfollows. Values of\n[RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)\nare accepted.","description_kind":"plain","optional":true}},"description":"Follow redirects from this origin.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"string","description":"The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.\n\nDefaults to 5 seconds. The timeout must be a value between 1s and 15s.\n\nThe connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.","description_kind":"plain","optional":true},"max_attempts_timeout":{"type":"string","description":"The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nIf a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.","description_kind":"plain","optional":true},"read_timeout":{"type":"string","description":"The maximum duration to wait between reads of a single HTTP connection/stream.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nThe readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true},"response_timeout":{"type":"string","description":"The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.\n\nDefaults to 30 seconds. The timeout must be a value between 1s and 120s.\n\nThe responseTimeout starts after the connection has been established.\n\nThis also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true}},"description":"The connection and HTTP timeout configuration for this origin.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_service":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"disable_http2":{"type":"bool","description":"Disables HTTP/2.\n\nHTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.\n\nSome legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.","description_kind":"plain","optional":true},"disable_quic":{"type":"bool","description":"HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.","description_kind":"plain","optional":true,"computed":true},"edge_security_policy":{"type":"string","description":"Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.","description_kind":"plain","optional":true},"edge_ssl_certificates":{"type":["list","string"],"description":"URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.\n\nNote that only \"global\" certificates with a \"scope\" of \"EDGE_CACHE\" can be attached to an EdgeCacheService.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_addresses":{"type":["list","string"],"description":"The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"ipv6_addresses":{"type":["list","string"],"description":"The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"require_tls":{"type":"bool","description":"Require TLS (HTTPS) for all clients connecting to this service.\n\nClients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).\nYou must have at least one (1) edgeSslCertificate specified to enable this.","description_kind":"plain","optional":true,"computed":true},"ssl_policy":{"type":"string","description":"URL of the SslPolicy resource that will be associated with the EdgeCacheService.\n\nIf not set, the EdgeCacheService has no SSL policy configured, and will default to the \"COMPATIBLE\" policy.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Specifies whether to enable logging for traffic served by this service.","description_kind":"plain","optional":true,"computed":true},"sample_rate":{"type":"number","description":"Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].\n\nThis field can only be specified if logging is enabled for this service.","description_kind":"plain","optional":true}},"description":"Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"routing":{"nesting_mode":"list","block":{"block_types":{"host_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the hostRule.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"The list of host patterns to match.\n\nHost patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.\n\nWhen multiple hosts are specified, hosts are matched in the following priority:\n\n 1. Exact domain names: ''www.foo.com''.\n 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.\n 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.\n 4. Special wildcard ''*'' matching any domain.\n\n Notes:\n\n The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.\n\n Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the \":authority\" header, from the incoming request.\n\n You may specify up to 10 hosts.","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the pathMatcher associated with this hostRule.","description_kind":"plain","required":true}},"description":"The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.","description_kind":"plain"},"min_items":1,"max_items":10},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"route_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the routeRule.","description_kind":"plain","optional":true},"origin":{"type":"string","description":"The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names (\"my-origin\") or fully-qualified resource URLs - e.g. \"networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin\"\n\nOnly one of origin or urlRedirect can be set.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"The priority of this route rule, where 1 is the highest priority.\n\nYou cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers\nto which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Describes a header to add.","description_kind":"plain"},"max_items":25},"request_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to remove.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25},"response_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Headers to add to the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain"},"max_items":25},"response_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"Headers to remove from the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding \u0026 removing headers, for requests that match this route.","description_kind":"plain"},"max_items":1},"match_rule":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.","description_kind":"plain","optional":true,"computed":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.","description_kind":"plain","optional":true}},"block_types":{"header_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value of the header should exactly match contents of exactMatch.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The header name to match on.","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false (default), the headerMatch is considered a match if the match criteria above are met.\nIf set to true, the headerMatch is considered a match if the match criteria above are NOT met.","description_kind":"plain","optional":true,"computed":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch.","description_kind":"plain","optional":true}},"description":"Specifies a list of header match criteria, all of which must match corresponding headers in the request.","description_kind":"plain"},"max_items":3},"query_parameter_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.","description_kind":"plain"},"max_items":5}},"description":"The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates\nwithin a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.","description_kind":"plain"},"min_items":1,"max_items":5},"route_action":{"nesting_mode":"list","block":{"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.\n\nFor all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: [\"CACHE_ALL_STATIC\", \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"BYPASS_CACHE\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"string","description":"Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.\n\n- The TTL must be \u003e 0 and \u003c= 86400s (1 day)\n- The clientTtl cannot be larger than the defaultTtl (if set)\n- Fractions of a second are not allowed.\n\nOmit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true},"default_ttl":{"type":"string","description":"Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).\n\nDefaults to 3600s (1 hour).\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\" (equivalent to must-revalidate)\n- The value of defaultTTL cannot be set to a value greater than that of maxTTL.\n- Fractions of a second are not allowed.\n- When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.\n\nNote that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Specifies the maximum allowed TTL for cached content served by this origin.\n\nDefaults to 86400s (1 day).\n\nCache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\"\n- The value of maxTtl must be equal to or greater than defaultTtl.\n- Fractions of a second are not allowed.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.\n\nBy default, the CDNPolicy will apply the following default TTLs to these status codes:\n\n- HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m\n- HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s\n- HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s\n\nThese defaults can be overridden in negativeCachingPolicy","description_kind":"plain","optional":true},"negative_caching_policy":{"type":["map","string"],"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\n\n- Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.\n- TTLs must be \u003e= 0 (where 0 is \"always revalidate\") and \u003c= 86400s (1 day)\n\nNote that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.","description_kind":"plain","optional":true},"signed_request_keyset":{"type":"string","description":"The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.","description_kind":"plain","optional":true,"computed":true},"signed_request_maximum_expiration_ttl":{"type":"string","description":"Limit how far into the future the expiration time of a signed request may be.\n\nWhen set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.\n\n- The TTL must be \u003e 0.\n- Fractions of a second are not allowed.\n\nBy default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.","description_kind":"plain","optional":true},"signed_request_mode":{"type":"string","description":"Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.\n\nYou must also set a signedRequestKeyset to enable signed requests.\n\nWhen set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: [\"DISABLED\", \"REQUIRE_SIGNATURES\", \"REQUIRE_TOKENS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"add_signatures":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"The actions to take to add signatures to responses. Possible values: [\"GENERATE_COOKIE\", \"GENERATE_TOKEN_HLS_COOKIELESS\", \"PROPAGATE_TOKEN_HLS_COOKIELESS\"]","description_kind":"plain","required":true},"copied_parameters":{"type":["list","string"],"description":"The parameters to copy from the verified token to the generated token.\n\nOnly the following parameters may be copied:\n\n * 'PathGlobs'\n * 'paths'\n * 'acl'\n * 'URLPrefix'\n * 'IPRanges'\n * 'SessionID'\n * 'id'\n * 'Data'\n * 'data'\n * 'payload'\n * 'Headers'\n\nYou may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"keyset":{"type":"string","description":"The keyset to use for signature generation.\n\nThe following are both valid paths to an EdgeCacheKeyset resource:\n\n * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'\n * 'yourKeyset'\n\nThis must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to put the generated token.\n\nIf not specified, defaults to 'edge-cache-token'.\n\nIf specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nThis field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"token_ttl":{"type":"string","description":"The duration the token is valid starting from the moment the token is first generated.\n\nDefaults to '86400s' (1 day).\n\nThe TTL must be \u003e= 0 and \u003c= 604,800 seconds (1 week).\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Enable signature generation or propagation on this route.\n\nThis field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"exclude_host":{"type":"bool","description":"If true, requests to different hosts will be cached separately.\n\nNote: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.","description_kind":"plain","optional":true,"computed":true},"exclude_query_string":{"type":"bool","description":"If true, exclude query string parameters from the cache key\n\nIf false (the default), include the query string parameters in\nthe cache key according to includeQueryParameters and\nexcludeQueryParameters. If neither includeQueryParameters nor\nexcludeQueryParameters is set, the entire query string will be\nincluded.","description_kind":"plain","optional":true},"excluded_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to exclude from cache keys. All other parameters will be included.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true,"computed":true},"included_cookie_names":{"type":["list","string"],"description":"Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.\n\nCookie names:\n - must be valid RFC 6265 \"cookie-name\" tokens\n - are case sensitive\n - cannot start with \"Edge-Cache-\" (case insensitive)\n\n Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.\n\n You may specify up to three cookie names.","description_kind":"plain","optional":true},"included_header_names":{"type":["list","string"],"description":"Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.\n\n- Header names must be valid HTTP RFC 7230 header field values.\n- Header field names are case insensitive\n- To include the HTTP method, use \":method\"\n\nNote that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.","description_kind":"plain","optional":true},"included_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys. All other parameters will be excluded.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"Defines the request parameters that contribute to the cache key.","description_kind":"plain"},"max_items":1},"signed_token_options":{"nesting_mode":"list","block":{"attributes":{"allowed_signature_algorithms":{"type":["list","string"],"description":"The allowed signature algorithms to use.\n\nDefaults to using only ED25519.\n\nYou may specify up to 3 signature algorithms to use. Possible values: [\"ED25519\", \"HMAC_SHA_256\", \"HMAC_SHA1\"]","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to find the token.\n\nThe name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nDefaults to 'edge-cache-token'.","description_kind":"plain","optional":true}},"description":"Additional options for signed tokens.\n\nsignedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1}},"description":"The policy to use for defining caching and signed request behaviour for requests that match this route.","description_kind":"plain"},"max_items":1},"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\n\nThis translates to the Access-Control-Allow-Credentials response header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods response header.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\n\nThis translates to the Access-Control-Allow-Origin response header.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"max_age":{"type":"string","description":"Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).\n\n- Setting the value to -1 forces a pre-flight check for all requests (not recommended)\n- A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.\n- This translates to the Access-Control-Max-Age header.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"description":"CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was supplied in the request.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.\n\nThis can only be set if there is at least one (1) edgeSslCertificate set on the service.","description_kind":"plain","optional":true,"computed":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was supplied in the request.\n\npathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.\n\nThe path value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.\n\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction.\n\nThe supported values are:\n\n- 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.\n- 'FOUND', which corresponds to 302.\n- 'SEE_OTHER' which corresponds to 303.\n- 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.\n- 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: [\"MOVED_PERMANENTLY_DEFAULT\", \"FOUND\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\", \"PERMANENT_REDIRECT\"]","description_kind":"plain","optional":true,"computed":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.","description_kind":"plain","optional":true,"computed":true}},"description":"The URL redirect configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.","description_kind":"plain"},"min_items":1,"max_items":200}},"description":"The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.","description_kind":"plain"},"min_items":1,"max_items":10}},"description":"Defines how requests are routed, modified, cached and/or which origin content is filled from.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_gateway":{"version":0,"block":{"attributes":{"addresses":{"type":["list","string"],"description":"Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,\nan IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.\nGateways of type 'OPEN_MESH' listen on 0.0.0.0.","description_kind":"plain","optional":true,"computed":true},"certificate_urls":{"type":["list","string"],"description":"A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.\nThis feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"delete_swg_autogen_router_on_destroy":{"type":"bool","description":"When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.\nIf there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway_security_policy":{"type":"string","description":"A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.\nFor example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.\nThis policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the Gateway resource to be created.","description_kind":"plain","required":true},"network":{"type":"string","description":"The relative resource name identifying the VPC network that is using this configuration.\nFor example: 'projects/*/global/networks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"ports":{"type":["list","number"],"description":"One or more port numbers (1-65535), on which the Gateway will receive traffic.\nThe proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are\nlimited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"Immutable. Scope determines how configuration across multiple Gateway instances are merged.\nThe configuration for multiple Gateway instances with the same scope will be merged as presented as\na single coniguration to the proxy/load balancer.\nMax length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.\nIf empty, TLS termination is disabled.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"The relative resource name identifying the subnetwork in which this SWG is allocated.\nFor example: 'projects/*/regions/us-central1/subnetworks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY. Possible values: [\"TYPE_UNSPECIFIED\", \"OPEN_MESH\", \"SECURE_WEB_GATEWAY\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_environment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of this environment for the UI.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name specified for the Environment instance.\nFormat: projects/{project_id}/locations/{location}/environments/{environmentId}","description_kind":"plain","required":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance fully boots up.\nThe path must be a URL or Cloud Storage path. Example: \"gs://path-to-file/file-name\"","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance":{"version":1,"block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","optional":true,"computed":true},"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"number","description":"The size of the data disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB).\nYou can choose the size of the data disk based on how big your notebooks and data are.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Notebook Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disk_encryption":{"type":"string","description":"Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values: [\"DISK_ENCRYPTION_UNSPECIFIED\", \"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"install_gpu_driver":{"type":"bool","description":"Whether the end user authorizes Google Cloud to install GPU driver\non this instance. If this field is empty or set to false, the GPU driver\nwon't be installed. Only applicable to instances with GPUs.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"The list of owners of this instance after creation.\nFormat: alias@example.com.\nCurrently supports one owner only.\nIf not specified, all of the service account users of\nyour VM instance's service account can use the instance.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK.\nFormat: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this instance. These can be later modified by the setLabels method.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"machine_type":{"type":"string","description":"A reference to a machine type which defines VM kind.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Custom metadata to apply to this instance.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the Notebook instance.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC that this instance is in.\nFormat: projects/{project_id}/global/networks/{network_id}","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC driver. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"no_proxy_access":{"type":"bool","description":"The notebook instance will not register with the proxy..","description_kind":"plain","optional":true},"no_public_ip":{"type":"bool","description":"No public IP will be assigned to this instance.","description_kind":"plain","optional":true},"no_remove_data_disk":{"type":"bool","description":"If true, the data disk will not be auto deleted when deleting the instance.","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a\nnotebook instance fully boots up. The path must be a URL\nor Cloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the Jupyter notebook.\nOnly returned when the resource is in a 'PROVISIONED' state. If\nneeded you can utilize 'terraform apply -refresh-only' to await\nthe population of this value.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account on this instance, giving access to other\nGoogle Cloud services. You can use any service account within\nthe same project, but you must have the service account user\npermission to use the instance. If not specified,\nthe Compute Engine default service account is used.","description_kind":"plain","optional":true,"computed":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances.\nIf not specified, the following scopes are defined:\n- https://www.googleapis.com/auth/cloud-platform\n- https://www.googleapis.com/auth/userinfo.email","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this instance.","description_kind":"plain","computed":true},"subnet":{"type":"string","description":"The name of the subnet that this instance is in.\nFormat: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to instance.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Instance update time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of this accelerator. Possible values: [\"ACCELERATOR_TYPE_UNSPECIFIED\", \"NVIDIA_TESLA_K80\", \"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\", \"NVIDIA_TESLA_A100\", \"TPU_V2\", \"TPU_V3\"]","description_kind":"plain","required":true}},"description":"The hardware accelerator used on this instance. If you use accelerators,\nmake sure that your configuration has enough vCPUs and memory to support the\nmachineType you have selected.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"The type of Compute Reservation. Possible values: [\"NO_RESERVATION\", \"ANY_RESERVATION\", \"SPECIFIC_RESERVATION\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the\nboot integrity of the instance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image when the instance is created.\nEnabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs\nauthentic software by verifying the digital signature of all boot components, and halting the boot process\nif signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. Check [Images using supported Shielded VM features]\nNot all combinations are valid","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain","deprecated":true}},"google_notebooks_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_location":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Location resource.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_runtime":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"The health state of this runtime. For a list of possible output\nvalues, see 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#healthstate'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"metrics":{"type":["list",["object",{"system_metrics":["map","string"]}]],"description":"Contains Runtime daemon metrics such as Service status and JupyterLab\nstatus","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name specified for the Notebook runtime.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this runtime.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"The type of access mode this instance. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#RuntimeAccessType'.","description_kind":"plain","optional":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the runtime.","description_kind":"plain","computed":true},"runtime_owner":{"type":"string","description":"The owner of this runtime after creation. Format: 'alias@example.com'.\nCurrently supports one owner only.","description_kind":"plain","optional":true}},"description":"The config settings for accessing runtime.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"enable_health_monitoring":{"type":"bool","description":"Verifies core internal services are running. Default: True.","description_kind":"plain","optional":true},"idle_shutdown":{"type":"bool","description":"Runtime will automatically shutdown after idle_shutdown_time.\nDefault: True","description_kind":"plain","optional":true},"idle_shutdown_timeout":{"type":"number","description":"Time in minutes to wait before shuting down runtime.\nDefault: 180 minutes","description_kind":"plain","optional":true},"install_gpu_driver":{"type":"bool","description":"Install Nvidia Driver automatically.","description_kind":"plain","optional":true},"notebook_upgrade_schedule":{"type":"string","description":"Cron expression in UTC timezone for schedule instance auto upgrade.\nPlease follow the [cron format](https://en.wikipedia.org/wiki/Cron).","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance\nfully boots up. The path must be a URL or\nCloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"post_startup_script_behavior":{"type":"string","description":"Behavior for the post startup script. Possible values: [\"POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED\", \"RUN_EVERY_START\", \"DOWNLOAD_AND_RUN_EVERY_START\"]","description_kind":"plain","optional":true},"upgradeable":{"type":"bool","description":"Bool indicating whether an newer image is available in an image family.","description_kind":"plain","computed":true}},"block_types":{"kernels":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to use as Kernels in the notebook instance.","description_kind":"plain"}}},"description":"The config settings for software inside the runtime.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"instance_id":{"type":"string","description":"The unique identifier of the Managed Compute Engine instance.","description_kind":"plain","computed":true},"instance_name":{"type":"string","description":"The user-friendly name of the Managed Compute Engine instance.","description_kind":"plain","computed":true}},"block_types":{"virtual_machine_config":{"nesting_mode":"list","block":{"attributes":{"guest_attributes":{"type":["map","string"],"description":"The Compute Engine guest attributes. (see [Project and instance\nguest attributes](https://cloud.google.com/compute/docs/\nstoring-retrieving-metadata#guest_attributes)).","description_kind":"plain","computed":true},"internal_ip_only":{"type":"bool","description":"If true, runtime will only have internal IP addresses. By default,\nruntimes are not restricted to internal IP addresses, and will\nhave ephemeral external IP addresses assigned to each vm. This\n'internal_ip_only' restriction can only be enabled for subnetwork\nenabled networks, and all dependencies must be configured to be\naccessible without external IP addresses.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for runtimes.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to virtual machine.\n(see [Project and instance metadata](https://cloud.google.com\n/compute/docs/storing-retrieving-metadata#project_and_instance\n_metadata)).","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine network to be used for machine communications.\nCannot be specified with subnetwork. If neither 'network' nor\n'subnet' is specified, the \"default\" network of the project is\nused, if it exists. A full URL or partial URI. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/global/default'\n * 'projects/[project_id]/regions/global/default'\nRuntimes are managed resources inside Google Infrastructure.\nRuntimes support the following network configurations:\n * Google Managed Network (Network \u0026 subnet are empty)\n * Consumer Project VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.\n * Shared VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. This may be gVNIC\nor VirtioNet. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"reserved_ip_range":{"type":"string","description":"Reserved IP Range name is used for VPC Peering. The\nsubnetwork allocation will use the range *name* if it's assigned.","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"The Compute Engine subnetwork to be used for machine\ncommunications. Cannot be specified with network. A full URL or\npartial URI are valid. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/us-east1/subnetworks/sub0'\n * 'projects/[project_id]/regions/us-east1/subnetworks/sub0'","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to runtime (see [Tagging instances]\n(https://cloud.google.com/compute/docs/\nlabel-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone where the virtual machine is located.","description_kind":"plain","computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Accelerator model. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#AcceleratorType'","description_kind":"plain","optional":true}},"description":"The Compute Engine accelerator configuration for this runtime.","description_kind":"plain"},"max_items":1},"container_images":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to start the notebook instance.","description_kind":"plain"}},"data_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Optional. Specifies whether the disk will be auto-deleted\nwhen the instance is deleted (but not when the disk is\ndetached from the instance).","description_kind":"plain","computed":true},"boot":{"type":"bool","description":"Optional. Indicates that this is a boot disk. The virtual\nmachine will use the first partition of the disk for its\nroot filesystem.","description_kind":"plain","computed":true},"device_name":{"type":"string","description":"Optional. Specifies a unique device name of your choice\nthat is reflected into the /dev/disk/by-id/google-* tree\nof a Linux operating system running within the instance.\nThis name can be used to reference the device for mounting,\nresizing, and so on, from within the instance.\nIf not specified, the server chooses a default device name\nto apply to this disk, in the form persistent-disk-x, where\nx is a number assigned by Google Compute Engine. This field\nis only applicable for persistent disks.","description_kind":"plain","computed":true},"guest_os_features":{"type":["list","string"],"description":"Indicates a list of features to enable on the guest operating\nsystem. Applicable only for bootable images. To see a list of\navailable features, read 'https://cloud.google.com/compute/docs/\nimages/create-delete-deprecate-private-images#guest-os-features'\noptions. ''","description_kind":"plain","computed":true},"index":{"type":"number","description":"Output only. A zero-based index to this disk, where 0 is\nreserved for the boot disk. If you have many disks attached\nto an instance, each disk would have a unique index number.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"\"Specifies the disk interface to use for attaching this disk,\nwhich is either SCSI or NVME. The default is SCSI. Persistent\ndisks must always use SCSI and the request will fail if you attempt\nto attach a persistent disk in any other format than SCSI. Local SSDs\ncan use either NVME or SCSI. For performance characteristics of SCSI\nover NVMe, see Local SSD performance. Valid values: * NVME * SCSI\".","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Type of the resource. Always compute#attachedDisk for attached\ndisks.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Output only. Any valid publicly visible licenses.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE\nor READ_ONLY. If not specified, the default is to attach\nthe disk in READ_WRITE mode.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Specifies a valid partial or full URL to an existing\nPersistent Disk resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the disk, either SCRATCH or PERSISTENT.\nIf not specified, the default is PERSISTENT.","description_kind":"plain","optional":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Provide this property when creating the disk.","description_kind":"plain","optional":true},"disk_name":{"type":"string","description":"Specifies the disk name. If not specified, the default is\nto use the name of the instance. If the disk with the\ninstance name exists already in the given zone/region, a\nnew name will be automatically generated.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB. If not\nspecified, the disk will be the same size as the image\n(usually 10GB). If specified, the size must be equal to\nor larger than 10GB. Default 100 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"The type of the boot disk attached to this runtime,\ndefaults to standard persistent disk. For valid values,\nsee 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#disktype'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. These can be later modified\nby the disks.setLabels method. This field is only\napplicable for persistent disks.","description_kind":"plain","optional":true,"computed":true}},"description":"Input only. Specifies the parameters for a new disk that will\nbe created alongside the new instance. Use initialization\nparameters to create boot disks or local SSDs attached to the\nnew instance. This property is mutually exclusive with the\nsource property; you can only define one or the other, but not\nboth.","description_kind":"plain"},"max_items":1}},"description":"Data disk option configuration settings.","description_kind":"plain"},"min_items":1,"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS resource identifier of the customer-managed\nencryption key used to protect a resource, such as a disks.\nIt has the following format:\n'projects/{PROJECT_ID}/locations/{REGION}/keyRings/\n{KEY_RING_NAME}/cryptoKeys/{KEY_NAME}'","description_kind":"plain","optional":true}},"description":"Encryption settings for virtual machine data disk.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.\nEnables monitoring and attestation of the boot integrity of\nthe instance. The attestation is performed against the\nintegrity policy baseline. This baseline is initially derived\nfrom the implicitly trusted boot image when the instance is\ncreated. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.Secure\nBoot helps ensure that the system only runs authentic software\nby verifying the digital signature of all boot components, and\nhalting the boot process if signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled. Enabled by\ndefault.","description_kind":"plain","optional":true}},"description":"Shielded VM Instance configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Virtual Machine configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Use a Compute Engine VM image to start the managed notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_org_policy_custom_constraint":{"version":0,"block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The timestamp representing when the constraint was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_org_policy_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","required":true}},"block_types":{"dry_run_spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `\"TRUE\"`, then the policy is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `\"TRUE\"`, then the `Policy` is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Basic information about the Organization Policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"organizations/{organization_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"organization_id":{"type":"string","description":"ID of the organization of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can be done for individual services.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_organization_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to create a custom role.","description_kind":"plain","required":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The role id to use for this role.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_os_policy_assignment":{"version":0,"block":{"attributes":{"baseline":{"type":"bool","description":"Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.\nFor a given OS policy assignment, there is only one revision with a value of 'true' for this field.","description_kind":"plain","computed":true},"deleted":{"type":"bool","description":"Output only. Indicates that this revision deletes the OS policy assignment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"OS policy assignment description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Indicates that reconciliation is in progress for the revision. This value is 'true' when the 'rollout_state' is one of:\n* IN_PROGRESS\n* CANCELLING","description_kind":"plain","computed":true},"revision_create_time":{"type":"string","description":"Output only. The timestamp that the revision was created.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment","description_kind":"plain","computed":true},"rollout_state":{"type":"string","description":"Output only. OS policy assignment rollout state","description_kind":"plain","computed":true},"skip_await_rollout":{"type":"bool","description":"Set to true to skip awaiting rollout during resource creation and update.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server generated unique id for the OS policy assignment resource.","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VMs in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true}},"block_types":{"exclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM exclusion.\nIf the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM inclusion.\nIf the list has more than one 'LabelSet', the VM is included if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inventories":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*' An empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventories to select VMs.\nA VM is selected if its inventory data matches at least one of the following inventories.","description_kind":"plain"}}},"description":"Filter to select VMs.","description_kind":"plain"},"min_items":1,"max_items":1},"os_policies":{"nesting_mode":"list","block":{"attributes":{"allow_no_resource_group_match":{"type":"bool","description":"This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to 'true' if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Policy description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The id of the OS policy with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the assignment.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Policy mode Possible values: [\"MODE_UNSPECIFIED\", \"VALIDATION\", \"ENFORCEMENT\"]","description_kind":"plain","required":true}},"block_types":{"resource_groups":{"nesting_mode":"list","block":{"block_types":{"inventory_filters":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version\nPrefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*'\nAn empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventory filters for the resource group.\nThe resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters.\nFor example, to apply this resource group to VMs running either 'RHEL' or 'CentOS' operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos'\nIf the list is empty, this resource group will be applied to the target VM unconditionally.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The id of the resource with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the OS policy.","description_kind":"plain","required":true}},"block_types":{"exec":{"nesting_mode":"list","block":{"block_types":{"enforce":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.","description_kind":"plain"},"max_items":1},"validate":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Exec resource","description_kind":"plain"},"max_items":1},"file":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"A a file with this content. The size of the content is limited to 1024 characters.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The absolute path of the file within the VM.","description_kind":"plain","required":true},"permissions":{"type":"string","description":"Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755.\nBelow are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4","description_kind":"plain","computed":true},"state":{"type":"string","description":"Desired state of the file. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"PRESENT\", \"ABSENT\", \"CONTENTS_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local source.","description_kind":"plain"},"max_items":1}},"description":"File resource","description_kind":"plain"},"max_items":1},"pkg":{"nesting_mode":"list","block":{"attributes":{"desired_state":{"type":"string","description":"The desired state the agent should maintain for this package. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"INSTALLED\", \"REMOVED\"]","description_kind":"plain","required":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Apt.","description_kind":"plain"},"max_items":1},"deb":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'dpkg -i package' - install when true: 'apt-get update \u0026\u0026 apt-get -y install package.deb'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A deb package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A deb package file.","description_kind":"plain"},"max_items":1},"googet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by GooGet.","description_kind":"plain"},"max_items":1},"msi":{"nesting_mode":"list","block":{"attributes":{"properties":{"type":["list","string"],"description":"Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of 'ACTION=INSTALL REBOOT=ReallySuppress'.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"The MSI package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An MSI package.","description_kind":"plain"},"max_items":1},"rpm":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'rpm --upgrade --replacepkgs package.rpm' - install when true: 'yum -y install package.rpm' or 'zypper -y install package.rpm'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"An rpm package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An rpm package file.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by YUM.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Zypper.","description_kind":"plain"},"max_items":1}},"description":"Package resource","description_kind":"plain"},"max_items":1},"repository":{"nesting_mode":"list","block":{"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"archive_type":{"type":"string","description":"Type of archive files in this repository. Possible values: [\"ARCHIVE_TYPE_UNSPECIFIED\", \"DEB\", \"DEB_SRC\"]","description_kind":"plain","required":true},"components":{"type":["list","string"],"description":"List of components for this repository. Must contain at least one item.","description_kind":"plain","required":true},"distribution":{"type":"string","description":"Distribution of this repository.","description_kind":"plain","required":true},"gpg_key":{"type":"string","description":"URI of the key file for this repository. The agent maintains a keyring at '/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg'.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI for this repository.","description_kind":"plain","required":true}},"description":"An Apt Repository.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the repository.","description_kind":"plain","required":true},"url":{"type":"string","description":"The url of the repository.","description_kind":"plain","required":true}},"description":"A Goo Repository.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the yum config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for resource conflicts.","description_kind":"plain","required":true}},"description":"A Yum Repository.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the zypper config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.","description_kind":"plain","required":true}},"description":"A Zypper Repository.","description_kind":"plain"},"max_items":1}},"description":"Package repository resource","description_kind":"plain"},"max_items":1}},"description":"List of resources configured for this resource group. The resources are executed in the exact order specified here.","description_kind":"plain"},"min_items":1}},"description":"List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored.\nIf none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag 'allow_no_resource_group_match'","description_kind":"plain"},"min_items":1}},"description":"List of OS policies to be applied to the VMs.","description_kind":"plain"},"min_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"min_wait_duration":{"type":"string","description":"This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the 'disruption_budget' at least until this duration of time has passed after configuration changes are applied.","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_patch_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the patch deployment was created. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the patch deployment. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Duration of the patch. After the duration ends, the patch times out.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_execute_time":{"type":"string","description":"The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the patch deployment resource in a project.\nThe patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.","description_kind":"plain","computed":true},"patch_deployment_id":{"type":"string","description":"A name for the patch deployment in the project. When creating a name the following rules apply:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the project.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Time the patch deployment was last updated. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VM instances in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true},"instance_name_prefixes":{"type":["list","string"],"description":"Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group\nVMs when targeting configs, for example prefix=\"prod-\".","description_kind":"plain","optional":true},"instances":{"type":["list","string"],"description":"Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',\n'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or\n'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'","description_kind":"plain","optional":true},"zones":{"type":["list","string"],"description":"Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone.","description_kind":"plain","optional":true}},"block_types":{"group_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Compute Engine instance labels that must be present for a VM instance to be targeted by this filter","description_kind":"plain","required":true}},"description":"Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances.","description_kind":"plain"}}},"description":"VM instances to patch.","description_kind":"plain"},"min_items":1,"max_items":1},"one_time_schedule":{"nesting_mode":"list","block":{"attributes":{"execute_time":{"type":"string","description":"The desired patch job execution time. A timestamp in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"Schedule a one-time execution.","description_kind":"plain"},"max_items":1},"patch_config":{"nesting_mode":"list","block":{"attributes":{"mig_instances_allowed":{"type":"bool","description":"Allows the patch job to run on Managed instance groups (MIGs).","description_kind":"plain","optional":true},"reboot_config":{"type":"string","description":"Post-patch reboot settings. Possible values: [\"DEFAULT\", \"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"type":{"type":"string","description":"By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: [\"DIST\", \"UPGRADE\"]","description_kind":"plain","optional":true}},"description":"Apt update settings. Use this setting to override the default apt patch rules.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain","required":true}},"description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain"},"max_items":1},"post_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run after the patch update.","description_kind":"plain"},"max_items":1},"pre_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run before the patch update.","description_kind":"plain"},"max_items":1},"windows_update":{"nesting_mode":"list","block":{"attributes":{"classifications":{"type":["list","string"],"description":"Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: [\"CRITICAL\", \"SECURITY\", \"DEFINITION\", \"DRIVER\", \"FEATURE_PACK\", \"SERVICE_PACK\", \"TOOL\", \"UPDATE_ROLLUP\", \"UPDATE\"]","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of KBs to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of kbs to be updated. These are the only patches that will be updated.\nThis field must not be used with other patch configurations.","description_kind":"plain","optional":true}},"description":"Windows update settings. Use this setting to override the default Windows patch rules.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"minimal":{"type":"bool","description":"Will cause patch to run yum update-minimal instead.","description_kind":"plain","optional":true},"security":{"type":"bool","description":"Adds the --security flag to yum update. Not supported on all platforms.","description_kind":"plain","optional":true}},"description":"Yum update settings. Use this setting to override the default yum patch rules.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"categories":{"type":["list","string"],"description":"Install only patches with these categories. Common categories include security, recommended, and feature.","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of packages to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.\nThis field must not be used with any other patch configuration fields.","description_kind":"plain","optional":true},"severities":{"type":["list","string"],"description":"Install only patches with these severities. Common severities include critical, important, moderate, and low.","description_kind":"plain","optional":true},"with_optional":{"type":"bool","description":"Adds the --with-optional flag to zypper patch.","description_kind":"plain","optional":true},"with_update":{"type":"bool","description":"Adds the --with-update flag, to zypper patch.","description_kind":"plain","optional":true}},"description":"zypper update settings. Use this setting to override the default zypper patch rules.","description_kind":"plain"},"max_items":1}},"description":"Patch configuration that is applied.","description_kind":"plain"},"max_items":1},"recurring_schedule":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The end time at which a recurring patch deployment schedule is no longer active.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_execute_time":{"type":"string","description":"The time the last patch job ran successfully.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"next_execute_time":{"type":"string","description":"The time the next patch job is scheduled to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"start_time":{"type":"string","description":"The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"monthly":{"nesting_mode":"list","block":{"attributes":{"month_day":{"type":"number","description":"One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.\nMonths without the target day will be skipped. For example, a schedule to run \"every month on the 31st\"\nwill not run in February, April, June, etc.","description_kind":"plain","optional":true}},"block_types":{"week_day_of_month":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"A day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"day_offset":{"type":"number","description":"Represents the number of days before or after the given week day of month that the patch deployment is scheduled for.","description_kind":"plain","optional":true},"week_ordinal":{"type":"number","description":"Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month.","description_kind":"plain","required":true}},"description":"Week day in a month.","description_kind":"plain"},"max_items":1}},"description":"Schedule with monthly executions.","description_kind":"plain"},"max_items":1},"time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Time of the day to run a recurring deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","required":true},"version":{"type":"string","description":"IANA Time Zone Database version number, e.g. \"2019a\".","description_kind":"plain","optional":true}},"description":"Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are\ndetermined by the chosen time zone.","description_kind":"plain"},"min_items":1,"max_items":1},"weekly":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\". Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"description":"Schedule with weekly executions.","description_kind":"plain"},"max_items":1}},"description":"Schedule recurring executions.","description_kind":"plain"},"max_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode of the patch rollout. Possible values: [\"ZONE_BY_ZONE\", \"CONCURRENT_ZONES\"]","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.\nDuring patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.\nA VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.\nFor zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.\nFor example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout strategy of the patch job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_login_ssh_public_key":{"version":0,"block":{"attributes":{"expiration_time_usec":{"type":"string","description":"An expiration time in microseconds since epoch.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The SHA-256 fingerprint of the SSH public key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Public key text in SSH format, defined by RFC4253 section 6.6.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project ID of the Google Cloud Platform project.","description_kind":"plain","optional":true},"user":{"type":"string","description":"The user email.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CaPool. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this CaPool.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The Tier of this CaPool. Possible values: [\"ENTERPRISE\", \"DEVOPS\"]","description_kind":"plain","required":true}},"block_types":{"issuance_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_lifetime":{"type":"string","description":"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority\nexpires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true}},"block_types":{"allowed_issuance_modes":{"nesting_mode":"list","block":{"attributes":{"allow_config_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CertificateConfig.","description_kind":"plain","required":true},"allow_csr_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CSR.","description_kind":"plain","required":true}},"description":"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.","description_kind":"plain"},"max_items":1},"allowed_key_types":{"nesting_mode":"list","block":{"block_types":{"elliptic_curve":{"nesting_mode":"list","block":{"attributes":{"signature_algorithm":{"type":"string","description":"The algorithm used. Possible values: [\"ECDSA_P256\", \"ECDSA_P384\", \"EDDSA_25519\"]","description_kind":"plain","required":true}},"description":"Represents an allowed Elliptic Curve key type.","description_kind":"plain"},"max_items":1},"rsa":{"nesting_mode":"list","block":{"attributes":{"max_modulus_size":{"type":"string","description":"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice will not enforce an explicit upper bound on RSA modulus sizes.","description_kind":"plain","optional":true},"min_modulus_size":{"type":"string","description":"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice-level min RSA modulus size will continue to apply.","description_kind":"plain","optional":true}},"description":"Describes an RSA key that may be used in a Certificate issued from a CaPool.","description_kind":"plain"},"max_items":1}},"description":"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.\nOtherwise, any key may be used.","description_kind":"plain"}},"baseline_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request\nincludes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate\nrequest uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate\nissuance request will fail.","description_kind":"plain"},"max_items":1},"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.\nOtherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"If this is set, the Subject field may be copied from a certificate request into the signed certificate.\nOtherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a\ncertificate is signed. To see the full allowed syntax and some examples,\nsee https://cloud.google.com/certificate-authority-service/docs/cel-guide","description_kind":"plain"},"max_items":1}},"description":"Describes constraints on identities that may appear in Certificates issued through this CaPool.\nIf this is omitted, then this CaPool will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1}},"description":"The IssuancePolicy to control how Certificates will be issued from this CaPool.","description_kind":"plain"},"max_items":1},"publishing_options":{"nesting_mode":"list","block":{"attributes":{"encoding_format":{"type":"string","description":"Specifies the encoding format of each CertificateAuthority's CA\ncertificate and CRLs. If this is omitted, CA certificates and CRLs\nwill be published in PEM. Possible values: [\"PEM\", \"DER\"]","description_kind":"plain","optional":true},"publish_ca_cert":{"type":"bool","description":"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\"\nX.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding\nX.509 extension will not be written in issued certificates.","description_kind":"plain","required":true},"publish_crl":{"type":"bool","description":"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension\nin all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not\nbe written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are\nalso rebuilt shortly after a certificate is revoked.","description_kind":"plain","required":true}},"description":"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_binding":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_member":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate":{"version":0,"block":{"attributes":{"certificate_authority":{"type":"string","description":"The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from\na Certificate Authority with resource name 'projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca',\nargument 'pool' should be set to 'projects/my-project/locations/us-central1/caPools/my-pool', argument 'certificate_authority'\nshould be set to 'my-ca'.","description_kind":"plain","optional":true},"certificate_description":{"type":["list",["object",{"aia_issuing_certificate_urls":["list","string"],"authority_key_id":["list",["object",{"key_id":"string"}]],"cert_fingerprint":["list",["object",{"sha256_hash":"string"}]],"crl_distribution_points":["list","string"],"public_key":["list",["object",{"format":"string","key":"string"}]],"subject_description":["list",["object",{"hex_serial_number":"string","lifetime":"string","not_after_time":"string","not_before_time":"string","subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"custom_sans":["list",["object",{"critical":"bool","obect_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_description":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","description_kind":"plain","computed":true},"certificate_template":{"type":"string","description":"The resource name for a CertificateTemplate used to issue this certificate,\nin the format 'projects/*/locations/*/certificateTemplates/*'. If this is specified,\nthe caller must have the necessary permission to use this template. If this is\nomitted, no template will be used. This template must be in the same location\nas the Certificate.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_certificate_authority":{"type":"string","description":"The resource name of the issuing CertificateAuthority in the format 'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Certificate. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this Certificate.","description_kind":"plain","required":true},"pem_certificate":{"type":"string","description":"Output only. The pem-encoded, signed X.509 certificate.","description_kind":"plain","computed":true},"pem_certificate_chain":{"type":["list","string"],"description":"The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description":"Immutable. A pem-encoded X.509 certificate signing request (CSR).","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"revocation_details":{"type":["list",["object",{"revocation_state":"string","revocation_time":"string"}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is\nconsidered revoked if and only if this field is present.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateAuthority was updated.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the public key. Currently, only PEM format is supported. Possible values: [\"KEY_TYPE_UNSPECIFIED\", \"PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.","description_kind":"plain","optional":true}},"description":"A PublicKey describes a public key.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","optional":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","required":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0\nrequires setting 'zero_max_issuer_path_length = true'.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nIf both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"key_spec":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use for creating a managed Cloud KMS key for a for a simplified\nexperience. All managed keys will be have their ProtectionLevel as HSM. Possible values: [\"SIGN_HASH_ALGORITHM_UNSPECIFIED\", \"RSA_PSS_2048_SHA256\", \"RSA_PSS_3072_SHA256\", \"RSA_PSS_4096_SHA256\", \"RSA_PKCS1_2048_SHA256\", \"RSA_PKCS1_3072_SHA256\", \"RSA_PKCS1_4096_SHA256\", \"EC_P256_SHA256\", \"EC_P384_SHA384\"]","description_kind":"plain","optional":true},"cloud_kms_key_version":{"type":"string","description":"The resource name for an existing Cloud KMS CryptoKeyVersion in the format\n'projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*'.","description_kind":"plain","optional":true}},"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"subordinate_config":{"nesting_mode":"list","block":{"attributes":{"certificate_authority":{"type":"string","description":"This can refer to a CertificateAuthority that was used to create a\nsubordinate CertificateAuthority. This field is used for information\nand usability purposes only. The resource name is in the format\n'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","optional":true}},"block_types":{"pem_issuer_chain":{"nesting_mode":"list","block":{"attributes":{"pem_certificates":{"type":["list","string"],"description":"Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","optional":true}},"description":"Contains the PEM certificate chain for the issuers of this CertificateAuthority,\nbut not pem certificate for this CA itself.","description_kind":"plain"},"max_items":1}},"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human-readable description of scenarios this template is intended for.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels with user-defined metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was updated.","description_kind":"plain","computed":true}},"block_types":{"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel","description_kind":"plain"},"max_items":1}},"description":"Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1},"passthrough_extensions":{"nesting_mode":"list","block":{"attributes":{"known_extensions":{"type":["list","string"],"description":"Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.","description_kind":"plain"}}},"description":"Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.","description_kind":"plain"},"max_items":1},"predefined_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value of this X.509 extension.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Required. The OID for this X.509 extension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Describes custom X.509 extensions.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Detailed scenarios in which a key may be used.","description_kind":"plain"},"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","description_kind":"plain"}}},"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_binding":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_member":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","optional":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","required":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","required":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Project has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"projects/{project_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project id.","description_kind":"plain","deprecated":true,"optional":true},"project_id":{"type":"string","description":"ID of the project of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_default_service_accounts":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE.\n\t\t\t\tNote that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID where service accounts are created.","description_kind":"plain","required":true},"restore_policy":{"type":"string","description":"The action to be performed in the default service accounts on the resource destroy.\n\t\t\t\tValid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.","description_kind":"plain","optional":true},"service_accounts":{"type":["map","string"],"description":"The Service Accounts changed by this resource. It is used for revert the action on the destroy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_project_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"role_id":{"type":"string","description":"The camel case role id to use for this role. Cannot contain - characters.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","optional":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_usage_export_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to store reports in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description":"A prefix for the reports, for instance, the project name.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project to set the export bucket on. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_public_ca_external_account_key":{"version":0,"block":{"attributes":{"b64_mac_key":{"type":"string","description":"Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService\nwhen the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"location":{"type":"string","description":"Location for the externalAccountKey. Currently only 'global' is supported.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the reservation.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite reservation.","description_kind":"plain","optional":true},"throughput_capacity":{"type":"number","description":"The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_subscription":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"delivery_config":{"nesting_mode":"list","block":{"attributes":{"delivery_requirement":{"type":"string","description":"When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: [\"DELIVER_IMMEDIATELY\", \"DELIVER_AFTER_STORED\", \"DELIVERY_REQUIREMENT_UNSPECIFIED\"]","description_kind":"plain","required":true}},"description":"The settings for this subscription's message delivery.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"partition_config":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of partitions in the topic. Must be at least 1.","description_kind":"plain","required":true}},"block_types":{"capacity":{"nesting_mode":"list","block":{"attributes":{"publish_mib_per_sec":{"type":"number","description":"Subscribe throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true},"subscribe_mib_per_sec":{"type":"number","description":"Publish throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true}},"description":"The capacity configuration.","description_kind":"plain"},"max_items":1}},"description":"The settings for this topic's partitions.","description_kind":"plain"},"max_items":1},"reservation_config":{"nesting_mode":"list","block":{"attributes":{"throughput_reservation":{"type":"string","description":"The Reservation to use for this topic's throughput capacity.","description_kind":"plain","optional":true}},"description":"The settings for this topic's Reservation usage.","description_kind":"plain"},"max_items":1},"retention_config":{"nesting_mode":"list","block":{"attributes":{"per_partition_bytes":{"type":"string","description":"The provisioned storage, in bytes, per partition. If the number of bytes stored\nin any of the topic's partitions grows beyond this value, older messages will be\ndropped to make room for newer ones, regardless of the value of period.","description_kind":"plain","required":true},"period":{"type":"string","description":"How long a published message is retained. If unset, messages will be retained as\nlong as the bytes retained for each partition is below perPartitionBytes. A\nduration in seconds with up to nine fractional digits, terminated by 's'.\nExample: \"3.5s\".","description_kind":"plain","optional":true}},"description":"The settings for a topic's message retention.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema":{"version":0,"block":{"attributes":{"definition":{"type":"string","description":"The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type. Changes\nto the definition commit new [schema revisions](https://cloud.google.com/pubsub/docs/commit-schema-revision).\nA schema can only have up to 20 revisions, so updates that fail with an\nerror indicating that the limit has been reached require manually\n[deleting old revisions](https://cloud.google.com/pubsub/docs/delete-schema-revision).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID to use for the schema, which will become the final component of the schema's resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","optional":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","required":true}},"block_types":{"bigquery_config":{"nesting_mode":"list","block":{"attributes":{"drop_unknown_fields":{"type":"bool","description":"When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that\nare not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync\nand any messages with extra fields are not written and remain in the subscription's backlog.","description_kind":"plain","optional":true},"table":{"type":"string","description":"The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId}","description_kind":"plain","required":true},"use_table_schema":{"type":"bool","description":"When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages\nmust be published in JSON format. Only one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"use_topic_schema":{"type":"bool","description":"When true, use the topic's schema as the columns to write to in BigQuery, if it exists.\nOnly one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.","description_kind":"plain","optional":true}},"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"cloud_storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like \"gs://\".","description_kind":"plain","required":true},"filename_prefix":{"type":"string","description":"User-provided prefix for Cloud Storage filename.","description_kind":"plain","optional":true},"filename_suffix":{"type":"string","description":"User-provided suffix for Cloud Storage filename. Must not end in \"/\".","description_kind":"plain","optional":true},"max_bytes":{"type":"number","description":"The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB.\nThe maxBytes limit may be exceeded in cases where messages are larger than the limit.","description_kind":"plain","optional":true},"max_duration":{"type":"string","description":"The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes.\nMay not exceed the subscription's acknowledgement deadline.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"An output-only field that indicates whether or not the subscription can receive messages.","description_kind":"plain","computed":true}},"block_types":{"avro_config":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output.","description_kind":"plain","optional":true}},"description":"If set, message data will be written to Cloud Storage in Avro format.","description_kind":"plain"},"max_items":1}},"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"dead_letter_policy":{"nesting_mode":"list","block":{"attributes":{"dead_letter_topic":{"type":"string","description":"The name of the topic to which dead letter messages should be published.\nFormat is 'projects/{project}/topics/{topic}'.\n\nThe Cloud Pub/Sub service account associated with the enclosing subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Publish() to this topic.\n\nThe operation will fail if the topic does not exist.\nUsers should ensure that there is a subscription attached to this topic\nsince messages published to a topic with no subscriptions are lost.","description_kind":"plain","optional":true},"max_delivery_attempts":{"type":"number","description":"The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.","description_kind":"plain","optional":true}},"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain"},"max_items":1},"expiration_policy":{"nesting_mode":"list","block":{"attributes":{"ttl":{"type":"string","description":"Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".","description_kind":"plain","required":true}},"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain"},"max_items":1},"push_config":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.","description_kind":"plain","optional":true},"push_endpoint":{"type":"string","description":"A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".","description_kind":"plain","required":true}},"block_types":{"no_wrapper":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request. Writes the\nPub/Sub message attributes to '\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request.","description_kind":"plain","required":true}},"description":"When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.","description_kind":"plain"},"max_items":1}},"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_backoff":{"type":"string","description":"The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"minimum_backoff":{"type":"string","description":"The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"message_storage_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_persistence_regions":{"type":["list","string"],"description":"A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.","description_kind":"plain","required":true}},"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain"},"max_items":1},"schema_settings":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"]","description_kind":"plain","optional":true},"schema":{"type":"string","description":"The name of the schema that messages published should be\nvalidated against. Format is projects/{project}/schemas/{schema}.\nThe value of this field will be _deleted-schema_\nif the schema has been deleted.","description_kind":"plain","required":true}},"description":"Settings for validating messages published against a schema.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_topic_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_recaptcha_enterprise_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp corresponding to the creation of this Key.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-readable display name of this key. Modifiable by user.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"See [Creating and managing labels](https://cloud.google.com/recaptcha-enterprise/docs/labels).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id for the Key, which is the same as the Site Key itself.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"android_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_package_names":{"type":"bool","description":"If set to true, it means allowed_package_names will not be enforced.","description_kind":"plain","optional":true},"allowed_package_names":{"type":["list","string"],"description":"Android package names of apps allowed to use the key. Example: 'com.companyname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by Android apps.","description_kind":"plain"},"max_items":1},"ios_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_bundle_ids":{"type":"bool","description":"If set to true, it means allowed_bundle_ids will not be enforced.","description_kind":"plain","optional":true},"allowed_bundle_ids":{"type":["list","string"],"description":"iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by iOS apps.","description_kind":"plain"},"max_items":1},"testing_options":{"nesting_mode":"list","block":{"attributes":{"testing_challenge":{"type":"string","description":"For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE","description_kind":"plain","optional":true,"computed":true},"testing_score":{"type":"number","description":"All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.","description_kind":"plain","optional":true}},"description":"Options for user acceptance testing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"waf_settings":{"nesting_mode":"list","block":{"attributes":{"waf_feature":{"type":"string","description":"Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS","description_kind":"plain","required":true},"waf_service":{"type":"string","description":"The WAF service that uses this key. Possible values: CA, FASTLY","description_kind":"plain","required":true}},"description":"Settings specific to keys that can be used for WAF (Web Application Firewall).","description_kind":"plain"},"max_items":1},"web_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_domains":{"type":"bool","description":"If set to true, it means allowed_domains will not be enforced.","description_kind":"plain","optional":true},"allow_amp_traffic":{"type":"bool","description":"If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'","description_kind":"plain","optional":true},"challenge_security_preference":{"type":"string","description":"Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY","description_kind":"plain","optional":true,"computed":true},"integration_type":{"type":"string","description":"Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE","description_kind":"plain","required":true}},"description":"Settings for keys that can be used by websites.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_cluster":{"version":0,"block":{"attributes":{"authorization_mode":{"type":"string","description":"Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. Default value: \"AUTH_MODE_DISABLED\" Possible values: [\"AUTH_MODE_UNSPECIFIED\", \"AUTH_MODE_IAM_AUTH\", \"AUTH_MODE_DISABLED\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp associated with the cluster creation request. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"discovery_endpoints":{"type":["list",["object",{"address":"string","port":"number","psc_config":["list",["object",{"network":"string"}]]}]],"description":"Output only. Endpoints created on each given network,\nfor Redis clients to connect to the cluster.\nCurrently only one endpoint is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the resource in this scope including project and location using the form:\nprojects/{projectId}/locations/{locationId}/clusters/{clusterId}","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"address":"string","forwarding_rule":"string","network":"string","project_id":"string","psc_connection_id":"string"}]],"description":"Output only. PSC connections for discovery of the cluster topology and accessing the cluster.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the region of the Redis cluster.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes per shard.","description_kind":"plain","optional":true},"shard_count":{"type":"number","description":"Required. Number of shards for the Redis cluster.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Output only. Redis memory size in GB for the entire cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED","description_kind":"plain","computed":true},"state_info":{"type":["list",["object",{"update_info":["list",["object",{"target_replica_count":"number","target_shard_count":"number"}]]}]],"description":"Output only. Additional information about the current state of the cluster.","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"Optional. The in-transit encryption for the Redis cluster.\nIf not provided, encryption is disabled for the cluster. Default value: \"TRANSIT_ENCRYPTION_MODE_DISABLED\" Possible values: [\"TRANSIT_ENCRYPTION_MODE_UNSPECIFIED\", \"TRANSIT_ENCRYPTION_MODE_DISABLED\", \"TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System assigned, unique identifier for the cluster.","description_kind":"plain","computed":true}},"block_types":{"psc_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. The consumer network where the network address of\nthe discovery endpoint will be reserved, in the form of\nprojects/{network_project_id_or_number}/global/networks/{network_id}.","description_kind":"plain","required":true}},"description":"Required. Each PscConfig configures the consumer network where two\nnetwork addresses will be designated to the cluster for client access.\nCurrently, only one PscConfig is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","optional":true,"computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","optional":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true,"sensitive":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","optional":true,"computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","optional":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","optional":true,"computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","optional":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"persistence_mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]","description_kind":"plain","optional":true,"computed":true},"rdb_next_snapshot_time":{"type":"string","description":"Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true}},"description":"Persistence configuration for an instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_resource_manager_lien":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time of creation","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A system-generated unique identifier for this Lien.","description_kind":"plain","computed":true},"origin":{"type":"string","description":"A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.","description_kind":"plain","required":true},"parent":{"type":"string","description":"A reference to the resource this Lien is attached to.\nThe server will validate the parent against those for which Liens are supported.\nSince a variety of objects can have Liens against them, you must provide the type\nprefix (e.g. \"projects/my-project-name\").","description_kind":"plain","required":true},"reason":{"type":"string","description":"Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.","description_kind":"plain","required":true},"restrictions":{"type":["list","string"],"description":"The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete']","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/eventThreatDetectionSettings/customModules/{module}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/muteConfigs/{configId},\nfolders/{folder}/muteConfigs/{configId},\nor projects/{project}/muteConfigs/{configId}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Resource name of the new mute configs's parent. Its format is\n\"organizations/[organization_id]\", \"folders/[folder_id]\", or\n\"projects/[project_id]\".","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_organization_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","optional":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"block_types":{"replication":{"nesting_mode":"list","block":{"block_types":{"auto":{"nesting_mode":"list","block":{"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.","description_kind":"plain","required":true}},"description":"The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.","description_kind":"plain"},"max_items":1}},"description":"The Secret will automatically be replicated without any restrictions.","description_kind":"plain"},"max_items":1},"user_managed":{"nesting_mode":"list","block":{"block_types":{"replicas":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The canonical IDs of the location to replicate data. For example: \"us-east1\".","description_kind":"plain","required":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination secret.","description_kind":"plain","required":true}},"description":"Customer Managed Encryption for the secret.","description_kind":"plain"},"max_items":1}},"description":"The list of Replicas for this Secret. Cannot be empty.","description_kind":"plain"},"min_items":1}},"description":"The Secret will be replicated to the regions specified by the user.","description_kind":"plain"},"max_items":1}},"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain"},"min_items":1,"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*.\nFor publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON","description_kind":"plain","optional":true},"destroy_time":{"type":"string","description":"The time at which the Secret was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the SecretVersion.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description":"If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager secret resource","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_config":{"type":["list",["object",{"api":"string","git_http":"string","git_ssh":"string","html":"string"}]],"description":"A list of hostnames for this instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The name for the Instance.","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the Instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the Instance.","description_kind":"plain","computed":true},"state_note":{"type":"string","description":"Provides information about the current instance state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"private_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.","description_kind":"plain","required":true},"http_service_attachment":{"type":"string","description":"Service Attachment for HTTP, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true},"is_private":{"type":"bool","description":"'Indicate if it's private instance.'","description_kind":"plain","required":true},"ssh_service_attachment":{"type":"string","description":"Service Attachment for SSH, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true}},"description":"Private settings for private instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_securityposture_posture":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Posture was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the resource, eg: global.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Id of the posture. It is an immutable field.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Revision_id of the posture.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture. Update to state field should not be triggered along with\nwith other field updates. Possible values: [\"DEPRECATED\", \"DRAFT\", \"ACTIVE\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the Posture was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"policy_sets":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy set.","description_kind":"plain","optional":true},"policy_set_id":{"type":"string","description":"ID of the policy set.","description_kind":"plain","required":true}},"block_types":{"policies":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy.","description_kind":"plain","optional":true},"policy_id":{"type":"string","description":"ID of the policy.","description_kind":"plain","required":true}},"block_types":{"compliance_standards":{"nesting_mode":"list","block":{"attributes":{"control":{"type":"string","description":"Mapping of security controls for the policy.","description_kind":"plain","optional":true},"standard":{"type":"string","description":"Mapping of compliance standards for the policy.","description_kind":"plain","optional":true}},"description":"Mapping for policy to security standards and controls.","description_kind":"plain"}},"constraint":{"nesting_mode":"list","block":{"block_types":{"org_policy_constraint":{"nesting_mode":"list","block":{"attributes":{"canned_constraint_id":{"type":"string","description":"Organization policy canned constraint Id","description_kind":"plain","required":true}},"block_types":{"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy canned constraint definition.","description_kind":"plain"},"max_items":1},"org_policy_constraint_custom":{"nesting_mode":"list","block":{"block_types":{"custom_constraint":{"nesting_mode":"list","block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true}},"description":"Organization policy custom constraint definition.","description_kind":"plain"},"max_items":1},"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy custom constraint policy definition.","description_kind":"plain"},"max_items":1},"security_health_analytics_custom_module":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A server generated id of custom module.","description_kind":"plain","computed":true},"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to\nresolve the detected issue","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"SEVERITY_UNSPECIFIED\", \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","required":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be\nspecified to return the value of the property or a text string enclosed\nin quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties. A set of optional name-value pairs that define custom source properties to\nreturn with each finding that is generated by the custom module. The custom\nsource properties that are defined here are included in the finding JSON\nunder 'sourceProperties'.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings.When the expression\nevaluates to true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom module details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Definition of Security Health Analytics Custom Module.","description_kind":"plain"},"max_items":1},"security_health_analytics_module":{"nesting_mode":"list","block":{"attributes":{"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"module_name":{"type":"string","description":"The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.","description_kind":"plain","required":true}},"description":"Security Health Analytics built-in detector definition.","description_kind":"plain"},"max_items":1}},"description":"Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of security policy","description_kind":"plain"},"min_items":1}},"description":"List of policy sets for the posture.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_securityposture_posture_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the posture deployment was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture deployment.","description_kind":"plain","optional":true},"desired_posture_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture to be deployed.","description_kind":"plain","computed":true},"desired_posture_revision_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture revision_id to be deployed.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"failure_message":{"type":"string","description":"This is a output only optional field which will be filled in case where\nPostureDeployment enters a failure state like UPDATE_FAILED or\nCREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's\nCREATE/UPDATE/DELETE methods.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource, eg. global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture deployment instance.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_deployment_id":{"type":"string","description":"ID of the posture deployment.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Relative name of the posture which needs to be deployed. It should be in the format:\n organizations/{organization_id}/locations/{location}/postures/{posture_id}","description_kind":"plain","required":true},"posture_revision_id":{"type":"string","description":"Revision_id the posture which needs to be deployed.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture deployment.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture deployment. A posture deployment can be in the following terminal states:\nACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.","description_kind":"plain","computed":true},"target_resource":{"type":"string","description":"The resource on which the posture should be deployed. This can be in one of the following formats:\nprojects/{project_number},\nfolders/{folder_number},\norganizations/{organization_id}","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the posture deployment was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created.","description_kind":"plain","required":true},"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip service account creation if a service account with the same email already exists.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the service account is disabled. Defaults to false","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the service account. Can be updated without creating a new resource.","description_kind":"plain","optional":true},"email":{"type":"string","description":"The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully-qualified name of the service account.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description":"The unique id of the service account.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keepers":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger recreation of resource.","description_kind":"plain","optional":true},"key_algorithm":{"type":"string","description":"The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name used for this key pair","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_type":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description":"The public key, base64 encoded","description_kind":"plain","computed":true},"public_key_data":{"type":"string","description":"A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.","description_kind":"plain","optional":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true},"service_account_id":{"type":"string","description":"The ID of the parent service account of the key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}, where {ACCOUNT} is the email address or unique id of the service account. If the {ACCOUNT} syntax is used, the project will be inferred from the provider's configuration.","description_kind":"plain","required":true},"valid_after":{"type":"string","description":"The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_before":{"type":"string","description":"The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_networking_connection":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"When set to ABANDON, terraform will abandon management of the resource instead of deleting it. Prevents terraform apply failures with CloudSQL. Note: The resource will still exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"Name of VPC network connected with service producers using VPC peering.","description_kind":"plain","required":true},"peering":{"type":"string","description_kind":"plain","computed":true},"reserved_peering_ranges":{"type":["list","string"],"description":"Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks.","description_kind":"plain","required":true},"service":{"type":"string","description":"Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description":"The DNS domain name suffix of the peered DNS domain.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the peered DNS domain.","description_kind":"plain","required":true},"network":{"type":"string","description":"Network in the consumer project to peer with.","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to create a peered DNS domain for, e.g. servicenetworking.googleapis.com","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"block_types":{"pubsub_configs":{"nesting_mode":"set","block":{"attributes":{"message_format":{"type":"string","description":"The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"]","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":"Email address of the service account used for publishing Cloud Pub/Sub messages.\nThis service account needs to be in the same project as the PubsubConfig. When added,\nthe caller needs to have iam.serviceAccounts.actAs permission on this service account.\nIf unspecified, it defaults to the compute engine default service account.","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","optional":true,"computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the database. Defaults to true. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the database will fail.","description_kind":"plain","optional":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after\nthe instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Fully qualified name of the KMS key to use to encrypt this database. This key must exist\nin the same location as the Spanner Database.","description_kind":"plain","required":true}},"description":"Encryption configuration for the database","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database_iam_binding":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_member":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","optional":true,"computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"block_types":{"autoscaling_limits":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Specifies maximum number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to min_nodes.","description_kind":"plain","optional":true},"max_processing_units":{"type":"number","description":"Specifies maximum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000 and be greater than or equal to\nmin_processing_units.","description_kind":"plain","optional":true},"min_nodes":{"type":"number","description":"Specifies number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to 1.","description_kind":"plain","optional":true},"min_processing_units":{"type":"number","description":"Specifies minimum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000.","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events. Users can define the minimum and\nmaximum compute capacity allocated to the instance, and the autoscaler will\nonly scale within that range. Users can either use nodes or processing\nunits to specify the limits, but should use the same unit to set both the\nmin_limit and max_limit.","description_kind":"plain"},"max_items":1},"autoscaling_targets":{"nesting_mode":"list","block":{"attributes":{"high_priority_cpu_utilization_percent":{"type":"number","description":"Specifies the target high priority cpu utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization)..","description_kind":"plain","optional":true},"storage_utilization_percent":{"type":"number","description":"Specifies the target storage utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization).","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1}},"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","optional":true,"computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","optional":true,"computed":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","optional":true,"computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","optional":true,"sensitive":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true,"sensitive":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true}},"block_types":{"clone":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"database_names":{"type":["list","string"],"description":"(SQL Server only, use with point_in_time) clone only the specified databases from the source instance. Clone all databases if empty.","description_kind":"plain","optional":true},"point_in_time":{"type":"string","description":"The timestamp of the point in time that should be restored.","description_kind":"plain","optional":true},"preferred_zone":{"type":"string","description":"(Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance.","description_kind":"plain","optional":true},"source_instance_name":{"type":"string","description":"The name of the instance from which the point in time should be restored.","description_kind":"plain","required":true}},"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain"},"max_items":1},"replica_configuration":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM representation of the trusted CA's x509 certificate.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"PEM representation of the replica's x509 certificate.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.","description_kind":"plain","optional":true},"connect_retry_interval":{"type":"number","description":"The number of seconds between connect retries. MySQL's default is 60 seconds.","description_kind":"plain","optional":true},"dump_file_path":{"type":"string","description":"Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.","description_kind":"plain","optional":true},"failover_target":{"type":"bool","description":"Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres","description_kind":"plain","optional":true},"master_heartbeat_period":{"type":"number","description":"Time in ms between replication heartbeats.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the replication connection.","description_kind":"plain","optional":true,"sensitive":true},"ssl_cipher":{"type":"string","description":"Permissible ciphers for use in SSL encryption.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for replication connection.","description_kind":"plain","optional":true},"verify_server_certificate":{"type":"bool","description":"True if the master's common name value is checked during the SSL handshake.","description_kind":"plain","optional":true}},"description":"The configuration for replication.","description_kind":"plain"},"max_items":1},"restore_backup_context":{"nesting_mode":"list","block":{"attributes":{"backup_run_id":{"type":"number","description":"The ID of the backup run to restore from.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"The ID of the instance that the backup was taken from.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The full project ID of the source instance.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The name of server instance collation.","description_kind":"plain","optional":true},"connector_enforcement":{"type":"string","description":"Specifies if connections must use Cloud SQL connectors.","description_kind":"plain","optional":true,"computed":true},"deletion_protection_enabled":{"type":"bool","description":"Configuration to protect against accidental instance deletion.","description_kind":"plain","optional":true},"disk_autoresize":{"type":"bool","description":"Enables auto-resizing of the storage size. Defaults to true.","description_kind":"plain","optional":true},"disk_autoresize_limit":{"type":"number","description":"The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.","description_kind":"plain","optional":true},"pricing_plan":{"type":"string","description":"Pricing plan for this instance, can only be PER_USE.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"A set of key/value user label pairs to assign to the instance.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"Used to make sure changes to the settings block are atomic.","description_kind":"plain","computed":true}},"block_types":{"active_directory_config":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the Active Directory for SQL Server (e.g., mydomain.com).","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. Can be 1 or 2.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"backup_configuration":{"nesting_mode":"list","block":{"attributes":{"binary_log_enabled":{"type":"bool","description":"True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"True if backup configuration is enabled.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup configuration.","description_kind":"plain","optional":true},"point_in_time_recovery_enabled":{"type":"bool","description":"True if Point-in-time recovery is enabled.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"HH:MM format time indicating when backup configuration starts.","description_kind":"plain","optional":true,"computed":true},"transaction_log_retention_days":{"type":"number","description":"The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backup_retention_settings":{"nesting_mode":"list","block":{"attributes":{"retained_backups":{"type":"number","description":"Number of backups to retain.","description_kind":"plain","required":true},"retention_unit":{"type":"string","description":"The unit that 'retainedBackups' represents. Defaults to COUNT","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"data_cache_config":{"nesting_mode":"list","block":{"attributes":{"data_cache_enabled":{"type":"bool","description":"Whether data cache is enabled for the instance.","description_kind":"plain","optional":true}},"description":"Data cache configurations.","description_kind":"plain"},"max_items":1},"database_flags":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the flag.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value of the flag.","description_kind":"plain","required":true}},"description_kind":"plain"}},"deny_maintenance_period":{"nesting_mode":"list","block":{"attributes":{"end_date":{"type":"string","description":"End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"start_date":{"type":"string","description":"Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"time":{"type":"string","description":"Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"insights_config":{"nesting_mode":"list","block":{"attributes":{"query_insights_enabled":{"type":"bool","description":"True if Query Insights feature is enabled.","description_kind":"plain","optional":true},"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.","description_kind":"plain","optional":true,"computed":true},"query_string_length":{"type":"number","description":"Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"True if Query Insights will record application tags from query when enabled.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"True if Query Insights will record client address when enabled.","description_kind":"plain","optional":true}},"description":"Configuration of Query Insights.","description_kind":"plain"},"max_items":1},"ip_configuration":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"enable_private_path_for_google_cloud_services":{"type":"bool","description":"Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.","description_kind":"plain","optional":true},"ipv4_enabled":{"type":"bool","description":"Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode if it has been set too.","description_kind":"plain","optional":true},"ssl_mode":{"type":"string","description":"Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"authorized_networks":{"nesting_mode":"set","block":{"attributes":{"expiration_time":{"type":"string","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true},"value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"psc_config":{"nesting_mode":"set","block":{"attributes":{"allowed_consumer_projects":{"type":["set","string"],"description":"List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).","description_kind":"plain","optional":true},"psc_enabled":{"type":"bool","description":"Whether PSC connectivity is enabled for this instance.","description_kind":"plain","optional":true}},"description":"PSC settings for a Cloud SQL instance.","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"location_preference":{"nesting_mode":"list","block":{"attributes":{"follow_gae_application":{"type":"string","description":"A Google App Engine application whose zone to remain in. Must be in the same region as this instance.","description_kind":"plain","optional":true},"secondary_zone":{"type":"string","description":"The preferred Compute Engine zone for the secondary/failover","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The preferred compute engine zone.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of week (1-7), starting on Monday","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Hour of day (0-23), ignored if day not set","description_kind":"plain","optional":true},"update_track":{"type":"string","description":"Receive updates earlier (canary) or later (stable)","description_kind":"plain","optional":true}},"description":"Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.","description_kind":"plain"},"max_items":1},"password_validation_policy":{"nesting_mode":"list","block":{"attributes":{"complexity":{"type":"string","description":"Password complexity.","description_kind":"plain","optional":true},"disallow_username_substring":{"type":"bool","description":"Disallow username as a part of the password.","description_kind":"plain","optional":true},"enable_password_policy":{"type":"bool","description":"Whether the password policy is enabled or not.","description_kind":"plain","required":true},"min_length":{"type":"number","description":"Minimum number of characters allowed.","description_kind":"plain","optional":true},"password_change_interval":{"type":"string","description":"Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.","description_kind":"plain","optional":true},"reuse_interval":{"type":"number","description":"Number of previous passwords that cannot be reused.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"sql_server_audit_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The name of the destination bucket (e.g., gs://mybucket).","description_kind":"plain","optional":true},"retention_interval":{"type":"string","description":"How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..","description_kind":"plain","optional":true},"upload_interval":{"type":"string","description":"How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_source_representation_instance":{"version":0,"block":{"attributes":{"ca_certificate":{"type":"string","description":"The CA certificate on the external server. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The MySQL version running on your source database server. Possible values: [\"MYSQL_5_6\", \"MYSQL_5_7\", \"MYSQL_8_0\", \"POSTGRES_9_6\", \"POSTGRES_10\", \"POSTGRES_11\", \"POSTGRES_12\", \"POSTGRES_13\", \"POSTGRES_14\"]","description_kind":"plain","required":true},"dump_file_path":{"type":"string","description":"A file in the bucket that contains the data from the external server.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the source representation instance. Use any valid Cloud SQL instance name.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the replication user account.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The externally accessible port for the source database server.\nDefaults to 3306.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created instance should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description":"The replication user account on the external server.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_ssl_cert":{"version":1,"block":{"attributes":{"cert":{"type":"string","description":"The actual certificate data for this client certificate.","description_kind":"plain","computed":true,"sensitive":true},"cert_serial_number":{"type":"string","description":"The serial number extracted from the certificate data.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"The private key associated with the client certificate.","description_kind":"plain","computed":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"server_ca_cert":{"type":"string","description":"The CA cert of the server this client cert was generated from.","description_kind":"plain","computed":true,"sensitive":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 Fingerprint of the certificate.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_user":{"version":1,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the user. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they\n\t\t\t\thave been granted SQL roles. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host":{"type":"string","description":"The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the user. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.","description_kind":"plain","optional":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"sql_server_user_details":{"type":["list",["object",{"disabled":"bool","server_roles":["list","string"]}]],"description_kind":"plain","computed":true},"type":{"type":"string","description":"The user type. It determines the method to authenticate the user during login.\n The default is the database's built-in user type. Flags include \"BUILT_IN\", \"CLOUD_IAM_USER\", \"CLOUD_IAM_GROUP\" or \"CLOUD_IAM_SERVICE_ACCOUNT\".","description_kind":"plain","optional":true}},"block_types":{"password_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_failed_attempts":{"type":"number","description":"Number of failed attempts allowed before the user get locked.","description_kind":"plain","optional":true},"enable_failed_attempts_check":{"type":"bool","description":"If true, the check that will lock user after too many failed login attempts will be enabled.","description_kind":"plain","optional":true},"enable_password_verification":{"type":"bool","description":"If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.","description_kind":"plain","optional":true},"password_expiration_duration":{"type":"string","description":"Password expiration duration with one week grace period.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"locked":"bool","password_expiration_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket":{"version":1,"block":{"attributes":{"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","optional":true,"computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","optional":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true}},"block_types":{"autoclass":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.","description_kind":"plain","required":true},"terminal_storage_class":{"type":"string","description":"The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's autoclass configuration.","description_kind":"plain"},"max_items":1},"cors":{"nesting_mode":"list","block":{"attributes":{"max_age_seconds":{"type":"number","description":"The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.","description_kind":"plain","optional":true},"method":{"type":["list","string"],"description":"The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".","description_kind":"plain","optional":true},"origin":{"type":["list","string"],"description":"The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".","description_kind":"plain","optional":true},"response_header":{"type":["list","string"],"description":"The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.","description_kind":"plain","optional":true}},"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain"}},"custom_placement_config":{"nesting_mode":"list","block":{"attributes":{"data_locations":{"type":["set","string"],"description":"The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.","description_kind":"plain","required":true}},"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain"},"max_items":1},"encryption":{"nesting_mode":"list","block":{"attributes":{"default_kms_key_name":{"type":"string","description":"A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in. See the docs for more details.","description_kind":"plain","required":true}},"description":"The bucket's encryption configuration.","description_kind":"plain"},"max_items":1},"lifecycle_rule":{"nesting_mode":"list","block":{"block_types":{"action":{"nesting_mode":"set","block":{"attributes":{"storage_class":{"type":"string","description":"The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.","description_kind":"plain","required":true}},"description":"The Lifecycle Rule's action configuration. A single block of this type is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"condition":{"nesting_mode":"set","block":{"attributes":{"age":{"type":"number","description":"Minimum age of an object in days to satisfy this condition.","description_kind":"plain","optional":true},"created_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"custom_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"days_since_custom_time":{"type":"number","description":"Number of days elapsed since the user-specified timestamp set on an object.","description_kind":"plain","optional":true},"days_since_noncurrent_time":{"type":"number","description":"Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.","description_kind":"plain","optional":true},"matches_prefix":{"type":["list","string"],"description":"One or more matching name prefixes to satisfy this condition.","description_kind":"plain","optional":true},"matches_storage_class":{"type":["list","string"],"description":"Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.","description_kind":"plain","optional":true},"matches_suffix":{"type":["list","string"],"description":"One or more matching name suffixes to satisfy this condition.","description_kind":"plain","optional":true},"no_age":{"type":"bool","description":"While set true, age value will be omitted.Required to set true when age is unset in the config file.","description_kind":"plain","optional":true},"noncurrent_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"num_newer_versions":{"type":"number","description":"Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.","description_kind":"plain","optional":true},"with_state":{"type":"string","description":"Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".","description_kind":"plain","optional":true,"computed":true}},"description":"The Lifecycle Rule's condition configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain"},"max_items":100},"logging":{"nesting_mode":"list","block":{"attributes":{"log_bucket":{"type":"string","description":"The bucket that will receive log objects.","description_kind":"plain","required":true},"log_object_prefix":{"type":"string","description":"The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"is_locked":{"type":"bool","description":"If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.","description_kind":"plain","optional":true},"retention_period":{"type":"number","description":"The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.","description_kind":"plain","required":true}},"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"versioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, versioning is fully enabled for this bucket.","description_kind":"plain","required":true}},"description":"The bucket's Versioning configuration.","description_kind":"plain"},"max_items":1},"website":{"nesting_mode":"list","block":{"attributes":{"main_page_suffix":{"type":"string","description":"Behaves as the bucket's directory index where missing objects are treated as potential directories.","description_kind":"plain","optional":true},"not_found_page":{"type":"string","description":"The custom object to return when a requested resource is not found.","description_kind":"plain","optional":true}},"description":"Configuration if the bucket acts as a website.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket it applies to.","description_kind":"plain","required":true},"default_acl":{"type":"string","description":"Configure this ACL to be the default ACL.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"predefined_acl":{"type":"string","description":"The canned GCS ACL to apply. Must be set if role_entity is not.","description_kind":"plain","optional":true},"role_entity":{"type":["list","string"],"description":"List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","optional":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","optional":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","optional":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","optional":true,"computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","optional":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","optional":true,"computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","optional":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","optional":true,"computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","optional":true}},"block_types":{"customer_encryption":{"nesting_mode":"list","block":{"attributes":{"encryption_algorithm":{"type":"string","description":"The encryption algorithm. Default: AES256","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"Base64 encoded customer supplied encryption key.","description_kind":"plain","required":true,"sensitive":true}},"description":"Encryption key; encoded using base64.","description_kind":"plain"},"max_items":1},"retention":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"The object retention mode. Supported values include: \"Unlocked\", \"Locked\".","description_kind":"plain","required":true},"retain_until_time":{"type":"string","description":"Time in RFC 3339 (e.g. 2030-01-01T02:03:04Z) until which object retention protects this object.","description_kind":"plain","required":true}},"description":"Object level retention configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object, if applied to an object.","description_kind":"plain","optional":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_hmac_key":{"version":0,"block":{"attributes":{"access_id":{"type":"string","description":"The access ID of the HMAC Key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"HMAC secret key material.","description_kind":"plain","computed":true,"sensitive":true},"service_account_email":{"type":"string","description":"The email address of the key's associated service account.","description_kind":"plain","required":true},"state":{"type":"string","description":"The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: \"ACTIVE\" Possible values: [\"ACTIVE\", \"INACTIVE\"]","description_kind":"plain","optional":true},"time_created":{"type":"string","description":"'The creation time of the HMAC key in RFC 3339 format. '","description_kind":"plain","computed":true},"updated":{"type":"string","description":"'The last modification time of the HMAC key metadata in RFC 3339 format.'","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_insights_report_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The editable display name of the inventory report configuration. Has a limit of 256 characters. Can be empty.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the ReportConfig. The source and destination buckets specified in the ReportConfig\nmust be in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The UUID of the inventory report configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"The delimiter used to separate the fields in the inventory report CSV file.","description_kind":"plain","optional":true},"header_required":{"type":"bool","description":"The boolean that indicates whether or not headers are included in the inventory report CSV file.","description_kind":"plain","optional":true},"record_separator":{"type":"string","description":"The character used to separate the records in the inventory report CSV file.","description_kind":"plain","optional":true}},"description":"Options for configuring the format of the inventory report CSV file.","description_kind":"plain"},"min_items":1,"max_items":1},"frequency_options":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"The frequency in which inventory reports are generated. Values are DAILY or WEEKLY. Possible values: [\"DAILY\", \"WEEKLY\"]","description_kind":"plain","required":true}},"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to stop generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to stop generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to stop generating inventory reports","description_kind":"plain","required":true}},"description":"The date to stop generating inventory reports. For example, {\"day\": 15, \"month\": 9, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to start generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to start generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to start generating inventory reports","description_kind":"plain","required":true}},"description":"The date to start generating inventory reports. For example, {\"day\": 15, \"month\": 8, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options for configuring how inventory reports are generated.","description_kind":"plain"},"max_items":1},"object_metadata_report_options":{"nesting_mode":"list","block":{"attributes":{"metadata_fields":{"type":["list","string"],"description":"The metadata fields included in an inventory report.","description_kind":"plain","required":true}},"block_types":{"storage_destination_options":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The destination bucket that stores the generated inventory reports.","description_kind":"plain","required":true},"destination_path":{"type":"string","description":"The path within the destination bucket to store generated inventory reports.","description_kind":"plain","optional":true}},"description":"Options for where the inventory reports are stored.","description_kind":"plain"},"min_items":1,"max_items":1},"storage_filters":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The filter to use when specifying which bucket to generate inventory reports for.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Options for including metadata in an inventory report.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_notification":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"custom_attributes":{"type":["map","string"],"description":" A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription","description_kind":"plain","optional":true},"event_types":{"type":["set","string"],"description":"List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"notification_id":{"type":"string","description":"The ID of the created notification.","description_kind":"plain","computed":true},"object_name_prefix":{"type":"string","description":"Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The Cloud Pub/Sub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object to apply the access control to.","description_kind":"plain","required":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description_kind":"plain","required":true},"predefined_acl":{"type":"string","description_kind":"plain","optional":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_transfer_agent_pool":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Specifies the client-specified AgentPool description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID of the agent pool to create.\n\nThe agentPoolId must meet the following requirements:\n* Length of 128 characters or less.\n* Not start with the string goog.\n* Start with a lowercase ASCII character, followed by:\n * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~).\n * One or more numerals or lowercase ASCII characters.\n\nAs expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies the state of the AgentPool.","description_kind":"plain","computed":true}},"block_types":{"bandwidth_limit":{"nesting_mode":"list","block":{"attributes":{"limit_mbps":{"type":"string","description":"Bandwidth rate in megabytes per second, distributed across all the agents in the pool.","description_kind":"plain","required":true}},"description":"Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_transfer_job":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the Transfer Job was created.","description_kind":"plain","computed":true},"deletion_time":{"type":"string","description":"When the Transfer Job was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Unique description to identify the Transfer Job.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modification_time":{"type":"string","description":"When the Transfer Job was last modified.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the Transfer Job.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.","description_kind":"plain","optional":true}},"block_types":{"event_stream":{"nesting_mode":"list","block":{"attributes":{"event_stream_expiration_time":{"type":"string","description":"Specifies the data and time at which Storage Transfer Service stops listening for events from this stream. After this time, any transfers in progress will complete, but no new transfers are initiated","description_kind":"plain","optional":true},"event_stream_start_time":{"type":"string","description":"Specifies the date and time that Storage Transfer Service starts listening for events from this stream. If no start time is specified or start time is in the past, Storage Transfer Service starts listening immediately","description_kind":"plain","optional":true},"name":{"type":"string","description":"Specifies a unique name of the resource such as AWS SQS ARN in the form 'arn:aws:sqs:region:account_id:queue_name', or Pub/Sub subscription resource name in the form 'projects/{project}/subscriptions/{sub}'","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"attributes":{"event_types":{"type":["set","string"],"description":"Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Topic.name of the Pub/Sub topic to which to publish notifications.","description_kind":"plain","required":true}},"description":"Notification configuration.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"repeat_interval":{"type":"string","description":"Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"schedule_end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.","description_kind":"plain"},"max_items":1},"schedule_start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.","description_kind":"plain"},"min_items":1,"max_items":1},"start_time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","required":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","required":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","required":true}},"description":"The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.","description_kind":"plain"},"max_items":1}},"description":"Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.","description_kind":"plain"},"max_items":1},"transfer_spec":{"nesting_mode":"list","block":{"attributes":{"sink_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true},"source_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_s3_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"S3 Bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"S3 Bucket path in bucket to transfer.","description_kind":"plain","optional":true},"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.","description_kind":"plain","optional":true}},"block_types":{"aws_access_key":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"AWS Key ID.","description_kind":"plain","required":true,"sensitive":true},"secret_access_key":{"type":"string","description":"AWS Secret Access Key.","description_kind":"plain","required":true,"sensitive":true}},"description":"AWS credentials block.","description_kind":"plain"},"max_items":1}},"description":"An AWS S3 data source.","description_kind":"plain"},"max_items":1},"azure_blob_storage_data_source":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container to transfer from the Azure Storage account.","description_kind":"plain","required":true},"path":{"type":"string","description":"Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.","description_kind":"plain","optional":true,"computed":true},"storage_account":{"type":"string","description":"The name of the Azure Storage account.","description_kind":"plain","required":true}},"block_types":{"azure_credentials":{"nesting_mode":"list","block":{"attributes":{"sas_token":{"type":"string","description":"Azure shared access signature.","description_kind":"plain","required":true,"sensitive":true}},"description":" Credentials used to authenticate API requests to Azure.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An Azure Blob Storage data source.","description_kind":"plain"},"max_items":1},"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"http_data_source":{"nesting_mode":"list","block":{"attributes":{"list_url":{"type":"string","description":"The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.","description_kind":"plain","required":true}},"description":"A HTTP URL data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"posix_data_sink":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data sink.","description_kind":"plain"},"max_items":1},"posix_data_source":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data source.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Transfer specification.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_tags_location_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagKey. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagKey.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagKey.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"]","description_kind":"plain","optional":true},"purpose_data":{"type":["map","string"],"description":"Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"\u003cproject-name\u003e/\u003cvpc-name\u003e\"'.","description_kind":"plain","optional":true},"short_name":{"type":"string","description":"Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagValue. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagValue.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_value_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_node":{"version":0,"block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of hardware accelerators associated with this node.","description_kind":"plain","required":true},"cidr_block":{"type":"string","description":"The CIDR block that the TPU node will use when selecting an IP\naddress. This CIDR block must be a /29 block; the Compute Engine\nnetworks API forbids a smaller block, and using a larger block would\nbe wasteful (a node can only consume one IP address).\n\nErrors will occur if the CIDR block has already been used for a\ncurrently existing TPU node, the CIDR block conflicts with any\nsubnetworks in the user's provided network, or the provided network\nis peered with another network that is using that CIDR block.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"The user-supplied description of the TPU. Maximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The immutable name of the TPU.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of a network to peer the TPU node to. It must be a\npreexisting Compute Engine network inside of the project on which\nthis API has been activated. If none is provided, \"default\" will be\nused.","description_kind":"plain","optional":true,"computed":true},"network_endpoints":{"type":["list",["object",{"ip_address":"string","port":"number"}]],"description":"The network endpoints where TPU workers can be accessed and sent work.\nIt is recommended that Tensorflow clients of the node first reach out\nto the first (index 0) entry.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used to run the tensor flow services within the\nnode. To share resources, including Google Cloud Storage data, with\nthe Tensorflow job running in the Node, this account must have\npermissions to that data.","description_kind":"plain","computed":true},"tensorflow_version":{"type":"string","description":"The version of Tensorflow running in the Node.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"use_service_networking":{"type":"bool","description":"Whether the VPC peering for the node is set up through Service Networking API.\nThe VPC Peering should be set up before provisioning the node. If this field is set,\ncidr_block field should not be specified. If the network that you want to peer the\nTPU Node to is a Shared VPC network, the node must be created with this this field enabled.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP location for the TPU. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"scheduling_config":{"nesting_mode":"list","block":{"attributes":{"preemptible":{"type":"bool","description":"Defines whether the TPU instance is preemptible.","description_kind":"plain","required":true}},"description":"Sets the scheduling options for this TPU instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_dataset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the dataset was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Dataset. This value is set by Google.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the dataset was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","optional":true}},"description":"Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was created.","description_kind":"plain","computed":true},"deployed_models":{"type":["list",["object",{"automatic_resources":["list",["object",{"max_replica_count":"number","min_replica_count":"number"}]],"create_time":"string","dedicated_resources":["list",["object",{"autoscaling_metric_specs":["list",["object",{"metric_name":"string","target":"number"}]],"machine_spec":["list",["object",{"accelerator_count":"number","accelerator_type":"string","machine_type":"string"}]],"max_replica_count":"number","min_replica_count":"number"}]],"display_name":"string","enable_access_logging":"bool","enable_container_logging":"bool","id":"string","model":"string","model_version_id":"string","private_endpoints":["list",["object",{"explain_http_uri":"string","health_http_uri":"string","predict_http_uri":"string","service_attachment":"string"}]],"service_account":"string","shared_resources":"string"}]],"description":"Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/).","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Endpoint.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates. If not set, a blind \"overwrite\" update happens.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"model_deployment_monitoring_job":{"type":"string","description":"Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: 'projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}'","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits.","description_kind":"plain","required":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. Where '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was last updated.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: 'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature group. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Currently only supports 1 entity_id_column. If not provided defaults to entityId.","description_kind":"plain","optional":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"input_uri":{"type":"string","description":"BigQuery URI to a table, up to 2000 characters long. For example: 'bq://projectId.bqDatasetId.bqTableId.'","description_kind":"plain","required":true}},"description":"The BigQuery source URI that points to either a BigQuery Table or View.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Indicates that features for this group come from BigQuery Table/View. By default treats the source as a sparse time series source, which is required to have an entityId and a feature_timestamp column in the source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_group":{"type":"string","description":"The name of the Feature Group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group Feature.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the feature group's region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"version_column_name":{"type":"string","description":"The name of the BigQuery Table/View column hosting data for this version. If no value is provided, will use featureId.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the feature online store was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any FeatureViews and Features for this FeatureOnlineStore will also be deleted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your feature online stores.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Online Store. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature online store. eg us-central1","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Feature Online Store. See the possible states in [this link](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores#state).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the feature online store was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"bigtable":{"nesting_mode":"list","block":{"block_types":{"auto_scaling":{"nesting_mode":"list","block":{"attributes":{"cpu_utilization_target":{"type":"number","description":"A percentage of the cluster's CPU capacity. Can be from 10% to 80%. When a cluster's CPU utilization exceeds the target that you have set, Bigtable immediately adds nodes to the cluster. When CPU utilization is substantially lower than the target, Bigtable removes nodes. If not set will default to 50%.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than or equal to minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Autoscaling config applied to Bigtable Instance.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for Cloud Bigtable instance that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store_featureview":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_online_store":{"type":"string","description":"The name of the FeatureOnlineStore to use for the featureview.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this FeatureView.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the FeatureView. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the featureonlinestore region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Start by supporting 1 only.","description_kind":"plain","required":true},"uri":{"type":"string","description":"The BigQuery view URI that will be materialized on each sync trigger based on FeatureView.SyncConfig.","description_kind":"plain","required":true}},"description":"Configures how data is supposed to be extracted from a BigQuery source to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"feature_registry_source":{"nesting_mode":"list","block":{"block_types":{"feature_groups":{"nesting_mode":"list","block":{"attributes":{"feature_group_id":{"type":"string","description":"Identifier of the feature group.","description_kind":"plain","required":true},"feature_ids":{"type":["list","string"],"description":"Identifiers of features under the feature group.","description_kind":"plain","required":true}},"description":"List of features that need to be synced to Online Store.","description_kind":"plain"},"min_items":1}},"description":"Configures the features from a Feature Registry source that need to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"sync_config":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) to launch scheduled runs.\nTo explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or \"TZ=${IANA_TIME_ZONE}\".","description_kind":"plain","optional":true,"computed":true}},"description":"Configures when data is to be synced/updated for this FeatureView. At the end of the sync the latest featureValues for each entityId of this FeatureView are made ready for online serving.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any EntityTypes and Features for this Featurestore will also be deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Featurestore.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"If set, both of the online and offline data storage will be secured by this key.","description_kind":"plain"},"max_items":1},"online_serving_config":{"nesting_mode":"list","block":{"attributes":{"fixed_node_count":{"type":"number","description":"The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating.","description_kind":"plain","optional":true}},"block_types":{"scaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other.","description_kind":"plain"},"max_items":1}},"description":"Config for online serving resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the EntityType.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"featurestore":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this EntityType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the EntityType.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"categorical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).","description_kind":"plain"},"max_items":1},"import_features_analysis":{"nesting_mode":"list","block":{"attributes":{"anomaly_detection_baseline":{"type":"string","description":"Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below:\n* LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics.\n* MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists.\n* PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below:\n* DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled.\n* ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it.\n* DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it.","description_kind":"plain","optional":true}},"description":"The config for ImportFeatures Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1},"numerical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64).","description_kind":"plain"},"max_items":1},"snapshot_analysis":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.","description_kind":"plain","optional":true},"monitoring_interval_days":{"type":"number","description":"Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1.\nIf both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used.","description_kind":"plain","optional":true},"staleness_days":{"type":"number","description":"Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days.","description_kind":"plain","optional":true}},"description":"The config for Snapshot Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1}},"description":"The default monitoring configuration for all Features under this EntityType.\n\nIf this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the entity type was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the feature.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitytype":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the feature.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the feature","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the entity type was most recently updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"value_type":{"type":"string","description":"Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"contents_delta_uri":{"type":"string","description":"Allows inserting, updating or deleting the contents of the Matching Engine Index.\nThe string must be a valid Cloud Storage directory path. If this\nfield is set when calling IndexService.UpdateIndex, then no other\nIndex field can be also updated as part of the same call.\nThe expected structure and format of the files this URI points to is\ndescribed at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format","description_kind":"plain","required":true},"is_complete_overwrite":{"type":"bool","description":"If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,\nthen existing content of the Index will be replaced by the data from the contentsDeltaUri.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"approximate_neighbors_count":{"type":"number","description":"The default number of neighbors to find via approximate search before exact reordering is\nperformed. Exact reordering is a procedure where results returned by an\napproximate search algorithm are reordered via a more expensive distance computation.\nRequired if tree-AH algorithm is used.","description_kind":"plain","optional":true},"dimensions":{"type":"number","description":"The number of dimensions of the input vectors.","description_kind":"plain","required":true},"distance_measure_type":{"type":"string","description":"The distance measure used in nearest neighbor search. The value must be one of the followings:\n* SQUARED_L2_DISTANCE: Euclidean (L_2) Distance\n* L1_DISTANCE: Manhattan (L_1) Distance\n* COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.\n* DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product","description_kind":"plain","optional":true},"feature_norm_type":{"type":"string","description":"Type of normalization to be carried out on each vector. The value must be one of the followings:\n* UNIT_L2_NORM: Unit L2 normalization type\n* NONE: No normalization type is specified.","description_kind":"plain","optional":true},"shard_size":{"type":"string","description":"Index data is split into equal parts to be processed. These are called \"shards\".\nThe shard size must be specified when creating an index. The value must be one of the followings:\n* SHARD_SIZE_SMALL: Small (2GB)\n* SHARD_SIZE_MEDIUM: Medium (20GB)\n* SHARD_SIZE_LARGE: Large (50GB)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"algorithm_config":{"nesting_mode":"list","block":{"block_types":{"brute_force_config":{"nesting_mode":"list","block":{"description":"Configuration options for using brute force search, which simply implements the\nstandard linear search in the database for each query.","description_kind":"plain"},"max_items":1},"tree_ah_config":{"nesting_mode":"list","block":{"attributes":{"leaf_node_embedding_count":{"type":"number","description":"Number of embeddings on each leaf node. The default value is 1000 if not set.","description_kind":"plain","optional":true},"leaf_nodes_to_search_percent":{"type":"number","description":"The default percentage of leaf nodes that any query may be searched. Must be in\nrange 1-100, inclusive. The default value is 10 (means 10%) if not set.","description_kind":"plain","optional":true}},"description":"Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).\nPlease refer to this paper for more details: https://arxiv.org/abs/1908.10396","description_kind":"plain"},"max_items":1}},"description":"The configuration with regard to the algorithms used for efficient search.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the Matching Engine Index.","description_kind":"plain"},"max_items":1}},"description":"An additional information about the Index","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered.\nPrivate services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.\n[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.\nWhere '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_endpoint_domain_name":{"type":"string","description":"If publicEndpointEnabled is true, this field will be populated with the domain name to use for this index endpoint.","description_kind":"plain","computed":true},"public_endpoint_enabled":{"type":"bool","description":"If true, the deployed index will be accessible through public endpoint.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index endpoint. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, the IndexEndpoint is created without private service access.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_tensorboard":{"version":0,"block":{"attributes":{"blob_storage_path_prefix":{"type":"string","description":"Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp of when the Tensorboard was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this Tensorboard.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User provided name of this Tensorboard.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Tensorboards.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Tensorboard.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tensorboard. eg us-central1","description_kind":"plain","optional":true,"computed":true},"run_count":{"type":"string","description":"The number of Runs stored in this Tensorboard.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Tensorboard was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nOnce the customer is created then corecount cannot be changed.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","optional":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","required":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"destination_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"external_address":{"type":"string","description":"The name of an 'ExternalAddress' resource.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain"},"min_items":1},"source_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"A single IP address.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","optional":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","optional":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","optional":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","required":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","optional":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"external_ip":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain"},"max_items":1},"internet_access":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","optional":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"block_types":{"management_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The user-provided identifier of the new Cluster. The identifier must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with RFC 1034 (https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)","description_kind":"plain","required":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nThis cannot be changed once the PrivateCloud is created.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}}},"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain"},"min_items":1,"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"dns_server_ip":{"type":"string","description":"DNS Server IP of the Private Cloud.","description_kind":"plain","computed":true},"management_cidr":{"type":"string","description":"Management CIDR used by VMware management appliances.","description_kind":"plain","required":true},"management_ip_address_layout_version":{"type":"number","description":"The IP address layout version of the management IP address range.\nPossible versions include:\n* managementIpAddressLayoutVersion=1: Indicates the legacy IP address layout used by some existing private clouds. This is no longer supported for new private clouds\nas it does not support all features.\n* managementIpAddressLayoutVersion=2: Indicates the latest IP address layout\nused by all newly created private clouds. This version supports all current features.","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network attached to the private cloud.\nSpecify the name in the following form: projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}\nwhere {project} can either be a project number or a project ID.","description_kind":"plain","optional":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in\nthe form: projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector.","description_kind":"plain","optional":true,"computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector.","description_kind":"plain","optional":true,"computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true}},"block_types":{"subnet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.","description_kind":"plain","optional":true,"computed":true}},"description":"The subnet in which to house the connector","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Output only. Email address of entity that sent original CreateInstance request.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the Workbench Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disable_proxy_access":{"type":"bool","description":"Optional. If true, the workbench instance will not register with the proxy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_info":{"type":["list",["object",{}]],"description":"'Output only. Additional information about instance health. Example:\nhealthInfo\": { \"docker_proxy_agent_status\": \"1\", \"docker_status\": \"1\", \"jupyterlab_api_status\":\n\"-1\", \"jupyterlab_status\": \"-1\", \"updated\": \"2020-10-18 09:40:03.573409\" }'","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"Output only. Instance health_state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Required. User-defined unique ID of this instance.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"'Optional. Input only. The owner of this instance after creation. Format:\n'alias@example.com' Currently supports one owner only. If not specified, all of\nthe service account users of your VM instance''s service account can use the instance.'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Labels to apply to this instance. These can be later modified\nby the UpdateInstance method.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this workbench instance. Format: 'projects/{project_id}/locations/{location}/instances/{instance_id}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"Output only. The proxy endpoint that is used to access the Jupyter notebook.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of this instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"upgrade_history":{"type":["list",["object",{"action":"string","container_image":"string","create_time":"string","framework":"string","snapshot":"string","state":"string","target_version":"string","version":"string","vm_image":"string"}]],"description":"Output only. The upgrade history of this instance.","description_kind":"plain","computed":true}},"block_types":{"gce_setup":{"nesting_mode":"list","block":{"attributes":{"disable_public_ip":{"type":"bool","description":"Optional. If true, no external IP will be assigned to this VM instance.","description_kind":"plain","optional":true,"computed":true},"enable_ip_forwarding":{"type":"bool","description":"Optional. Flag to enable ip forwarding or not, default false/off.\nhttps://cloud.google.com/vpc/docs/using-routes#canipforward","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Optional. Custom metadata to apply to this instance.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Optional. The Compute Engine tags to add to instance (see [Tagging\ninstances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_configs":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"string","description":"Optional. Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Optional. Type of this accelerator. Possible values: [\"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_A100\", \"NVIDIA_A100_80GB\", \"NVIDIA_L4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\"]","description_kind":"plain","optional":true}},"description":"The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has\n[enough vCPUs and memory to support the 'machine_type' you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).\nCurrently supports only one accelerator configuration.","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot and\ndata disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to the\nrecommended value of 150GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks, only\napplicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"The definition of a boot disk.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the workbench instance.","description_kind":"plain"},"max_items":1},"data_disks":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot\nand data disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the disk in GB attached to this VM instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to\n100.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Input only. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks,\nonly applicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"Data disks attached to the VM instance. Currently supports only one data disk.","description_kind":"plain"},"max_items":1},"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Optional. The name of the VPC that this VM instance is in.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"Optional. The type of vNIC to be used on this interface. This\nmay be gVNIC or VirtioNet. Possible values: [\"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"Optional. The name of the subnet that this VM instance is in.","description_kind":"plain","optional":true,"computed":true}},"description":"The network interfaces for the VM. Supports only one interface.","description_kind":"plain"}},"service_accounts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Optional. Email address of the service account.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["list","string"],"description":"Output only. The list of scopes to be made available for this\nservice account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform","description_kind":"plain","computed":true}},"description":"The service account that serves as an identity for the VM instance. Currently supports only one service account.","description_kind":"plain"}},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether the VM instance has integrity monitoring\nenabled. Enables monitoring and attestation of the boot integrity of the VM\ninstance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image\nwhen the VM instance is created. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the VM instance has Secure Boot enabled.\nSecure Boot helps ensure that the system only runs authentic software by verifying\nthe digital signature of all boot components, and halting the boot process\nif signature verification fails. Disabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the VM instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. See [Images using supported Shielded\nVM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).\nNot all combinations are valid.","description_kind":"plain"},"max_items":1},"vm_image":{"nesting_mode":"list","block":{"attributes":{"family":{"type":"string","description":"Optional. Use this VM image family to find the image; the newest\nimage in this family will be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Optional. Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: {project_id}","description_kind":"plain","optional":true}},"description":"Definition of a custom Compute Engine virtual machine image for starting\na workbench instance with the environment installed directly on the VM.","description_kind":"plain"},"max_items":1}},"description":"The definition of how to configure a VM instance outside of Resources and Identity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_workflows_workflow":{"version":1,"block":{"attributes":{"call_log_level":{"type":"string","description":"Describes the level of platform logging to apply to calls and call responses during\nexecutions of this workflow. If both the workflow and the execution specify a logging level,\nthe execution level takes precedence. Possible values: [\"CALL_LOG_LEVEL_UNSPECIFIED\", \"LOG_ALL_CALLS\", \"LOG_ERRORS_ONLY\", \"LOG_NONE\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp of when the workflow was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"The KMS key used to encrypt workflow and execution data.\n\nFormat: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the workflow provided by the user. Must be at most 1000 unicode characters long.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Workflow.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the workflow.","description_kind":"plain","optional":true},"revision_id":{"type":"string","description":"The revision of the workflow. A new one is generated if the service account or source contents is changed.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Name of the service account associated with the latest workflow version. This service\naccount represents the identity of the workflow and determines what permissions the workflow has.\nFormat: projects/{project}/serviceAccounts/{account} or {account}.\nUsing - as a wildcard for the {project} or not providing one at all will infer the project from the account.\nThe {account} value can be the email address or the unique_id of the service account.\nIf not provided, workflow will use the project's default service account.\nModifying this field for an existing workflow results in a new workflow revision.","description_kind":"plain","optional":true,"computed":true},"source_contents":{"type":"string","description":"Workflow code to be executed. The size limit is 128KB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the workflow deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the workflow was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"user_env_vars":{"type":["map","string"],"description":"User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS\".","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"google_access_approval_folder_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"folder_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_approval_organization_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_approval_project_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_active_folder":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_alloydb_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list",["object",{"display_name":"string","labels":["map","string"],"location_id":"string","metadata":["map","string"],"name":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_alloydb_supported_database_flags":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"supported_database_flags":{"type":["list",["object",{"accepts_multiple_values":"bool","flag_name":"string","integer_restrictions":["list",["object",{"max_value":"string","min_value":"string"}]],"name":"string","requires_db_restart":"bool","string_restrictions":["list",["object",{"allowed_values":["list","string"]}]],"supported_db_versions":["list","string"],"value_type":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_app_engine_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policies":{"type":["set",["object",{"action":"string","condition":["list",["object",{"newer_than":"string","older_than":"string","package_name_prefixes":["list","string"],"tag_prefixes":["list","string"],"tag_state":"string","version_name_prefixes":["list","string"]}]],"id":"string","most_recent_versions":["list",["object",{"keep_count":"number","package_name_prefixes":["list","string"]}]]}]],"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain","computed":true},"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","computed":true},"docker_config":{"type":["list",["object",{"immutable_tags":"bool"}]],"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","required":true},"maven_config":{"type":["list",["object",{"allow_snapshot_overwrites":"bool","version_policy":"string"}]],"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"remote_repository_config":{"type":["list",["object",{"apt_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]],"description":"string","docker_repository":["list",["object",{"public_repository":"string"}]],"maven_repository":["list",["object",{"public_repository":"string"}]],"npm_repository":["list",["object",{"public_repository":"string"}]],"python_repository":["list",["object",{"public_repository":"string"}]],"upstream_credentials":["list",["object",{"username_password_credentials":["list",["object",{"password_secret_version":"string","username":"string"}]]}]],"yum_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]]}]],"description":"Configuration specific for a Remote Repository.","description_kind":"plain","computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true},"virtual_repository_config":{"type":["list",["object",{"upstream_policies":["list",["object",{"id":"string","priority":"number","repository":"string"}]]}]],"description":"Configuration specific for a Virtual Repository.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"application_endpoint":{"type":["list",["object",{"host":"string","port":"number"}]],"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain","computed":true},"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway":{"type":["list",["object",{"app_gateway":"string","ingress_port":"number","type":"string","uri":"string"}]],"description":"Gateway used by the AppConnection.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"principal_info":{"type":["list",["object",{"service_account":["list",["object",{"email":"string"}]]}]],"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","computed":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"access":{"type":["set",["object",{"dataset":["list",["object",{"dataset":["list",["object",{"dataset_id":"string","project_id":"string"}]],"target_types":["list","string"]}]],"domain":"string","group_by_email":"string","iam_member":"string","role":"string","routine":["list",["object",{"dataset_id":"string","project_id":"string","routine_id":"string"}]],"special_group":"string","user_by_email":"string","view":["list",["object",{"dataset_id":"string","project_id":"string","table_id":"string"}]]}]],"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain","computed":true},"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","computed":true},"default_encryption_configuration":{"type":["list",["object",{"kms_key_name":"string"}]],"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain","computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","computed":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","computed":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","computed":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_default_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lookup_projects":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"project_ids":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_client_config":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"The OAuth2 access token used by the client to authenticate against the Google Cloud API.","description_kind":"markdown","computed":true,"sensitive":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. It is created in a projects/{{project}}/regions/{{region}}/zones/{{zone}} format and is NOT used by the data source in requests to Google APIs.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project to apply any resources to.","description_kind":"markdown","computed":true},"region":{"type":"string","description":"The region to operate under.","description_kind":"markdown","computed":true},"zone":{"type":"string","description":"The zone to operate under.","description_kind":"markdown","computed":true}},"description":"Use this data source to access the configuration of the Google Cloud provider.","description_kind":"markdown"}},"google_client_openid_userinfo":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email of the account used by the provider to authenticate with GCP.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. Its value is the same as the `email` attribute. Do not use this field, use the `email` attribute instead.","description_kind":"markdown","computed":true}},"description":"Get OpenID userinfo about the credentials used with the Google provider, specifically the email.\nThis datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.\n\n~\u003e This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.","description_kind":"markdown"}},"google_cloud_identity_group_lookup":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up Group.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity. For Google-managed entities, the id should be the email address of an existing group or user.\nFor external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements.\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group.\nIf specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source}.","description_kind":"plain","optional":true}},"description":"The EntityKey of the Group to lookup. A unique identifier for an entity in the Cloud Identity Groups API.\nAn entity can represent either a group with an optional namespace or a user without a namespace.\nThe combination of id and namespace must be unique; however, the same id can be used with different namespaces.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloud_identity_group_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"create_time":"string","group":"string","name":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"roles":["set",["object",{"expiry_detail":["list",["object",{"expire_time":"string"}]],"name":"string"}]],"type":"string","update_time":"string"}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_groups":{"version":0,"block":{"attributes":{"groups":{"type":["list",["object",{"additional_group_keys":["list",["object",{"id":"string","namespace":"string"}]],"create_time":"string","description":"string","display_name":"string","group_key":["list",["object",{"id":"string","namespace":"string"}]],"initial_group_config":"string","labels":["map","string"],"name":"string","parent":"string","update_time":"string"}]],"description":"List of Cloud Identity groups.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"metadata":{"type":["list",["object",{"annotations":["map","string"],"effective_annotations":["map","string"],"effective_labels":["map","string"],"generation":"number","labels":["map","string"],"namespace":"string","resource_version":"string","self_link":"string","terraform_labels":["map","string"],"uid":"string"}]],"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"metadata":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"name":"string","namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"spec":["list",["object",{"container_concurrency":"number","containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_from":["list",["object",{"secret_key_ref":["list",["object",{"key":"string","name":"string"}]]}]]}]],"env_from":["list",["object",{"config_map_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]],"prefix":"string","secret_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string","protocol":"string"}]],"resources":["list",["object",{"limits":["map","string"],"requests":["map","string"]}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"service_account_name":"string","serving_state":"string","timeout_seconds":"number","volumes":["list",["object",{"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"key":"string","mode":"number","path":"string"}]],"secret_name":"string"}]]}]]}]]}]],"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"labels":["map","string"],"parallelism":"number","task_count":"number","template":["list",["object",{"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"limits":["map","string"]}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","max_retries":"number","service_account":"string","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["list","string"]}]],"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]]}]],"description":"The template used to create executions for this Job.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"depends_on":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"cpu_idle":"bool","limits":["map","string"],"startup_cpu_boost":"bool"}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","labels":["map","string"],"max_instance_request_concurrency":"number","revision":"string","scaling":["list",["object",{"max_instance_count":"number","min_instance_count":"number"}]],"service_account":"string","session_affinity":"bool","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["set","string"]}]],"gcs":["list",["object",{"bucket":"string","read_only":"bool"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]],"description":"The template used to create revisions for this Service.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string"}]],"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"approval_config":{"type":["list",["object",{"approval_required":"bool"}]],"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain","computed":true},"bitbucket_server_trigger_config":{"type":["list",["object",{"bitbucket_server_config_resource":"string","project_key":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repo_slug":"string"}]],"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain","computed":true},"build":{"type":["list",["object",{"artifacts":["list",["object",{"images":["list","string"],"maven_artifacts":["list",["object",{"artifact_id":"string","group_id":"string","path":"string","repository":"string","version":"string"}]],"npm_packages":["list",["object",{"package_path":"string","repository":"string"}]],"objects":["list",["object",{"location":"string","paths":["list","string"],"timing":["list",["object",{"end_time":"string","start_time":"string"}]]}]],"python_packages":["list",["object",{"paths":["list","string"],"repository":"string"}]]}]],"available_secrets":["list",["object",{"secret_manager":["list",["object",{"env":"string","version_name":"string"}]]}]],"images":["list","string"],"logs_bucket":"string","options":["list",["object",{"disk_size_gb":"number","dynamic_substitutions":"bool","env":["list","string"],"log_streaming_option":"string","logging":"string","machine_type":"string","requested_verify_option":"string","secret_env":["list","string"],"source_provenance_hash":["list","string"],"substitution_option":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"worker_pool":"string"}]],"queue_ttl":"string","secret":["list",["object",{"kms_key_name":"string","secret_env":["map","string"]}]],"source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","substitutions":["map","string"],"tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"string","object":"string"}]]}]],"step":["list",["object",{"allow_exit_codes":["list","number"],"allow_failure":"bool","args":["list","string"],"dir":"string","entrypoint":"string","env":["list","string"],"id":"string","name":"string","script":"string","secret_env":["list","string"],"timeout":"string","timing":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"wait_for":["list","string"]}]],"substitutions":["map","string"],"tags":["list","string"],"timeout":"string"}]],"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","computed":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","computed":true},"git_file_source":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","path":"string","repo_type":"string","repository":"string","revision":"string","uri":"string"}]],"description":"The file source describing the local or remote Build template.","description_kind":"plain","computed":true},"github":{"type":["list",["object",{"enterprise_config_resource_name":"string","name":"string","owner":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]]}]],"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","computed":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","computed":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_config":{"type":["list",["object",{"service_account_email":"string","state":"string","subscription":"string","topic":"string"}]],"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"repository_event_config":{"type":["list",["object",{"pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repository":"string"}]],"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","computed":true},"source_to_build":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","ref":"string","repo_type":"string","repository":"string","uri":"string"}]],"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","computed":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","required":true},"trigger_template":{"type":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"webhook_config":{"type":["list",["object",{"secret":"string","state":"string"}]],"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"build_config":{"type":["list",["object",{"build":"string","docker_repository":"string","entry_point":"string","environment_variables":["map","string"],"runtime":"string","source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"number","object":"string"}]]}]],"worker_pool":"string"}]],"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_filters":["set",["object",{"attribute":"string","operator":"string","value":"string"}]],"event_type":"string","pubsub_topic":"string","retry_policy":"string","service_account_email":"string","trigger":"string","trigger_region":"string"}]],"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_config":{"type":["list",["object",{"all_traffic_on_latest_revision":"bool","available_cpu":"string","available_memory":"string","environment_variables":["map","string"],"gcf_uri":"string","ingress_settings":"string","max_instance_count":"number","max_instance_request_concurrency":"number","min_instance_count":"number","secret_environment_variables":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"secret_volumes":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"service":"string","service_account_email":"string","timeout_seconds":"number","uri":"string","vpc_connector":"string","vpc_connector_egress_settings":"string"}]],"description":"Describes the Service being deployed.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","computed":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","computed":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","computed":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_type":"string","failure_policy":["list",["object",{"retry":"bool"}]],"resource":"string"}]],"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain","computed":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","computed":true},"secret_environment_variables":{"type":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"description":"Secret environment variables configuration","description_kind":"plain","computed":true},"secret_volumes":{"type":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"description":"Secret volumes configuration.","description_kind":"plain","computed":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","computed":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","computed":true},"source_repository":{"type":["list",["object",{"deployed_url":"string","url":"string"}]],"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","computed":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","computed":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","computed":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"config":{"type":["list",["object",{"airflow_uri":"string","dag_gcs_prefix":"string","data_retention_config":["list",["object",{"task_logs_retention_config":["list",["object",{"storage_mode":"string"}]]}]],"database_config":["list",["object",{"machine_type":"string","zone":"string"}]],"encryption_config":["list",["object",{"kms_key_name":"string"}]],"environment_size":"string","gke_cluster":"string","maintenance_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]],"master_authorized_networks_config":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"enabled":"bool"}]],"node_config":["list",["object",{"disk_size_gb":"number","enable_ip_masq_agent":"bool","ip_allocation_policy":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"machine_type":"string","network":"string","oauth_scopes":["set","string"],"service_account":"string","subnetwork":"string","tags":["set","string"],"zone":"string"}]],"node_count":"number","private_environment_config":["list",["object",{"cloud_composer_connection_subnetwork":"string","cloud_composer_network_ipv4_cidr_block":"string","cloud_sql_ipv4_cidr_block":"string","connection_type":"string","enable_private_endpoint":"bool","enable_privately_used_public_ips":"bool","master_ipv4_cidr_block":"string","web_server_ipv4_cidr_block":"string"}]],"recovery_config":["list",["object",{"scheduled_snapshots_config":["list",["object",{"enabled":"bool","snapshot_creation_schedule":"string","snapshot_location":"string","time_zone":"string"}]]}]],"resilience_mode":"string","software_config":["list",["object",{"airflow_config_overrides":["map","string"],"env_variables":["map","string"],"image_version":"string","pypi_packages":["map","string"],"python_version":"string","scheduler_count":"number"}]],"web_server_config":["list",["object",{"machine_type":"string"}]],"web_server_network_access_control":["list",["object",{"allowed_ip_range":["set",["object",{"description":"string","value":"string"}]]}]],"workloads_config":["list",["object",{"scheduler":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"triggerer":["list",["object",{"count":"number","cpu":"number","memory_gb":"number"}]],"web_server":["list",["object",{"cpu":"number","memory_gb":"number","storage_gb":"number"}]],"worker":["list",["object",{"cpu":"number","max_count":"number","memory_gb":"number","min_count":"number","storage_gb":"number"}]]}]]}]],"description":"Configuration parameters for this environment.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true},"storage_config":{"type":["list",["object",{"bucket":"string"}]],"description":"Configuration options for storage used by Composer environment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_composer_image_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_versions":{"type":["list",["object",{"image_version_id":"string","supported_python_versions":["list","string"]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_addresses":{"version":0,"block":{"attributes":{"addresses":{"type":["list",["object",{"address":"string","address_type":"string","description":"string","name":"string","region":"string","self_link":"string","status":"string"}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description":"Filter sets the optional parameter \"filter\": A filter expression that\nfilters resources listed in the response. The expression must specify\nthe field name, an operator, and the value that you want to use for\nfiltering. The value must be a string, a number, or a boolean. The\noperator must be either \"=\", \"!=\", \"\u003e\", \"\u003c\", \"\u003c=\", \"\u003e=\" or \":\". For\nexample, if you are filtering Compute Engine instances, you can\nexclude instances named \"example-instance\" by specifying \"name !=\nexample-instance\". The \":\" operator can be used with string fields to\nmatch substrings. For non-string fields it is equivalent to the \"=\"\noperator. The \":*\" comparison can be used to test whether a key has\nbeen defined. For example, to find all objects with \"owner\" label\nuse: \"\"\" labels.owner:* \"\"\" You can also filter nested fields. For\nexample, you could specify \"scheduling.automaticRestart = false\" to\ninclude instances only if they are not scheduled for automatic\nrestarts. You can use filtering on nested fields to filter based on\nresource labels. To filter on multiple expressions, provide each\nseparate expression within parentheses. For example: \"\"\"\n(scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\")\n\"\"\" By default, each expression is an \"AND\" expression. However, you\ncan include \"AND\" and \"OR\" expressions explicitly. For example: \"\"\"\n(cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\")\nAND (scheduling.automaticRestart = true) \"\"\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The google project in which addresses are listed. Defaults to provider's configuration if missing.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region that should be considered to search addresses. All regions are considered if missing.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_http_headers":["list","string"],"query_string_whitelist":["list","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"request_coalescing":"bool","serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","computed":true},"backend":{"type":["set",["object",{"balancing_mode":"string","capacity_scaler":"number","description":"string","group":"string","max_connections":"number","max_connections_per_endpoint":"number","max_connections_per_instance":"number","max_rate":"number","max_rate_per_endpoint":"number","max_rate_per_instance":"number","max_utilization":"number"}]],"description":"The set of backends that serve this BackendService.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_host":"bool","include_http_headers":["list","string"],"include_named_cookies":["list","string"],"include_protocol":"bool","include_query_string":"bool","query_string_blacklist":["set","string"],"query_string_whitelist":["set","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain","computed":true},"circuit_breakers":{"type":["list",["object",{"max_connections":"number","max_pending_requests":"number","max_requests":"number","max_requests_per_connection":"number","max_retries":"number"}]],"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","computed":true},"consistent_hash":{"type":["list",["object",{"http_cookie":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"http_header_name":"string","minimum_ring_size":"number"}]],"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","computed":true},"iap":{"type":["list",["object",{"oauth2_client_id":"string","oauth2_client_secret":"string","oauth2_client_secret_sha256":"string"}]],"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"locality_lb_policies":{"type":["list",["object",{"custom_policy":["list",["object",{"data":"string","name":"string"}]],"policy":["list",["object",{"name":"string"}]]}]],"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain","computed":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","sample_rate":"number"}]],"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"outlier_detection":{"type":["list",["object",{"base_ejection_time":["list",["object",{"nanos":"number","seconds":"number"}]],"consecutive_errors":"number","consecutive_gateway_failure":"number","enforcing_consecutive_errors":"number","enforcing_consecutive_gateway_failure":"number","enforcing_success_rate":"number","interval":["list",["object",{"nanos":"number","seconds":"number"}]],"max_ejection_percent":"number","success_rate_minimum_hosts":"number","success_rate_request_volume":"number","success_rate_stdev_factor":"number"}]],"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain","computed":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","computed":true},"security_settings":{"type":["list",["object",{"client_tls_policy":"string","subject_alt_names":["list","string"]}]],"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","rsa_encrypted_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","computed":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","computed":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","computed":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","computed":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"rules":{"type":["list",["object",{"all_ports":"bool","allow_global_access":"bool","allow_psc_global_access":"bool","backend_service":"string","base_forwarding_rule":"string","creation_timestamp":"string","description":"string","effective_labels":["map","string"],"ip_address":"string","ip_protocol":"string","ip_version":"string","is_mirroring_collector":"bool","label_fingerprint":"string","labels":["map","string"],"load_balancing_scheme":"string","name":"string","network":"string","network_tier":"string","no_automate_dns_zone":"bool","port_range":"string","ports":["set","string"],"project":"string","psc_connection_id":"string","psc_connection_status":"string","recreate_closed_psc":"bool","region":"string","self_link":"string","service_directory_registrations":["list",["object",{"namespace":"string","service":"string"}]],"service_label":"string","service_name":"string","source_ip_ranges":["list","string"],"subnetwork":"string","target":"string","terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","computed":true},"metadata_filters":{"type":["list",["object",{"filter_labels":["list",["object",{"name":"string","value":"string"}]],"filter_match_criteria":"string"}]],"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service_directory_region":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"vpn_interfaces":{"type":["list",["object",{"id":"number","interconnect_attachment":"string","ip_address":"string"}]],"description":"A list of interfaces on this VPN gateway.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"grpc_health_check":{"type":["list",["object",{"grpc_service_name":"string","port":"number","port_name":"string","port_specification":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","computed":true},"http2_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"http_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"https_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool"}]],"description":"Configure logging on this health check.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"tcp_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description_kind":"plain","computed":true},"family":{"type":"string","description_kind":"plain","optional":true,"computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"image_id":{"type":"string","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description_kind":"plain","computed":true},"source_disk_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","computed":true},"boot_disk":{"type":["list",["object",{"auto_delete":"bool","device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","initialize_params":["list",["object",{"enable_confidential_compute":"bool","image":"string","labels":["map","string"],"provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"size":"number","type":"string"}]],"kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"The boot disk for the instance.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","optional":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"The networks attached to the instance.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"params":{"type":["list",["object",{"resource_manager_tags":["map","string"]}]],"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy being used by the instance.","description_kind":"plain","computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"The shielded vm config being used by the instance.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"named_port":{"type":["list",["object",{"name":"string","port":"number"}]],"description_kind":"plain","computed":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"all_instances_config":{"type":["list",["object",{"labels":["map","string"],"metadata":["map","string"]}]],"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain","computed":true},"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain","computed":true},"stateful_external_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"stateful_internal_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_serial_port":{"version":0,"block":{"attributes":{"contents":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"port":{"type":"number","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","computed":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_lb_ip_ranges":{"version":0,"block":{"attributes":{"http_ssl_tcp_internal":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_machine_types":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"machine_types":{"type":["list",["object",{"accelerators":["list",["object",{"guest_accelerator_count":"number","guest_accelerator_type":"string"}]],"deprecated":["set",["object",{"replacement":"string","state":"string"}]],"description":"string","guest_cpus":"number","is_shared_cpus":"bool","maximum_persistent_disks":"number","maximum_persistent_disks_size_gb":"number","memory_mb":"number","name":"string","self_link":"string"}]],"description":"The list of machine types","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID for this request.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the zone for this request.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_ipv4":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetworks_self_links":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","computed":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","computed":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_networks":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"networks":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_node_types":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_name":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"instance":"string","named_ports":["list",["object",{"name":"string","port":"number"}]],"status":"string"}]],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"app_engine":{"type":["list",["object",{"service":"string","url_mask":"string","version":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_function":{"type":["list",["object",{"function":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_run":{"type":["list",["object",{"service":"string","tag":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_regions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"share_settings":{"type":["list",["object",{"project_map":["set",["object",{"id":"string","project_id":"string"}]],"share_type":"string"}]],"description":"The share setting for reservations.","description_kind":"plain","computed":true},"specific_reservation":{"type":["list",["object",{"count":"number","in_use_count":"number","instance_properties":["list",["object",{"guest_accelerators":["list",["object",{"accelerator_count":"number","accelerator_type":"string"}]],"local_ssds":["list",["object",{"disk_size_gb":"number","interface":"string"}]],"machine_type":"string","min_cpu_platform":"string"}]]}]],"description":"Reservation for instances with specific machine shapes.","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","computed":true},"disk_consistency_group_policy":{"type":["list",["object",{"enabled":"bool"}]],"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain","computed":true},"group_placement_policy":{"type":["list",["object",{"availability_domain_count":"number","collocation":"string","vm_count":"number"}]],"description":"Resource policy for instances used for placement configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_schedule_policy":{"type":["list",["object",{"expiration_time":"string","start_time":"string","time_zone":"string","vm_start_schedule":["list",["object",{"schedule":"string"}]],"vm_stop_schedule":["list",["object",{"schedule":"string"}]]}]],"description":"Resource policy for scheduling instance operations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_schedule_policy":{"type":["list",["object",{"retention_policy":["list",["object",{"max_retention_days":"number","on_source_disk_delete":"string"}]],"schedule":["list",["object",{"daily_schedule":["list",["object",{"days_in_cycle":"number","start_time":"string"}]],"hourly_schedule":["list",["object",{"hours_in_cycle":"number","start_time":"string"}]],"weekly_schedule":["list",["object",{"day_of_weeks":["set",["object",{"day":"string","start_time":"string"}]]}]]}]],"snapshot_properties":["list",["object",{"chain_name":"string","guest_flush":"bool","labels":["map","string"],"storage_locations":["set","string"]}]]}]],"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"bgp":{"type":["list",["object",{"advertise_mode":"string","advertised_groups":["list","string"],"advertised_ip_ranges":["list",["object",{"description":"string","range":"string"}]],"asn":"number","keepalive_interval":"number"}]],"description":"BGP information specific to this router.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool","filter":"string"}]],"description":"Configuration for logging on NAT","description_kind":"plain","computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","computed":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"rules":{"type":["set",["object",{"action":["list",["object",{"source_nat_active_ips":["set","string"],"source_nat_drain_ips":["set","string"]}]],"description":"string","match":"string","rule_number":"number"}]],"description":"A list of rules associated with this NAT.","description_kind":"plain","computed":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","computed":true},"subnetwork":{"type":["set",["object",{"name":"string","secondary_ip_range_names":["set","string"],"source_ip_ranges_to_nat":["set","string"]}]],"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain","computed":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","computed":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","computed":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","computed":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_status":{"version":0,"block":{"attributes":{"best_routes":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes for this router's network.","description_kind":"plain","computed":true},"best_routes_for_router":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes learned by this router.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the router to query.","description_kind":"plain","required":true},"network":{"type":"string","description":"URI of the network to which this router belongs.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the target router.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of the target router.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","computed":true},"source_disk_encryption_key":{"type":["list",["object",{"kms_key_service_account":"string","raw_key":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"network":{"type":"string","description_kind":"plain","computed":true},"private_ip_google_access":{"type":"bool","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_attached_install_manifest":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"manifest":{"type":"string","description_kind":"plain","computed":true},"platform_version":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_container_attached_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_aws_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_azure_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"addons_config":{"type":["list",["object",{"cloudrun_config":["list",["object",{"disabled":"bool","load_balancer_type":"string"}]],"config_connector_config":["list",["object",{"enabled":"bool"}]],"dns_cache_config":["list",["object",{"enabled":"bool"}]],"gce_persistent_disk_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcp_filestore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcs_fuse_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gke_backup_agent_config":["list",["object",{"enabled":"bool"}]],"horizontal_pod_autoscaling":["list",["object",{"disabled":"bool"}]],"http_load_balancing":["list",["object",{"disabled":"bool"}]],"network_policy_config":["list",["object",{"disabled":"bool"}]]}]],"description":"The configuration for addons supported by GKE.","description_kind":"plain","computed":true},"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","computed":true},"authenticator_groups_config":{"type":["list",["object",{"security_group":"string"}]],"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"enabled":"bool","evaluation_mode":"string"}]],"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain","computed":true},"cluster_autoscaling":{"type":["list",["object",{"auto_provisioning_defaults":["list",["object",{"boot_disk_kms_key":"string","disk_size":"number","disk_type":"string","image_type":"string","management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool","upgrade_options":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]]}]],"min_cpu_platform":"string","oauth_scopes":["list","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]]}]],"autoscaling_profile":"string","enabled":"bool","resource_limits":["list",["object",{"maximum":"number","minimum":"number","resource_type":"string"}]]}]],"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain","computed":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","computed":true},"confidential_nodes":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain","computed":true},"cost_management_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Cost management configuration for the cluster.","description_kind":"plain","computed":true},"database_encryption":{"type":["list",["object",{"key_name":"string","state":"string"}]],"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain","computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","computed":true},"default_snat_status":{"type":["list",["object",{"disabled":"bool"}]],"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.","description_kind":"plain","computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","computed":true},"dns_config":{"type":["list",["object",{"cluster_dns":"string","cluster_dns_domain":"string","cluster_dns_scope":"string"}]],"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","computed":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","computed":true},"enable_k8s_beta_apis":{"type":["list",["object",{"enabled_apis":["set","string"]}]],"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain","computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","computed":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","computed":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","computed":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","computed":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string","membership_id":"string","membership_location":"string","pre_registered":"bool","project":"string"}]],"description":"Fleet configuration of the cluster.","description_kind":"plain","computed":true},"gateway_api_config":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration for GKE Gateway API controller.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_service_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain","computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","computed":true},"ip_allocation_policy":{"type":["list",["object",{"additional_pod_ranges_config":["list",["object",{"pod_range_names":["set","string"]}]],"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"services_ipv4_cidr_block":"string","services_secondary_range_name":"string","stack_type":"string"}]],"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true},"logging_config":{"type":["list",["object",{"enable_components":["list","string"]}]],"description":"Logging configuration for the cluster.","description_kind":"plain","computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"daily_maintenance_window":["list",["object",{"duration":"string","start_time":"string"}]],"maintenance_exclusion":["set",["object",{"end_time":"string","exclusion_name":"string","exclusion_options":["list",["object",{"scope":"string"}]],"start_time":"string"}]],"recurring_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]]}]],"description":"The maintenance policy to use for the cluster.","description_kind":"plain","computed":true},"master_auth":{"type":["list",["object",{"client_certificate":"string","client_certificate_config":["list",["object",{"issue_client_certificate":"bool"}]],"client_key":"string","cluster_ca_certificate":"string"}]],"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain","computed":true},"master_authorized_networks_config":{"type":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"gcp_public_cidrs_access_enabled":"bool"}]],"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain","computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"mesh_certificates":{"type":["list",["object",{"enable_certificates":"bool"}]],"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","computed":true},"monitoring_config":{"type":["list",["object",{"advanced_datapath_observability_config":["list",["object",{"enable_metrics":"bool","enable_relay":"bool","relay_mode":"string"}]],"enable_components":["list","string"],"managed_prometheus":["list",["object",{"enabled":"bool"}]]}]],"description":"Monitoring configuration for the cluster.","description_kind":"plain","computed":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","computed":true},"network_policy":{"type":["list",["object",{"enabled":"bool","provider":"string"}]],"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain","computed":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"description":"The configuration of the nodepool","description_kind":"plain","computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","computed":true},"node_pool":{"type":["list",["object",{"autoscaling":["list",["object",{"location_policy":"string","max_node_count":"number","min_node_count":"number","total_max_node_count":"number","total_min_node_count":"number"}]],"initial_node_count":"number","instance_group_urls":["list","string"],"managed_instance_group_urls":["list","string"],"management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool"}]],"max_pods_per_node":"number","name":"string","name_prefix":"string","network_config":["list",["object",{"create_pod_range":"bool","enable_private_nodes":"bool","network_performance_config":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"pod_ipv4_cidr_block":"string","pod_range":"string"}]],"node_config":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"node_count":"number","node_locations":["set","string"],"placement_policy":["list",["object",{"policy_name":"string","tpu_topology":"string","type":"string"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]],"version":"string"}]],"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain","computed":true},"node_pool_auto_config":{"type":["list",["object",{"network_tags":["list",["object",{"tags":["list","string"]}]]}]],"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain","computed":true},"node_pool_defaults":{"type":["list",["object",{"node_config_defaults":["list",["object",{"logging_variant":"string"}]]}]],"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain","computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","computed":true},"notification_config":{"type":["list",["object",{"pubsub":["list",["object",{"enabled":"bool","filter":["list",["object",{"event_type":["list","string"]}]],"topic":"string"}]]}]],"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_cluster_config":{"type":["list",["object",{"enable_private_endpoint":"bool","enable_private_nodes":"bool","master_global_access_config":["list",["object",{"enabled":"bool"}]],"master_ipv4_cidr_block":"string","peering_name":"string","private_endpoint":"string","private_endpoint_subnetwork":"string","public_endpoint":"string"}]],"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"release_channel":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain","computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","computed":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","computed":true},"resource_usage_export_config":{"type":["list",["object",{"bigquery_destination":["list",["object",{"dataset_id":"string"}]],"enable_network_egress_metering":"bool","enable_resource_consumption_metering":"bool"}]],"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain","computed":true},"security_posture_config":{"type":["list",["object",{"mode":"string","vulnerability_mode":"string"}]],"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"service_external_ips_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true},"vertical_pod_autoscaling":{"type":["list",["object",{"enabled":"bool"}]],"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"workload_pool":"string"}]],"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_engine_versions":{"version":0,"block":{"attributes":{"default_cluster_version":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_master_version":{"type":"string","description_kind":"plain","computed":true},"latest_node_version":{"type":"string","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel_default_version":{"type":["map","string"],"description_kind":"plain","computed":true},"release_channel_latest_version":{"type":["map","string"],"description_kind":"plain","computed":true},"valid_master_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_node_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"version_prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_image":{"version":0,"block":{"attributes":{"digest":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_url":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"tag":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"repository_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key":"string"}]],"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"hive_metastore_config":{"type":["list",["object",{"auxiliary_versions":["set",["object",{"config_overrides":["map","string"],"key":"string","version":"string"}]],"config_overrides":["map","string"],"endpoint_protocol":"string","kerberos_config":["list",["object",{"keytab":["list",["object",{"cloud_secret":"string"}]],"krb5_config_gcs_uri":"string","principal":"string"}]],"version":"string"}]],"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","required":true},"maintenance_window":{"type":["list",["object",{"day_of_week":"string","hour_of_day":"number"}]],"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain","computed":true},"metadata_integration":{"type":["list",["object",{"data_catalog_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","computed":true},"network_config":{"type":["list",["object",{"consumers":["list",["object",{"endpoint_uri":"string","subnetwork":"string"}]]}]],"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","computed":true},"scaling_config":{"type":["list",["object",{"instance_size":"string","scaling_factor":"number"}]],"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain","computed":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"telemetry_config":{"type":["list",["object",{"log_format":"string"}]],"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_datastream_static_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"static_ips":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"DNS keys identifier","description_kind":"markdown","computed":true},"key_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"ds_record":"string","id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description":"A list of Key-signing key (KSK) records.","description_kind":"markdown","computed":true},"managed_zone":{"type":"string","description":"The Name of the zone.","description_kind":"markdown","required":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true,"computed":true},"zone_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description":"A list of Zone-signing key (ZSK) records.","description_kind":"markdown","computed":true}},"description":"Get the DNSKEY and DS records of DNSSEC-signed managed zones","description_kind":"markdown"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field.","description_kind":"markdown","computed":true},"dns_name":{"type":"string","description":"The fully qualified DNS name of this zone.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"DNS managed zone identifier","description_kind":"markdown","computed":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"markdown","computed":true},"name":{"type":"string","description":"A unique name for the resource.","description_kind":"markdown","required":true},"name_servers":{"type":["list","string"],"description":"The list of nameservers that will be authoritative for this domain. Use NS records to redirect from your DNS provider to these names, thus making Google Cloud DNS authoritative for this zone.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.","description_kind":"markdown","computed":true}},"description":"Provides access to a zone's attributes within Google Cloud DNS","description_kind":"markdown"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_managed_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"foobar","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true}},"block_types":{"managed_zones":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A textual description field.","description_kind":"markdown","computed":true},"dns_name":{"type":"string","description":"The fully qualified DNS name of this zone.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"DNS managed zone identifier","description_kind":"markdown","computed":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"markdown","computed":true},"name":{"type":"string","description":"A unique name for the resource.","description_kind":"markdown","computed":true},"name_servers":{"type":["list","string"],"description":"The list of nameservers that will be authoritative for this domain. Use NS records to redirect from your DNS provider to these names, thus making Google Cloud DNS authoritative for this zone.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.","description_kind":"markdown","computed":true}},"description":"The list of managed zones in the given project.","description_kind":"markdown"}}},"description":"Provides access to all zones for a given project within Google Cloud DNS","description_kind":"markdown"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"DNS record set identifier","description_kind":"markdown","computed":true},"managed_zone":{"type":"string","description":"The Name of the zone.","description_kind":"markdown","required":true},"name":{"type":"string","description":"The DNS name for the resource.","description_kind":"markdown","required":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set.","description_kind":"markdown","computed":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"markdown","computed":true},"type":{"type":"string","description":"The identifier of a supported record type. See the list of Supported DNS record types.","description_kind":"markdown","required":true}},"description":"A DNS record set within Google Cloud DNS","description_kind":"markdown"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"file_shares":{"type":["list",["object",{"capacity_gb":"number","name":"string","nfs_export_options":["list",["object",{"access_mode":"string","anon_gid":"number","anon_uid":"number","ip_ranges":["list","string"],"squash_mode":"string"}]],"source_backup":"string"}]],"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"networks":{"type":["list",["object",{"connect_mode":"string","ip_addresses":["list","string"],"modes":["list","string"],"network":"string","reserved_ip_range":"string"}]],"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"folder_id":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"lookup_organization":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folders":{"version":0,"block":{"attributes":{"folders":{"type":["list",["object",{"create_time":"string","delete_time":"string","display_name":"string","etag":"string","name":"string","parent":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"audit_config":{"nesting_mode":"set","block":{"attributes":{"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"audit_log_configs":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description_kind":"plain","optional":true},"log_type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"binding":{"nesting_mode":"set","block":{"attributes":{"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"included_permissions":{"type":["list","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"stage":{"type":"string","description_kind":"plain","computed":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_testable_permissions":{"version":0,"block":{"attributes":{"custom_support_level":{"type":"string","description_kind":"plain","optional":true},"full_resource_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permissions":{"type":["list",["object",{"api_disabled":"bool","custom_support_level":"string","name":"string","stage":"string","title":"string"}]],"description_kind":"plain","computed":true},"stages":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","computed":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","computed":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version_template":{"type":["list",["object",{"algorithm":"string","protection_level":"string"}]],"description":"A template describing settings for new crypto key versions.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_secret":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description_kind":"plain","optional":true},"ciphertext":{"type":"string","description_kind":"plain","required":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"ciphertext":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain","deprecated":true}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_cmek_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","optional":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\n\t\t\t\tFor example:\n\t\t\t\t\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\n\t\t\t\tThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_sink":{"version":0,"block":{"attributes":{"bigquery_options":{"type":["list",["object",{"use_partitioned_tables":"bool"}]],"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","computed":true},"exclusions":{"type":["list",["object",{"description":"string","disabled":"bool","filter":"string","name":"string"}]],"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","computed":true},"id":{"type":"string","description":"Required. An identifier for the resource in format: \"projects/[PROJECT_ID]/sinks/[SINK_NAME]\", \"organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME]\", \"billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_NAME]\", \"folders/[FOLDER_ID]/sinks/[SINK_NAME]\"","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","computed":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_app_engine_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"module_id":{"type":"string","description":"The ID of the App Engine module underlying this service. \nCorresponds to the 'moduleId' resource label for a 'gae_app'\nmonitored resource(see https://cloud.google.com/monitoring/api/resources#tag_gae_app)","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_cluster_istio_service":{"version":0,"block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the clusterName resource label in k8s_cluster resources.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the location resource label in k8s_cluster resources.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service. \n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_istio_canonical_service":{"version":0,"block":{"attributes":{"canonical_service":{"type":"string","description":"The name of the canonical service underlying this service.. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"canonical_service_namespace":{"type":"string","description":"The namespace of the canonical service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the Istio mesh in which this canonical service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_mesh_istio_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the mesh in which this Istio service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"sensitive_labels":{"type":["list",["object",{"auth_token":"string","password":"string","service_key":"string"}]],"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_uptime_check_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uptime_check_ips":{"type":["list",["object",{"ip_address":"string","location":"string","region":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_netblock_ip_ranges":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv4":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv6":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"range_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"directory_customer_id":{"type":"string","description_kind":"plain","computed":true},"domain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"org_id":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"subject_config":["list",["object",{"subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"x509_config":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number","non_ca":"bool","zero_max_issuer_path_length":"bool"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"key_spec":{"type":["list",["object",{"algorithm":"string","cloud_kms_key_version":"string"}]],"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","computed":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"subordinate_config":{"type":["list",["object",{"certificate_authority":"string","pem_issuer_chain":["list",["object",{"pem_certificates":["list","string"]}]]}]],"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","computed":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","computed":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","optional":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","computed":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_projects":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["list",["object",{"create_time":"string","labels":["map","string"],"lifecycle_state":"string","name":"string","number":"string","parent":["map","string"],"project_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","computed":true},"bigquery_config":{"type":["list",["object",{"drop_unknown_fields":"bool","table":"string","use_table_schema":"bool","use_topic_schema":"bool","write_metadata":"bool"}]],"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"cloud_storage_config":{"type":["list",["object",{"avro_config":["list",["object",{"write_metadata":"bool"}]],"bucket":"string","filename_prefix":"string","filename_suffix":"string","max_bytes":"number","max_duration":"string","state":"string"}]],"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"dead_letter_policy":{"type":["list",["object",{"dead_letter_topic":"string","max_delivery_attempts":"number"}]],"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","computed":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","computed":true},"expiration_policy":{"type":["list",["object",{"ttl":"string"}]],"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"push_config":{"type":["list",["object",{"attributes":["map","string"],"no_wrapper":["list",["object",{"write_metadata":"bool"}]],"oidc_token":["list",["object",{"audience":"string","service_account_email":"string"}]],"push_endpoint":"string"}]],"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain","computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","computed":true},"retry_policy":{"type":["list",["object",{"maximum_backoff":"string","minimum_backoff":"string"}]],"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","computed":true},"message_storage_policy":{"type":["list",["object",{"allowed_persistence_regions":["list","string"]}]],"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"schema_settings":{"type":["list",["object",{"encoding":"string","schema":"string"}]],"description":"Settings for validating messages published against a schema.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","computed":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"create_time":"string","description":"string","update_time":"string","weekly_maintenance_window":["list",["object",{"day":"string","duration":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]]}]],"description":"Maintenance policy for an instance.","description_kind":"plain","computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_config":{"type":["list",["object",{"persistence_mode":"string","rdb_next_snapshot_time":"string","rdb_snapshot_period":"string","rdb_snapshot_start_time":"string"}]],"description":"Persistence configuration for an instance.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","computed":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"replication":{"type":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain","computed":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","computed":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secrets":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"Filter string, adhering to the rules in List-operation filtering (https://cloud.google.com/secret-manager/docs/filtering).\nList only secrets matching the filter. If filter is empty, all secrets are listed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secrets":{"type":["list",["object",{"annotations":["map","string"],"create_time":"string","effective_annotations":["map","string"],"effective_labels":["map","string"],"expire_time":"string","labels":["map","string"],"name":"string","project":"string","replication":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"rotation":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"secret_id":"string","terraform_labels":["map","string"],"topics":["list",["object",{"name":"string"}]],"ttl":"string","version_aliases":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_account_access_token":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifetime":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["set","string"],"description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_id_token":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"include_email":{"type":"bool","description_kind":"plain","optional":true},"target_audience":{"type":"string","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_account_jwt":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"expires_in":{"type":"number","description":"Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwt":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"payload":{"type":"string","description":"A JSON-encoded JWT claims set that will be included in the signed JWT.","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description_kind":"plain","computed":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_configs":{"type":["set",["object",{"message_format":"string","service_account_email":"string","topic":"string"}]],"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"autoscaling_config":{"type":["list",["object",{"autoscaling_limits":["list",["object",{"max_nodes":"number","max_processing_units":"number","min_nodes":"number","min_processing_units":"number"}]],"autoscaling_targets":["list",["object",{"high_priority_cpu_utilization_percent":"number","storage_utilization_percent":"number"}]]}]],"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain","computed":true},"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","required":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_backup_run":{"version":0,"block":{"attributes":{"backup_id":{"type":"number","description":"The identifier for this backup run. Unique only for a specific Cloud SQL instance. If left empty and multiple backups exist for the instance, most_recent must be set to true.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"Name of the database instance.","description_kind":"plain","required":true},"location":{"type":"string","description":"Location of the backups.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description":"Toggles use of the most recent backup run if multiple backups exist for a Cloud SQL instance.","description_kind":"plain","optional":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the backup operation actually started in UTC timezone in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of this run.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_ca_certs":{"version":0,"block":{"attributes":{"active_version":{"type":"string","description_kind":"plain","computed":true},"certs":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"clone":{"type":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","computed":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","computed":true},"replica_configuration":{"type":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"description":"The configuration for replication.","description_kind":"plain","computed":true},"restore_backup_context":{"type":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"description_kind":"plain","computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true},"settings":{"type":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]],"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance_latest_recovery_time":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"latest_recovery_time":{"type":"string","description":"Timestamp, identifies the latest recovery time of the source instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database_instances":{"version":0,"block":{"attributes":{"database_version":{"type":"string","description":"To filter out the database instances which are of the specified database version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"available_maintenance_versions":["list","string"],"clone":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"connection_name":"string","database_version":"string","deletion_protection":"bool","dns_name":"string","encryption_key_name":"string","first_ip_address":"string","instance_type":"string","ip_address":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"maintenance_version":"string","master_instance_name":"string","name":"string","private_ip_address":"string","project":"string","psc_service_attachment_link":"string","public_ip_address":"string","region":"string","replica_configuration":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"restore_backup_context":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"root_password":"string","self_link":"string","server_ca_cert":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"service_account_email_address":"string","settings":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project that contains the instances.","description_kind":"plain","optional":true},"region":{"type":"string","description":"To filter out the database instances which are located in this specified region.","description_kind":"plain","optional":true},"state":{"type":"string","description":"To filter out the database instances based on the current state of the database instance, valid values include : \"SQL_INSTANCE_STATE_UNSPECIFIED\", \"RUNNABLE\", \"SUSPENDED\", \"PENDING_DELETE\", \"PENDING_CREATE\", \"MAINTENANCE\" and \"FAILED\".","description_kind":"plain","optional":true},"tier":{"type":"string","description":"To filter out the database instances based on the machine type.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"To filter out the database instances which are located in this specified zone.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_databases":{"version":0,"block":{"attributes":{"databases":{"type":["list",["object",{"charset":"string","collation":"string","deletion_policy":"string","instance":"string","name":"string","project":"string","self_link":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL database instance in which the database belongs.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_tiers":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project ID of the project for which to list tiers.","description_kind":"plain","optional":true,"computed":true},"tiers":{"type":["list",["object",{"disk_quota":"number","ram":"number","region":["list","string"],"tier":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket":{"version":1,"block":{"attributes":{"autoclass":{"type":["list",["object",{"enabled":"bool","terminal_storage_class":"string"}]],"description":"The bucket's autoclass configuration.","description_kind":"plain","computed":true},"cors":{"type":["list",["object",{"max_age_seconds":"number","method":["list","string"],"origin":["list","string"],"response_header":["list","string"]}]],"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain","computed":true},"custom_placement_config":{"type":["list",["object",{"data_locations":["set","string"]}]],"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain","computed":true},"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","computed":true},"encryption":{"type":["list",["object",{"default_kms_key_name":"string"}]],"description":"The bucket's encryption configuration.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","computed":true},"lifecycle_rule":{"type":["list",["object",{"action":["set",["object",{"storage_class":"string","type":"string"}]],"condition":["set",["object",{"age":"number","created_before":"string","custom_time_before":"string","days_since_custom_time":"number","days_since_noncurrent_time":"number","matches_prefix":["list","string"],"matches_storage_class":["list","string"],"matches_suffix":["list","string"],"no_age":"bool","noncurrent_time_before":"string","num_newer_versions":"number","with_state":"string"}]]}]],"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","computed":true},"logging":{"type":["list",["object",{"log_bucket":"string","log_object_prefix":"string"}]],"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","computed":true},"retention_policy":{"type":["list",["object",{"is_locked":"bool","retention_period":"number"}]],"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain","computed":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true},"versioning":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's Versioning configuration.","description_kind":"plain","computed":true},"website":{"type":["list",["object",{"main_page_suffix":"string","not_found_page":"string"}]],"description":"Configuration if the bucket acts as a website.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","optional":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","computed":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","optional":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object_content":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_object_signed_url":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"content_md5":{"type":"string","description_kind":"plain","optional":true},"content_type":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"duration":{"type":"string","description_kind":"plain","optional":true},"extension_headers":{"type":["map","string"],"description_kind":"plain","optional":true},"http_method":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description_kind":"plain","required":true},"signed_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_project_service_account":{"version":0,"block":{"attributes":{"email_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_transfer_project_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subject_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_tensorflow_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"versions":{"type":["list","string"],"description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"metadata":{"type":["list",["object",{"config":["list",["object",{"algorithm_config":["list",["object",{"brute_force_config":["list",["object",{}]],"tree_ah_config":["list",["object",{"leaf_node_embedding_count":"number","leaf_nodes_to_search_percent":"number"}]]}]],"approximate_neighbors_count":"number","dimensions":"number","distance_measure_type":"string","feature_norm_type":"string","shard_size":"string"}]],"contents_delta_uri":"string","is_complete_overwrite":"bool"}]],"description":"An additional information about the Index","description_kind":"plain","computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"node_type_configs":{"type":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","computed":true},"destination_ip_ranges":{"type":["list",["object",{"external_address":"string","ip_address_range":"string"}]],"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain","computed":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list",["object",{"ip_address":"string","ip_address_range":"string"}]],"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain","computed":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","computed":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","computed":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","computed":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","computed":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","computed":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","computed":true},"external_ip":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internet_access":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_nsx_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains NSX.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","computed":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"management_cluster":{"type":["list",["object",{"cluster_id":"string","node_type_configs":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]]}]],"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"network_config":{"type":["list",["object",{"dns_server_ip":"string","management_cidr":"string","management_ip_address_layout_version":"number","vmware_engine_network":"string","vmware_engine_network_canonical":"string"}]],"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain","computed":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_vcenter_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains vcenter.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector.","description_kind":"plain","computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector.","description_kind":"plain","computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true},"subnet":{"type":["list",["object",{"name":"string","project_id":"string"}]],"description":"The subnet in which to house the connector","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}}}}}} diff --git a/examples-generated/alloydb/v1beta1/backup.yaml b/examples-generated/alloydb/v1beta1/backup.yaml index 07efe42a6..30a10bbde 100644 --- a/examples-generated/alloydb/v1beta1/backup.yaml +++ b/examples-generated/alloydb/v1beta1/backup.yaml @@ -28,7 +28,7 @@ spec: location: us-central1 networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: default --- @@ -45,7 +45,9 @@ spec: clusterSelector: matchLabels: testing.upbound.io/example-name: default - instanceType: PRIMARY + instanceTypeSelector: + matchLabels: + testing.upbound.io/example-name: example --- @@ -62,12 +64,25 @@ spec: addressType: INTERNAL networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: default prefixLength: 16 purpose: VPC_PEERING --- +apiVersion: compute.gcp.upbound.io/v1beta1 +kind: Network +metadata: + annotations: + meta.upbound.io/example-id: alloydb/v1beta1/backup + labels: + testing.upbound.io/example-name: default + name: default +spec: + forProvider: {} + +--- + apiVersion: servicenetworking.gcp.upbound.io/v1beta1 kind: Connection metadata: @@ -80,7 +95,7 @@ spec: forProvider: networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: default reservedPeeringRangesRefs: - name: private_ip_alloc service: servicenetworking.googleapis.com diff --git a/examples-generated/alloydb/v1beta1/instance.yaml b/examples-generated/alloydb/v1beta1/instance.yaml index b9f10954b..19d09289c 100644 --- a/examples-generated/alloydb/v1beta1/instance.yaml +++ b/examples-generated/alloydb/v1beta1/instance.yaml @@ -11,7 +11,9 @@ spec: clusterSelector: matchLabels: testing.upbound.io/example-name: default - instanceType: PRIMARY + instanceTypeSelector: + matchLabels: + testing.upbound.io/example-name: example machineConfig: - cpuCount: 2 @@ -35,7 +37,7 @@ spec: location: us-central1 networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: default --- @@ -52,12 +54,25 @@ spec: addressType: INTERNAL networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: default prefixLength: 16 purpose: VPC_PEERING --- +apiVersion: compute.gcp.upbound.io/v1beta1 +kind: Network +metadata: + annotations: + meta.upbound.io/example-id: alloydb/v1beta1/instance + labels: + testing.upbound.io/example-name: default + name: default +spec: + forProvider: {} + +--- + apiVersion: servicenetworking.gcp.upbound.io/v1beta1 kind: Connection metadata: @@ -70,7 +85,7 @@ spec: forProvider: networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: default reservedPeeringRangesRefs: - name: private_ip_alloc service: servicenetworking.googleapis.com diff --git a/examples-generated/appengine/v1beta1/applicationurldispatchrules.yaml b/examples-generated/appengine/v1beta1/applicationurldispatchrules.yaml index 9d1de3249..0a5b477eb 100644 --- a/examples-generated/appengine/v1beta1/applicationurldispatchrules.yaml +++ b/examples-generated/appengine/v1beta1/applicationurldispatchrules.yaml @@ -40,7 +40,7 @@ spec: - shell: node ./app.js envVariables: port: "8080" - runtime: nodejs10 + runtime: nodejs20 service: admin --- @@ -73,4 +73,4 @@ spec: matchLabels: testing.upbound.io/example-name: bucket name: hello-world.zip - source: ./test-fixtures/appengine/hello-world.zip + source: ./test-fixtures/hello-world.zip diff --git a/examples-generated/appengine/v1beta1/servicenetworksettings.yaml b/examples-generated/appengine/v1beta1/servicenetworksettings.yaml index 4c2e2504b..f33477aab 100644 --- a/examples-generated/appengine/v1beta1/servicenetworksettings.yaml +++ b/examples-generated/appengine/v1beta1/servicenetworksettings.yaml @@ -34,7 +34,7 @@ spec: - shell: node ./app.js envVariables: port: "8080" - runtime: nodejs10 + runtime: nodejs20 service: internalapp --- @@ -67,4 +67,4 @@ spec: matchLabels: testing.upbound.io/example-name: bucket name: hello-world.zip - source: ./test-fixtures/appengine/hello-world.zip + source: ./test-fixtures/hello-world.zip diff --git a/examples-generated/appengine/v1beta1/standardappversion.yaml b/examples-generated/appengine/v1beta1/standardappversion.yaml index 712db8f47..11d08bd17 100644 --- a/examples-generated/appengine/v1beta1/standardappversion.yaml +++ b/examples-generated/appengine/v1beta1/standardappversion.yaml @@ -27,7 +27,7 @@ spec: - shell: node ./app.js envVariables: port: "8080" - runtime: nodejs10 + runtime: nodejs20 service: myapp serviceAccountSelector: matchLabels: @@ -77,4 +77,4 @@ spec: matchLabels: testing.upbound.io/example-name: bucket name: hello-world.zip - source: ./test-fixtures/appengine/hello-world.zip + source: ./test-fixtures/hello-world.zip diff --git a/examples-generated/certificatemanager/v1beta1/certificate.yaml b/examples-generated/certificatemanager/v1beta1/certificate.yaml index 3caf62e49..941d25dda 100644 --- a/examples-generated/certificatemanager/v1beta1/certificate.yaml +++ b/examples-generated/certificatemanager/v1beta1/certificate.yaml @@ -9,6 +9,8 @@ metadata: spec: forProvider: description: The default cert + labels: + env: test managed: - dnsAuthorizations: - ${google_certificate_manager_dns_authorization.instance.id} diff --git a/examples-generated/certificatemanager/v1beta1/dnsauthorization.yaml b/examples-generated/certificatemanager/v1beta1/dnsauthorization.yaml index 4caec6405..86d9af255 100644 --- a/examples-generated/certificatemanager/v1beta1/dnsauthorization.yaml +++ b/examples-generated/certificatemanager/v1beta1/dnsauthorization.yaml @@ -8,5 +8,6 @@ metadata: name: default spec: forProvider: - description: The default dnss + description: The default dns domain: subdomain.hashicorptest.com + location: global diff --git a/examples-generated/cloudiot/v1beta1/device.yaml b/examples-generated/cloudiot/v1beta1/device.yaml deleted file mode 100644 index 26012d24b..000000000 --- a/examples-generated/cloudiot/v1beta1/device.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: cloudiot.gcp.upbound.io/v1beta1 -kind: Device -metadata: - annotations: - meta.upbound.io/example-id: cloudiot/v1beta1/device - labels: - testing.upbound.io/example-name: test-device - name: test-device -spec: - forProvider: - registrySelector: - matchLabels: - testing.upbound.io/example-name: registry - ---- - -apiVersion: cloudiot.gcp.upbound.io/v1beta1 -kind: Registry -metadata: - annotations: - meta.upbound.io/example-id: cloudiot/v1beta1/device - labels: - testing.upbound.io/example-name: registry - name: registry -spec: - forProvider: - name: cloudiot-device-registry diff --git a/examples-generated/cloudiot/v1beta1/registry.yaml b/examples-generated/cloudiot/v1beta1/registry.yaml deleted file mode 100644 index ba5343999..000000000 --- a/examples-generated/cloudiot/v1beta1/registry.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: cloudiot.gcp.upbound.io/v1beta1 -kind: Registry -metadata: - annotations: - meta.upbound.io/example-id: cloudiot/v1beta1/registry - labels: - testing.upbound.io/example-name: test-registry - name: test-registry -spec: - forProvider: - name: cloudiot-registry diff --git a/examples-generated/compute/v1beta1/forwardingrule.yaml b/examples-generated/compute/v1beta1/forwardingrule.yaml index 558337db9..1118ba520 100644 --- a/examples-generated/compute/v1beta1/forwardingrule.yaml +++ b/examples-generated/compute/v1beta1/forwardingrule.yaml @@ -308,6 +308,6 @@ spec: matchLabels: testing.upbound.io/example-name: ilb_network provider: ${google-beta} - purpose: INTERNAL_HTTPS_LOAD_BALANCER + purpose: REGIONAL_MANAGED_PROXY region: europe-west1 role: ACTIVE diff --git a/examples-generated/compute/v1beta1/instance.yaml b/examples-generated/compute/v1beta1/instance.yaml index 2599b7410..dde8cddb4 100644 --- a/examples-generated/compute/v1beta1/instance.yaml +++ b/examples-generated/compute/v1beta1/instance.yaml @@ -15,7 +15,7 @@ spec: testing.upbound.io/example-name: example labels: my_label: value - machineType: e2-medium + machineType: n2-standard-2 metadata: foo: bar metadataStartupScript: echo hi > /test.txt @@ -26,7 +26,7 @@ spec: matchLabels: testing.upbound.io/example-name: example scratchDisk: - - interface: SCSI + - interface: NVME serviceAccount: - emailSelector: matchLabels: @@ -50,4 +50,4 @@ metadata: name: default spec: forProvider: - displayName: Service Account + displayName: Custom SA for VM Instance diff --git a/examples-generated/compute/v1beta1/instancegroupmanager.yaml b/examples-generated/compute/v1beta1/instancegroupmanager.yaml index 5b308ba26..cd1a60573 100644 --- a/examples-generated/compute/v1beta1/instancegroupmanager.yaml +++ b/examples-generated/compute/v1beta1/instancegroupmanager.yaml @@ -8,7 +8,7 @@ metadata: name: appserver spec: forProvider: - all_instances_config: + allInstancesConfig: - labels: label_key: label_value metadata: diff --git a/examples-generated/compute/v1beta1/instancegroupnamedport.yaml b/examples-generated/compute/v1beta1/instancegroupnamedport.yaml index 8e37a8495..650049f56 100644 --- a/examples-generated/compute/v1beta1/instancegroupnamedport.yaml +++ b/examples-generated/compute/v1beta1/instancegroupnamedport.yaml @@ -57,6 +57,7 @@ metadata: name: my-cluster spec: forProvider: + deletionProtection: "true" initialNodeCount: 1 ipAllocationPolicy: - clusterIpv4CidrBlock: /19 diff --git a/examples-generated/compute/v1beta1/networkfirewallpolicy.yaml b/examples-generated/compute/v1beta1/networkfirewallpolicy.yaml index bb09bb816..58df2fe2b 100644 --- a/examples-generated/compute/v1beta1/networkfirewallpolicy.yaml +++ b/examples-generated/compute/v1beta1/networkfirewallpolicy.yaml @@ -4,9 +4,8 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/networkfirewallpolicy labels: - testing.upbound.io/example-name: primary - name: primary + testing.upbound.io/example-name: policy + name: policy spec: forProvider: - description: Sample global network firewall policy - project: my-project-name + description: Terraform test diff --git a/examples-generated/compute/v1beta1/nodegroup.yaml b/examples-generated/compute/v1beta1/nodegroup.yaml index edea7ef28..8b0924462 100644 --- a/examples-generated/compute/v1beta1/nodegroup.yaml +++ b/examples-generated/compute/v1beta1/nodegroup.yaml @@ -9,10 +9,10 @@ metadata: spec: forProvider: description: example google_compute_node_group for Terraform Google Provider + initialSize: 1 nodeTemplateSelector: matchLabels: testing.upbound.io/example-name: soletenant-tmpl - size: 1 zone: us-central1-f --- diff --git a/examples-generated/compute/v1beta1/regioninstancegroupmanager.yaml b/examples-generated/compute/v1beta1/regioninstancegroupmanager.yaml index 05f9439ea..1b52d6038 100644 --- a/examples-generated/compute/v1beta1/regioninstancegroupmanager.yaml +++ b/examples-generated/compute/v1beta1/regioninstancegroupmanager.yaml @@ -8,7 +8,7 @@ metadata: name: appserver spec: forProvider: - all_instances_config: + allInstancesConfig: - labels: label_key: label_value metadata: diff --git a/examples-generated/compute/v1beta1/regionnetworkfirewallpolicy.yaml b/examples-generated/compute/v1beta1/regionnetworkfirewallpolicy.yaml index 928715259..e0b3b8f0b 100644 --- a/examples-generated/compute/v1beta1/regionnetworkfirewallpolicy.yaml +++ b/examples-generated/compute/v1beta1/regionnetworkfirewallpolicy.yaml @@ -4,10 +4,8 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/regionnetworkfirewallpolicy labels: - testing.upbound.io/example-name: primary - name: primary + testing.upbound.io/example-name: policy + name: policy spec: forProvider: - description: Sample regional network firewall policy - project: my-project-name - region: us-west1 + description: Terraform test diff --git a/examples-generated/compute/v1beta1/vpntunnel.yaml b/examples-generated/compute/v1beta1/vpntunnel.yaml index 85f0c11c6..c88dbb35d 100644 --- a/examples-generated/compute/v1beta1/vpntunnel.yaml +++ b/examples-generated/compute/v1beta1/vpntunnel.yaml @@ -8,6 +8,8 @@ metadata: name: tunnel1 spec: forProvider: + labels: + foo: bar peerIp: 15.0.0.120 sharedSecretSecretRef: key: example-key diff --git a/examples-generated/containeraws/v1beta1/cluster.yaml b/examples-generated/containeraws/v1beta1/cluster.yaml index c467b0ad8..cc6f5b0ae 100644 --- a/examples-generated/containeraws/v1beta1/cluster.yaml +++ b/examples-generated/containeraws/v1beta1/cluster.yaml @@ -11,7 +11,9 @@ spec: annotations: label-one: value-one authorization: - - adminUsers: + - adminGroups: + - group: group@domain.com + adminUsers: - username: my@service-account.com awsRegion: my-aws-region controlPlane: diff --git a/examples-generated/containeraws/v1beta1/nodepool.yaml b/examples-generated/containeraws/v1beta1/nodepool.yaml index dbd7daaa7..2efaeb89a 100644 --- a/examples-generated/containeraws/v1beta1/nodepool.yaml +++ b/examples-generated/containeraws/v1beta1/nodepool.yaml @@ -42,6 +42,8 @@ spec: key: taint-key value: taint-value location: us-west1 + management: + - autoRepair: true maxPodsConstraint: - maxPodsPerNode: 110 project: my-project-name diff --git a/examples-generated/containerazure/v1beta1/cluster.yaml b/examples-generated/containerazure/v1beta1/cluster.yaml index d0c6edeea..fadc7235c 100644 --- a/examples-generated/containerazure/v1beta1/cluster.yaml +++ b/examples-generated/containerazure/v1beta1/cluster.yaml @@ -9,7 +9,9 @@ metadata: spec: forProvider: authorization: - - adminUsers: + - adminGroups: + - group: group@domain.com + adminUsers: - username: mmv2@google.com azureRegion: westus2 client: projects/my-project-number/locations/us-west1/azureClients/${google_container_azure_client.basic.name} diff --git a/examples-generated/containerazure/v1beta1/nodepool.yaml b/examples-generated/containerazure/v1beta1/nodepool.yaml index 8ae72ae7a..ba9327fd6 100644 --- a/examples-generated/containerazure/v1beta1/nodepool.yaml +++ b/examples-generated/containerazure/v1beta1/nodepool.yaml @@ -17,7 +17,9 @@ spec: matchLabels: testing.upbound.io/example-name: primary config: - - proxyConfig: + - labels: + key_one: label_one + proxyConfig: - resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster secretId: https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000 rootVolume: @@ -29,6 +31,8 @@ spec: owner: mmv2 vmSize: Standard_DS2_v2 location: us-west1 + management: + - autoRepair: true maxPodsConstraint: - maxPodsPerNode: 110 project: my-project-name diff --git a/examples-generated/dataplex/v1beta1/asset.yaml b/examples-generated/dataplex/v1beta1/asset.yaml index e7e74648b..655876fd3 100644 --- a/examples-generated/dataplex/v1beta1/asset.yaml +++ b/examples-generated/dataplex/v1beta1/asset.yaml @@ -13,6 +13,9 @@ spec: testing.upbound.io/example-name: basic_zone discoverySpec: - enabled: false + labels: + env: foo + my-asset: exists lakeSelector: matchLabels: testing.upbound.io/example-name: basic_lake diff --git a/examples-generated/dataproc/v1beta1/metastoreservice.yaml b/examples-generated/dataproc/v1beta1/metastoreservice.yaml index 3c9665bac..783337117 100644 --- a/examples-generated/dataproc/v1beta1/metastoreservice.yaml +++ b/examples-generated/dataproc/v1beta1/metastoreservice.yaml @@ -10,6 +10,8 @@ spec: forProvider: hiveMetastoreConfig: - version: 2.3.6 + labels: + env: test location: us-central1 maintenanceWindow: - dayOfWeek: SUNDAY diff --git a/examples-generated/dialogflowcx/v1beta1/agent.yaml b/examples-generated/dialogflowcx/v1beta1/agent.yaml index 20f2bed77..ab6585f03 100644 --- a/examples-generated/dialogflowcx/v1beta1/agent.yaml +++ b/examples-generated/dialogflowcx/v1beta1/agent.yaml @@ -8,12 +8,30 @@ metadata: name: full-agent spec: forProvider: + advancedSettings: + - audioExportGcsDestination: + - uri: ${google_storage_bucket.bucket.url}/prefix- + dtmfSettings: + - enabled: true + finishDigit: '#' + maxDigits: 1 avatarUri: https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png defaultLanguageCode: en description: Example description. displayName: dialogflowcx-agent enableSpellCorrection: true enableStackdriverLogging: true + gitIntegrationSettings: + - githubSettings: + - accessTokenSecretRef: + key: example-key + name: example-secret + namespace: upbound-system + branches: + - main + displayName: Github Repo + repositoryUri: https://api.github.com/repos/githubtraining/hellogitworld + trackingBranch: main location: global speechToTextSettings: - enableSpeechAdaptation: true @@ -21,4 +39,33 @@ spec: - fr - de - es + textToSpeechSettings: + - synthesizeSpeechConfigs: |- + ${jsonencode({ + en = { + voice = { + name = "en-US-Neural2-A" + } + } + fr = { + voice = { + name = "fr-CA-Neural2-A", + } + } + })} timeZone: America/New_York + +--- + +apiVersion: storage.gcp.upbound.io/v1beta1 +kind: Bucket +metadata: + annotations: + meta.upbound.io/example-id: dialogflowcx/v1beta1/agent + labels: + testing.upbound.io/example-name: bucket + name: bucket +spec: + forProvider: + location: US + uniformBucketLevelAccess: true diff --git a/examples-generated/dialogflowcx/v1beta1/page.yaml b/examples-generated/dialogflowcx/v1beta1/page.yaml index a6d8e47cf..ebdd35d29 100644 --- a/examples-generated/dialogflowcx/v1beta1/page.yaml +++ b/examples-generated/dialogflowcx/v1beta1/page.yaml @@ -8,22 +8,293 @@ metadata: name: basic-page spec: forProvider: + advancedSettings: + - dtmfSettings: + - enabled: true + finishDigit: '#' + maxDigits: 1 displayName: MyPage entryFulfillment: - - messages: - - text: + - conditionalCases: + - cases: |- + ${jsonencode([ + { + condition = "$sys.func.RAND() < 0.5", + caseContent = [ + { + message = { text = { text = ["First case"] } } + }, + { + additionalCases = { + cases = [ + { + condition = "$sys.func.RAND() < 0.2" + caseContent = [ + { + message = { text = { text = ["Nested case"] } } + } + ] + } + ] + } + } + ] + }, + { + caseContent = [ + { + message = { text = { text = ["Final case"] } } + } + ] + }, + ])} + messages: + - channel: some-channel + text: - text: - Welcome to page + - payload: |2 + {"some-key": "some-value", "other-key": ["other-value"]} + - conversationSuccess: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - outputAudioText: + - text: some output text + - outputAudioText: + - ssml: |2 + Some example SSML XML + - liveAgentHandoff: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - playAudio: + - audioUri: http://example.com/some-audio-file.mp3 + - telephonyTransferCall: + - phoneNumber: 1-234-567-8901 + setParameterActions: + - parameter: some-param + value: "123.45" + - parameter: another-param + value: ${jsonencode("abc")} + - parameter: other-param + value: ${jsonencode(["foo"])} + eventHandlers: + - event: some-event + triggerFulfillment: + - conditionalCases: + - cases: |- + ${jsonencode([ + { + condition = "$sys.func.RAND() < 0.5", + caseContent = [ + { + message = { text = { text = ["First case"] } } + }, + { + additionalCases = { + cases = [ + { + condition = "$sys.func.RAND() < 0.2" + caseContent = [ + { + message = { text = { text = ["Nested case"] } } + } + ] + } + ] + } + } + ] + }, + { + caseContent = [ + { + message = { text = { text = ["Final case"] } } + } + ] + }, + ])} + messages: + - channel: some-channel + text: + - text: + - Some text + - payload: |2 + {"some-key": "some-value", "other-key": ["other-value"]} + - conversationSuccess: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - outputAudioText: + - text: some output text + - outputAudioText: + - ssml: |2 + Some example SSML XML + - liveAgentHandoff: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - playAudio: + - audioUri: http://example.com/some-audio-file.mp3 + - telephonyTransferCall: + - phoneNumber: 1-234-567-8901 + returnPartialResponses: true + setParameterActions: + - parameter: some-param + value: "123.45" + - parameter: another-param + value: ${jsonencode("abc")} + - parameter: other-param + value: ${jsonencode(["foo"])} form: - parameters: - - displayName: param1 + - advancedSettings: + - dtmfSettings: + - enabled: true + finishDigit: '#' + maxDigits: 1 + defaultValue: ${jsonencode("2000-01-01")} + displayName: param1 entityType: projects/-/locations/-/agents/-/entityTypes/sys.date fillBehavior: - initialPromptFulfillment: - - messages: - - text: + - conditionalCases: + - cases: |- + ${jsonencode([ + { + condition = "$sys.func.RAND() < 0.5", + caseContent = [ + { + message = { text = { text = ["First case"] } } + }, + { + additionalCases = { + cases = [ + { + condition = "$sys.func.RAND() < 0.2" + caseContent = [ + { + message = { text = { text = ["Nested case"] } } + } + ] + } + ] + } + } + ] + }, + { + caseContent = [ + { + message = { text = { text = ["Final case"] } } + } + ] + }, + ])} + messages: + - channel: some-channel + text: - text: - Please provide param1 + - payload: |2 + {"some-key": "some-value", "other-key": ["other-value"]} + - conversationSuccess: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - outputAudioText: + - text: some output text + - outputAudioText: + - ssml: |2 + Some example SSML XML + - liveAgentHandoff: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - playAudio: + - audioUri: http://example.com/some-audio-file.mp3 + - telephonyTransferCall: + - phoneNumber: 1-234-567-8901 + setParameterActions: + - parameter: some-param + value: "123.45" + - parameter: another-param + value: ${jsonencode("abc")} + - parameter: other-param + value: ${jsonencode(["foo"])} + repromptEventHandlers: + - event: sys.no-match-1 + triggerFulfillment: + - conditionalCases: + - cases: |- + ${jsonencode([ + { + condition = "$sys.func.RAND() < 0.5", + caseContent = [ + { + message = { text = { text = ["First case"] } } + }, + { + additionalCases = { + cases = [ + { + condition = "$sys.func.RAND() < 0.2" + caseContent = [ + { + message = { text = { text = ["Nested case"] } } + } + ] + } + ] + } + } + ] + }, + { + caseContent = [ + { + message = { text = { text = ["Final case"] } } + } + ] + }, + ])} + messages: + - channel: some-channel + text: + - text: + - Please provide param1 + - payload: |2 + {"some-key": "some-value", "other-key": ["other-value"]} + - conversationSuccess: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - outputAudioText: + - text: some output text + - outputAudioText: + - ssml: |2 + Some example SSML XML + - liveAgentHandoff: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - playAudio: + - audioUri: http://example.com/some-audio-file.mp3 + - telephonyTransferCall: + - phoneNumber: 1-234-567-8901 + returnPartialResponses: true + setParameterActions: + - parameter: some-param + value: "123.45" + - parameter: another-param + value: ${jsonencode("abc")} + - parameter: other-param + value: ${jsonencode(["foo"])} + tag: some-tag + webhookSelector: + matchLabels: + testing.upbound.io/example-name: my_webhook + - event: sys.no-match-2 + targetFlowSelector: + matchLabels: + testing.upbound.io/example-name: agent + - event: sys.no-match-3 + targetPageSelector: + matchLabels: + testing.upbound.io/example-name: my_page2 redact: "true" required: "true" parentSelector: @@ -35,10 +306,68 @@ spec: matchLabels: testing.upbound.io/example-name: my_page2 triggerFulfillment: - - messages: - - text: + - conditionalCases: + - cases: |- + ${jsonencode([ + { + condition = "$sys.func.RAND() < 0.5", + caseContent = [ + { + message = { text = { text = ["First case"] } } + }, + { + additionalCases = { + cases = [ + { + condition = "$sys.func.RAND() < 0.2" + caseContent = [ + { + message = { text = { text = ["Nested case"] } } + } + ] + } + ] + } + } + ] + }, + { + caseContent = [ + { + message = { text = { text = ["Final case"] } } + } + ] + }, + ])} + messages: + - channel: some-channel + text: - text: - information completed, navigating to page 2 + - payload: |2 + {"some-key": "some-value", "other-key": ["other-value"]} + - conversationSuccess: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - outputAudioText: + - text: some output text + - outputAudioText: + - ssml: |2 + Some example SSML XML + - liveAgentHandoff: + - metadata: |2 + {"some-metadata-key": "some-value", "other-metadata-key": 1234} + - playAudio: + - audioUri: http://example.com/some-audio-file.mp3 + - telephonyTransferCall: + - phoneNumber: 1-234-567-8901 + setParameterActions: + - parameter: some-param + value: "123.45" + - parameter: another-param + value: ${jsonencode("abc")} + - parameter: other-param + value: ${jsonencode(["foo"])} --- @@ -66,3 +395,22 @@ spec: - de - es timeZone: America/New_York + +--- + +apiVersion: dialogflowcx.gcp.upbound.io/v1beta1 +kind: Webhook +metadata: + annotations: + meta.upbound.io/example-id: dialogflowcx/v1beta1/page + labels: + testing.upbound.io/example-name: my_webhook + name: my-webhook +spec: + forProvider: + displayName: MyWebhook + genericWebService: + - uri: https://example.com + parentSelector: + matchLabels: + testing.upbound.io/example-name: agent diff --git a/examples-generated/gke/v1beta1/backupbackupplan.yaml b/examples-generated/gke/v1beta1/backupbackupplan.yaml index f08174a80..f0484f41f 100644 --- a/examples-generated/gke/v1beta1/backupbackupplan.yaml +++ b/examples-generated/gke/v1beta1/backupbackupplan.yaml @@ -32,7 +32,14 @@ spec: addonsConfig: - gkeBackupAgentConfig: - enabled: true + deletionProtection: "true" initialNodeCount: 1 location: us-central1 + networkSelector: + matchLabels: + testing.upbound.io/example-name: example + subnetworkSelector: + matchLabels: + testing.upbound.io/example-name: example workloadIdentityConfig: - workloadPool: my-project-name.svc.id.goog diff --git a/examples-generated/gkehub/v1beta1/membership.yaml b/examples-generated/gkehub/v1beta1/membership.yaml index 501360892..f8c8883a8 100644 --- a/examples-generated/gkehub/v1beta1/membership.yaml +++ b/examples-generated/gkehub/v1beta1/membership.yaml @@ -13,6 +13,7 @@ spec: - resourceLinkSelector: matchLabels: testing.upbound.io/example-name: primary + location: us-west1 --- @@ -26,5 +27,12 @@ metadata: name: primary spec: forProvider: + deletionProtection: false initialNodeCount: 1 location: us-central1-a + networkSelector: + matchLabels: + testing.upbound.io/example-name: example + subnetworkSelector: + matchLabels: + testing.upbound.io/example-name: example diff --git a/examples-generated/kms/v1beta1/cryptokey.yaml b/examples-generated/kms/v1beta1/cryptokey.yaml index 3bed1ec50..1678c4670 100644 --- a/examples-generated/kms/v1beta1/cryptokey.yaml +++ b/examples-generated/kms/v1beta1/cryptokey.yaml @@ -11,7 +11,7 @@ spec: keyRingSelector: matchLabels: testing.upbound.io/example-name: keyring - rotationPeriod: 100000s + rotationPeriod: 7776000s --- diff --git a/examples-generated/kms/v1beta1/cryptokeyversion.yaml b/examples-generated/kms/v1beta1/cryptokeyversion.yaml index 54876748c..33d061899 100644 --- a/examples-generated/kms/v1beta1/cryptokeyversion.yaml +++ b/examples-generated/kms/v1beta1/cryptokeyversion.yaml @@ -27,7 +27,7 @@ spec: keyRingSelector: matchLabels: testing.upbound.io/example-name: keyring - rotationPeriod: 100000s + rotationPeriod: 7776000s --- diff --git a/examples-generated/kms/v1beta1/secretciphertext.yaml b/examples-generated/kms/v1beta1/secretciphertext.yaml index 46698875b..c213ce378 100644 --- a/examples-generated/kms/v1beta1/secretciphertext.yaml +++ b/examples-generated/kms/v1beta1/secretciphertext.yaml @@ -56,7 +56,7 @@ spec: keyRingSelector: matchLabels: testing.upbound.io/example-name: keyring - rotationPeriod: 100000s + rotationPeriod: 7776000s --- diff --git a/examples-generated/logging/v1beta1/folderbucketconfig.yaml b/examples-generated/logging/v1beta1/folderbucketconfig.yaml index 09e09682e..58eac8f21 100644 --- a/examples-generated/logging/v1beta1/folderbucketconfig.yaml +++ b/examples-generated/logging/v1beta1/folderbucketconfig.yaml @@ -12,6 +12,9 @@ spec: folderSelector: matchLabels: testing.upbound.io/example-name: default + indexConfigs: + file_path: jsonPayload.request.status + type: INDEX_TYPE_STRING location: global retentionDays: 30 diff --git a/examples-generated/memcache/v1beta1/instance.yaml b/examples-generated/memcache/v1beta1/instance.yaml index 07f3f01cd..879c127f6 100644 --- a/examples-generated/memcache/v1beta1/instance.yaml +++ b/examples-generated/memcache/v1beta1/instance.yaml @@ -11,6 +11,8 @@ spec: authorizedNetworkSelector: matchLabels: testing.upbound.io/example-name: private_service_connection + labels: + env: test maintenancePolicy: - weeklyMaintenanceWindow: - day: SATURDAY @@ -42,12 +44,25 @@ spec: addressType: INTERNAL networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: memcache_network prefixLength: 16 purpose: VPC_PEERING --- +apiVersion: compute.gcp.upbound.io/v1beta1 +kind: Network +metadata: + annotations: + meta.upbound.io/example-id: memcache/v1beta1/instance + labels: + testing.upbound.io/example-name: memcache_network + name: memcache-network +spec: + forProvider: {} + +--- + apiVersion: servicenetworking.gcp.upbound.io/v1beta1 kind: Connection metadata: @@ -60,7 +75,7 @@ spec: forProvider: networkSelector: matchLabels: - testing.upbound.io/example-name: google_compute_network + testing.upbound.io/example-name: memcache_network reservedPeeringRangesRefs: - name: service_range service: servicenetworking.googleapis.com diff --git a/examples-generated/monitoring/v1beta1/uptimecheckconfig.yaml b/examples-generated/monitoring/v1beta1/uptimecheckconfig.yaml index 5f96f738b..49297b420 100644 --- a/examples-generated/monitoring/v1beta1/uptimecheckconfig.yaml +++ b/examples-generated/monitoring/v1beta1/uptimecheckconfig.yaml @@ -18,8 +18,11 @@ spec: displayName: http-uptime-check httpCheck: - body: Zm9vJTI1M0RiYXI= - contentType: URL_ENCODED + contentType: USER_PROVIDED + customContentType: application/json path: some-path + pingConfig: + - pingsCount: 1 port: "8010" requestMethod: POST monitoredResource: @@ -28,3 +31,5 @@ spec: project_id: my-project-name type: uptime_url timeout: 60s + userLabels: + example-key: example-value diff --git a/examples-generated/networkconnectivity/v1beta1/spoke.yaml b/examples-generated/networkconnectivity/v1beta1/spoke.yaml index 67178f8a7..759b3a8f3 100644 --- a/examples-generated/networkconnectivity/v1beta1/spoke.yaml +++ b/examples-generated/networkconnectivity/v1beta1/spoke.yaml @@ -14,43 +14,15 @@ spec: testing.upbound.io/example-name: basic_hub labels: label-one: value-one - linkedRouterApplianceInstances: - - instances: - - ipAddress: 10.0.0.2 - virtualMachineSelector: - matchLabels: - testing.upbound.io/example-name: instance - siteToSiteDataTransfer: true - location: us-west1 - name: name - ---- - -apiVersion: compute.gcp.upbound.io/v1beta1 -kind: Instance -metadata: - annotations: - meta.upbound.io/example-id: networkconnectivity/v1beta1/spoke - labels: - testing.upbound.io/example-name: instance - name: instance -spec: - forProvider: - bootDisk: - - initializeParams: - - imageSelector: - matchLabels: - testing.upbound.io/example-name: example - canIpForward: true - machineType: e2-medium - networkInterface: - - accessConfig: - - networkTier: PREMIUM - networkIp: 10.0.0.2 - subnetworkSelector: + linkedVpcNetwork: + - excludeExportRanges: + - 198.51.100.0/24 + - 10.10.0.0/16 + uriSelector: matchLabels: - testing.upbound.io/example-name: example - zone: us-west1-a + testing.upbound.io/example-name: network + location: global + name: name --- @@ -68,24 +40,6 @@ spec: --- -apiVersion: compute.gcp.upbound.io/v1beta1 -kind: Subnetwork -metadata: - annotations: - meta.upbound.io/example-id: networkconnectivity/v1beta1/spoke - labels: - testing.upbound.io/example-name: subnetwork - name: subnetwork -spec: - forProvider: - ipCidrRange: 10.0.0.0/28 - networkSelector: - matchLabels: - testing.upbound.io/example-name: network - region: us-west1 - ---- - apiVersion: networkconnectivity.gcp.upbound.io/v1beta1 kind: Hub metadata: diff --git a/examples-generated/networkmanagement/v1beta1/connectivitytest.yaml b/examples-generated/networkmanagement/v1beta1/connectivitytest.yaml index 5a8ee351a..c4d81d104 100644 --- a/examples-generated/networkmanagement/v1beta1/connectivitytest.yaml +++ b/examples-generated/networkmanagement/v1beta1/connectivitytest.yaml @@ -12,6 +12,8 @@ spec: - instanceSelector: matchLabels: testing.upbound.io/example-name: destination + labels: + env: test name: conn-test-instances protocol: TCP source: diff --git a/examples-generated/secretmanager/v1beta1/secretversion.yaml b/examples-generated/secretmanager/v1beta1/secretversion.yaml index 7b4518dd8..fcd351cbb 100644 --- a/examples-generated/secretmanager/v1beta1/secretversion.yaml +++ b/examples-generated/secretmanager/v1beta1/secretversion.yaml @@ -31,4 +31,5 @@ spec: labels: label: my-label replication: - - automatic: true + - auto: + - {} diff --git a/examples-generated/vertexai/v1beta1/dataset.yaml b/examples-generated/vertexai/v1beta1/dataset.yaml index 775b96b6f..dc5411bf6 100644 --- a/examples-generated/vertexai/v1beta1/dataset.yaml +++ b/examples-generated/vertexai/v1beta1/dataset.yaml @@ -9,5 +9,7 @@ metadata: spec: forProvider: displayName: terraform + labels: + env: test metadataSchemaUri: gs://google-cloud-aiplatform/schema/dataset/metadata/image_1.0.0.yaml region: us-central1 diff --git a/examples-generated/workflows/v1beta1/workflow.yaml b/examples-generated/workflows/v1beta1/workflow.yaml index b6cb57297..6b0828788 100644 --- a/examples-generated/workflows/v1beta1/workflow.yaml +++ b/examples-generated/workflows/v1beta1/workflow.yaml @@ -8,7 +8,10 @@ metadata: name: example spec: forProvider: + callLogLevel: LOG_ERRORS_ONLY description: Magic + labels: + env: test name: workflow region: us-central1 serviceAccountSelector: @@ -29,7 +32,7 @@ spec: - getCurrentTime: call: http.get args: - url: https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam + url: ${sys.get_env("url")} result: currentTime - readWikipedia: call: http.get @@ -41,6 +44,8 @@ spec: result: wikiResult - returnOutput: return: ${wikiResult.body[1]} + userEnvVars: + url: https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam --- diff --git a/examples/certificatemanager/dnsauthorization.yaml b/examples/certificatemanager/dnsauthorization.yaml index 1f75fdfc7..2d7e5185c 100644 --- a/examples/certificatemanager/dnsauthorization.yaml +++ b/examples/certificatemanager/dnsauthorization.yaml @@ -8,5 +8,6 @@ metadata: name: default spec: forProvider: + location: global description: The default dnss domain: hashicorptest.com diff --git a/examples/cloudfunctions2/function.yaml b/examples/cloudfunctions2/function.yaml index 5358682eb..5c96e391b 100644 --- a/examples/cloudfunctions2/function.yaml +++ b/examples/cloudfunctions2/function.yaml @@ -3,6 +3,7 @@ kind: Function metadata: annotations: meta.upbound.io/example-id: cloudfunctions2/v1beta1/function + upjet.upbound.io/manual-intervention: "This resource requires a valid function-source.zip object in the created bucket resource." labels: testing.upbound.io/example-name: function name: function @@ -10,46 +11,27 @@ spec: forProvider: buildConfig: - entryPoint: "helloHttp" - runtime: "nodejs16" + runtime: "nodejs20" + dockerRepository: "projects/official-provider-testing/locations/us-central1/repositories/gcf-artifacts" source: - storageSource: - bucketSelector: matchLabels: - testing.upbound.io/example-name: bucket - objectSelector: - matchLabels: - testing.upbound.io/example-name: bucket-object + testing.upbound.io/example-name: bucket-func2-test + object: function-source.zip location: us-central1 --- -apiVersion: storage.gcp.upbound.io/v1beta1 -kind: BucketObject -metadata: - annotations: - meta.upbound.io/example-id: cloudfunctions2/v1beta1/function - labels: - testing.upbound.io/example-name: bucket-object - name: bucket-object -spec: - forProvider: - bucketSelector: - matchLabels: - testing.upbound.io/example-name: bucket - name: bucket-object - content: "Upbound!" - contentType: text/plain - ---- - apiVersion: storage.gcp.upbound.io/v1beta1 kind: Bucket metadata: annotations: meta.upbound.io/example-id: cloudfunctions2/v1beta1/function + upjet.upbound.io/manual-intervention: "This resource requires a valid function-source.zip object." labels: - testing.upbound.io/example-name: bucket - name: bucket-${Rand.RFC1123Subdomain} + testing.upbound.io/example-name: bucket-func2-test + name: bucket-func2-test spec: forProvider: cors: diff --git a/examples/cloudiot/device.yaml b/examples/cloudiot/device.yaml deleted file mode 100644 index 58dd10cb2..000000000 --- a/examples/cloudiot/device.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: cloudiot.gcp.upbound.io/v1beta1 -kind: Device -metadata: - annotations: - meta.upbound.io/example-id: cloudiot/v1beta1/device - labels: - testing.upbound.io/example-name: test-device - name: test-device -spec: - forProvider: - registrySelector: - matchLabels: - testing.upbound.io/example-name: registry - ---- - -apiVersion: cloudiot.gcp.upbound.io/v1beta1 -kind: Registry -metadata: - annotations: - meta.upbound.io/example-id: cloudiot/v1beta1/device - labels: - testing.upbound.io/example-name: registry - name: registry -spec: - forProvider: - name: cloudiot-device-registry - region: us-central1 \ No newline at end of file diff --git a/examples/cloudiot/registry.yaml b/examples/cloudiot/registry.yaml deleted file mode 100644 index afeda3ac7..000000000 --- a/examples/cloudiot/registry.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cloudiot.gcp.upbound.io/v1beta1 -kind: Registry -metadata: - annotations: - meta.upbound.io/example-id: cloudiot/v1beta1/registry - labels: - testing.upbound.io/example-name: test-registry - name: test-registry -spec: - forProvider: - name: cloudiot-registry - region: us-central1 \ No newline at end of file diff --git a/examples/cloudrun/domainmapping.yaml b/examples/cloudrun/domainmapping.yaml new file mode 100644 index 000000000..d093cfbdc --- /dev/null +++ b/examples/cloudrun/domainmapping.yaml @@ -0,0 +1,38 @@ +apiVersion: cloudrun.gcp.upbound.io/v1beta1 +kind: DomainMapping +metadata: + annotations: + meta.upbound.io/example-id: cloudrun/v1beta1/domainmapping + labels: + testing.upbound.io/example-name: default + name: default-dm +spec: + forProvider: + location: us-central1 + metadata: + - namespace: official-provider-testing + name: verified-domain.com + spec: + - routeNameSelector: + matchLabels: + testing.upbound.io/example-name: default-svc + +--- + +apiVersion: cloudrun.gcp.upbound.io/v1beta1 +kind: Service +metadata: + annotations: + meta.upbound.io/example-id: cloudrun/v1beta1/domainmapping + labels: + testing.upbound.io/example-name: default-svc + name: default-svc +spec: + forProvider: + location: us-central1 + metadata: + - namespace: official-provider-testing + template: + - spec: + - containers: + - image: us-docker.pkg.dev/cloudrun/container/hello diff --git a/examples/compute/nodegroup.yaml b/examples/compute/nodegroup.yaml index c13455b57..41ee396c9 100644 --- a/examples/compute/nodegroup.yaml +++ b/examples/compute/nodegroup.yaml @@ -13,7 +13,7 @@ spec: nodeTemplateSelector: matchLabels: testing.upbound.io/example-name: node-group - size: 1 + initialSize: 1 zone: us-central1-a --- diff --git a/examples/container/cluster.yaml b/examples/container/cluster.yaml index 590cf2a92..7100bb411 100644 --- a/examples/container/cluster.yaml +++ b/examples/container/cluster.yaml @@ -12,4 +12,5 @@ spec: ipAllocationPolicy: - {} enableAutopilot: true - enableIntranodeVisibility: true \ No newline at end of file + enableIntranodeVisibility: true + deletionProtection: false \ No newline at end of file diff --git a/examples/dataflow/job.yaml b/examples/dataflow/job.yaml index c09f303cb..346292ffe 100644 --- a/examples/dataflow/job.yaml +++ b/examples/dataflow/job.yaml @@ -10,6 +10,7 @@ metadata: spec: forProvider: name: dataflow-job + skipWaitOnJobTermination: true region: us-central1 parameters: inputFile: gs://my-bucket/file.txt diff --git a/examples/gkehub/membership.yaml b/examples/gkehub/membership.yaml index 10c6bd548..d3778aff8 100644 --- a/examples/gkehub/membership.yaml +++ b/examples/gkehub/membership.yaml @@ -8,6 +8,7 @@ metadata: name: membership spec: forProvider: + location: us-central1 endpoint: - gkeCluster: - resourceLinkSelector: @@ -26,6 +27,7 @@ metadata: name: membership spec: forProvider: + deletionProtection: false initialNodeCount: 2 location: us-central1-a nodeConfig: diff --git a/examples/sql/sslcert.yaml b/examples/sql/sslcert.yaml index 3e14212ca..1351e8839 100644 --- a/examples/sql/sslcert.yaml +++ b/examples/sql/sslcert.yaml @@ -2,7 +2,6 @@ apiVersion: sql.gcp.upbound.io/v1beta1 kind: SSLCert metadata: annotations: - upjet.upbound.io/manual-intervention: "Depends on SQL instance to be successfully deleted" meta.upbound.io/example-id: sql/v1beta1/sslcert labels: testing.upbound.io/example-name: example_cert @@ -17,3 +16,23 @@ spec: name: example-sql-ssl-secret namespace: upbound-system +--- + +apiVersion: sql.gcp.upbound.io/v1beta1 +kind: DatabaseInstance +metadata: + annotations: + uptest.upbound.io/pre-delete-hook: testhooks/delete-sslcert.sh + meta.upbound.io/example-id: sql/v1beta1/databaseinstance + labels: + testing.upbound.io/example-name: example_instance + name: example-instance-${Rand.RFC1123Subdomain} +spec: + forProvider: + region: "us-central1" + databaseVersion: "MYSQL_5_7" + settings: + - tier: "db-f1-micro" + diskSize: 20 + deletionProtection: false # allow crossplane to delete the instance automatically + diff --git a/examples/sql/testhooks/delete-sslcert.sh b/examples/sql/testhooks/delete-sslcert.sh new file mode 100755 index 000000000..843f57e99 --- /dev/null +++ b/examples/sql/testhooks/delete-sslcert.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -aeuo pipefail + +# Note(turkenf): The SSLCert resource must be deleted before the DatabaseInstance +# resource to be successfully deleted. This is a workaround for this +# problem to make automated tests to work. +${KUBECTL} delete sslcert.sql.gcp.upbound.io -l testing.upbound.io/example-name=example_cert \ No newline at end of file diff --git a/go.mod b/go.mod index 9fb8ba311..d133daeea 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ require ( github.com/crossplane/crossplane-runtime v1.15.1 github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 github.com/crossplane/upjet v1.1.1 - github.com/hashicorp/terraform-json v0.17.1 - github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 - github.com/hashicorp/terraform-provider-google v1.20.1-0.20230807163356-c1a5133299b4 + github.com/hashicorp/terraform-json v0.18.0 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 + github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14 github.com/pkg/errors v0.9.1 gopkg.in/alecthomas/kingpin.v2 v2.2.6 k8s.io/apimachinery v0.29.2 @@ -20,13 +20,13 @@ require ( require ( bitbucket.org/creachadair/stringset v0.0.8 // indirect - cloud.google.com/go v0.110.10 // indirect + cloud.google.com/go v0.112.0 // indirect cloud.google.com/go/bigtable v1.19.0 // indirect - cloud.google.com/go/compute v1.23.3 // indirect + cloud.google.com/go/compute v1.23.4 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.5 // indirect - cloud.google.com/go/longrunning v0.5.4 // indirect - github.com/GoogleCloudPlatform/declarative-resource-client-library v1.44.0 // indirect + cloud.google.com/go/iam v1.1.6 // indirect + cloud.google.com/go/longrunning v0.5.5 // indirect + github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect @@ -51,10 +51,12 @@ require ( github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect github.com/fatih/color v1.16.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/gammazero/deque v0.0.0-20180920172122-f6adf94963e4 // indirect github.com/gammazero/workerpool v0.0.0-20181230203049-86a96b5d5d92 // indirect github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -70,9 +72,9 @@ require ( github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/s2a-go v0.1.7 // indirect - github.com/google/uuid v1.4.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/googleapis/gax-go/v2 v2.12.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect @@ -80,20 +82,20 @@ require ( github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.5.1 // indirect + github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hc-install v0.6.1 // indirect + github.com/hashicorp/hc-install v0.6.2 // indirect github.com/hashicorp/hcl/v2 v2.19.1 // indirect github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-exec v0.19.0 // indirect - github.com/hashicorp/terraform-plugin-framework v1.4.1 // indirect + github.com/hashicorp/terraform-plugin-framework v1.5.0 // indirect github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.19.0 // indirect + github.com/hashicorp/terraform-plugin-go v0.20.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect - github.com/hashicorp/terraform-registry-address v0.2.2 // indirect + github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect - github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect + github.com/hashicorp/yamux v0.1.1 // indirect github.com/iancoleman/strcase v0.2.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -127,34 +129,38 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/tmccombs/hcl2json v0.3.3 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect - github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect - github.com/vmihailenco/tagparser v0.1.2 // indirect + github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect + github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/yuin/goldmark v1.4.13 // indirect github.com/zclconf/go-cty v1.14.1 // indirect github.com/zclconf/go-cty-yaml v1.0.3 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect + go.opentelemetry.io/otel v1.23.0 // indirect + go.opentelemetry.io/otel/metric v1.23.0 // indirect + go.opentelemetry.io/otel/trace v1.23.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.19.0 // indirect golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.20.0 // indirect - golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/net v0.21.0 // indirect + golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect - golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.152.0 // indirect + google.golang.org/api v0.166.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.31.1-0.20231128094519-2087447a6b4a // indirect + google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect + google.golang.org/grpc v1.61.1 // indirect + google.golang.org/protobuf v1.32.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect @@ -168,13 +174,3 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) - -replace golang.org/x/exp => golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa - -replace github.com/hashicorp/terraform-json => github.com/hashicorp/terraform-json v0.16.0 - -replace github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0 - -replace github.com/hashicorp/terraform-plugin-go => github.com/hashicorp/terraform-plugin-go v0.14.3 - -replace github.com/hashicorp/terraform-plugin-framework => github.com/hashicorp/terraform-plugin-framework v1.2.0 diff --git a/go.sum b/go.sum index c64b085fd..4b0ddbbf3 100644 --- a/go.sum +++ b/go.sum @@ -1,29 +1,27 @@ bitbucket.org/creachadair/stringset v0.0.8 h1:gQqe4vs8XWgMyijfyKE6K8o4TcyGGrRXe0JvHgx5H+M= bitbucket.org/creachadair/stringset v0.0.8/go.mod h1:AgthVMyMxC/6FK1KBJ2ALdqkZObGN8hOetgpwXyMn34= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y= -cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic= +cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= +cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go/bigtable v1.19.0 h1:wiq9LT0kukfInzvy1joMDijCw/OD1UChpSbORXYn0LI= cloud.google.com/go/bigtable v1.19.0/go.mod h1:xl5kPa8PTkJjdBxg6qdGH88464nNqmbISHSRU+D2yFE= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= +cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw= +cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= -cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= -cloud.google.com/go/longrunning v0.5.4 h1:w8xEcbZodnA2BbW6sVirkkoC+1gP8wS57EUUgGS0GVg= -cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= +cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= +cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= +cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= +cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.44.0 h1:hASUAck0/5j84kejIHGJjipjUzFHiN5edNMobKwj2HA= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.44.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0 h1:s4Y6r6RrYLBnqosGXLwR0h1Gqr0VT3wgd6rqvHsD9OE= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= -github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -39,8 +37,6 @@ github.com/antchfx/xpath v1.2.0/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwq github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= -github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I= -github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= @@ -107,6 +103,8 @@ github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwo github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/gammazero/deque v0.0.0-20180920172122-f6adf94963e4 h1:R+19WKQClnfMXS60cP5BmMe1wjZ4u0evY2p2Ar0ZTXo= @@ -117,13 +115,16 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY= -github.com/go-git/go-git/v5 v5.9.0/go.mod h1:RKIqga24sWdMGZF+1Ekv9kylsDz6LzdTSI2s/OsZWE0= +github.com/go-git/go-git/v5 v5.10.1 h1:tu8/D8i+TWxgKpzQ3Vc43e+kkhXqtsZCKI/egajKnxk= +github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -181,7 +182,6 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -195,12 +195,12 @@ github.com/google/pprof v0.0.0-20240117000934-35fc243c5815/go.mod h1:czg5+yv1E0Z github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM= +github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -217,15 +217,15 @@ github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+ github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.5.1 h1:oGm7cWBaYIp3lJpx1RUEfLWophprE2EV/KUeqBYo+6k= -github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= +github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= +github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.6.1 h1:IGxShH7AVhPaSuSJpKtVi/EFORNjO+OYVJJrAtGG2mY= -github.com/hashicorp/hc-install v0.6.1/go.mod h1:0fW3jpg+wraYSnFDJ6Rlie3RvLf1bIqVIkzoon4KoVE= +github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M= +github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps= github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= @@ -233,28 +233,28 @@ github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM= github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg= -github.com/hashicorp/terraform-json v0.16.0 h1:UKkeWRWb23do5LNAFlh/K3N0ymn1qTOO8c+85Albo3s= -github.com/hashicorp/terraform-json v0.16.0/go.mod h1:v0Ufk9jJnk6tcIZvScHvetlKfiNTC+WS21mnXIlc0B0= -github.com/hashicorp/terraform-plugin-framework v1.2.0 h1:MZjFFfULnFq8fh04FqrKPcJ/nGpHOvX4buIygT3MSNY= -github.com/hashicorp/terraform-plugin-framework v1.2.0/go.mod h1:nToI62JylqXDq84weLJ/U3umUsBhZAaTmU0HXIVUOcw= +github.com/hashicorp/terraform-json v0.18.0 h1:pCjgJEqqDESv4y0Tzdqfxr/edOIGkjs8keY42xfNBwU= +github.com/hashicorp/terraform-json v0.18.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= +github.com/hashicorp/terraform-plugin-framework v1.5.0 h1:8kcvqJs/x6QyOFSdeAyEgsenVOUeC/IyKpi2ul4fjTg= +github.com/hashicorp/terraform-plugin-framework v1.5.0/go.mod h1:6waavirukIlFpVpthbGd2PUNYaFedB0RwW3MDzJ/rtc= github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 h1:LYz4bXh3t7bTEydXOmPDPupRRnA480B/9+jV8yZvxBA= github.com/hashicorp/terraform-plugin-framework-validators v0.9.0/go.mod h1:+BVERsnfdlhYR2YkXMBtPnmn9UsL19U3qUtSZ+Y/5MY= -github.com/hashicorp/terraform-plugin-go v0.14.3 h1:nlnJ1GXKdMwsC8g1Nh05tK2wsC3+3BL/DBBxFEki+j0= -github.com/hashicorp/terraform-plugin-go v0.14.3/go.mod h1:7ees7DMZ263q8wQ6E4RdIdR6nHHJtrdt4ogX5lPkX1A= +github.com/hashicorp/terraform-plugin-go v0.20.0 h1:oqvoUlL+2EUbKNsJbIt3zqqZ7wi6lzn4ufkn/UA51xQ= +github.com/hashicorp/terraform-plugin-go v0.20.0/go.mod h1:Rr8LBdMlY53a3Z/HpP+ZU3/xCDqtKNCkeI9qOyT10QE= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= -github.com/hashicorp/terraform-plugin-mux v0.8.0 h1:WCTP66mZ+iIaIrCNJnjPEYnVjawTshnDJu12BcXK1EI= -github.com/hashicorp/terraform-plugin-mux v0.8.0/go.mod h1:vdW0daEi8Kd4RFJmet5Ot+SIVB/B8SwQVJiYKQwdCy8= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0 h1:FtCLTiTcykdsURXPt/ku7fYXm3y19nbzbZcUxHx9RbI= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0/go.mod h1:80wf5oad1tW+oLnbXS4UTYmDCrl7BuN1Q+IA91X1a4Y= -github.com/hashicorp/terraform-provider-google v1.20.1-0.20230807163356-c1a5133299b4 h1:rJNfhKGcXD9dDN6ebiMStrtWZ5HzjaLz5MNt0NJ94lY= -github.com/hashicorp/terraform-provider-google v1.20.1-0.20230807163356-c1a5133299b4/go.mod h1:l+xWrh5x5jUY9J1uQEU4ujOdsOTQl7H7hrLwzAWzYGA= -github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno= -github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo= +github.com/hashicorp/terraform-plugin-mux v0.13.0 h1:79U401/3nd8CWwDGtTHc8F3miSCAS9XGtVarxSTDgwA= +github.com/hashicorp/terraform-plugin-mux v0.13.0/go.mod h1:Ndv0FtwDG2ogzH59y64f2NYimFJ6I0smRgFUKfm6dyQ= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 h1:Bl3e2ei2j/Z3Hc2HIS15Gal2KMKyLAZ2om1HCEvK6es= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0/go.mod h1:i2C41tszDjiWfziPQDL5R/f3Zp0gahXe5No/MIO9rCE= +github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14 h1:BB+BOupNZUkimKK9K50vb/pF+I9rcTyn4XtB4U7Kn6g= +github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14/go.mod h1:K9mobUNaEYRKutF6EbPghE9FSFM8RJCVs22DMRH6NaA= +github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= +github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= -github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= -github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= +github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -361,8 +361,8 @@ github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= -github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= +github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -389,11 +389,12 @@ github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeI github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8= +github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc= -github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= +github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -411,6 +412,18 @@ github.com/zclconf/go-cty-yaml v1.0.3 h1:og/eOQ7lvA/WWhHGFETVWNduJM7Rjsv2RRpx1sd github.com/zclconf/go-cty-yaml v1.0.3/go.mod h1:9YLUH4g7lOhVWqUbctnVlZ5KLpg7JAprQNgxSZ1Gyxs= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 h1:P+/g8GpuJGYbOp2tAdKrIPUX9JO02q8Q0YNlHolpibA= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= +go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= +go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= +go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= +go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= +go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= +go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= +go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -427,12 +440,11 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -441,7 +453,6 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -463,14 +474,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= -golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -479,8 +487,6 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -508,21 +514,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -532,8 +532,6 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -550,20 +548,16 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.152.0 h1:t0r1vPnfMc260S2Ci+en7kfCZaLOPs5KI0sVV/6jZrY= -google.golang.org/api v0.152.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY= +google.golang.org/api v0.166.0 h1:6m4NUwrZYhAaVIHZWxaKjw1L1vNAjtMwORmKRyEEo24= +google.golang.org/api v0.166.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= @@ -573,20 +567,20 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A= +google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -598,8 +592,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.1-0.20231128094519-2087447a6b4a h1:4Xl+xgjbTX1HWSmJKoV3GeNdVZCJmlx2rvHT3eHoUCw= -google.golang.org/protobuf v1.31.1-0.20231128094519-2087447a6b4a/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/controller/cloudiot/device/zz_controller.go b/internal/controller/cloudiot/device/zz_controller.go deleted file mode 100755 index aaf93d6d8..000000000 --- a/internal/controller/cloudiot/device/zz_controller.go +++ /dev/null @@ -1,95 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package device - -import ( - "time" - - "github.com/crossplane/crossplane-runtime/pkg/connection" - "github.com/crossplane/crossplane-runtime/pkg/event" - "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" - "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - tjcontroller "github.com/crossplane/upjet/pkg/controller" - "github.com/crossplane/upjet/pkg/controller/handler" - "github.com/crossplane/upjet/pkg/metrics" - "github.com/pkg/errors" - ctrl "sigs.k8s.io/controller-runtime" - - v1beta1 "github.com/upbound/provider-gcp/apis/cloudiot/v1beta1" - features "github.com/upbound/provider-gcp/internal/features" -) - -// Setup adds a controller that reconciles Device managed resources. -func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Device_GroupVersionKind.String()) - var initializers managed.InitializerChain - initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) - cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} - if o.SecretStoreConfigGVK != nil { - cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) - } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Device_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Device_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) - opts := []managed.ReconcilerOption{ - managed.WithExternalConnecter( - tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_cloudiot_device"], - tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), - tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), - tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Device_GroupVersionKind, mgr, o.PollInterval)), - tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), - managed.WithLogger(o.Logger.WithValues("controller", name)), - managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), - managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3 * time.Minute), - managed.WithInitializers(initializers), - managed.WithConnectionPublishers(cps...), - managed.WithPollInterval(o.PollInterval), - } - if o.PollJitter != 0 { - opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) - } - if o.Features.Enabled(features.EnableBetaManagementPolicies) { - opts = append(opts, managed.WithManagementPolicies()) - } - - // register webhooks for the kind v1beta1.Device - // if they're enabled. - if o.StartWebhooks { - if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Device{}). - Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Device") - } - } - - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Device_GroupVersionKind), opts...) - - return ctrl.NewControllerManagedBy(mgr). - Named(name). - WithOptions(o.ForControllerRuntime()). - WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Device{}, eventHandler). - Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) -} diff --git a/internal/controller/cloudiot/registry/zz_controller.go b/internal/controller/cloudiot/registry/zz_controller.go deleted file mode 100755 index 9ad3c84f3..000000000 --- a/internal/controller/cloudiot/registry/zz_controller.go +++ /dev/null @@ -1,94 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -/* -Copyright 2021 The Crossplane Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by upjet. DO NOT EDIT. - -package registry - -import ( - "time" - - "github.com/crossplane/crossplane-runtime/pkg/connection" - "github.com/crossplane/crossplane-runtime/pkg/event" - "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" - "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - tjcontroller "github.com/crossplane/upjet/pkg/controller" - "github.com/crossplane/upjet/pkg/controller/handler" - "github.com/crossplane/upjet/pkg/metrics" - "github.com/pkg/errors" - ctrl "sigs.k8s.io/controller-runtime" - - v1beta1 "github.com/upbound/provider-gcp/apis/cloudiot/v1beta1" - features "github.com/upbound/provider-gcp/internal/features" -) - -// Setup adds a controller that reconciles Registry managed resources. -func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Registry_GroupVersionKind.String()) - var initializers managed.InitializerChain - cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} - if o.SecretStoreConfigGVK != nil { - cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) - } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Registry_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Registry_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) - opts := []managed.ReconcilerOption{ - managed.WithExternalConnecter( - tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_cloudiot_registry"], - tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), - tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), - tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Registry_GroupVersionKind, mgr, o.PollInterval)), - tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), - managed.WithLogger(o.Logger.WithValues("controller", name)), - managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), - managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3 * time.Minute), - managed.WithInitializers(initializers), - managed.WithConnectionPublishers(cps...), - managed.WithPollInterval(o.PollInterval), - } - if o.PollJitter != 0 { - opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) - } - if o.Features.Enabled(features.EnableBetaManagementPolicies) { - opts = append(opts, managed.WithManagementPolicies()) - } - - // register webhooks for the kind v1beta1.Registry - // if they're enabled. - if o.StartWebhooks { - if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Registry{}). - Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Registry") - } - } - - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Registry_GroupVersionKind), opts...) - - return ctrl.NewControllerManagedBy(mgr). - Named(name). - WithOptions(o.ForControllerRuntime()). - WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Registry{}, eventHandler). - Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) -} diff --git a/internal/controller/zz_cloudiot_setup.go b/internal/controller/zz_cloudiot_setup.go deleted file mode 100755 index a636ab379..000000000 --- a/internal/controller/zz_cloudiot_setup.go +++ /dev/null @@ -1,28 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -package controller - -import ( - ctrl "sigs.k8s.io/controller-runtime" - - "github.com/crossplane/upjet/pkg/controller" - - device "github.com/upbound/provider-gcp/internal/controller/cloudiot/device" - registry "github.com/upbound/provider-gcp/internal/controller/cloudiot/registry" -) - -// Setup_cloudiot creates all controllers with the supplied logger and adds them to -// the supplied manager. -func Setup_cloudiot(mgr ctrl.Manager, o controller.Options) error { - for _, setup := range []func(ctrl.Manager, controller.Options) error{ - device.Setup, - registry.Setup, - } { - if err := setup(mgr, o); err != nil { - return err - } - } - return nil -} diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 225ad83f5..2c58d5c5d 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -75,8 +75,6 @@ import ( function "github.com/upbound/provider-gcp/internal/controller/cloudfunctions/function" functioniammember "github.com/upbound/provider-gcp/internal/controller/cloudfunctions/functioniammember" functioncloudfunctions2 "github.com/upbound/provider-gcp/internal/controller/cloudfunctions2/function" - device "github.com/upbound/provider-gcp/internal/controller/cloudiot/device" - registry "github.com/upbound/provider-gcp/internal/controller/cloudiot/registry" folder "github.com/upbound/provider-gcp/internal/controller/cloudplatform/folder" folderiammember "github.com/upbound/provider-gcp/internal/controller/cloudplatform/folderiammember" organizationiamauditconfig "github.com/upbound/provider-gcp/internal/controller/cloudplatform/organizationiamauditconfig" @@ -195,7 +193,7 @@ import ( vpntunnel "github.com/upbound/provider-gcp/internal/controller/compute/vpntunnel" clustercontainer "github.com/upbound/provider-gcp/internal/controller/container/cluster" nodepool "github.com/upbound/provider-gcp/internal/controller/container/nodepool" - registrycontainer "github.com/upbound/provider-gcp/internal/controller/container/registry" + registry "github.com/upbound/provider-gcp/internal/controller/container/registry" note "github.com/upbound/provider-gcp/internal/controller/containeranalysis/note" clustercontaineraws "github.com/upbound/provider-gcp/internal/controller/containeraws/cluster" nodepoolcontaineraws "github.com/upbound/provider-gcp/internal/controller/containeraws/nodepool" @@ -426,8 +424,6 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { function.Setup, functioniammember.Setup, functioncloudfunctions2.Setup, - device.Setup, - registry.Setup, folder.Setup, folderiammember.Setup, organizationiamauditconfig.Setup, @@ -546,7 +542,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { vpntunnel.Setup, clustercontainer.Setup, nodepool.Setup, - registrycontainer.Setup, + registry.Setup, note.Setup, clustercontaineraws.Setup, nodepoolcontaineraws.Setup, diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_accesslevelconditions.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_accesslevelconditions.yaml index e1ba6a2bb..8569fd151 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_accesslevelconditions.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_accesslevelconditions.yaml @@ -263,6 +263,34 @@ spec: items: type: string type: array + vpcNetworkSources: + description: |- + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + items: + properties: + vpcSubnetwork: + description: |- + Sub networks within a VPC network. + Structure is documented below. + items: + properties: + network: + description: Required. Network name to be allowed + by this Access Level. Networks of foreign organizations + requires compute.network.get permission to be granted + to caller. + type: string + vpcIpSubnetworks: + description: CIDR block IP subnetwork specification. + Must be IPv4. + items: + type: string + type: array + type: object + type: array + type: object + type: array type: object initProvider: description: |- @@ -466,6 +494,34 @@ spec: items: type: string type: array + vpcNetworkSources: + description: |- + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + items: + properties: + vpcSubnetwork: + description: |- + Sub networks within a VPC network. + Structure is documented below. + items: + properties: + network: + description: Required. Network name to be allowed + by this Access Level. Networks of foreign organizations + requires compute.network.get permission to be granted + to caller. + type: string + vpcIpSubnetworks: + description: CIDR block IP subnetwork specification. + Must be IPv4. + items: + type: string + type: array + type: object + type: array + type: object + type: array type: object managementPolicies: default: @@ -756,6 +812,34 @@ spec: items: type: string type: array + vpcNetworkSources: + description: |- + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + items: + properties: + vpcSubnetwork: + description: |- + Sub networks within a VPC network. + Structure is documented below. + items: + properties: + network: + description: Required. Network name to be allowed + by this Access Level. Networks of foreign organizations + requires compute.network.get permission to be granted + to caller. + type: string + vpcIpSubnetworks: + description: CIDR block IP subnetwork specification. + Must be IPv4. + items: + type: string + type: array + type: object + type: array + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml index 279496f9e..fdf13deb0 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml @@ -212,6 +212,34 @@ spec: items: type: string type: array + vpcNetworkSources: + description: |- + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + items: + properties: + vpcSubnetwork: + description: |- + Sub networks within a VPC network. + Structure is documented below. + items: + properties: + network: + description: Required. Network name to + be allowed by this Access Level. Networks + of foreign organizations requires compute.network.get + permission to be granted to caller. + type: string + vpcIpSubnetworks: + description: CIDR block IP subnetwork + specification. Must be IPv4. + items: + type: string + type: array + type: object + type: array + type: object + type: array type: object type: array type: object @@ -421,6 +449,34 @@ spec: items: type: string type: array + vpcNetworkSources: + description: |- + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + items: + properties: + vpcSubnetwork: + description: |- + Sub networks within a VPC network. + Structure is documented below. + items: + properties: + network: + description: Required. Network name to + be allowed by this Access Level. Networks + of foreign organizations requires compute.network.get + permission to be granted to caller. + type: string + vpcIpSubnetworks: + description: CIDR block IP subnetwork + specification. Must be IPv4. + items: + type: string + type: array + type: object + type: array + type: object + type: array type: object type: array type: object @@ -802,6 +858,34 @@ spec: items: type: string type: array + vpcNetworkSources: + description: |- + The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. + Structure is documented below. + items: + properties: + vpcSubnetwork: + description: |- + Sub networks within a VPC network. + Structure is documented below. + items: + properties: + network: + description: Required. Network name to + be allowed by this Access Level. Networks + of foreign organizations requires compute.network.get + permission to be granted to caller. + type: string + vpcIpSubnetworks: + description: CIDR block IP subnetwork + specification. Must be IPv4. + items: + type: string + type: array + type: object + type: array + type: object + type: array type: object type: array type: object diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml index 1267d2025..4cfc3c1a4 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml @@ -132,6 +132,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set accessLevelsRefs: description: References to AccessLevel to populate accessLevels. items: @@ -233,6 +234,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -240,6 +242,30 @@ spec: allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. type: string + sourceRestriction: + description: |- + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + type: string + sources: + description: |- + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + items: + properties: + accessLevel: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + type: string + type: object + type: array type: object type: array egressTo: @@ -257,6 +283,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set operations: description: |- A list of ApiOperations the sources specified in corresponding IngressFrom @@ -302,6 +329,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -330,6 +358,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -419,6 +448,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -431,6 +461,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set restrictedServices: description: |- GCP services that are subject to the Service Perimeter @@ -441,6 +472,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set vpcAccessibleServices: description: |- Specifies how APIs are allowed to communicate within the Service @@ -455,6 +487,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set enableRestriction: description: |- Whether to restrict API calls within the Service Perimeter to the @@ -486,6 +519,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set accessLevelsRefs: description: References to AccessLevel to populate accessLevels. items: @@ -587,6 +621,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -594,6 +629,30 @@ spec: allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. type: string + sourceRestriction: + description: |- + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + type: string + sources: + description: |- + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + items: + properties: + accessLevel: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + type: string + type: object + type: array type: object type: array egressTo: @@ -611,6 +670,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set operations: description: |- A list of ApiOperations the sources specified in corresponding IngressFrom @@ -656,6 +716,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -684,6 +745,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -852,6 +914,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -864,6 +927,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set restrictedServices: description: |- GCP services that are subject to the Service Perimeter @@ -986,6 +1050,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set accessLevelsRefs: description: References to AccessLevel to populate accessLevels. items: @@ -1087,6 +1152,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -1094,6 +1160,30 @@ spec: allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. type: string + sourceRestriction: + description: |- + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + type: string + sources: + description: |- + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + items: + properties: + accessLevel: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + type: string + type: object + type: array type: object type: array egressTo: @@ -1111,6 +1201,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set operations: description: |- A list of ApiOperations the sources specified in corresponding IngressFrom @@ -1156,6 +1247,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -1184,6 +1276,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -1273,6 +1366,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -1285,6 +1379,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set restrictedServices: description: |- GCP services that are subject to the Service Perimeter @@ -1295,6 +1390,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set vpcAccessibleServices: description: |- Specifies how APIs are allowed to communicate within the Service @@ -1309,6 +1405,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set enableRestriction: description: |- Whether to restrict API calls within the Service Perimeter to the @@ -1340,6 +1437,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set accessLevelsRefs: description: References to AccessLevel to populate accessLevels. items: @@ -1441,6 +1539,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -1448,6 +1547,30 @@ spec: allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. type: string + sourceRestriction: + description: |- + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + type: string + sources: + description: |- + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + items: + properties: + accessLevel: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + type: string + type: object + type: array type: object type: array egressTo: @@ -1465,6 +1588,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set operations: description: |- A list of ApiOperations the sources specified in corresponding IngressFrom @@ -1510,6 +1634,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -1538,6 +1663,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -1706,6 +1832,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -1718,6 +1845,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set restrictedServices: description: |- GCP services that are subject to the Service Perimeter @@ -2018,6 +2146,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set egressPolicies: description: |- List of EgressPolicies to apply to the perimeter. A perimeter may @@ -2041,6 +2170,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -2048,6 +2178,30 @@ spec: allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. type: string + sourceRestriction: + description: |- + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + type: string + sources: + description: |- + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + items: + properties: + accessLevel: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + type: string + type: object + type: array type: object type: array egressTo: @@ -2065,6 +2219,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set operations: description: |- A list of ApiOperations the sources specified in corresponding IngressFrom @@ -2110,6 +2265,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -2138,6 +2294,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -2227,6 +2384,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -2239,6 +2397,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set restrictedServices: description: |- GCP services that are subject to the Service Perimeter @@ -2249,6 +2408,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set vpcAccessibleServices: description: |- Specifies how APIs are allowed to communicate within the Service @@ -2263,6 +2423,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set enableRestriction: description: |- Whether to restrict API calls within the Service Perimeter to the @@ -2294,6 +2455,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set egressPolicies: description: |- List of EgressPolicies to apply to the perimeter. A perimeter may @@ -2317,6 +2479,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -2324,6 +2487,30 @@ spec: allowed access. Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. type: string + sourceRestriction: + description: |- + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + type: string + sources: + description: |- + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + items: + properties: + accessLevel: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + type: string + type: object + type: array type: object type: array egressTo: @@ -2341,6 +2528,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set operations: description: |- A list of ApiOperations the sources specified in corresponding IngressFrom @@ -2386,6 +2574,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -2414,6 +2603,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identityType: description: |- Specifies the type of identities that are allowed access from outside the @@ -2503,6 +2693,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -2515,6 +2706,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set restrictedServices: description: |- GCP services that are subject to the Service Perimeter diff --git a/package/crds/activedirectory.gcp.upbound.io_domains.yaml b/package/crds/activedirectory.gcp.upbound.io_domains.yaml index 61e7e5381..c3f419257 100644 --- a/package/crds/activedirectory.gcp.upbound.io_domains.yaml +++ b/package/crds/activedirectory.gcp.upbound.io_domains.yaml @@ -94,7 +94,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels that can contain user-provided metadata + description: |- + Resource labels that can contain user-provided metadata + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular locations: @@ -149,7 +152,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels that can contain user-provided metadata + description: |- + Resource labels that can contain user-provided metadata + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular locations: @@ -373,6 +379,11 @@ spec: The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular fqdn: description: |- The fully-qualified domain name of the exposed domain used by clients to connect to the service. @@ -384,7 +395,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels that can contain user-provided metadata + description: |- + Resource labels that can contain user-provided metadata + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular locations: @@ -408,6 +422,14 @@ spec: The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger. Ranges must be unique and non-overlapping with existing subnets in authorizedNetworks type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/alloydb.gcp.upbound.io_backups.yaml b/package/crds/alloydb.gcp.upbound.io_backups.yaml index 8cb35ecef..e12c4900b 100644 --- a/package/crds/alloydb.gcp.upbound.io_backups.yaml +++ b/package/crds/alloydb.gcp.upbound.io_backups.yaml @@ -72,6 +72,14 @@ spec: type: string forProvider: properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular clusterName: description: The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). @@ -153,6 +161,10 @@ spec: description: description: User-provided description of the backup. type: string + displayName: + description: User-settable and human-readable display name for + the Backup. + type: string encryptionConfig: description: |- EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). @@ -169,7 +181,9 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb backup. + description: 'User-defined labels for the alloydb backup. An object + containing a list of "key": value pairs. Example: { "name": + "wrench", "mass": "1.3kg", "count": "3" }.' type: object x-kubernetes-map-type: granular location: @@ -180,6 +194,11 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + type: + description: |- + The backup type, which suggests the trigger for the backup. + Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. + type: string required: - location type: object @@ -196,6 +215,14 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular clusterName: description: The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). @@ -277,6 +304,10 @@ spec: description: description: User-provided description of the backup. type: string + displayName: + description: User-settable and human-readable display name for + the Backup. + type: string encryptionConfig: description: |- EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). @@ -293,7 +324,9 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb backup. + description: 'User-defined labels for the alloydb backup. An object + containing a list of "key": value pairs. Example: { "name": + "wrench", "mass": "1.3kg", "count": "3" }.' type: object x-kubernetes-map-type: granular project: @@ -301,6 +334,11 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + type: + description: |- + The backup type, which suggests the trigger for the backup. + Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. + type: string type: object managementPolicies: default: @@ -474,16 +512,51 @@ spec: properties: atProvider: properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular clusterName: description: The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). type: string + clusterUid: + description: Output only. The system-generated UID of the cluster + which was used to create this resource. + type: string createTime: - description: Time the Backup was created in UTC. + description: |- + Output only. Create time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + deleteTime: + description: |- + Output only. Delete time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string description: description: User-provided description of the backup. type: string + displayName: + description: User-settable and human-readable display name for + the Backup. + type: string + effectiveAnnotations: + additionalProperties: + type: string + description: for all of the annotations present on the resource. + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular encryptionConfig: description: |- EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). @@ -518,7 +591,31 @@ spec: type: object type: array etag: - description: A hash of the resource. + description: For Resource freshness validation (https://google.aip.dev/154) + type: string + expiryQuantity: + description: |- + Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy. + Once the expiry quantity is over retention, the backup is eligible to be garbage collected. + Structure is documented below. + items: + properties: + retentionCount: + description: |- + (Output) + Output only. The backup's position among its backups with the same source cluster and type, by descending chronological order create time (i.e. newest first). + type: number + totalRetentionCount: + description: |- + (Output) + Output only. The length of the quantity-based queue, specified by the backup's retention policy. + type: number + type: object + type: array + expiryTime: + description: |- + Output only. The time at which after the backup is eligible to be garbage collected. + It is the duration specified by the backup's retention policy, added to the backup's createTime. type: string id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{backup_id}} @@ -526,7 +623,9 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb backup. + description: 'User-defined labels for the alloydb backup. An object + containing a list of "key": value pairs. Example: { "name": + "wrench", "mass": "1.3kg", "count": "3" }.' type: object x-kubernetes-map-type: granular location: @@ -542,12 +641,28 @@ spec: If it is not provided, the provider project is used. type: string reconciling: - description: If true, indicates that the service is actively updating - the resource. This can happen due to user-triggered updates - or system actions like failover or maintenance. + description: |- + Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource. + This can happen due to user-triggered updates or system actions like failover or maintenance. type: boolean + sizeBytes: + description: Output only. The size of the backup in bytes. + type: string state: - description: The current state of the backup. + description: Output only. The current state of the backup. + type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular + type: + description: |- + The backup type, which suggests the trigger for the backup. + Possible values are: TYPE_UNSPECIFIED, ON_DEMAND, AUTOMATED, CONTINUOUS. type: string uid: description: Output only. The system-generated UID of the resource. @@ -555,7 +670,9 @@ spec: retained until it is deleted. type: string updateTime: - description: Time the Backup was updated in UTC. + description: |- + Output only. Update time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object conditions: diff --git a/package/crds/alloydb.gcp.upbound.io_clusters.yaml b/package/crds/alloydb.gcp.upbound.io_clusters.yaml index 5e0bff3e5..630a2ff9c 100644 --- a/package/crds/alloydb.gcp.upbound.io_clusters.yaml +++ b/package/crds/alloydb.gcp.upbound.io_clusters.yaml @@ -73,6 +73,14 @@ spec: type: string forProvider: properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular automatedBackupPolicy: description: |- The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. @@ -180,6 +188,12 @@ spec: type: array type: object type: array + clusterType: + description: |- + The type of cluster. If not set, defaults to PRIMARY. + Default value is PRIMARY. + Possible values are: PRIMARY, SECONDARY. + type: string continuousBackupConfig: description: |- The continuous backup config for this cluster. @@ -211,6 +225,17 @@ spec: type: number type: object type: array + databaseVersion: + description: The database engine major version. This is an optional + field and it's populated at the Cluster creation time. This + field cannot be changed after cluster creation. + type: string + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string displayName: description: User-settable and human-readable display name for the Cluster. @@ -228,6 +253,9 @@ spec: type: string type: object type: array + etag: + description: For Resource freshness validation (https://google.aip.dev/154) + type: string initialUser: description: |- Initial user to setup during cluster creation. @@ -263,7 +291,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb cluster. + description: |- + User-defined labels for the alloydb cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -274,6 +305,24 @@ spec: The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". type: string + networkConfig: + description: |- + Metadata related to network configuration. + Structure is documented below. + items: + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + network: + description: |- + The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + type: string + type: object + type: array networkRef: description: Reference to a Network in compute to populate network. properties: @@ -353,6 +402,275 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + restoreBackupSource: + description: |- + The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + Structure is documented below. + items: + properties: + backupName: + description: The name of the backup that this cluster is + restored from. + type: string + backupNameRef: + description: Reference to a Backup in alloydb to populate + backupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + backupNameSelector: + description: Selector for a Backup in alloydb to populate + backupName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + restoreContinuousBackupSource: + description: |- + The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + Structure is documented below. + items: + properties: + cluster: + description: The name of the source cluster that this cluster + is restored from. + type: string + clusterRef: + description: Reference to a Cluster in alloydb to populate + cluster. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterSelector: + description: Selector for a Cluster in alloydb to populate + cluster. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + pointInTime: + description: The point in time that this cluster is restored + to, in RFC 3339 format. + type: string + type: object + type: array + secondaryConfig: + description: |- + Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + Structure is documented below. + items: + properties: + primaryClusterName: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + type: string + primaryClusterNameRef: + description: Reference to a Cluster in alloydb to populate + primaryClusterName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + primaryClusterNameSelector: + description: Selector for a Cluster in alloydb to populate + primaryClusterName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array required: - location type: object @@ -369,6 +687,14 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular automatedBackupPolicy: description: |- The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. @@ -471,6 +797,12 @@ spec: type: array type: object type: array + clusterType: + description: |- + The type of cluster. If not set, defaults to PRIMARY. + Default value is PRIMARY. + Possible values are: PRIMARY, SECONDARY. + type: string continuousBackupConfig: description: |- The continuous backup config for this cluster. @@ -502,6 +834,17 @@ spec: type: number type: object type: array + databaseVersion: + description: The database engine major version. This is an optional + field and it's populated at the Cluster creation time. This + field cannot be changed after cluster creation. + type: string + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string displayName: description: User-settable and human-readable display name for the Cluster. @@ -519,6 +862,9 @@ spec: type: string type: object type: array + etag: + description: For Resource freshness validation (https://google.aip.dev/154) + type: string initialUser: description: |- Initial user to setup during cluster creation. @@ -533,7 +879,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb cluster. + description: |- + User-defined labels for the alloydb cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular network: @@ -541,6 +890,24 @@ spec: The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". type: string + networkConfig: + description: |- + Metadata related to network configuration. + Structure is documented below. + items: + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + network: + description: |- + The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + type: string + type: object + type: array networkRef: description: Reference to a Network in compute to populate network. properties: @@ -620,6 +987,275 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + restoreBackupSource: + description: |- + The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + Structure is documented below. + items: + properties: + backupName: + description: The name of the backup that this cluster is + restored from. + type: string + backupNameRef: + description: Reference to a Backup in alloydb to populate + backupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + backupNameSelector: + description: Selector for a Backup in alloydb to populate + backupName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + restoreContinuousBackupSource: + description: |- + The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + Structure is documented below. + items: + properties: + cluster: + description: The name of the source cluster that this cluster + is restored from. + type: string + clusterRef: + description: Reference to a Cluster in alloydb to populate + cluster. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterSelector: + description: Selector for a Cluster in alloydb to populate + cluster. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + pointInTime: + description: The point in time that this cluster is restored + to, in RFC 3339 format. + type: string + type: object + type: array + secondaryConfig: + description: |- + Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + Structure is documented below. + items: + properties: + primaryClusterName: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + type: string + primaryClusterNameRef: + description: Reference to a Cluster in alloydb to populate + primaryClusterName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + primaryClusterNameSelector: + description: Selector for a Cluster in alloydb to populate + primaryClusterName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array type: object managementPolicies: default: @@ -793,6 +1429,14 @@ spec: properties: atProvider: properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular automatedBackupPolicy: description: |- The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. @@ -911,6 +1555,12 @@ spec: type: string type: object type: array + clusterType: + description: |- + The type of cluster. If not set, defaults to PRIMARY. + Default value is PRIMARY. + Possible values are: PRIMARY, SECONDARY. + type: string continuousBackupConfig: description: |- The continuous backup config for this cluster. @@ -989,14 +1639,31 @@ spec: type: object type: array databaseVersion: - description: The database engine major version. This is an output-only + description: The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. type: string + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string displayName: description: User-settable and human-readable display name for the Cluster. type: string + effectiveAnnotations: + additionalProperties: + type: string + description: for all of the annotations present on the resource. + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular encryptionConfig: description: |- EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). @@ -1030,6 +1697,9 @@ spec: type: array type: object type: array + etag: + description: For Resource freshness validation (https://google.aip.dev/154) + type: string id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}} type: string @@ -1047,7 +1717,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb cluster. + description: |- + User-defined labels for the alloydb cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -1080,11 +1753,87 @@ spec: The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". type: string + networkConfig: + description: |- + Metadata related to network configuration. + Structure is documented below. + items: + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + network: + description: |- + The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + type: string + type: object + type: array project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + reconciling: + description: |- + Output only. Reconciling (https://google.aip.dev/128#reconciliation). + Set to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them. + This can happen due to user-triggered updates or system actions like failover or maintenance. + type: boolean + restoreBackupSource: + description: |- + The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + Structure is documented below. + items: + properties: + backupName: + description: The name of the backup that this cluster is + restored from. + type: string + type: object + type: array + restoreContinuousBackupSource: + description: |- + The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + Structure is documented below. + items: + properties: + cluster: + description: The name of the source cluster that this cluster + is restored from. + type: string + pointInTime: + description: The point in time that this cluster is restored + to, in RFC 3339 format. + type: string + type: object + type: array + secondaryConfig: + description: |- + Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + Structure is documented below. + items: + properties: + primaryClusterName: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + type: string + type: object + type: array + state: + description: Output only. The current serving state of the cluster. + type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: The system-generated UID of the resource. type: string diff --git a/package/crds/alloydb.gcp.upbound.io_instances.yaml b/package/crds/alloydb.gcp.upbound.io_instances.yaml index d0c26cee5..497e686d5 100644 --- a/package/crds/alloydb.gcp.upbound.io_instances.yaml +++ b/package/crds/alloydb.gcp.upbound.io_instances.yaml @@ -76,8 +76,10 @@ spec: annotations: additionalProperties: type: string - description: Annotations to allow client tools to store small - amount of arbitrary data. This is distinct from labels. + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. type: object x-kubernetes-map-type: granular availabilityType: @@ -90,6 +92,31 @@ spec: can have regional availability (nodes are present in 2 or more zones in a region).' Possible values are: AVAILABILITY_TYPE_UNSPECIFIED, ZONAL, REGIONAL. type: string + clientConnectionConfig: + description: |- + Client connection specific configurations. + Structure is documented below. + items: + properties: + requireConnectors: + description: 'Configuration to enforce connectors only (ex: + AuthProxy) connections to the database.' + type: boolean + sslConfig: + description: |- + SSL config option for this instance. + Structure is documented below. + items: + properties: + sslMode: + description: |- + SSL mode. Specifies client-server SSL/TLS connection behavior. + Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. + type: string + type: object + type: array + type: object + type: array cluster: description: |- Identifies the alloydb cluster. Must be in the format @@ -193,13 +220,94 @@ spec: type: string instanceType: description: |- - The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - Possible values are: PRIMARY, READ_POOL. + The type of the instance. + If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + Example: {instance_type = google_alloydb_cluster.. + Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + Possible values are: PRIMARY, READ_POOL, SECONDARY. type: string + instanceTypeRef: + description: Reference to a Cluster in alloydb to populate instanceType. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + instanceTypeSelector: + description: Selector for a Cluster in alloydb to populate instanceType. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object labels: additionalProperties: type: string - description: User-defined labels for the alloydb instance. + description: |- + User-defined labels for the alloydb instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular machineConfig: @@ -213,9 +321,36 @@ spec: type: number type: object type: array + queryInsightsConfig: + description: |- + Configuration for query insights. + Structure is documented below. + items: + properties: + queryPlansPerMinute: + description: Number of query execution plans captured by + Insights per minute for all queries combined. The default + value is 5. Any integer between 0 and 20 is considered + valid. + type: number + queryStringLength: + description: Query string length. The default value is 1024. + Any integer between 256 and 4500 is considered valid. + type: number + recordApplicationTags: + description: Record application tags for an instance. This + flag is turned "on" by default. + type: boolean + recordClientAddress: + description: Record client address for an instance. Client + address is PII information. This flag is turned "on" by + default. + type: boolean + type: object + type: array readPoolConfig: description: |- - Read pool specific config. + Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. Structure is documented below. items: properties: @@ -242,8 +377,10 @@ spec: annotations: additionalProperties: type: string - description: Annotations to allow client tools to store small - amount of arbitrary data. This is distinct from labels. + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. type: object x-kubernetes-map-type: granular availabilityType: @@ -256,6 +393,31 @@ spec: can have regional availability (nodes are present in 2 or more zones in a region).' Possible values are: AVAILABILITY_TYPE_UNSPECIFIED, ZONAL, REGIONAL. type: string + clientConnectionConfig: + description: |- + Client connection specific configurations. + Structure is documented below. + items: + properties: + requireConnectors: + description: 'Configuration to enforce connectors only (ex: + AuthProxy) connections to the database.' + type: boolean + sslConfig: + description: |- + SSL config option for this instance. + Structure is documented below. + items: + properties: + sslMode: + description: |- + SSL mode. Specifies client-server SSL/TLS connection behavior. + Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. + type: string + type: object + type: array + type: object + type: array databaseFlags: additionalProperties: type: string @@ -280,13 +442,94 @@ spec: type: string instanceType: description: |- - The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - Possible values are: PRIMARY, READ_POOL. + The type of the instance. + If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + Example: {instance_type = google_alloydb_cluster.. + Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + Possible values are: PRIMARY, READ_POOL, SECONDARY. type: string + instanceTypeRef: + description: Reference to a Cluster in alloydb to populate instanceType. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + instanceTypeSelector: + description: Selector for a Cluster in alloydb to populate instanceType. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object labels: additionalProperties: type: string - description: User-defined labels for the alloydb instance. + description: |- + User-defined labels for the alloydb instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular machineConfig: @@ -300,9 +543,36 @@ spec: type: number type: object type: array + queryInsightsConfig: + description: |- + Configuration for query insights. + Structure is documented below. + items: + properties: + queryPlansPerMinute: + description: Number of query execution plans captured by + Insights per minute for all queries combined. The default + value is 5. Any integer between 0 and 20 is considered + valid. + type: number + queryStringLength: + description: Query string length. The default value is 1024. + Any integer between 256 and 4500 is considered valid. + type: number + recordApplicationTags: + description: Record application tags for an instance. This + flag is turned "on" by default. + type: boolean + recordClientAddress: + description: Record client address for an instance. Client + address is PII information. This flag is turned "on" by + default. + type: boolean + type: object + type: array readPoolConfig: description: |- - Read pool specific config. + Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. Structure is documented below. items: properties: @@ -480,11 +750,6 @@ spec: required: - forProvider type: object - x-kubernetes-validations: - - message: spec.forProvider.instanceType is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.instanceType) - || (has(self.initProvider) && has(self.initProvider.instanceType))' status: description: InstanceStatus defines the observed state of Instance. properties: @@ -493,8 +758,10 @@ spec: annotations: additionalProperties: type: string - description: Annotations to allow client tools to store small - amount of arbitrary data. This is distinct from labels. + description: |- + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. type: object x-kubernetes-map-type: granular availabilityType: @@ -507,6 +774,31 @@ spec: can have regional availability (nodes are present in 2 or more zones in a region).' Possible values are: AVAILABILITY_TYPE_UNSPECIFIED, ZONAL, REGIONAL. type: string + clientConnectionConfig: + description: |- + Client connection specific configurations. + Structure is documented below. + items: + properties: + requireConnectors: + description: 'Configuration to enforce connectors only (ex: + AuthProxy) connections to the database.' + type: boolean + sslConfig: + description: |- + SSL config option for this instance. + Structure is documented below. + items: + properties: + sslMode: + description: |- + SSL mode. Specifies client-server SSL/TLS connection behavior. + Possible values are: ENCRYPTED_ONLY, ALLOW_UNENCRYPTED_AND_ENCRYPTED. + type: string + type: object + type: array + type: object + type: array cluster: description: |- Identifies the alloydb cluster. Must be in the format @@ -529,6 +821,16 @@ spec: description: User-settable and human-readable display name for the Instance. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular gceZone: description: The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones @@ -542,8 +844,12 @@ spec: type: string instanceType: description: |- - The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the depends_on meta-data attribute. - Possible values are: PRIMARY, READ_POOL. + The type of the instance. + If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the depends_on meta-data attribute. + If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + Example: {instance_type = google_alloydb_cluster.. + Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + Possible values are: PRIMARY, READ_POOL, SECONDARY. type: string ipAddress: description: The IP address for the Instance. This is the connection @@ -552,7 +858,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the alloydb instance. + description: |- + User-defined labels for the alloydb instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular machineConfig: @@ -569,9 +878,36 @@ spec: name: description: The name of the instance resource. type: string + queryInsightsConfig: + description: |- + Configuration for query insights. + Structure is documented below. + items: + properties: + queryPlansPerMinute: + description: Number of query execution plans captured by + Insights per minute for all queries combined. The default + value is 5. Any integer between 0 and 20 is considered + valid. + type: number + queryStringLength: + description: Query string length. The default value is 1024. + Any integer between 256 and 4500 is considered valid. + type: number + recordApplicationTags: + description: Record application tags for an instance. This + flag is turned "on" by default. + type: boolean + recordClientAddress: + description: Record client address for an instance. Client + address is PII information. This flag is turned "on" by + default. + type: boolean + type: object + type: array readPoolConfig: description: |- - Read pool specific config. + Read pool specific config. If the instance type is READ_POOL, this configuration must be provided. Structure is documented below. items: properties: @@ -591,6 +927,14 @@ spec: state: description: The current state of the alloydb instance. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: The system-generated UID of the resource. type: string diff --git a/package/crds/apigee.gcp.upbound.io_environments.yaml b/package/crds/apigee.gcp.upbound.io_environments.yaml index 1dd416257..a76654318 100644 --- a/package/crds/apigee.gcp.upbound.io_environments.yaml +++ b/package/crds/apigee.gcp.upbound.io_environments.yaml @@ -196,6 +196,14 @@ spec: type: string type: object type: object + type: + description: |- + Types that can be selected for an Environment. Each of the types are + limited by capability and capacity. Refer to Apigee's public documentation + to understand about each of these types in details. + An Apigee org can support heterogeneous Environments. + Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. + type: string type: object initProvider: description: |- @@ -253,6 +261,14 @@ spec: type: string type: object type: array + type: + description: |- + Types that can be selected for an Environment. Each of the types are + limited by capability and capacity. Refer to Apigee's public documentation + to understand about each of these types in details. + An Apigee org can support heterogeneous Environments. + Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. + type: string type: object managementPolicies: default: @@ -483,6 +499,14 @@ spec: The Apigee Organization associated with the Apigee environment, in the format organizations/{{org_name}}. type: string + type: + description: |- + Types that can be selected for an Environment. Each of the types are + limited by capability and capacity. Refer to Apigee's public documentation + to understand about each of these types in details. + An Apigee org can support heterogeneous Environments. + Possible values are: ENVIRONMENT_TYPE_UNSPECIFIED, BASE, INTERMEDIATE, COMPREHENSIVE. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml b/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml index bde693d5d..34be10feb 100644 --- a/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml +++ b/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml @@ -73,6 +73,87 @@ spec: type: string forProvider: properties: + cleanupPolicies: + description: |- + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + Structure is documented below. + items: + properties: + action: + description: |- + Policy action. + Possible values are: DELETE, KEEP. + type: string + condition: + description: |- + Policy condition for matching versions. + Structure is documented below. + items: + properties: + newerThan: + description: Match versions newer than a duration. + type: string + olderThan: + description: Match versions older than a duration. + type: string + packageNamePrefixes: + description: Match versions by package prefix. Applied + on any prefix match. + items: + type: string + type: array + tagPrefixes: + description: Match versions by tag prefix. Applied + on any prefix match. + items: + type: string + type: array + tagState: + description: |- + Match versions by tag status. + Default value is ANY. + Possible values are: TAGGED, UNTAGGED, ANY. + type: string + versionNamePrefixes: + description: Match versions by version name prefix. + Applied on any prefix match. + items: + type: string + type: array + type: object + type: array + id: + description: The identifier for this object. Format specified + above. + type: string + mostRecentVersions: + description: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + Structure is documented below. + items: + properties: + keepCount: + description: Minimum number of versions to keep. + type: number + packageNamePrefixes: + description: Match versions by package prefix. Applied + on any prefix match. + items: + type: string + type: array + type: object + type: array + type: object + type: array + cleanupPolicyDryRun: + description: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + type: boolean description: description: The user-provided description of the repository. type: string @@ -156,6 +237,31 @@ spec: Structure is documented below. items: properties: + aptRepository: + description: |- + Specific settings for an Apt remote repository. + Structure is documented below. + items: + properties: + publicRepository: + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + items: + properties: + repositoryBase: + description: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + type: string + repositoryPath: + description: Specific repository from the base, + e.g. "centos/8-stream/BaseOS/x86_64/os" + type: string + type: object + type: array + type: object + type: array description: description: The description of the remote source. type: string @@ -167,9 +273,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -181,9 +286,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -195,9 +299,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -209,12 +312,138 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array + upstreamCredentials: + description: |- + The credentials used to access the remote repository. + Structure is documented below. + items: + properties: + usernamePasswordCredentials: + description: |- + Use username and password to access the remote repository. + Structure is documented below. + items: + properties: + passwordSecretVersion: + description: |- + The Secret Manager key version that holds the password to access the + remote repository. Must be in the format of + projects/{project}/secrets/{secret}/versions/{version}. + type: string + passwordSecretVersionRef: + description: Reference to a SecretVersion in + secretmanager to populate passwordSecretVersion. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + passwordSecretVersionSelector: + description: Selector for a SecretVersion in + secretmanager to populate passwordSecretVersion. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object + with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + username: + description: The username to access the remote + repository. + type: string + type: object + type: array + type: object + type: array + yumRepository: + description: |- + Specific settings for an Yum remote repository. + Structure is documented below. + items: + properties: + publicRepository: + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + items: + properties: + repositoryBase: + description: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + type: string + repositoryPath: + description: Specific repository from the base, + e.g. "centos/8-stream/BaseOS/x86_64/os" + type: string + type: object + type: array + type: object + type: array type: object type: array virtualRepositoryConfig: @@ -337,6 +566,87 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + cleanupPolicies: + description: |- + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + Structure is documented below. + items: + properties: + action: + description: |- + Policy action. + Possible values are: DELETE, KEEP. + type: string + condition: + description: |- + Policy condition for matching versions. + Structure is documented below. + items: + properties: + newerThan: + description: Match versions newer than a duration. + type: string + olderThan: + description: Match versions older than a duration. + type: string + packageNamePrefixes: + description: Match versions by package prefix. Applied + on any prefix match. + items: + type: string + type: array + tagPrefixes: + description: Match versions by tag prefix. Applied + on any prefix match. + items: + type: string + type: array + tagState: + description: |- + Match versions by tag status. + Default value is ANY. + Possible values are: TAGGED, UNTAGGED, ANY. + type: string + versionNamePrefixes: + description: Match versions by version name prefix. + Applied on any prefix match. + items: + type: string + type: array + type: object + type: array + id: + description: The identifier for this object. Format specified + above. + type: string + mostRecentVersions: + description: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + Structure is documented below. + items: + properties: + keepCount: + description: Minimum number of versions to keep. + type: number + packageNamePrefixes: + description: Match versions by package prefix. Applied + on any prefix match. + items: + type: string + type: array + type: object + type: array + type: object + type: array + cleanupPolicyDryRun: + description: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + type: boolean description: description: The user-provided description of the repository. type: string @@ -416,6 +726,31 @@ spec: Structure is documented below. items: properties: + aptRepository: + description: |- + Specific settings for an Apt remote repository. + Structure is documented below. + items: + properties: + publicRepository: + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + items: + properties: + repositoryBase: + description: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + type: string + repositoryPath: + description: Specific repository from the base, + e.g. "centos/8-stream/BaseOS/x86_64/os" + type: string + type: object + type: array + type: object + type: array description: description: The description of the remote source. type: string @@ -427,9 +762,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -441,9 +775,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -455,9 +788,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -469,12 +801,138 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array + upstreamCredentials: + description: |- + The credentials used to access the remote repository. + Structure is documented below. + items: + properties: + usernamePasswordCredentials: + description: |- + Use username and password to access the remote repository. + Structure is documented below. + items: + properties: + passwordSecretVersion: + description: |- + The Secret Manager key version that holds the password to access the + remote repository. Must be in the format of + projects/{project}/secrets/{secret}/versions/{version}. + type: string + passwordSecretVersionRef: + description: Reference to a SecretVersion in + secretmanager to populate passwordSecretVersion. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + passwordSecretVersionSelector: + description: Selector for a SecretVersion in + secretmanager to populate passwordSecretVersion. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object + with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + username: + description: The username to access the remote + repository. + type: string + type: object + type: array + type: object + type: array + yumRepository: + description: |- + Specific settings for an Yum remote repository. + Structure is documented below. + items: + properties: + publicRepository: + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + items: + properties: + repositoryBase: + description: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + type: string + repositoryPath: + description: Specific repository from the base, + e.g. "centos/8-stream/BaseOS/x86_64/os" + type: string + type: object + type: array + type: object + type: array type: object type: array virtualRepositoryConfig: @@ -761,6 +1219,87 @@ spec: properties: atProvider: properties: + cleanupPolicies: + description: |- + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + Structure is documented below. + items: + properties: + action: + description: |- + Policy action. + Possible values are: DELETE, KEEP. + type: string + condition: + description: |- + Policy condition for matching versions. + Structure is documented below. + items: + properties: + newerThan: + description: Match versions newer than a duration. + type: string + olderThan: + description: Match versions older than a duration. + type: string + packageNamePrefixes: + description: Match versions by package prefix. Applied + on any prefix match. + items: + type: string + type: array + tagPrefixes: + description: Match versions by tag prefix. Applied + on any prefix match. + items: + type: string + type: array + tagState: + description: |- + Match versions by tag status. + Default value is ANY. + Possible values are: TAGGED, UNTAGGED, ANY. + type: string + versionNamePrefixes: + description: Match versions by version name prefix. + Applied on any prefix match. + items: + type: string + type: array + type: object + type: array + id: + description: The identifier for this object. Format specified + above. + type: string + mostRecentVersions: + description: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + Structure is documented below. + items: + properties: + keepCount: + description: Minimum number of versions to keep. + type: number + packageNamePrefixes: + description: Match versions by package prefix. Applied + on any prefix match. + items: + type: string + type: array + type: object + type: array + type: object + type: array + cleanupPolicyDryRun: + description: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + type: boolean createTime: description: The time when the repository was created. type: string @@ -780,6 +1319,12 @@ spec: type: boolean type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular format: description: |- The format of packages that are stored in the repository. Supported formats @@ -855,6 +1400,31 @@ spec: Structure is documented below. items: properties: + aptRepository: + description: |- + Specific settings for an Apt remote repository. + Structure is documented below. + items: + properties: + publicRepository: + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + items: + properties: + repositoryBase: + description: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + type: string + repositoryPath: + description: Specific repository from the base, + e.g. "centos/8-stream/BaseOS/x86_64/os" + type: string + type: object + type: array + type: object + type: array description: description: The description of the remote source. type: string @@ -866,9 +1436,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -880,9 +1449,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -894,9 +1462,8 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array @@ -908,14 +1475,72 @@ spec: properties: publicRepository: description: |- - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. type: string type: object type: array + upstreamCredentials: + description: |- + The credentials used to access the remote repository. + Structure is documented below. + items: + properties: + usernamePasswordCredentials: + description: |- + Use username and password to access the remote repository. + Structure is documented below. + items: + properties: + passwordSecretVersion: + description: |- + The Secret Manager key version that holds the password to access the + remote repository. Must be in the format of + projects/{project}/secrets/{secret}/versions/{version}. + type: string + username: + description: The username to access the remote + repository. + type: string + type: object + type: array + type: object + type: array + yumRepository: + description: |- + Specific settings for an Yum remote repository. + Structure is documented below. + items: + properties: + publicRepository: + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + items: + properties: + repositoryBase: + description: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + type: string + repositoryPath: + description: Specific repository from the base, + e.g. "centos/8-stream/BaseOS/x86_64/os" + type: string + type: object + type: array + type: object + type: array type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The time when the repository was last updated. type: string diff --git a/package/crds/beyondcorp.gcp.upbound.io_appconnections.yaml b/package/crds/beyondcorp.gcp.upbound.io_appconnections.yaml index b4e476fdc..2c5a5d006 100644 --- a/package/crds/beyondcorp.gcp.upbound.io_appconnections.yaml +++ b/package/crds/beyondcorp.gcp.upbound.io_appconnections.yaml @@ -578,6 +578,11 @@ spec: displayName: description: An arbitrary user-provided name for the AppConnection. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular gateway: description: |- Gateway used by the AppConnection. @@ -625,6 +630,14 @@ spec: region: description: The region of the AppConnection. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: |- The type of hosting used by the gateway. Refer to diff --git a/package/crds/beyondcorp.gcp.upbound.io_appconnectors.yaml b/package/crds/beyondcorp.gcp.upbound.io_appconnectors.yaml index e3c17ef0a..a0e7e27ba 100644 --- a/package/crds/beyondcorp.gcp.upbound.io_appconnectors.yaml +++ b/package/crds/beyondcorp.gcp.upbound.io_appconnectors.yaml @@ -492,6 +492,11 @@ spec: displayName: description: An arbitrary user-provided name for the AppConnector. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnectors/{{name}} type: string @@ -531,6 +536,14 @@ spec: state: description: Represents the different states of a AppConnector. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/beyondcorp.gcp.upbound.io_appgateways.yaml b/package/crds/beyondcorp.gcp.upbound.io_appgateways.yaml index cdf597a43..53abf2314 100644 --- a/package/crds/beyondcorp.gcp.upbound.io_appgateways.yaml +++ b/package/crds/beyondcorp.gcp.upbound.io_appgateways.yaml @@ -335,6 +335,12 @@ spec: displayName: description: An arbitrary user-provided name for the AppGateway. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular hostType: description: |- The type of hosting used by the AppGateway. @@ -361,6 +367,14 @@ spec: state: description: Represents the different states of a AppGateway. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: |- The type of network connectivity used by the AppGateway. diff --git a/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml b/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml index a393b6d4a..1dc7c0fc6 100644 --- a/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml +++ b/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml @@ -309,6 +309,21 @@ spec: description: Email or URL of the request access of the listing. Subscribers can use this reference to request access. type: string + restrictedExportConfig: + description: |- + If set, restricted export configuration will be propagated and enforced on the linked dataset. + Structure is documented below. + items: + properties: + enabled: + description: If true, enable restricted export. + type: boolean + restrictQueryResult: + description: If true, restrict export of query result derived + from restricted linked dataset table. + type: boolean + type: object + type: array required: - location type: object @@ -477,6 +492,21 @@ spec: description: Email or URL of the request access of the listing. Subscribers can use this reference to request access. type: string + restrictedExportConfig: + description: |- + If set, restricted export configuration will be propagated and enforced on the linked dataset. + Structure is documented below. + items: + properties: + enabled: + description: If true, enable restricted export. + type: boolean + restrictQueryResult: + description: If true, restrict export of query result derived + from restricted linked dataset table. + type: boolean + type: object + type: array type: object managementPolicies: default: @@ -749,6 +779,21 @@ spec: description: Email or URL of the request access of the listing. Subscribers can use this reference to request access. type: string + restrictedExportConfig: + description: |- + If set, restricted export configuration will be propagated and enforced on the linked dataset. + Structure is documented below. + items: + properties: + enabled: + description: If true, enable restricted export. + type: boolean + restrictQueryResult: + description: If true, restrict export of query result derived + from restricted linked dataset table. + type: boolean + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/bigquery.gcp.upbound.io_connections.yaml b/package/crds/bigquery.gcp.upbound.io_connections.yaml index 475baf5ec..bffe3d8ec 100644 --- a/package/crds/bigquery.gcp.upbound.io_connections.yaml +++ b/package/crds/bigquery.gcp.upbound.io_connections.yaml @@ -123,16 +123,38 @@ spec: items: properties: database: - description: Cloud Spanner database in the form `project/instance/database' + description: Cloud Spanner database in the form `project/instance/database'. type: string + databaseRole: + description: Cloud Spanner database role for fine-grained + access control. The Cloud Spanner admin should have provisioned + the database role with appropriate permissions, such as + SELECT and INSERT. Other users should only use roles provided + by their Cloud Spanner admins. The database role name + must start with a letter, and can only contain letters, + numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + type: string + maxParallelism: + description: Allows setting max parallelism per query when + executing on Spanner independent compute resources. If + unspecified, default values of parallelism are chosen + that are dependent on the Cloud Spanner instance configuration. + useParallelism and useDataBoost must be set when setting + max parallelism. + type: number + useDataBoost: + description: If set, the request will be executed via Spanner + independent compute resources. use_parallelism must be + set when using data boost. + type: boolean useParallelism: description: If parallelism should be used when reading - from Cloud Spanner + from Cloud Spanner. type: boolean useServerlessAnalytics: description: If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism - must be set when using serverless analytics + must be set when using serverless analytics. type: boolean type: object type: array @@ -440,6 +462,115 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + spark: + description: |- + Container for connection properties to execute stored procedures for Apache Spark. resources. + Structure is documented below. + items: + properties: + metastoreServiceConfig: + description: |- + Dataproc Metastore Service configuration for the connection. + Structure is documented below. + items: + properties: + metastoreService: + description: Resource name of an existing Dataproc + Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + type: string + type: object + type: array + sparkHistoryServerConfig: + description: |- + Spark History Server configuration for the connection. + Structure is documented below. + items: + properties: + dataprocCluster: + description: Resource name of an existing Dataproc + Cluster to act as a Spark History Server for the + connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + type: string + dataprocClusterRef: + description: Reference to a Cluster in dataproc to + populate dataprocCluster. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dataprocClusterSelector: + description: Selector for a Cluster in dataproc to + populate dataprocCluster. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + type: object + type: array type: object initProvider: description: |- @@ -504,16 +635,38 @@ spec: items: properties: database: - description: Cloud Spanner database in the form `project/instance/database' + description: Cloud Spanner database in the form `project/instance/database'. + type: string + databaseRole: + description: Cloud Spanner database role for fine-grained + access control. The Cloud Spanner admin should have provisioned + the database role with appropriate permissions, such as + SELECT and INSERT. Other users should only use roles provided + by their Cloud Spanner admins. The database role name + must start with a letter, and can only contain letters, + numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. type: string + maxParallelism: + description: Allows setting max parallelism per query when + executing on Spanner independent compute resources. If + unspecified, default values of parallelism are chosen + that are dependent on the Cloud Spanner instance configuration. + useParallelism and useDataBoost must be set when setting + max parallelism. + type: number + useDataBoost: + description: If set, the request will be executed via Spanner + independent compute resources. use_parallelism must be + set when using data boost. + type: boolean useParallelism: description: If parallelism should be used when reading - from Cloud Spanner + from Cloud Spanner. type: boolean useServerlessAnalytics: description: If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism - must be set when using serverless analytics + must be set when using serverless analytics. type: boolean type: object type: array @@ -800,6 +953,115 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + spark: + description: |- + Container for connection properties to execute stored procedures for Apache Spark. resources. + Structure is documented below. + items: + properties: + metastoreServiceConfig: + description: |- + Dataproc Metastore Service configuration for the connection. + Structure is documented below. + items: + properties: + metastoreService: + description: Resource name of an existing Dataproc + Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + type: string + type: object + type: array + sparkHistoryServerConfig: + description: |- + Spark History Server configuration for the connection. + Structure is documented below. + items: + properties: + dataprocCluster: + description: Resource name of an existing Dataproc + Cluster to act as a Spark History Server for the + connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + type: string + dataprocClusterRef: + description: Reference to a Cluster in dataproc to + populate dataprocCluster. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dataprocClusterSelector: + description: Selector for a Cluster in dataproc to + populate dataprocCluster. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + type: object + type: array type: object managementPolicies: default: @@ -1059,16 +1321,38 @@ spec: items: properties: database: - description: Cloud Spanner database in the form `project/instance/database' + description: Cloud Spanner database in the form `project/instance/database'. + type: string + databaseRole: + description: Cloud Spanner database role for fine-grained + access control. The Cloud Spanner admin should have provisioned + the database role with appropriate permissions, such as + SELECT and INSERT. Other users should only use roles provided + by their Cloud Spanner admins. The database role name + must start with a letter, and can only contain letters, + numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. type: string + maxParallelism: + description: Allows setting max parallelism per query when + executing on Spanner independent compute resources. If + unspecified, default values of parallelism are chosen + that are dependent on the Cloud Spanner instance configuration. + useParallelism and useDataBoost must be set when setting + max parallelism. + type: number + useDataBoost: + description: If set, the request will be executed via Spanner + independent compute resources. use_parallelism must be + set when using data boost. + type: boolean useParallelism: description: If parallelism should be used when reading - from Cloud Spanner + from Cloud Spanner. type: boolean useServerlessAnalytics: description: If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism - must be set when using serverless analytics + must be set when using serverless analytics. type: boolean type: object type: array @@ -1143,6 +1427,44 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + spark: + description: |- + Container for connection properties to execute stored procedures for Apache Spark. resources. + Structure is documented below. + items: + properties: + metastoreServiceConfig: + description: |- + Dataproc Metastore Service configuration for the connection. + Structure is documented below. + items: + properties: + metastoreService: + description: Resource name of an existing Dataproc + Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + type: string + type: object + type: array + serviceAccountId: + description: |- + (Output) + The account ID of the service created for the purpose of this connection. + type: string + sparkHistoryServerConfig: + description: |- + Spark History Server configuration for the connection. + Structure is documented below. + items: + properties: + dataprocCluster: + description: Resource name of an existing Dataproc + Cluster to act as a Spark History Server for the + connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + type: string + type: object + type: array + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/bigquery.gcp.upbound.io_datasets.yaml b/package/crds/bigquery.gcp.upbound.io_datasets.yaml index 52604bf66..c8745ff9c 100644 --- a/package/crds/bigquery.gcp.upbound.io_datasets.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datasets.yaml @@ -195,6 +195,11 @@ spec: description: An email address of a Google Group to grant access to. type: string + iamMember: + description: |- + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: allUsers + type: string role: description: |- Describes the rights granted to the user specified by the other @@ -705,7 +710,7 @@ spec: type: string description: |- The labels associated with this dataset. You can use these to - organize and group your datasets + organize and group your datasets. type: object x-kubernetes-map-type: granular location: @@ -865,6 +870,11 @@ spec: description: An email address of a Google Group to grant access to. type: string + iamMember: + description: |- + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: allUsers + type: string role: description: |- Describes the rights granted to the user specified by the other @@ -1375,7 +1385,7 @@ spec: type: string description: |- The labels associated with this dataset. You can use these to - organize and group your datasets + organize and group your datasets. type: object x-kubernetes-map-type: granular location: @@ -1613,6 +1623,11 @@ spec: description: An email address of a Google Group to grant access to. type: string + iamMember: + description: |- + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: allUsers + type: string role: description: |- Describes the rights granted to the user specified by the other @@ -1734,6 +1749,12 @@ spec: description: description: A user-friendly description of the dataset type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular etag: description: A hash of the resource. type: string @@ -1754,7 +1775,7 @@ spec: type: string description: |- The labels associated with this dataset. You can use these to - organize and group your datasets + organize and group your datasets. type: object x-kubernetes-map-type: granular lastModifiedTime: @@ -1786,6 +1807,14 @@ spec: or to PHYSICAL to use physical bytes instead. LOGICAL is the default if this flag isn't specified. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml b/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml index db566b9d6..066284a16 100644 --- a/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml @@ -732,8 +732,9 @@ spec: name: description: |- The resource name of the transfer config. Transfer config names have the - form projects/{projectId}/locations/{location}/transferConfigs/{configId}. - Where configId is usually a uuid, but this is not required. + form projects/{projectId}/locations/{location}/transferConfigs/{configId} + or projects/{projectId}/transferConfigs/{configId}, + where configId is usually a uuid, but this is not required. The name is ignored when creating a transfer config. type: string notificationPubsubTopic: diff --git a/package/crds/bigquery.gcp.upbound.io_jobs.yaml b/package/crds/bigquery.gcp.upbound.io_jobs.yaml index 77bd96177..ef6fb9606 100644 --- a/package/crds/bigquery.gcp.upbound.io_jobs.yaml +++ b/package/crds/bigquery.gcp.upbound.io_jobs.yaml @@ -3035,6 +3035,11 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular extract: description: |- Configures an extract job. @@ -3606,6 +3611,15 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular userEmail: description: Email address of the user who ran the job. type: string diff --git a/package/crds/bigquery.gcp.upbound.io_routines.yaml b/package/crds/bigquery.gcp.upbound.io_routines.yaml index 6e2b2504c..d6e888976 100644 --- a/package/crds/bigquery.gcp.upbound.io_routines.yaml +++ b/package/crds/bigquery.gcp.upbound.io_routines.yaml @@ -206,13 +206,124 @@ spec: language: description: |- The language of the routine. - Possible values are: SQL, JAVASCRIPT. + Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. type: string project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + remoteFunctionOptions: + description: |- + Remote function specific options. + Structure is documented below. + items: + properties: + connection: + description: |- + Fully qualified name of the user-provided connection object which holds + the authentication information to send requests to the remote service. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + type: string + connectionRef: + description: Reference to a Connection in bigquery to populate + connection. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + connectionSelector: + description: Selector for a Connection in bigquery to populate + connection. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + endpoint: + description: |- + Endpoint of the user-provided remote service, e.g. + https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + type: string + maxBatchingRows: + description: |- + Max number of rows in each batch sent to the remote service. If absent or if 0, + BigQuery dynamically decides the number of rows in a batch. + type: string + userDefinedContext: + additionalProperties: + type: string + description: |- + User-defined context as a set of key/value pairs, which will be sent as function + invocation context together with batched arguments in the requests to the remote + service. The total number of bytes of keys and values must be less than 8KB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + type: object + type: array returnTableType: description: |- Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". @@ -237,6 +348,151 @@ spec: The type of routine. Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. type: string + sparkOptions: + description: |- + Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + Structure is documented below. + items: + properties: + archiveUris: + description: Archive files to be extracted into the working + directory of each executor. For more information about + Apache Spark, see Apache Spark. + items: + type: string + type: array + connection: + description: |- + Fully qualified name of the user-provided Spark connection object. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + type: string + connectionRef: + description: Reference to a Connection in bigquery to populate + connection. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + connectionSelector: + description: Selector for a Connection in bigquery to populate + connection. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + containerImage: + description: Custom container image for the runtime environment. + type: string + fileUris: + description: Files to be placed in the working directory + of each executor. For more information about Apache Spark, + see Apache Spark. + items: + type: string + type: array + jarUris: + description: JARs to include on the driver and executor + CLASSPATH. For more information about Apache Spark, see + Apache Spark. + items: + type: string + type: array + mainClass: + description: |- + The fully qualified name of a class in jarUris, for example, com.example.wordcount. + Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + type: string + mainFileUri: + description: |- + The main file/jar URI of the Spark application. + Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + type: string + properties: + additionalProperties: + type: string + description: |- + Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + For more information, see Apache Spark and the procedure option list. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + pyFileUris: + description: 'Python files to be placed on the PYTHONPATH + for PySpark application. Supported file types: .py, .egg, + and .zip. For more information about Apache Spark, see + Apache Spark.' + items: + type: string + type: array + runtimeVersion: + description: Runtime version. If not specified, the default + runtime version is used. + type: string + type: object + type: array type: object initProvider: description: |- @@ -307,13 +563,124 @@ spec: language: description: |- The language of the routine. - Possible values are: SQL, JAVASCRIPT. + Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. type: string project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + remoteFunctionOptions: + description: |- + Remote function specific options. + Structure is documented below. + items: + properties: + connection: + description: |- + Fully qualified name of the user-provided connection object which holds + the authentication information to send requests to the remote service. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + type: string + connectionRef: + description: Reference to a Connection in bigquery to populate + connection. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + connectionSelector: + description: Selector for a Connection in bigquery to populate + connection. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + endpoint: + description: |- + Endpoint of the user-provided remote service, e.g. + https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + type: string + maxBatchingRows: + description: |- + Max number of rows in each batch sent to the remote service. If absent or if 0, + BigQuery dynamically decides the number of rows in a batch. + type: string + userDefinedContext: + additionalProperties: + type: string + description: |- + User-defined context as a set of key/value pairs, which will be sent as function + invocation context together with batched arguments in the requests to the remote + service. The total number of bytes of keys and values must be less than 8KB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + type: object + type: array returnTableType: description: |- Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". @@ -338,6 +705,151 @@ spec: The type of routine. Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. type: string + sparkOptions: + description: |- + Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + Structure is documented below. + items: + properties: + archiveUris: + description: Archive files to be extracted into the working + directory of each executor. For more information about + Apache Spark, see Apache Spark. + items: + type: string + type: array + connection: + description: |- + Fully qualified name of the user-provided Spark connection object. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + type: string + connectionRef: + description: Reference to a Connection in bigquery to populate + connection. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + connectionSelector: + description: Selector for a Connection in bigquery to populate + connection. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + containerImage: + description: Custom container image for the runtime environment. + type: string + fileUris: + description: Files to be placed in the working directory + of each executor. For more information about Apache Spark, + see Apache Spark. + items: + type: string + type: array + jarUris: + description: JARs to include on the driver and executor + CLASSPATH. For more information about Apache Spark, see + Apache Spark. + items: + type: string + type: array + mainClass: + description: |- + The fully qualified name of a class in jarUris, for example, com.example.wordcount. + Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + type: string + mainFileUri: + description: |- + The main file/jar URI of the Spark application. + Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + type: string + properties: + additionalProperties: + type: string + description: |- + Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + For more information, see Apache Spark and the procedure option list. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + pyFileUris: + description: 'Python files to be placed on the PYTHONPATH + for PySpark application. Supported file types: .py, .egg, + and .zip. For more information about Apache Spark, see + Apache Spark.' + items: + type: string + type: array + runtimeVersion: + description: Runtime version. If not specified, the default + runtime version is used. + type: string + type: object + type: array type: object managementPolicies: default: @@ -511,6 +1023,10 @@ spec: rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.definitionBody) || (has(self.initProvider) && has(self.initProvider.definitionBody))' + - message: spec.forProvider.routineType is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.routineType) + || (has(self.initProvider) && has(self.initProvider.routineType))' status: description: RoutineStatus defines the observed state of Routine. properties: @@ -583,7 +1099,7 @@ spec: language: description: |- The language of the routine. - Possible values are: SQL, JAVASCRIPT. + Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. type: string lastModifiedTime: description: |- @@ -595,6 +1111,41 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + remoteFunctionOptions: + description: |- + Remote function specific options. + Structure is documented below. + items: + properties: + connection: + description: |- + Fully qualified name of the user-provided connection object which holds + the authentication information to send requests to the remote service. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + type: string + endpoint: + description: |- + Endpoint of the user-provided remote service, e.g. + https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + type: string + maxBatchingRows: + description: |- + Max number of rows in each batch sent to the remote service. If absent or if 0, + BigQuery dynamically decides the number of rows in a batch. + type: string + userDefinedContext: + additionalProperties: + type: string + description: |- + User-defined context as a set of key/value pairs, which will be sent as function + invocation context together with batched arguments in the requests to the remote + service. The total number of bytes of keys and values must be less than 8KB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + type: object + type: array returnTableType: description: |- Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". @@ -619,6 +1170,75 @@ spec: The type of routine. Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. type: string + sparkOptions: + description: |- + Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + Structure is documented below. + items: + properties: + archiveUris: + description: Archive files to be extracted into the working + directory of each executor. For more information about + Apache Spark, see Apache Spark. + items: + type: string + type: array + connection: + description: |- + Fully qualified name of the user-provided Spark connection object. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + type: string + containerImage: + description: Custom container image for the runtime environment. + type: string + fileUris: + description: Files to be placed in the working directory + of each executor. For more information about Apache Spark, + see Apache Spark. + items: + type: string + type: array + jarUris: + description: JARs to include on the driver and executor + CLASSPATH. For more information about Apache Spark, see + Apache Spark. + items: + type: string + type: array + mainClass: + description: |- + The fully qualified name of a class in jarUris, for example, com.example.wordcount. + Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + type: string + mainFileUri: + description: |- + The main file/jar URI of the Spark application. + Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + type: string + properties: + additionalProperties: + type: string + description: |- + Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + For more information, see Apache Spark and the procedure option list. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + pyFileUris: + description: 'Python files to be placed on the PYTHONPATH + for PySpark application. Supported file types: .py, .egg, + and .zip. For more information about Apache Spark, see + Apache Spark.' + items: + type: string + type: array + runtimeVersion: + description: Runtime version. If not specified, the default + runtime version is used. + type: string + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/bigquery.gcp.upbound.io_tables.yaml b/package/crds/bigquery.gcp.upbound.io_tables.yaml index 2df859a6b..815d004b7 100644 --- a/package/crds/bigquery.gcp.upbound.io_tables.yaml +++ b/package/crds/bigquery.gcp.upbound.io_tables.yaml @@ -268,6 +268,12 @@ spec: type: number type: object type: array + fileSetSpecType: + description: |- + Specifies how source URIs are interpreted for constructing the file set to load. + By default source URIs are expanded against the underlying storage. + Other options include specifying manifest files. Only applicable to object storage systems. Docs + type: string googleSheetsOptions: description: |- Additional options if @@ -305,7 +311,8 @@ spec: description: |- If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. type: boolean sourceUriPrefix: description: |- @@ -424,6 +431,11 @@ spec: Structure is documented below. items: properties: + allowNonIncrementalDefinition: + description: |- + Allow non incremental materialized view definition. + The default value is false. + type: boolean enableRefresh: description: |- Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. @@ -439,6 +451,13 @@ spec: type: number type: object type: array + maxStaleness: + description: |- + : The maximum staleness of data that could be + returned when the table (or stale MV) is queried. Staleness encoded as a + string encoding of SQL IntervalValue + type. + type: string project: description: |- The ID of the project in which the resource belongs. If it @@ -474,9 +493,114 @@ spec: type: array type: object type: array + requirePartitionFilter: + description: |- + If set to true, queries over this table + require a partition filter that can be used for partition elimination to be + specified. + type: boolean schema: description: A JSON schema for the table. type: string + tableConstraints: + description: |- + Defines the primary key and foreign keys. + Structure is documented below. + items: + properties: + foreignKeys: + description: |- + Present only if the table has a foreign key. + The foreign key is not enforced. + Structure is documented below. + items: + properties: + columnReferences: + description: |- + : The pair of the foreign key column and primary key column. + Structure is documented below. + items: + properties: + referencedColumn: + description: |- + : The column in the primary key that are + referenced by the referencingColumn + type: string + referencingColumn: + description: ': The column that composes the + foreign key.' + type: string + type: object + type: array + name: + description: ': Set only if the foreign key constraint + is named.' + type: string + referencedTable: + description: |- + : The table that holds the primary key + and is referenced by this foreign key. + Structure is documented below. + items: + properties: + datasetId: + description: ': The ID of the dataset containing + this table.' + type: string + projectId: + description: ': The ID of the project containing + this table.' + type: string + tableId: + description: |- + A unique ID for the resource. + Changing this forces a new resource to be created. + type: string + required: + - datasetId + type: object + type: array + type: object + type: array + primaryKey: + description: |- + Represents the primary key constraint + on a table's columns. Present only if the table has a primary key. + The primary key is not enforced. + Structure is documented below. + items: + properties: + columns: + description: ': The columns that are composed of + the primary key constraint.' + items: + type: string + type: array + type: object + type: array + type: object + type: array + tableReplicationInfo: + items: + properties: + replicationIntervalMs: + type: number + sourceDatasetId: + description: |- + The dataset ID to create the table in. + Changing this forces a new resource to be created. + type: string + sourceProjectId: + description: an identifier for the resource with format + projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + type: string + sourceTableId: + description: |- + A unique ID for the resource. + Changing this forces a new resource to be created. + type: string + type: object + type: array timePartitioning: description: |- If specified, configures time-based @@ -498,7 +622,8 @@ spec: description: |- If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. type: boolean type: description: |- @@ -654,6 +779,12 @@ spec: type: number type: object type: array + fileSetSpecType: + description: |- + Specifies how source URIs are interpreted for constructing the file set to load. + By default source URIs are expanded against the underlying storage. + Other options include specifying manifest files. Only applicable to object storage systems. Docs + type: string googleSheetsOptions: description: |- Additional options if @@ -691,7 +822,8 @@ spec: description: |- If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. type: boolean sourceUriPrefix: description: |- @@ -810,6 +942,11 @@ spec: Structure is documented below. items: properties: + allowNonIncrementalDefinition: + description: |- + Allow non incremental materialized view definition. + The default value is false. + type: boolean enableRefresh: description: |- Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. @@ -825,6 +962,13 @@ spec: type: number type: object type: array + maxStaleness: + description: |- + : The maximum staleness of data that could be + returned when the table (or stale MV) is queried. Staleness encoded as a + string encoding of SQL IntervalValue + type. + type: string rangePartitioning: description: |- If specified, configures range-based @@ -855,9 +999,108 @@ spec: type: array type: object type: array + requirePartitionFilter: + description: |- + If set to true, queries over this table + require a partition filter that can be used for partition elimination to be + specified. + type: boolean schema: description: A JSON schema for the table. type: string + tableConstraints: + description: |- + Defines the primary key and foreign keys. + Structure is documented below. + items: + properties: + foreignKeys: + description: |- + Present only if the table has a foreign key. + The foreign key is not enforced. + Structure is documented below. + items: + properties: + columnReferences: + description: |- + : The pair of the foreign key column and primary key column. + Structure is documented below. + items: + properties: + referencedColumn: + description: |- + : The column in the primary key that are + referenced by the referencingColumn + type: string + referencingColumn: + description: ': The column that composes the + foreign key.' + type: string + type: object + type: array + name: + description: ': Set only if the foreign key constraint + is named.' + type: string + referencedTable: + description: |- + : The table that holds the primary key + and is referenced by this foreign key. + Structure is documented below. + items: + properties: + projectId: + description: ': The ID of the project containing + this table.' + type: string + tableId: + description: |- + A unique ID for the resource. + Changing this forces a new resource to be created. + type: string + type: object + type: array + type: object + type: array + primaryKey: + description: |- + Represents the primary key constraint + on a table's columns. Present only if the table has a primary key. + The primary key is not enforced. + Structure is documented below. + items: + properties: + columns: + description: ': The columns that are composed of + the primary key constraint.' + items: + type: string + type: array + type: object + type: array + type: object + type: array + tableReplicationInfo: + items: + properties: + replicationIntervalMs: + type: number + sourceDatasetId: + description: |- + The dataset ID to create the table in. + Changing this forces a new resource to be created. + type: string + sourceProjectId: + description: an identifier for the resource with format + projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + type: string + sourceTableId: + description: |- + A unique ID for the resource. + Changing this forces a new resource to be created. + type: string + type: object + type: array timePartitioning: description: |- If specified, configures time-based @@ -879,7 +1122,8 @@ spec: description: |- If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. type: boolean type: description: |- @@ -1100,6 +1344,11 @@ spec: description: description: The field description. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular encryptionConfiguration: description: |- Specifies how the table should be encrypted. @@ -1210,6 +1459,12 @@ spec: type: number type: object type: array + fileSetSpecType: + description: |- + Specifies how source URIs are interpreted for constructing the file set to load. + By default source URIs are expanded against the underlying storage. + Other options include specifying manifest files. Only applicable to object storage systems. Docs + type: string googleSheetsOptions: description: |- Additional options if @@ -1247,7 +1502,8 @@ spec: description: |- If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. type: boolean sourceUriPrefix: description: |- @@ -1377,6 +1633,11 @@ spec: Structure is documented below. items: properties: + allowNonIncrementalDefinition: + description: |- + Allow non incremental materialized view definition. + The default value is false. + type: boolean enableRefresh: description: |- Specifies whether to use BigQuery's automatic refresh for this materialized view when the base table is updated. @@ -1392,6 +1653,13 @@ spec: type: number type: object type: array + maxStaleness: + description: |- + : The maximum staleness of data that could be + returned when the table (or stale MV) is queried. Staleness encoded as a + string encoding of SQL IntervalValue + type. + type: string numBytes: description: The size of this table in bytes, excluding any data in the streaming buffer. @@ -1439,12 +1707,122 @@ spec: type: array type: object type: array + requirePartitionFilter: + description: |- + If set to true, queries over this table + require a partition filter that can be used for partition elimination to be + specified. + type: boolean schema: description: A JSON schema for the table. type: string selfLink: description: The URI of the created resource. type: string + tableConstraints: + description: |- + Defines the primary key and foreign keys. + Structure is documented below. + items: + properties: + foreignKeys: + description: |- + Present only if the table has a foreign key. + The foreign key is not enforced. + Structure is documented below. + items: + properties: + columnReferences: + description: |- + : The pair of the foreign key column and primary key column. + Structure is documented below. + items: + properties: + referencedColumn: + description: |- + : The column in the primary key that are + referenced by the referencingColumn + type: string + referencingColumn: + description: ': The column that composes the + foreign key.' + type: string + type: object + type: array + name: + description: ': Set only if the foreign key constraint + is named.' + type: string + referencedTable: + description: |- + : The table that holds the primary key + and is referenced by this foreign key. + Structure is documented below. + items: + properties: + datasetId: + description: ': The ID of the dataset containing + this table.' + type: string + projectId: + description: ': The ID of the project containing + this table.' + type: string + tableId: + description: |- + A unique ID for the resource. + Changing this forces a new resource to be created. + type: string + type: object + type: array + type: object + type: array + primaryKey: + description: |- + Represents the primary key constraint + on a table's columns. Present only if the table has a primary key. + The primary key is not enforced. + Structure is documented below. + items: + properties: + columns: + description: ': The columns that are composed of + the primary key constraint.' + items: + type: string + type: array + type: object + type: array + type: object + type: array + tableReplicationInfo: + items: + properties: + replicationIntervalMs: + type: number + sourceDatasetId: + description: |- + The dataset ID to create the table in. + Changing this forces a new resource to be created. + type: string + sourceProjectId: + description: an identifier for the resource with format + projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + type: string + sourceTableId: + description: |- + A unique ID for the resource. + Changing this forces a new resource to be created. + type: string + type: object + type: array + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular timePartitioning: description: |- If specified, configures time-based @@ -1466,7 +1844,8 @@ spec: description: |- If set to true, queries over this table require a partition filter that can be used for partition elimination to be - specified. + specified. require_partition_filter is deprecated and will be removed in + a future major release. Use the top level field with the same name instead. type: boolean type: description: |- diff --git a/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml b/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml index 40acce8b5..62add567d 100644 --- a/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml +++ b/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml @@ -192,6 +192,19 @@ spec: type: string type: object type: array + standardIsolation: + description: |- + The standard options used for isolating this app profile's traffic from other use cases. + Structure is documented below. + items: + properties: + priority: + description: |- + The priority of requests sent using this app profile. + Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. + type: string + type: object + type: array type: object initProvider: description: |- @@ -246,6 +259,19 @@ spec: type: string type: object type: array + standardIsolation: + description: |- + The standard options used for isolating this app profile's traffic from other use cases. + Structure is documented below. + items: + properties: + priority: + description: |- + The priority of requests sent using this app profile. + Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. + type: string + type: object + type: array type: object managementPolicies: default: @@ -470,6 +496,19 @@ spec: type: string type: object type: array + standardIsolation: + description: |- + The standard options used for isolating this app profile's traffic from other use cases. + Structure is documented below. + items: + properties: + priority: + description: |- + The priority of requests sent using this app profile. + Possible values are: PRIORITY_LOW, PRIORITY_MEDIUM, PRIORITY_HIGH. + type: string + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/bigtable.gcp.upbound.io_instances.yaml b/package/crds/bigtable.gcp.upbound.io_instances.yaml index cd8e49743..dd186d604 100644 --- a/package/crds/bigtable.gcp.upbound.io_instances.yaml +++ b/package/crds/bigtable.gcp.upbound.io_instances.yaml @@ -503,6 +503,9 @@ spec: The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization. type: number + state: + description: describes the current state of the cluster. + type: string storageType: description: |- The storage type to use. One of "SSD" or @@ -522,6 +525,11 @@ spec: description: The human-readable display name of the Bigtable instance. Defaults to the instance name. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/instances/{{name}} type: string @@ -545,6 +553,13 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/certificatemanager.gcp.upbound.io_certificatemapentries.yaml b/package/crds/certificatemanager.gcp.upbound.io_certificatemapentries.yaml index 4de03ec94..1b45a0a75 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_certificatemapentries.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_certificatemapentries.yaml @@ -433,6 +433,12 @@ spec: description: description: A human-readable description of the resource. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular hostname: description: |- A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) @@ -467,6 +473,14 @@ spec: state: description: A serving state of this Certificate Map Entry. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: |- Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, diff --git a/package/crds/certificatemanager.gcp.upbound.io_certificatemaps.yaml b/package/crds/certificatemanager.gcp.upbound.io_certificatemaps.yaml index fdb64109c..ff073a76f 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_certificatemaps.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_certificatemaps.yaml @@ -298,6 +298,12 @@ spec: description: description: A human-readable description of the resource. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular gclbTargets: description: |- A list of target proxies that use this Certificate Map @@ -348,6 +354,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: |- Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, diff --git a/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml b/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml index 48563d99d..706423f18 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml @@ -79,8 +79,10 @@ spec: labels: additionalProperties: type: string - description: Set of label tags associated with the Certificate - resource. + description: |- + Set of label tags associated with the Certificate resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -127,9 +129,10 @@ spec: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. - EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - served from non-core Google data centers. - Currently allowed only for managed certificates. + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + See https://cloud.google.com/vpc/docs/edge-locations. + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + See https://cloud.google.com/compute/docs/regions-zones type: string selfManaged: description: |- @@ -141,7 +144,7 @@ spec: properties: certificatePemSecretRef: description: |- - Deprecated The certificate chain in PEM-encoded form. + The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan. properties: @@ -185,7 +188,7 @@ spec: type: object privateKeyPemSecretRef: description: |- - Deprecated The private key of the leaf certificate in PEM-encoded form. + The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan. properties: key: @@ -224,8 +227,10 @@ spec: labels: additionalProperties: type: string - description: Set of label tags associated with the Certificate - resource. + description: |- + Set of label tags associated with the Certificate resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular managed: @@ -268,9 +273,10 @@ spec: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. - EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - served from non-core Google data centers. - Currently allowed only for managed certificates. + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + See https://cloud.google.com/vpc/docs/edge-locations. + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + See https://cloud.google.com/compute/docs/regions-zones type: string selfManaged: description: |- @@ -463,14 +469,21 @@ spec: description: description: A human-readable description of the resource. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/certificates/{{name}} type: string labels: additionalProperties: type: string - description: Set of label tags associated with the Certificate - resource. + description: |- + Set of label tags associated with the Certificate resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -575,9 +588,10 @@ spec: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. - EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - served from non-core Google data centers. - Currently allowed only for managed certificates. + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + See https://cloud.google.com/vpc/docs/edge-locations. + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + See https://cloud.google.com/compute/docs/regions-zones type: string selfManaged: description: |- @@ -594,6 +608,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml b/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml index fda81ca4f..4e50ceb60 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml @@ -85,10 +85,16 @@ spec: labels: additionalProperties: type: string - description: Set of label tags associated with the DNS Authorization - resource. + description: |- + Set of label tags associated with the DNS Authorization resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular + location: + description: The Certificate Manager location. If not specified, + "global" is used. + type: string project: description: |- The ID of the project in which the resource belongs. @@ -120,8 +126,10 @@ spec: labels: additionalProperties: type: string - description: Set of label tags associated with the DNS Authorization - resource. + description: |- + Set of label tags associated with the DNS Authorization resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -342,21 +350,40 @@ spec: single domain and its wildcard, e.g. authorization for "example.com" can be used to issue certificates for "example.com" and "*.example.com". type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: - description: an identifier for the resource with format projects/{{project}}/locations/global/dnsAuthorizations/{{name}} + description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/dnsAuthorizations/{{name}} type: string labels: additionalProperties: type: string - description: Set of label tags associated with the DNS Authorization - resource. + description: |- + Set of label tags associated with the DNS Authorization resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular + location: + description: The Certificate Manager location. If not specified, + "global" is used. + type: string project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/cloudbuild.gcp.upbound.io_triggers.yaml b/package/crds/cloudbuild.gcp.upbound.io_triggers.yaml index edde8436c..ba65df1a1 100644 --- a/package/crds/cloudbuild.gcp.upbound.io_triggers.yaml +++ b/package/crds/cloudbuild.gcp.upbound.io_triggers.yaml @@ -178,6 +178,58 @@ spec: items: type: string type: array + mavenArtifacts: + description: |- + A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + artifactId: + description: Maven artifactId value used when + uploading the artifact to Artifact Registry. + type: string + groupId: + description: Maven groupId value used when uploading + the artifact to Artifact Registry. + type: string + path: + description: |- + Path at which to mount the volume. + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + version: + description: Maven version value used when uploading + the artifact to Artifact Registry. + type: string + type: object + type: array + npmPackages: + description: |- + Npm package to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + packagePath: + description: Path to the package.json. e.g. + workspace/path/to/package + type: string + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + type: object + type: array objects: description: |- A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. @@ -196,10 +248,35 @@ spec: type: string paths: description: Path globs used to match files - in the build's workspace. + in the build's workspace. For Python/ Twine, + this is usually dist/*, and sometimes additionally + an .asc file. + items: + type: string + type: array + type: object + type: array + pythonPackages: + description: |- + Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + paths: + description: Path globs used to match files + in the build's workspace. For Python/ Twine, + this is usually dist/*, and sometimes additionally + an .asc file. items: type: string type: array + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string type: object type: array type: object @@ -629,6 +706,11 @@ spec: Structure is documented below. items: properties: + bitbucketServerConfig: + description: |- + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + type: string githubEnterpriseConfig: description: |- The full resource name of the github enterprise config. @@ -1024,6 +1106,11 @@ spec: Structure is documented below. items: properties: + bitbucketServerConfig: + description: |- + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + type: string githubEnterpriseConfig: description: |- The full resource name of the github enterprise config. @@ -1315,6 +1402,58 @@ spec: items: type: string type: array + mavenArtifacts: + description: |- + A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + artifactId: + description: Maven artifactId value used when + uploading the artifact to Artifact Registry. + type: string + groupId: + description: Maven groupId value used when uploading + the artifact to Artifact Registry. + type: string + path: + description: |- + Path at which to mount the volume. + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + version: + description: Maven version value used when uploading + the artifact to Artifact Registry. + type: string + type: object + type: array + npmPackages: + description: |- + Npm package to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + packagePath: + description: Path to the package.json. e.g. + workspace/path/to/package + type: string + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + type: object + type: array objects: description: |- A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. @@ -1333,12 +1472,37 @@ spec: type: string paths: description: Path globs used to match files - in the build's workspace. + in the build's workspace. For Python/ Twine, + this is usually dist/*, and sometimes additionally + an .asc file. items: type: string type: array type: object type: array + pythonPackages: + description: |- + Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + paths: + description: Path globs used to match files + in the build's workspace. For Python/ Twine, + this is usually dist/*, and sometimes additionally + an .asc file. + items: + type: string + type: array + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + type: object + type: array type: object type: array availableSecrets: @@ -1766,6 +1930,11 @@ spec: Structure is documented below. items: properties: + bitbucketServerConfig: + description: |- + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + type: string githubEnterpriseConfig: description: |- The full resource name of the github enterprise config. @@ -2161,6 +2330,11 @@ spec: Structure is documented below. items: properties: + bitbucketServerConfig: + description: |- + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + type: string githubEnterpriseConfig: description: |- The full resource name of the github enterprise config. @@ -2611,6 +2785,58 @@ spec: items: type: string type: array + mavenArtifacts: + description: |- + A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + artifactId: + description: Maven artifactId value used when + uploading the artifact to Artifact Registry. + type: string + groupId: + description: Maven groupId value used when uploading + the artifact to Artifact Registry. + type: string + path: + description: |- + Path at which to mount the volume. + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + version: + description: Maven version value used when uploading + the artifact to Artifact Registry. + type: string + type: object + type: array + npmPackages: + description: |- + Npm package to upload to Artifact Registry upon successful completion of all build steps. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + packagePath: + description: Path to the package.json. e.g. + workspace/path/to/package + type: string + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + type: object + type: array objects: description: |- A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. @@ -2629,7 +2855,9 @@ spec: type: string paths: description: Path globs used to match files - in the build's workspace. + in the build's workspace. For Python/ Twine, + this is usually dist/*, and sometimes additionally + an .asc file. items: type: string type: array @@ -2655,6 +2883,29 @@ spec: type: array type: object type: array + pythonPackages: + description: |- + Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + The location and generation of the uploaded objects will be stored in the Build resource's results field. + If any objects fail to be pushed, the build is marked FAILURE. + Structure is documented below. + items: + properties: + paths: + description: Path globs used to match files + in the build's workspace. For Python/ Twine, + this is usually dist/*, and sometimes additionally + an .asc file. + items: + type: string + type: array + repository: + description: |- + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + type: string + type: object + type: array type: object type: array availableSecrets: @@ -3085,6 +3336,11 @@ spec: Structure is documented below. items: properties: + bitbucketServerConfig: + description: |- + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + type: string githubEnterpriseConfig: description: |- The full resource name of the github enterprise config. @@ -3342,6 +3598,11 @@ spec: Structure is documented below. items: properties: + bitbucketServerConfig: + description: |- + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + type: string githubEnterpriseConfig: description: |- The full resource name of the github enterprise config. diff --git a/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml b/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml index 58d8932f9..fb4fc2233 100644 --- a/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml +++ b/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml @@ -553,6 +553,11 @@ spec: displayName: description: User-defined name of the WorkerPool. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/workerPools/{{name}} type: string diff --git a/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml b/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml index 5d3a35527..6e6050bc2 100644 --- a/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml +++ b/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml @@ -84,6 +84,8 @@ spec: during build time. type: object buildWorkerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. type: string description: description: Description of the function. @@ -488,6 +490,8 @@ spec: during build time. type: object buildWorkerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. type: string description: description: Description of the function. @@ -1050,6 +1054,8 @@ spec: during build time. type: object buildWorkerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. type: string description: description: Description of the function. @@ -1067,6 +1073,11 @@ spec: built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular entryPoint: description: Name of the function that will be executed when the Google Cloud Function is triggered. @@ -1264,6 +1275,13 @@ spec: type: array status: type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular timeout: description: Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds. @@ -1275,6 +1293,9 @@ spec: Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.' type: boolean + versionId: + description: an identifier for the resource with format {{name}} + type: string vpcConnector: description: The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. diff --git a/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml b/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml index 1a7822329..fa078c13d 100644 --- a/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml +++ b/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml @@ -85,6 +85,82 @@ spec: Registry optionally with a customer managed encryption key. type: string + dockerRepositoryRef: + description: Reference to a RegistryRepository in artifact + to populate dockerRepository. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dockerRepositorySelector: + description: Selector for a RegistryRepository in artifact + to populate dockerRepository. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object entryPoint: description: |- The name of the function (as defined in source code) that will be executed. @@ -609,7 +685,10 @@ spec: Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY. type: string serviceAccountEmail: - description: The email of the service account for this function. + description: |- + Optional. The email of the trigger's service account. The service account + must have permission to invoke Cloud Run services. If empty, defaults to the + Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. type: string serviceAccountEmailRef: description: Reference to a ServiceAccount in cloudplatform @@ -696,6 +775,11 @@ spec: type: string type: object type: array + kmsKeyName: + description: |- + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + type: string labels: additionalProperties: type: string @@ -1089,6 +1173,8 @@ spec: type: string type: object type: array + required: + - location type: object initProvider: description: |- @@ -1115,6 +1201,82 @@ spec: Registry optionally with a customer managed encryption key. type: string + dockerRepositoryRef: + description: Reference to a RegistryRepository in artifact + to populate dockerRepository. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dockerRepositorySelector: + description: Selector for a RegistryRepository in artifact + to populate dockerRepository. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object entryPoint: description: |- The name of the function (as defined in source code) that will be executed. @@ -1639,7 +1801,10 @@ spec: Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY. type: string serviceAccountEmail: - description: The email of the service account for this function. + description: |- + Optional. The email of the trigger's service account. The service account + must have permission to invoke Cloud Run services. If empty, defaults to the + Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. type: string serviceAccountEmailRef: description: Reference to a ServiceAccount in cloudplatform @@ -1726,6 +1891,11 @@ spec: type: string type: object type: array + kmsKeyName: + description: |- + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + type: string labels: additionalProperties: type: string @@ -2402,6 +2572,12 @@ spec: description: description: User-provided description of a function. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular environment: description: The environment the function is hosted on. type: string @@ -2454,7 +2630,10 @@ spec: Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY. type: string serviceAccountEmail: - description: The email of the service account for this function. + description: |- + Optional. The email of the trigger's service account. The service account + must have permission to invoke Cloud Run services. If empty, defaults to the + Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. type: string trigger: description: |- @@ -2473,6 +2652,11 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/functions/{{name}} type: string + kmsKeyName: + description: |- + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + type: string labels: additionalProperties: type: string @@ -2651,6 +2835,14 @@ spec: state: description: Describes the current state of the function. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The last update timestamp of a Cloud Function. type: string diff --git a/package/crds/cloudiot.gcp.upbound.io_devices.yaml b/package/crds/cloudiot.gcp.upbound.io_devices.yaml deleted file mode 100644 index 7a49096e2..000000000 --- a/package/crds/cloudiot.gcp.upbound.io_devices.yaml +++ /dev/null @@ -1,677 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: devices.cloudiot.gcp.upbound.io -spec: - group: cloudiot.gcp.upbound.io - names: - categories: - - crossplane - - managed - - gcp - kind: Device - listKind: DeviceList - plural: devices - singular: device - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .metadata.annotations.crossplane\.io/external-name - name: EXTERNAL-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Device is the Schema for the Devices API. A Google Cloud IoT - Core device. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DeviceSpec defines the desired state of Device - properties: - deletionPolicy: - default: Delete - description: |- - DeletionPolicy specifies what will happen to the underlying external - when this managed resource is deleted - either "Delete" or "Orphan" the - external resource. - This field is planned to be deprecated in favor of the ManagementPolicies - field in a future release. Currently, both could be set independently and - non-default values would be honored if the feature flag is enabled. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - enum: - - Orphan - - Delete - type: string - forProvider: - properties: - blocked: - description: If a device is blocked, connections or requests from - this device will fail. - type: boolean - credentials: - description: |- - The credentials used to authenticate this device. - Structure is documented below. - items: - properties: - expirationTime: - description: The time at which this credential becomes invalid. - type: string - publicKey: - description: |- - A public key used to verify the signature of JSON Web Tokens (JWTs). - Structure is documented below. - items: - properties: - format: - description: |- - The format of the key. - Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - type: string - key: - description: The key data. - type: string - type: object - type: array - type: object - type: array - gatewayConfig: - description: |- - Gateway-related configuration and state. - Structure is documented below. - items: - properties: - gatewayAuthMethod: - description: |- - Indicates whether the device is a gateway. - Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - type: string - gatewayType: - description: |- - Indicates whether the device is a gateway. - Default value is NON_GATEWAY. - Possible values are: GATEWAY, NON_GATEWAY. - type: string - type: object - type: array - logLevel: - description: |- - The logging verbosity for device activity. - Possible values are: NONE, ERROR, INFO, DEBUG. - type: string - metadata: - additionalProperties: - type: string - description: The metadata key-value pairs assigned to the device. - type: object - x-kubernetes-map-type: granular - registry: - description: The name of the device registry where this device - should be created. - type: string - registryRef: - description: Reference to a Registry in cloudiot to populate registry. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - registrySelector: - description: Selector for a Registry in cloudiot to populate registry. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object - type: object - initProvider: - description: |- - THIS IS A BETA FIELD. It will be honored - unless the Management Policies feature flag is disabled. - InitProvider holds the same fields as ForProvider, with the exception - of Identifier and other resource reference fields. The fields that are - in InitProvider are merged into ForProvider when the resource is created. - The same fields are also added to the terraform ignore_changes hook, to - avoid updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after creation, - for example because of an external controller is managing them, like an - autoscaler. - properties: - blocked: - description: If a device is blocked, connections or requests from - this device will fail. - type: boolean - credentials: - description: |- - The credentials used to authenticate this device. - Structure is documented below. - items: - properties: - expirationTime: - description: The time at which this credential becomes invalid. - type: string - publicKey: - description: |- - A public key used to verify the signature of JSON Web Tokens (JWTs). - Structure is documented below. - items: - properties: - format: - description: |- - The format of the key. - Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - type: string - key: - description: The key data. - type: string - type: object - type: array - type: object - type: array - gatewayConfig: - description: |- - Gateway-related configuration and state. - Structure is documented below. - items: - properties: - gatewayAuthMethod: - description: |- - Indicates whether the device is a gateway. - Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - type: string - gatewayType: - description: |- - Indicates whether the device is a gateway. - Default value is NON_GATEWAY. - Possible values are: GATEWAY, NON_GATEWAY. - type: string - type: object - type: array - logLevel: - description: |- - The logging verbosity for device activity. - Possible values are: NONE, ERROR, INFO, DEBUG. - type: string - metadata: - additionalProperties: - type: string - description: The metadata key-value pairs assigned to the device. - type: object - x-kubernetes-map-type: granular - type: object - managementPolicies: - default: - - '*' - description: |- - THIS IS A BETA FIELD. It is on by default but can be opted out - through a Crossplane feature flag. - ManagementPolicies specify the array of actions Crossplane is allowed to - take on the managed and external resources. - This field is planned to replace the DeletionPolicy field in a future - release. Currently, both could be set independently and non-default - values would be honored if the feature flag is enabled. If both are - custom, the DeletionPolicy field will be ignored. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md - items: - description: |- - A ManagementAction represents an action that the Crossplane controllers - can take on an external resource. - enum: - - Observe - - Create - - Update - - Delete - - LateInitialize - - '*' - type: string - type: array - providerConfigRef: - default: - name: default - description: |- - ProviderConfigReference specifies how the provider that will be used to - create, observe, update, and delete this managed resource should be - configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - publishConnectionDetailsTo: - description: |- - PublishConnectionDetailsTo specifies the connection secret config which - contains a name, metadata and a reference to secret store config to - which any connection details for this managed resource should be written. - Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - properties: - configRef: - default: - name: default - description: |- - SecretStoreConfigRef specifies which secret store config should be used - for this ConnectionSecret. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - metadata: - description: Metadata is the metadata for connection secret. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations are the annotations to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.annotations". - - It is up to Secret Store implementation for others store types. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels are the labels/tags to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store types. - type: object - type: - description: |- - Type is the SecretType for the connection secret. - - Only valid for Kubernetes Secret Stores. - type: string - type: object - name: - description: Name is the name of the connection secret. - type: string - required: - - name - type: object - writeConnectionSecretToRef: - description: |- - WriteConnectionSecretToReference specifies the namespace and name of a - Secret to which any connection details for this managed resource should - be written. Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsTo. Currently, both could be set independently - and connection details would be published to both without affecting - each other. - properties: - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - name - - namespace - type: object - required: - - forProvider - type: object - status: - description: DeviceStatus defines the observed state of Device. - properties: - atProvider: - properties: - blocked: - description: If a device is blocked, connections or requests from - this device will fail. - type: boolean - config: - description: |- - The most recent device configuration, which is eventually sent from Cloud IoT Core to the device. - Structure is documented below. - items: - properties: - binaryData: - description: The device configuration data. - type: string - cloudUpdateTime: - description: |- - (Output) - The time at which this configuration version was updated in Cloud IoT Core. - type: string - deviceAckTime: - description: |- - (Output) - The time at which Cloud IoT Core received the acknowledgment from the device, - indicating that the device has received this configuration version. - type: string - version: - description: |- - (Output) - The version of this update. - type: string - type: object - type: array - credentials: - description: |- - The credentials used to authenticate this device. - Structure is documented below. - items: - properties: - expirationTime: - description: The time at which this credential becomes invalid. - type: string - publicKey: - description: |- - A public key used to verify the signature of JSON Web Tokens (JWTs). - Structure is documented below. - items: - properties: - format: - description: |- - The format of the key. - Possible values are: RSA_PEM, RSA_X509_PEM, ES256_PEM, ES256_X509_PEM. - type: string - key: - description: The key data. - type: string - type: object - type: array - type: object - type: array - gatewayConfig: - description: |- - Gateway-related configuration and state. - Structure is documented below. - items: - properties: - gatewayAuthMethod: - description: |- - Indicates whether the device is a gateway. - Possible values are: ASSOCIATION_ONLY, DEVICE_AUTH_TOKEN_ONLY, ASSOCIATION_AND_DEVICE_AUTH_TOKEN. - type: string - gatewayType: - description: |- - Indicates whether the device is a gateway. - Default value is NON_GATEWAY. - Possible values are: GATEWAY, NON_GATEWAY. - type: string - lastAccessedGatewayId: - description: |- - (Output) - The ID of the gateway the device accessed most recently. - type: string - lastAccessedGatewayTime: - description: |- - (Output) - The most recent time at which the device accessed the gateway specified in last_accessed_gateway. - type: string - type: object - type: array - id: - description: an identifier for the resource with format {{registry}}/devices/{{name}} - type: string - lastConfigAckTime: - description: The last time a cloud-to-device config version acknowledgment - was received from the device. - type: string - lastConfigSendTime: - description: The last time a cloud-to-device config version was - sent to the device. - type: string - lastErrorStatus: - description: |- - The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub. - Structure is documented below. - items: - properties: - details: - description: A list of messages that carry the error details. - items: - type: string - type: array - message: - description: A developer-facing error message, which should - be in English. - type: string - number: - description: The status code, which should be an enum value - of google.rpc.Code. - type: number - type: object - type: array - lastErrorTime: - description: The time the most recent error occurred, such as - a failure to publish to Cloud Pub/Sub. - type: string - lastEventTime: - description: The last time a telemetry event was received. - type: string - lastHeartbeatTime: - description: The last time an MQTT PINGREQ was received. - type: string - lastStateTime: - description: The last time a state event was received. - type: string - logLevel: - description: |- - The logging verbosity for device activity. - Possible values are: NONE, ERROR, INFO, DEBUG. - type: string - metadata: - additionalProperties: - type: string - description: The metadata key-value pairs assigned to the device. - type: object - x-kubernetes-map-type: granular - numId: - description: |- - A server-defined unique numeric ID for the device. - This is a more compact way to identify devices, and it is globally unique. - type: string - registry: - description: The name of the device registry where this device - should be created. - type: string - state: - description: |- - The state most recently received from the device. - Structure is documented below. - items: - properties: - binaryData: - description: The device state data. - type: string - updateTime: - description: The time at which this state version was updated - in Cloud IoT Core. - type: string - type: object - type: array - type: object - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/package/crds/cloudiot.gcp.upbound.io_registries.yaml b/package/crds/cloudiot.gcp.upbound.io_registries.yaml deleted file mode 100644 index 688a49251..000000000 --- a/package/crds/cloudiot.gcp.upbound.io_registries.yaml +++ /dev/null @@ -1,704 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: registries.cloudiot.gcp.upbound.io -spec: - group: cloudiot.gcp.upbound.io - names: - categories: - - crossplane - - managed - - gcp - kind: Registry - listKind: RegistryList - plural: registries - singular: registry - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .metadata.annotations.crossplane\.io/external-name - name: EXTERNAL-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Registry is the Schema for the Registrys API. A Google Cloud - IoT Core device registry. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RegistrySpec defines the desired state of Registry - properties: - deletionPolicy: - default: Delete - description: |- - DeletionPolicy specifies what will happen to the underlying external - when this managed resource is deleted - either "Delete" or "Orphan" the - external resource. - This field is planned to be deprecated in favor of the ManagementPolicies - field in a future release. Currently, both could be set independently and - non-default values would be honored if the feature flag is enabled. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - enum: - - Orphan - - Delete - type: string - forProvider: - properties: - credentials: - description: |- - List of public key certificates to authenticate devices. - The structure is documented below. - items: - properties: - publicKeyCertificate: - additionalProperties: - type: string - description: A public key certificate format and data. - type: object - type: object - type: array - eventNotificationConfigs: - description: |- - List of configurations for event notifications, such as PubSub topics - to publish device events to. - Structure is documented below. - items: - properties: - pubsubTopicName: - description: PubSub topic name to publish device events. - type: string - pubsubTopicNameRef: - description: Reference to a Topic in pubsub to populate - pubsubTopicName. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - pubsubTopicNameSelector: - description: Selector for a Topic in pubsub to populate - pubsubTopicName. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching - labels is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object - subfolderMatches: - description: |- - If the subfolder name matches this string exactly, this - configuration will be used. The string must not include the - leading '/' character. If empty, all strings are matched. Empty - value can only be used for the last event_notification_configs - item. - type: string - type: object - type: array - httpConfig: - additionalProperties: - type: string - description: |- - Activate or deactivate HTTP. - The structure is documented below. - type: object - logLevel: - description: |- - The default logging verbosity for activity from devices in this - registry. Specifies which events should be written to logs. For - example, if the LogLevel is ERROR, only events that terminate in - errors will be logged. LogLevel is inclusive; enabling INFO logging - will also enable ERROR logging. - Default value is NONE. - Possible values are: NONE, ERROR, INFO, DEBUG. - type: string - mqttConfig: - additionalProperties: - type: string - description: |- - Activate or deactivate MQTT. - The structure is documented below. - type: object - name: - description: A unique name for the resource, required by device - registry. - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - region: - description: |- - The region in which the created registry should reside. - If it is not provided, the provider region is used. - type: string - stateNotificationConfig: - additionalProperties: - type: string - description: |- - A PubSub topic to publish device state updates. - The structure is documented below. - type: object - type: object - initProvider: - description: |- - THIS IS A BETA FIELD. It will be honored - unless the Management Policies feature flag is disabled. - InitProvider holds the same fields as ForProvider, with the exception - of Identifier and other resource reference fields. The fields that are - in InitProvider are merged into ForProvider when the resource is created. - The same fields are also added to the terraform ignore_changes hook, to - avoid updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after creation, - for example because of an external controller is managing them, like an - autoscaler. - properties: - credentials: - description: |- - List of public key certificates to authenticate devices. - The structure is documented below. - items: - properties: - publicKeyCertificate: - additionalProperties: - type: string - description: A public key certificate format and data. - type: object - type: object - type: array - eventNotificationConfigs: - description: |- - List of configurations for event notifications, such as PubSub topics - to publish device events to. - Structure is documented below. - items: - properties: - pubsubTopicName: - description: PubSub topic name to publish device events. - type: string - pubsubTopicNameRef: - description: Reference to a Topic in pubsub to populate - pubsubTopicName. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - pubsubTopicNameSelector: - description: Selector for a Topic in pubsub to populate - pubsubTopicName. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching - labels is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object - subfolderMatches: - description: |- - If the subfolder name matches this string exactly, this - configuration will be used. The string must not include the - leading '/' character. If empty, all strings are matched. Empty - value can only be used for the last event_notification_configs - item. - type: string - type: object - type: array - httpConfig: - additionalProperties: - type: string - description: |- - Activate or deactivate HTTP. - The structure is documented below. - type: object - logLevel: - description: |- - The default logging verbosity for activity from devices in this - registry. Specifies which events should be written to logs. For - example, if the LogLevel is ERROR, only events that terminate in - errors will be logged. LogLevel is inclusive; enabling INFO logging - will also enable ERROR logging. - Default value is NONE. - Possible values are: NONE, ERROR, INFO, DEBUG. - type: string - mqttConfig: - additionalProperties: - type: string - description: |- - Activate or deactivate MQTT. - The structure is documented below. - type: object - name: - description: A unique name for the resource, required by device - registry. - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - region: - description: |- - The region in which the created registry should reside. - If it is not provided, the provider region is used. - type: string - stateNotificationConfig: - additionalProperties: - type: string - description: |- - A PubSub topic to publish device state updates. - The structure is documented below. - type: object - type: object - managementPolicies: - default: - - '*' - description: |- - THIS IS A BETA FIELD. It is on by default but can be opted out - through a Crossplane feature flag. - ManagementPolicies specify the array of actions Crossplane is allowed to - take on the managed and external resources. - This field is planned to replace the DeletionPolicy field in a future - release. Currently, both could be set independently and non-default - values would be honored if the feature flag is enabled. If both are - custom, the DeletionPolicy field will be ignored. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md - items: - description: |- - A ManagementAction represents an action that the Crossplane controllers - can take on an external resource. - enum: - - Observe - - Create - - Update - - Delete - - LateInitialize - - '*' - type: string - type: array - providerConfigRef: - default: - name: default - description: |- - ProviderConfigReference specifies how the provider that will be used to - create, observe, update, and delete this managed resource should be - configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - publishConnectionDetailsTo: - description: |- - PublishConnectionDetailsTo specifies the connection secret config which - contains a name, metadata and a reference to secret store config to - which any connection details for this managed resource should be written. - Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - properties: - configRef: - default: - name: default - description: |- - SecretStoreConfigRef specifies which secret store config should be used - for this ConnectionSecret. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - metadata: - description: Metadata is the metadata for connection secret. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations are the annotations to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.annotations". - - It is up to Secret Store implementation for others store types. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels are the labels/tags to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store types. - type: object - type: - description: |- - Type is the SecretType for the connection secret. - - Only valid for Kubernetes Secret Stores. - type: string - type: object - name: - description: Name is the name of the connection secret. - type: string - required: - - name - type: object - writeConnectionSecretToRef: - description: |- - WriteConnectionSecretToReference specifies the namespace and name of a - Secret to which any connection details for this managed resource should - be written. Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsTo. Currently, both could be set independently - and connection details would be published to both without affecting - each other. - properties: - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - name - - namespace - type: object - required: - - forProvider - type: object - x-kubernetes-validations: - - message: spec.forProvider.name is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.name) - || (has(self.initProvider) && has(self.initProvider.name))' - status: - description: RegistryStatus defines the observed state of Registry. - properties: - atProvider: - properties: - credentials: - description: |- - List of public key certificates to authenticate devices. - The structure is documented below. - items: - properties: - publicKeyCertificate: - additionalProperties: - type: string - description: A public key certificate format and data. - type: object - type: object - type: array - eventNotificationConfigs: - description: |- - List of configurations for event notifications, such as PubSub topics - to publish device events to. - Structure is documented below. - items: - properties: - pubsubTopicName: - description: PubSub topic name to publish device events. - type: string - subfolderMatches: - description: |- - If the subfolder name matches this string exactly, this - configuration will be used. The string must not include the - leading '/' character. If empty, all strings are matched. Empty - value can only be used for the last event_notification_configs - item. - type: string - type: object - type: array - httpConfig: - additionalProperties: - type: string - description: |- - Activate or deactivate HTTP. - The structure is documented below. - type: object - id: - description: an identifier for the resource with format projects/{{project}}/locations/{{region}}/registries/{{name}} - type: string - logLevel: - description: |- - The default logging verbosity for activity from devices in this - registry. Specifies which events should be written to logs. For - example, if the LogLevel is ERROR, only events that terminate in - errors will be logged. LogLevel is inclusive; enabling INFO logging - will also enable ERROR logging. - Default value is NONE. - Possible values are: NONE, ERROR, INFO, DEBUG. - type: string - mqttConfig: - additionalProperties: - type: string - description: |- - Activate or deactivate MQTT. - The structure is documented below. - type: object - name: - description: A unique name for the resource, required by device - registry. - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - region: - description: |- - The region in which the created registry should reside. - If it is not provided, the provider region is used. - type: string - stateNotificationConfig: - additionalProperties: - type: string - description: |- - A PubSub topic to publish device state updates. - The structure is documented below. - type: object - type: object - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/package/crds/cloudplatform.gcp.upbound.io_folders.yaml b/package/crds/cloudplatform.gcp.upbound.io_folders.yaml index 7e4aca129..38e8c60ec 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_folders.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_folders.yaml @@ -448,6 +448,7 @@ spec: A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. type: string folderId: + description: The folder id from the name "folders/{folder_id}" type: string id: type: string diff --git a/package/crds/cloudplatform.gcp.upbound.io_projectiamcustomroles.yaml b/package/crds/cloudplatform.gcp.upbound.io_projectiamcustomroles.yaml index 29ef00e81..174ef277d 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_projectiamcustomroles.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_projectiamcustomroles.yaml @@ -85,7 +85,7 @@ spec: x-kubernetes-list-type: set project: description: |- - The project that the service account will be created in. + The project that the custom role will be created in. Defaults to the provider project configuration. type: string stage: @@ -123,7 +123,7 @@ spec: x-kubernetes-list-type: set project: description: |- - The project that the service account will be created in. + The project that the custom role will be created in. Defaults to the provider project configuration. type: string stage: @@ -341,7 +341,7 @@ spec: x-kubernetes-list-type: set project: description: |- - The project that the service account will be created in. + The project that the custom role will be created in. Defaults to the provider project configuration. type: string stage: diff --git a/package/crds/cloudplatform.gcp.upbound.io_projects.yaml b/package/crds/cloudplatform.gcp.upbound.io_projects.yaml index 9f60e10a8..992bb332c 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_projects.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_projects.yaml @@ -175,7 +175,10 @@ spec: labels: additionalProperties: type: string - description: A set of key/value label pairs to assign to the project. + description: |- + A set of key/value label pairs to assign to the project. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular name: @@ -313,7 +316,10 @@ spec: labels: additionalProperties: type: string - description: A set of key/value label pairs to assign to the project. + description: |- + A set of key/value label pairs to assign to the project. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular name: @@ -532,6 +538,11 @@ spec: See Google Cloud Billing API Access Control for more details. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular folderId: description: |- The numeric ID of the folder this project should be @@ -546,7 +557,10 @@ spec: labels: additionalProperties: type: string - description: A set of key/value label pairs to assign to the project. + description: |- + A set of key/value label pairs to assign to the project. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular name: @@ -571,6 +585,13 @@ spec: type: string skipDelete: type: boolean + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/cloudplatform.gcp.upbound.io_serviceaccounts.yaml b/package/crds/cloudplatform.gcp.upbound.io_serviceaccounts.yaml index 6627eefb4..e63c0171f 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_serviceaccounts.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_serviceaccounts.yaml @@ -73,6 +73,10 @@ spec: type: string forProvider: properties: + createIgnoreAlreadyExists: + description: If set to true, skip service account creation if + a service account with the same email already exists. + type: boolean description: description: |- A text description of the service account. @@ -107,6 +111,10 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + createIgnoreAlreadyExists: + description: If set to true, skip service account creation if + a service account with the same email already exists. + type: boolean description: description: |- A text description of the service account. @@ -300,6 +308,10 @@ spec: properties: atProvider: properties: + createIgnoreAlreadyExists: + description: If set to true, skip service account creation if + a service account with the same email already exists. + type: boolean description: description: |- A text description of the service account. diff --git a/package/crds/cloudrun.gcp.upbound.io_domainmappings.yaml b/package/crds/cloudrun.gcp.upbound.io_domainmappings.yaml index 03288915d..f5ad70fe4 100644 --- a/package/crds/cloudrun.gcp.upbound.io_domainmappings.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_domainmappings.yaml @@ -90,6 +90,8 @@ spec: may be set by external tools to store and retrieve arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations Note: The Cloud Run API may add additional annotations that were not provided in your config.ignore_changes rule to the metadata.0.annotations field. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. type: object x-kubernetes-map-type: granular labels: @@ -100,6 +102,8 @@ spec: (scope and select) objects. May match selectors of replication controllers and routes. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular namespace: @@ -324,6 +328,8 @@ spec: may be set by external tools to store and retrieve arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations Note: The Cloud Run API may add additional annotations that were not provided in your config.ignore_changes rule to the metadata.0.annotations field. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. type: object x-kubernetes-map-type: granular labels: @@ -334,6 +340,8 @@ spec: (scope and select) objects. May match selectors of replication controllers and routes. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular namespace: @@ -700,10 +708,6 @@ spec: rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.location) || (has(self.initProvider) && has(self.initProvider.location))' - - message: spec.forProvider.metadata is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.metadata) - || (has(self.initProvider) && has(self.initProvider.metadata))' - message: spec.forProvider.name is a required parameter rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.name) @@ -737,6 +741,18 @@ spec: may be set by external tools to store and retrieve arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations Note: The Cloud Run API may add additional annotations that were not provided in your config.ignore_changes rule to the metadata.0.annotations field. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + type: object + x-kubernetes-map-type: granular + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string type: object x-kubernetes-map-type: granular generation: @@ -752,6 +768,8 @@ spec: (scope and select) objects. May match selectors of replication controllers and routes. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular namespace: @@ -775,6 +793,15 @@ spec: (Output) SelfLink is a URL representing this object. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: |- (Output) diff --git a/package/crds/cloudrun.gcp.upbound.io_services.yaml b/package/crds/cloudrun.gcp.upbound.io_services.yaml index 6d5200c24..7d7e8950e 100644 --- a/package/crds/cloudrun.gcp.upbound.io_services.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_services.yaml @@ -2015,6 +2015,16 @@ spec: keys to configure features on a Revision template: type: object x-kubernetes-map-type: granular + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular generation: description: |- (Output) @@ -2047,6 +2057,15 @@ spec: (Output) SelfLink is a URL representing this object. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: |- (Output) diff --git a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml index bd16ea53a..693dd4191 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml @@ -78,8 +78,8 @@ spec: type: string description: |- Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - All system annotations in v1 now have a corresponding field in v2 Job. + Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules. type: object x-kubernetes-map-type: granular @@ -111,10 +111,11 @@ spec: additionalProperties: type: string description: |- - Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - All system labels in v1 now have a corresponding field in v2 Job. + All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. type: object x-kubernetes-map-type: granular launchStage: @@ -226,7 +227,18 @@ spec: description: Volume's name. type: string value: - description: The header field value + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any route environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "", and the maximum + length is 32768 bytes' type: string valueSource: description: |- @@ -345,86 +357,6 @@ spec: Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images' type: string - livenessProbe: - description: |- - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. - items: - properties: - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - type: number - httpGet: - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - httpHeaders: - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - items: - properties: - name: - description: Volume's name. - type: string - value: - description: The header field - value - type: string - type: object - type: array - path: - description: The relative path of - the secret in the container. - type: string - type: object - type: array - initialDelaySeconds: - description: 'Number of seconds after - the container has started before the - probe is initiated. Defaults to 0 seconds. - Minimum value is 0. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. Must be greater - or equal than timeoutSeconds - type: number - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - port: - description: Port number to access - on the container. Must be in the - range 1 to 65535. If not specified, - defaults to 8080. - type: number - type: object - type: array - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. Maximum - value is 3600. Must be smaller than - periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - type: object - type: array name: description: Volume's name. type: string @@ -455,96 +387,17 @@ spec: additionalProperties: type: string description: 'Only memory and CPU are - supported. Note: The only supported - values for CPU are ''1'', ''2'', ''4'', - and ''8''. Setting 4 CPU requires at - least 2Gi of memory. The values of the - map is string form of the ''quantity'' - k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + supported. Use key cpu for CPU limit + and memory for memory limit. Note: The + only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU + requires at least 2Gi of memory. The + values of the map is string form of + the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular type: object type: array - startupProbe: - description: |- - Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. - items: - properties: - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - type: number - httpGet: - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - httpHeaders: - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - items: - properties: - name: - description: Volume's name. - type: string - value: - description: The header field - value - type: string - type: object - type: array - path: - description: The relative path of - the secret in the container. - type: string - type: object - type: array - initialDelaySeconds: - description: 'Number of seconds after - the container has started before the - probe is initiated. Defaults to 0 seconds. - Minimum value is 0. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. Must be greater - or equal than timeoutSeconds - type: number - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - port: - description: Port number to access - on the container. Must be in the - range 1 to 65535. If not specified, - defaults to 8080. - type: number - type: object - type: array - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. Maximum - value is 3600. Must be smaller than - periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - type: object - type: array volumeMounts: description: |- Volume to mount into the container's filesystem. @@ -769,12 +622,40 @@ spec: Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. type: string + networkInterfaces: + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. + items: + properties: + network: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + type: string + subnetwork: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + type: string + tags: + description: Network tags applied to this + Cloud Run job. + items: + type: string + type: array + type: object + type: array type: object type: array type: object type: array type: object type: array + required: + - location type: object initProvider: description: |- @@ -794,8 +675,8 @@ spec: type: string description: |- Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - All system annotations in v1 now have a corresponding field in v2 Job. + Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules. type: object x-kubernetes-map-type: granular @@ -827,10 +708,11 @@ spec: additionalProperties: type: string description: |- - Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - All system labels in v1 now have a corresponding field in v2 Job. + All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. type: object x-kubernetes-map-type: granular launchStage: @@ -939,7 +821,18 @@ spec: description: Volume's name. type: string value: - description: The header field value + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any route environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "", and the maximum + length is 32768 bytes' type: string valueSource: description: |- @@ -1058,86 +951,6 @@ spec: Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images' type: string - livenessProbe: - description: |- - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. - items: - properties: - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - type: number - httpGet: - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - httpHeaders: - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - items: - properties: - name: - description: Volume's name. - type: string - value: - description: The header field - value - type: string - type: object - type: array - path: - description: The relative path of - the secret in the container. - type: string - type: object - type: array - initialDelaySeconds: - description: 'Number of seconds after - the container has started before the - probe is initiated. Defaults to 0 seconds. - Minimum value is 0. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. Must be greater - or equal than timeoutSeconds - type: number - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - port: - description: Port number to access - on the container. Must be in the - range 1 to 65535. If not specified, - defaults to 8080. - type: number - type: object - type: array - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. Maximum - value is 3600. Must be smaller than - periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - type: object - type: array name: description: Volume's name. type: string @@ -1168,96 +981,17 @@ spec: additionalProperties: type: string description: 'Only memory and CPU are - supported. Note: The only supported - values for CPU are ''1'', ''2'', ''4'', - and ''8''. Setting 4 CPU requires at - least 2Gi of memory. The values of the - map is string form of the ''quantity'' - k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + supported. Use key cpu for CPU limit + and memory for memory limit. Note: The + only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU + requires at least 2Gi of memory. The + values of the map is string form of + the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular type: object type: array - startupProbe: - description: |- - Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. - items: - properties: - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - type: number - httpGet: - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - httpHeaders: - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - items: - properties: - name: - description: Volume's name. - type: string - value: - description: The header field - value - type: string - type: object - type: array - path: - description: The relative path of - the secret in the container. - type: string - type: object - type: array - initialDelaySeconds: - description: 'Number of seconds after - the container has started before the - probe is initiated. Defaults to 0 seconds. - Minimum value is 0. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. Must be greater - or equal than timeoutSeconds - type: number - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - port: - description: Port number to access - on the container. Must be in the - range 1 to 65535. If not specified, - defaults to 8080. - type: number - type: object - type: array - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. Maximum - value is 3600. Must be smaller than - periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - type: object - type: array volumeMounts: description: |- Volume to mount into the container's filesystem. @@ -1482,6 +1216,32 @@ spec: Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. type: string + networkInterfaces: + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. + items: + properties: + network: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + type: string + subnetwork: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + type: string + tags: + description: Network tags applied to this + Cloud Run job. + items: + type: string + type: array + type: object + type: array type: object type: array type: object @@ -1671,8 +1431,8 @@ spec: type: string description: |- Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. - Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. - All system annotations in v1 now have a corresponding field in v2 Job. + Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules. type: object x-kubernetes-map-type: granular @@ -1749,6 +1509,25 @@ spec: type: string type: object type: array + createTime: + description: The creation time. + type: string + creator: + description: Email address of the authenticated creator. + type: string + deleteTime: + description: The deletion time. + type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular etag: description: A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during @@ -1757,6 +1536,10 @@ spec: executionCount: description: Number of executions created for this job. type: number + expireTime: + description: For a deleted resource, the time after which it will + be permamently deleted. + type: string generation: description: A number that monotonically increases every time the user modifies the desired state. @@ -1768,12 +1551,16 @@ spec: additionalProperties: type: string description: |- - Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, - environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. - All system labels in v1 now have a corresponding field in v2 Job. + All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. type: object x-kubernetes-map-type: granular + lastModifier: + description: Email address of the last authenticated modifier. + type: string latestCreatedExecution: description: |- Name of the last created execution. @@ -1920,7 +1707,18 @@ spec: description: Volume's name. type: string value: - description: The header field value + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any route environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "", and the maximum + length is 32768 bytes' type: string valueSource: description: |- @@ -1957,86 +1755,6 @@ spec: Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images' type: string - livenessProbe: - description: |- - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. - items: - properties: - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - type: number - httpGet: - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - httpHeaders: - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - items: - properties: - name: - description: Volume's name. - type: string - value: - description: The header field - value - type: string - type: object - type: array - path: - description: The relative path of - the secret in the container. - type: string - type: object - type: array - initialDelaySeconds: - description: 'Number of seconds after - the container has started before the - probe is initiated. Defaults to 0 seconds. - Minimum value is 0. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. Must be greater - or equal than timeoutSeconds - type: number - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - port: - description: Port number to access - on the container. Must be in the - range 1 to 65535. If not specified, - defaults to 8080. - type: number - type: object - type: array - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. Maximum - value is 3600. Must be smaller than - periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - type: object - type: array name: description: Volume's name. type: string @@ -2067,96 +1785,17 @@ spec: additionalProperties: type: string description: 'Only memory and CPU are - supported. Note: The only supported - values for CPU are ''1'', ''2'', ''4'', - and ''8''. Setting 4 CPU requires at - least 2Gi of memory. The values of the - map is string form of the ''quantity'' - k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + supported. Use key cpu for CPU limit + and memory for memory limit. Note: The + only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU + requires at least 2Gi of memory. The + values of the map is string form of + the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular type: object type: array - startupProbe: - description: |- - Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - Structure is documented below. - items: - properties: - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - type: number - httpGet: - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - httpHeaders: - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - Structure is documented below. - items: - properties: - name: - description: Volume's name. - type: string - value: - description: The header field - value - type: string - type: object - type: array - path: - description: The relative path of - the secret in the container. - type: string - type: object - type: array - initialDelaySeconds: - description: 'Number of seconds after - the container has started before the - probe is initiated. Defaults to 0 seconds. - Minimum value is 0. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. Maximum value for - liveness probe is 3600. Maximum value - for startup probe is 240. Must be greater - or equal than timeoutSeconds - type: number - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - Structure is documented below. - items: - properties: - port: - description: Port number to access - on the container. Must be in the - range 1 to 65535. If not specified, - defaults to 8080. - type: number - type: object - type: array - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. Maximum - value is 3600. Must be smaller than - periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: number - type: object - type: array volumeMounts: description: |- Volume to mount into the container's filesystem. @@ -2304,6 +1943,32 @@ spec: Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. type: string + networkInterfaces: + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. + items: + properties: + network: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + type: string + subnetwork: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + type: string + tags: + description: Network tags applied to this + Cloud Run job. + items: + type: string + type: array + type: object + type: array type: object type: array type: object @@ -2359,11 +2024,22 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. type: string + updateTime: + description: The last-modified time. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml index 45fa147be..c6f5eafdb 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml @@ -108,6 +108,13 @@ spec: clientVersion: description: Arbitrary version identifier for the API client. type: string + customAudiences: + description: |- + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + items: + type: string + type: array description: description: User-provided description of the Service. This field currently has a 512-character limit. @@ -191,6 +198,14 @@ spec: items: type: string type: array + dependsOn: + description: Containers which should be started before + this container. If specified the container will + wait to start until all containers with the listed + names are healthy. + items: + type: string + type: array env: description: |- List of environment variables to set in the container. @@ -334,10 +349,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number service: description: |- @@ -368,14 +383,14 @@ spec: type: object type: array path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -401,10 +416,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -444,17 +459,19 @@ spec: items: properties: cpuIdle: - description: Determines whether CPU should be - throttled or not outside of requests. + description: |- + Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + resources is set, this field must be explicitly set to true to preserve the default behavior. type: boolean limits: additionalProperties: type: string description: 'Only memory and CPU are supported. - Note: The only supported values for CPU are - ''1'', ''2'', ''4'', and ''8''. Setting 4 - CPU requires at least 2Gi of memory. The values - of the map is string form of the ''quantity'' + Use key cpu for CPU limit and memory for memory + limit. Note: The only supported values for + CPU are ''1'', ''2'', ''4'', and ''8''. Setting + 4 CPU requires at least 2Gi of memory. The + values of the map is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular @@ -485,10 +502,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number service: description: |- @@ -519,14 +536,14 @@ spec: type: object type: array path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -552,10 +569,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -678,11 +695,123 @@ spec: items: type: string type: array + x-kubernetes-list-type: set + type: object + type: array + gcs: + description: |- + Represents a GCS Bucket mounted as a volume. + Structure is documented below. + items: + properties: + bucket: + description: GCS Bucket name + type: string + bucketRef: + description: Reference to a Bucket in storage + to populate bucket. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + bucketSelector: + description: Selector for a Bucket in storage + to populate bucket. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object + with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + readOnly: + description: If true, mount the NFS volume as + read only + type: boolean type: object type: array name: description: Volume's name. type: string + nfs: + description: |- + Represents an NFS mount. + Structure is documented below. + items: + properties: + path: + description: Path that is exported by the NFS + server. + type: string + readOnly: + description: If true, mount the NFS volume as + read only + type: boolean + server: + description: Hostname or IP address of the NFS + server + type: string + type: object + type: array secret: description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -709,8 +838,8 @@ spec: the Volume's default mode will be used. type: number path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string version: description: The Cloud Secret Manager @@ -820,6 +949,32 @@ spec: Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. type: string + networkInterfaces: + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. + items: + properties: + network: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + type: string + subnetwork: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + type: string + tags: + description: Network tags applied to this Cloud + Run service. + items: + type: string + type: array + type: object + type: array type: object type: array type: object @@ -849,6 +1004,8 @@ spec: type: string type: object type: array + required: + - location type: object initProvider: description: |- @@ -897,6 +1054,13 @@ spec: clientVersion: description: Arbitrary version identifier for the API client. type: string + customAudiences: + description: |- + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + items: + type: string + type: array description: description: User-provided description of the Service. This field currently has a 512-character limit. @@ -977,6 +1141,14 @@ spec: items: type: string type: array + dependsOn: + description: Containers which should be started before + this container. If specified the container will + wait to start until all containers with the listed + names are healthy. + items: + type: string + type: array env: description: |- List of environment variables to set in the container. @@ -1120,10 +1292,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number service: description: |- @@ -1154,14 +1326,14 @@ spec: type: object type: array path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -1187,10 +1359,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -1230,17 +1402,19 @@ spec: items: properties: cpuIdle: - description: Determines whether CPU should be - throttled or not outside of requests. + description: |- + Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + resources is set, this field must be explicitly set to true to preserve the default behavior. type: boolean limits: additionalProperties: type: string description: 'Only memory and CPU are supported. - Note: The only supported values for CPU are - ''1'', ''2'', ''4'', and ''8''. Setting 4 - CPU requires at least 2Gi of memory. The values - of the map is string form of the ''quantity'' + Use key cpu for CPU limit and memory for memory + limit. Note: The only supported values for + CPU are ''1'', ''2'', ''4'', and ''8''. Setting + 4 CPU requires at least 2Gi of memory. The + values of the map is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular @@ -1271,10 +1445,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number service: description: |- @@ -1305,14 +1479,14 @@ spec: type: object type: array path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -1338,10 +1512,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -1464,11 +1638,123 @@ spec: items: type: string type: array + x-kubernetes-list-type: set + type: object + type: array + gcs: + description: |- + Represents a GCS Bucket mounted as a volume. + Structure is documented below. + items: + properties: + bucket: + description: GCS Bucket name + type: string + bucketRef: + description: Reference to a Bucket in storage + to populate bucket. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + bucketSelector: + description: Selector for a Bucket in storage + to populate bucket. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object + with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + readOnly: + description: If true, mount the NFS volume as + read only + type: boolean type: object type: array name: description: Volume's name. type: string + nfs: + description: |- + Represents an NFS mount. + Structure is documented below. + items: + properties: + path: + description: Path that is exported by the NFS + server. + type: string + readOnly: + description: If true, mount the NFS volume as + read only + type: boolean + server: + description: Hostname or IP address of the NFS + server + type: string + type: object + type: array secret: description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -1495,8 +1781,8 @@ spec: the Volume's default mode will be used. type: number path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string version: description: The Cloud Secret Manager @@ -1606,6 +1892,32 @@ spec: Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. type: string + networkInterfaces: + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. + items: + properties: + network: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + type: string + subnetwork: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + type: string + tags: + description: Network tags applied to this Cloud + Run service. + items: + type: string + type: array + type: object + type: array type: object type: array type: object @@ -1896,15 +2208,45 @@ spec: type: string type: object type: array + createTime: + description: The creation time. + type: string + creator: + description: Email address of the authenticated creator. + type: string + customAudiences: + description: |- + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + items: + type: string + type: array + deleteTime: + description: The deletion time. + type: string description: description: User-provided description of the Service. This field currently has a 512-character limit. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular etag: description: A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. type: string + expireTime: + description: For a deleted resource, the time after which it will + be permamently deleted. + type: string generation: description: A number that monotonically increases every time the user modifies the desired state. Please note that unlike @@ -1929,6 +2271,9 @@ spec: All system labels in v1 now have a corresponding field in v2 RevisionTemplate. type: object x-kubernetes-map-type: granular + lastModifier: + description: Email address of the last authenticated modifier. + type: string latestCreatedRevision: description: Name of the last created revision. See comments in reconciling for additional information on reconciliation process @@ -2017,6 +2362,14 @@ spec: items: type: string type: array + dependsOn: + description: Containers which should be started before + this container. If specified the container will + wait to start until all containers with the listed + names are healthy. + items: + type: string + type: array env: description: |- List of environment variables to set in the container. @@ -2082,10 +2435,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number service: description: |- @@ -2116,14 +2469,14 @@ spec: type: object type: array path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -2149,10 +2502,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -2192,17 +2545,19 @@ spec: items: properties: cpuIdle: - description: Determines whether CPU should be - throttled or not outside of requests. + description: |- + Determines whether CPU is only allocated during requests. True by default if the parent resources field is not set. However, if + resources is set, this field must be explicitly set to true to preserve the default behavior. type: boolean limits: additionalProperties: type: string description: 'Only memory and CPU are supported. - Note: The only supported values for CPU are - ''1'', ''2'', ''4'', and ''8''. Setting 4 - CPU requires at least 2Gi of memory. The values - of the map is string form of the ''quantity'' + Use key cpu for CPU limit and memory for memory + limit. Note: The only supported values for + CPU are ''1'', ''2'', ''4'', and ''8''. Setting + 4 CPU requires at least 2Gi of memory. The + values of the map is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular @@ -2233,10 +2588,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number service: description: |- @@ -2267,14 +2622,14 @@ spec: type: object type: array path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -2300,10 +2655,10 @@ spec: items: properties: port: - description: Port number to access on - the container. Must be in the range - 1 to 65535. If not specified, defaults - to 8080. + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. type: number type: object type: array @@ -2426,11 +2781,47 @@ spec: items: type: string type: array + x-kubernetes-list-type: set + type: object + type: array + gcs: + description: |- + Represents a GCS Bucket mounted as a volume. + Structure is documented below. + items: + properties: + bucket: + description: GCS Bucket name + type: string + readOnly: + description: If true, mount the NFS volume as + read only + type: boolean type: object type: array name: description: Volume's name. type: string + nfs: + description: |- + Represents an NFS mount. + Structure is documented below. + items: + properties: + path: + description: Path that is exported by the NFS + server. + type: string + readOnly: + description: If true, mount the NFS volume as + read only + type: boolean + server: + description: Hostname or IP address of the NFS + server + type: string + type: object + type: array secret: description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -2457,8 +2848,8 @@ spec: the Volume's default mode will be used. type: number path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string version: description: The Cloud Secret Manager @@ -2492,6 +2883,32 @@ spec: Traffic VPC egress settings. Possible values are: ALL_TRAFFIC, PRIVATE_RANGES_ONLY. type: string + networkInterfaces: + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + Structure is documented below. + items: + properties: + network: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + type: string + subnetwork: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + type: string + tags: + description: Network tags applied to this Cloud + Run service. + items: + type: string + type: array + type: object + type: array type: object type: array type: object @@ -2544,6 +2961,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular traffic: description: |- Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. @@ -2607,6 +3032,9 @@ spec: The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. type: string + updateTime: + description: The last-modified time. + type: string uri: description: The main URI in which this Service is serving traffic. type: string diff --git a/package/crds/composer.gcp.upbound.io_environments.yaml b/package/crds/composer.gcp.upbound.io_environments.yaml index 3b3ffe3db..d185cdf29 100644 --- a/package/crds/composer.gcp.upbound.io_environments.yaml +++ b/package/crds/composer.gcp.upbound.io_environments.yaml @@ -78,6 +78,28 @@ spec: is documented below. items: properties: + dataRetentionConfig: + description: |- + Configuration setting for airflow data rentention mechanism. Structure is + documented below. + items: + properties: + taskLogsRetentionConfig: + description: |- + The configuration setting for Task Logs. Structure is + documented below. + items: + properties: + storageMode: + description: |- + The mode of storage for Airflow workers task logs. Values for storage mode are + CLOUD_LOGGING_ONLY to only store logs in cloud logging and + CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + type: string + type: object + type: array + type: object + type: array databaseConfig: description: |- The configuration settings for Cloud SQL instance used internally @@ -91,6 +113,13 @@ spec: Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values. type: string + zone: + description: |- + The Compute Engine zone in which to deploy the VMs running the + Apache Airflow software, specified as the zone name or + relative resource name (e.g. "projects/{project}/zones/{zone}"). Must + belong to the enclosing environment's project and region. + type: string type: object type: array encryptionConfig: @@ -152,8 +181,8 @@ spec: items: properties: cidrBlock: - description: '`cidr_block< must be specified - in CIDR notation.' + description: cidr_block must be specified in + CIDR notation. type: string displayName: description: display_name is a field for users @@ -538,6 +567,11 @@ spec: tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block type: string + connectionType: + description: |- + Mode of internal communication within the Composer environment. Must be one + of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". + type: string enablePrivateEndpoint: description: |- If true, access to the public endpoint of the GKE cluster is denied. @@ -717,6 +751,24 @@ spec: type: number type: object type: array + triggerer: + description: Configuration for resources used by Airflow + triggerer. + items: + properties: + count: + description: The number of Airflow triggerers. + type: number + cpu: + description: The number of CPUs for a single + Airflow worker. + type: number + memoryGb: + description: The amount of memory (GB) for a + single Airflow worker. + type: number + type: object + type: array webServer: description: Configuration for resources used by Airflow web server. @@ -869,6 +921,17 @@ spec: region: description: The location or Compute Engine region for the environment. type: string + storageConfig: + description: Configuration options for storage used by Composer + environment. Structure is documented below. + items: + properties: + bucket: + description: Name of an existing Cloud Storage bucket to + be used by the environment. + type: string + type: object + type: array required: - region type: object @@ -890,6 +953,28 @@ spec: is documented below. items: properties: + dataRetentionConfig: + description: |- + Configuration setting for airflow data rentention mechanism. Structure is + documented below. + items: + properties: + taskLogsRetentionConfig: + description: |- + The configuration setting for Task Logs. Structure is + documented below. + items: + properties: + storageMode: + description: |- + The mode of storage for Airflow workers task logs. Values for storage mode are + CLOUD_LOGGING_ONLY to only store logs in cloud logging and + CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + type: string + type: object + type: array + type: object + type: array databaseConfig: description: |- The configuration settings for Cloud SQL instance used internally @@ -903,6 +988,13 @@ spec: Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values. type: string + zone: + description: |- + The Compute Engine zone in which to deploy the VMs running the + Apache Airflow software, specified as the zone name or + relative resource name (e.g. "projects/{project}/zones/{zone}"). Must + belong to the enclosing environment's project and region. + type: string type: object type: array encryptionConfig: @@ -964,8 +1056,8 @@ spec: items: properties: cidrBlock: - description: '`cidr_block< must be specified - in CIDR notation.' + description: cidr_block must be specified in + CIDR notation. type: string displayName: description: display_name is a field for users @@ -1350,6 +1442,11 @@ spec: tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block type: string + connectionType: + description: |- + Mode of internal communication within the Composer environment. Must be one + of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". + type: string enablePrivateEndpoint: description: |- If true, access to the public endpoint of the GKE cluster is denied. @@ -1529,6 +1626,24 @@ spec: type: number type: object type: array + triggerer: + description: Configuration for resources used by Airflow + triggerer. + items: + properties: + count: + description: The number of Airflow triggerers. + type: number + cpu: + description: The number of CPUs for a single + Airflow worker. + type: number + memoryGb: + description: The amount of memory (GB) for a + single Airflow worker. + type: number + type: object + type: array webServer: description: Configuration for resources used by Airflow web server. @@ -1678,6 +1793,17 @@ spec: type: string type: object type: object + storageConfig: + description: Configuration options for storage used by Composer + environment. Structure is documented below. + items: + properties: + bucket: + description: Name of an existing Cloud Storage bucket to + be used by the environment. + type: string + type: object + type: array type: object managementPolicies: default: @@ -1869,6 +1995,28 @@ spec: object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix. type: string + dataRetentionConfig: + description: |- + Configuration setting for airflow data rentention mechanism. Structure is + documented below. + items: + properties: + taskLogsRetentionConfig: + description: |- + The configuration setting for Task Logs. Structure is + documented below. + items: + properties: + storageMode: + description: |- + The mode of storage for Airflow workers task logs. Values for storage mode are + CLOUD_LOGGING_ONLY to only store logs in cloud logging and + CLOUD_LOGGING_AND_CLOUD_STORAGE to store logs in cloud logging and cloud storage. + type: string + type: object + type: array + type: object + type: array databaseConfig: description: |- The configuration settings for Cloud SQL instance used internally @@ -1882,6 +2030,13 @@ spec: Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values. type: string + zone: + description: |- + The Compute Engine zone in which to deploy the VMs running the + Apache Airflow software, specified as the zone name or + relative resource name (e.g. "projects/{project}/zones/{zone}"). Must + belong to the enclosing environment's project and region. + type: string type: object type: array encryptionConfig: @@ -1947,8 +2102,8 @@ spec: items: properties: cidrBlock: - description: '`cidr_block< must be specified - in CIDR notation.' + description: cidr_block must be specified in + CIDR notation. type: string displayName: description: display_name is a field for users @@ -2105,6 +2260,11 @@ spec: tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block type: string + connectionType: + description: |- + Mode of internal communication within the Composer environment. Must be one + of "VPC_PEERING" or "PRIVATE_SERVICE_CONNECT". + type: string enablePrivateEndpoint: description: |- If true, access to the public endpoint of the GKE cluster is denied. @@ -2284,6 +2444,24 @@ spec: type: number type: object type: array + triggerer: + description: Configuration for resources used by Airflow + triggerer. + items: + properties: + count: + description: The number of Airflow triggerers. + type: number + cpu: + description: The number of CPUs for a single + Airflow worker. + type: number + memoryGb: + description: The amount of memory (GB) for a + single Airflow worker. + type: number + type: object + type: array webServer: description: Configuration for resources used by Airflow web server. @@ -2337,6 +2515,11 @@ spec: type: array type: object type: array + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{region}}/environments/{{name}} type: string @@ -2363,6 +2546,24 @@ spec: region: description: The location or Compute Engine region for the environment. type: string + storageConfig: + description: Configuration options for storage used by Composer + environment. Structure is documented below. + items: + properties: + bucket: + description: Name of an existing Cloud Storage bucket to + be used by the environment. + type: string + type: object + type: array + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_addresses.yaml b/package/crds/compute.gcp.upbound.io_addresses.yaml index 9639b8dd9..0eaa22bb2 100644 --- a/package/crds/compute.gcp.upbound.io_addresses.yaml +++ b/package/crds/compute.gcp.upbound.io_addresses.yaml @@ -101,6 +101,13 @@ spec: the external IPv6 address reservation. Possible values are: VM, NETLB. type: string + labels: + additionalProperties: + type: string + description: Labels to apply to this address. A list of key->value + pairs. + type: object + x-kubernetes-map-type: granular network: description: |- The URL of the network in which to reserve the address. This field @@ -331,6 +338,13 @@ spec: the external IPv6 address reservation. Possible values are: VM, NETLB. type: string + labels: + additionalProperties: + type: string + description: Labels to apply to this address. A list of key->value + pairs. + type: object + x-kubernetes-map-type: granular network: description: |- The URL of the network in which to reserve the address. This field @@ -704,6 +718,12 @@ spec: description: description: An optional description of this resource. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/addresses/{{name}} type: string @@ -719,6 +739,18 @@ spec: the external IPv6 address reservation. Possible values are: VM, NETLB. type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + labels: + additionalProperties: + type: string + description: Labels to apply to this address. A list of key->value + pairs. + type: object + x-kubernetes-map-type: granular network: description: |- The URL of the network in which to reserve the address. This field @@ -760,6 +792,14 @@ spec: This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular users: description: The URLs of the resources that are using this address. items: diff --git a/package/crds/compute.gcp.upbound.io_autoscalers.yaml b/package/crds/compute.gcp.upbound.io_autoscalers.yaml index afbb98c1a..82e7816ae 100644 --- a/package/crds/compute.gcp.upbound.io_autoscalers.yaml +++ b/package/crds/compute.gcp.upbound.io_autoscalers.yaml @@ -162,10 +162,7 @@ spec: allowed. type: number mode: - description: |- - Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. + description: Defines operating mode for this policy. type: string scaleInControl: description: |- @@ -438,10 +435,7 @@ spec: allowed. type: number mode: - description: |- - Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. + description: Defines operating mode for this policy. type: string scaleInControl: description: |- @@ -873,10 +867,7 @@ spec: allowed. type: number mode: - description: |- - Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. + description: Defines operating mode for this policy. type: string scaleInControl: description: |- diff --git a/package/crds/compute.gcp.upbound.io_backendservices.yaml b/package/crds/compute.gcp.upbound.io_backendservices.yaml index ed90da7e3..fdd600d03 100644 --- a/package/crds/compute.gcp.upbound.io_backendservices.yaml +++ b/package/crds/compute.gcp.upbound.io_backendservices.yaml @@ -676,7 +676,7 @@ spec: load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. - Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. type: string localityLbPolicies: description: |- @@ -763,8 +763,8 @@ spec: outlierDetection: description: |- Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. + Applicable backend service types can be a global backend service with the + loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below. items: properties: @@ -887,8 +887,10 @@ spec: description: |- The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. type: string securityPolicy: description: The security policy associated with this backend @@ -1525,7 +1527,7 @@ spec: load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. - Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. type: string localityLbPolicies: description: |- @@ -1612,8 +1614,8 @@ spec: outlierDetection: description: |- Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. + Applicable backend service types can be a global backend service with the + loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below. items: properties: @@ -1736,8 +1738,10 @@ spec: description: |- The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. type: string securityPolicy: description: The security policy associated with this backend @@ -2395,7 +2399,7 @@ spec: load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. - Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED. + Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED. type: string localityLbPolicies: description: |- @@ -2482,8 +2486,8 @@ spec: outlierDetection: description: |- Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. + Applicable backend service types can be a global backend service with the + loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below. items: properties: @@ -2606,8 +2610,10 @@ spec: description: |- The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC. + types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED. type: string securityPolicy: description: The security policy associated with this backend diff --git a/package/crds/compute.gcp.upbound.io_disks.yaml b/package/crds/compute.gcp.upbound.io_disks.yaml index 09593cb74..db07dd8cc 100644 --- a/package/crds/compute.gcp.upbound.io_disks.yaml +++ b/package/crds/compute.gcp.upbound.io_disks.yaml @@ -236,6 +236,11 @@ spec: type: object type: object type: array + enableConfidentialCompute: + description: |- + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + type: boolean guestOsFeatures: description: |- A list of features to enable on the guest operating system. @@ -523,6 +528,11 @@ spec: type: string type: object type: array + enableConfidentialCompute: + description: |- + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + type: boolean guestOsFeatures: description: |- A list of features to enable on the guest operating system. @@ -897,6 +907,21 @@ spec: type: string type: object type: array + diskId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular + enableConfidentialCompute: + description: |- + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + type: boolean guestOsFeatures: description: |- A list of features to enable on the guest operating system. @@ -1091,6 +1116,14 @@ spec: snapshot ID would identify the exact version of the snapshot that was used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: |- URL of the disk type resource describing which disk type to use to diff --git a/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml b/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml index 3517d0198..b72485544 100644 --- a/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml +++ b/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml @@ -99,7 +99,10 @@ spec: labels: additionalProperties: type: string - description: Labels for the external VPN gateway resource. + description: |- + Labels for the external VPN gateway resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -152,7 +155,10 @@ spec: labels: additionalProperties: type: string - description: Labels for the external VPN gateway resource. + description: |- + Labels for the external VPN gateway resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -341,6 +347,11 @@ spec: description: description: An optional description of this resource. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/global/externalVpnGateways/{{name}} type: string @@ -372,7 +383,10 @@ spec: labels: additionalProperties: type: string - description: Labels for the external VPN gateway resource. + description: |- + Labels for the external VPN gateway resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -388,6 +402,14 @@ spec: selfLink: description: The URI of the created resource. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_forwardingrules.yaml b/package/crds/compute.gcp.upbound.io_forwardingrules.yaml index fb7f8b4b7..d9ec440ee 100644 --- a/package/crds/compute.gcp.upbound.io_forwardingrules.yaml +++ b/package/crds/compute.gcp.upbound.io_forwardingrules.yaml @@ -74,7 +74,11 @@ spec: forProvider: properties: allPorts: - description: 'This field can only be used:' + description: |- + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The allPorts field has the following limitations: type: boolean allowGlobalAccess: description: |- @@ -267,8 +271,18 @@ spec: The valid IP protocols are different for different load balancing products as described in Load balancing features. + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. type: string + ipVersion: + description: |- + The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + If not set, the IPv4 address will be used by default. + Possible values are: IPV4, IPV6. + type: string isMirroringCollector: description: |- Indicates whether or not this load balancer can be used as a collector for @@ -397,17 +411,18 @@ spec: forwarding rules do not use this field. type: boolean portRange: - description: 'This field can only be used:' + description: |- + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The portRange field has the following limitations: type: string ports: description: |- - and port_range fields are mutually exclusive. - For external forwarding rules, two or more forwarding rules cannot use the - same [IPAddress, IPProtocol] pair, and cannot have - overlapping portRanges. - For internal forwarding rules within the same VPC network, two or more - forwarding rules cannot use the same [IPAddress, IPProtocol] - pair, and cannot have overlapping portRanges. + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The ports field has the following limitations: items: type: string type: array @@ -417,6 +432,10 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + recreateClosedPsc: + description: this is used in psc consumer forwardingrule to make + provider recreate the forwardingrule when the status is closed + type: boolean region: description: |- A reference to the region where the regional forwarding rule resides. @@ -645,7 +664,11 @@ spec: autoscaler. properties: allPorts: - description: 'This field can only be used:' + description: |- + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The allPorts field has the following limitations: type: boolean allowGlobalAccess: description: |- @@ -838,8 +861,18 @@ spec: The valid IP protocols are different for different load balancing products as described in Load balancing features. + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. type: string + ipVersion: + description: |- + The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + If not set, the IPv4 address will be used by default. + Possible values are: IPV4, IPV6. + type: string isMirroringCollector: description: |- Indicates whether or not this load balancer can be used as a collector for @@ -968,17 +1001,18 @@ spec: forwarding rules do not use this field. type: boolean portRange: - description: 'This field can only be used:' + description: |- + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The portRange field has the following limitations: type: string ports: description: |- - and port_range fields are mutually exclusive. - For external forwarding rules, two or more forwarding rules cannot use the - same [IPAddress, IPProtocol] pair, and cannot have - overlapping portRanges. - For internal forwarding rules within the same VPC network, two or more - forwarding rules cannot use the same [IPAddress, IPProtocol] - pair, and cannot have overlapping portRanges. + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The ports field has the following limitations: items: type: string type: array @@ -988,6 +1022,10 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + recreateClosedPsc: + description: this is used in psc consumer forwardingrule to make + provider recreate the forwardingrule when the status is closed + type: boolean serviceDirectoryRegistrations: description: |- Service Directory resources to register this forwarding rule with. @@ -1368,7 +1406,11 @@ spec: atProvider: properties: allPorts: - description: 'This field can only be used:' + description: |- + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The allPorts field has the following limitations: type: boolean allowGlobalAccess: description: |- @@ -1406,6 +1448,12 @@ spec: An optional description of this resource. Provide this property when you create the resource. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} type: string @@ -1427,8 +1475,18 @@ spec: The valid IP protocols are different for different load balancing products as described in Load balancing features. + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT. type: string + ipVersion: + description: |- + The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + If not set, the IPv4 address will be used by default. + Possible values are: IPV4, IPV6. + type: string isMirroringCollector: description: |- Indicates whether or not this load balancer can be used as a collector for @@ -1488,17 +1546,18 @@ spec: forwarding rules do not use this field. type: boolean portRange: - description: 'This field can only be used:' + description: |- + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The portRange field has the following limitations: type: string ports: description: |- - and port_range fields are mutually exclusive. - For external forwarding rules, two or more forwarding rules cannot use the - same [IPAddress, IPProtocol] pair, and cannot have - overlapping portRanges. - For internal forwarding rules within the same VPC network, two or more - forwarding rules cannot use the same [IPAddress, IPProtocol] - pair, and cannot have overlapping portRanges. + The ports, portRange, and allPorts fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + The ports field has the following limitations: items: type: string type: array @@ -1516,6 +1575,10 @@ spec: Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED' type: string + recreateClosedPsc: + description: this is used in psc consumer forwardingrule to make + provider recreate the forwardingrule when the status is closed + type: boolean region: description: |- A reference to the region where the regional forwarding rule resides. @@ -1585,6 +1648,14 @@ spec: validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml b/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml index 8e177af65..d65b46d8a 100644 --- a/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml +++ b/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml @@ -192,7 +192,7 @@ spec: For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. - Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. type: string metadataFilters: description: |- @@ -345,7 +345,7 @@ spec: forwarding rules do not use this field. type: boolean portRange: - description: 'This field can only be used:' + description: 'The portRange field has the following limitations:' type: string project: description: |- @@ -426,6 +426,26 @@ spec: type: string type: object type: object + serviceDirectoryRegistrations: + description: |- + Service Directory resources to register this forwarding rule with. + Currently, only supports a single Service Directory resource. + Structure is documented below. + items: + properties: + namespace: + description: Service Directory namespace to register the + forwarding rule under. + type: string + serviceDirectoryRegion: + description: |- + [Optional] Service Directory region to register this global forwarding rule under. + Default to "us-central1". Only used for PSC for Google APIs. All PSC for + Google APIs Forwarding Rules on the same network should use the same Service + Directory region. + type: string + type: object + type: array sourceIpRanges: description: If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP @@ -437,6 +457,91 @@ spec: items: type: string type: array + subnetwork: + description: |- + This field identifies the subnetwork that the load balanced IP should + belong to for this Forwarding Rule, used in internal load balancing and + network load balancing with IPv6. + If the network specified is in auto subnet mode, this field is optional. + However, a subnetwork must be specified if the network is in custom subnet + mode or when creating external forwarding rule with IPv6. + type: string + subnetworkRef: + description: Reference to a Subnetwork in compute to populate + subnetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + subnetworkSelector: + description: Selector for a Subnetwork in compute to populate + subnetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object target: description: |- The URL of the target resource to receive the matched traffic. For @@ -654,7 +759,7 @@ spec: For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. - Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. type: string metadataFilters: description: |- @@ -807,7 +912,7 @@ spec: forwarding rules do not use this field. type: boolean portRange: - description: 'This field can only be used:' + description: 'The portRange field has the following limitations:' type: string project: description: |- @@ -888,6 +993,26 @@ spec: type: string type: object type: object + serviceDirectoryRegistrations: + description: |- + Service Directory resources to register this forwarding rule with. + Currently, only supports a single Service Directory resource. + Structure is documented below. + items: + properties: + namespace: + description: Service Directory namespace to register the + forwarding rule under. + type: string + serviceDirectoryRegion: + description: |- + [Optional] Service Directory region to register this global forwarding rule under. + Default to "us-central1". Only used for PSC for Google APIs. All PSC for + Google APIs Forwarding Rules on the same network should use the same Service + Directory region. + type: string + type: object + type: array sourceIpRanges: description: If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP @@ -899,6 +1024,91 @@ spec: items: type: string type: array + subnetwork: + description: |- + This field identifies the subnetwork that the load balanced IP should + belong to for this Forwarding Rule, used in internal load balancing and + network load balancing with IPv6. + If the network specified is in auto subnet mode, this field is optional. + However, a subnetwork must be specified if the network is in custom subnet + mode or when creating external forwarding rule with IPv6. + type: string + subnetworkRef: + description: Reference to a Subnetwork in compute to populate + subnetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + subnetworkSelector: + description: Selector for a Subnetwork in compute to populate + subnetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object target: description: |- The URL of the target resource to receive the matched traffic. For @@ -1170,6 +1380,12 @@ spec: An optional description of this resource. Provide this property when you create the resource. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/global/forwardingRules/{{name}} type: string @@ -1216,7 +1432,7 @@ spec: For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. - Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED. type: string metadataFilters: description: |- @@ -1295,7 +1511,7 @@ spec: forwarding rules do not use this field. type: boolean portRange: - description: 'This field can only be used:' + description: 'The portRange field has the following limitations:' type: string project: description: |- @@ -1313,6 +1529,26 @@ spec: selfLink: description: The URI of the created resource. type: string + serviceDirectoryRegistrations: + description: |- + Service Directory resources to register this forwarding rule with. + Currently, only supports a single Service Directory resource. + Structure is documented below. + items: + properties: + namespace: + description: Service Directory namespace to register the + forwarding rule under. + type: string + serviceDirectoryRegion: + description: |- + [Optional] Service Directory region to register this global forwarding rule under. + Default to "us-central1". Only used for PSC for Google APIs. All PSC for + Google APIs Forwarding Rules on the same network should use the same Service + Directory region. + type: string + type: object + type: array sourceIpRanges: description: If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP @@ -1324,6 +1560,15 @@ spec: items: type: string type: array + subnetwork: + description: |- + This field identifies the subnetwork that the load balanced IP should + belong to for this Forwarding Rule, used in internal load balancing and + network load balancing with IPv6. + If the network specified is in auto subnet mode, this field is optional. + However, a subnetwork must be specified if the network is in custom subnet + mode or when creating external forwarding rule with IPv6. + type: string target: description: |- The URL of the target resource to receive the matched traffic. For @@ -1332,6 +1577,14 @@ spec: load balancing resource. The forwarded traffic must be of a type appropriate to the target object. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_images.yaml b/package/crds/compute.gcp.upbound.io_images.yaml index 6ae187038..1a5144429 100644 --- a/package/crds/compute.gcp.upbound.io_images.yaml +++ b/package/crds/compute.gcp.upbound.io_images.yaml @@ -99,7 +99,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -128,7 +128,10 @@ spec: labels: additionalProperties: type: string - description: Labels to apply to this Image. + description: |- + Labels to apply to this Image. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular licenses: @@ -234,7 +237,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -263,7 +266,10 @@ spec: labels: additionalProperties: type: string - description: Labels to apply to this Image. + description: |- + Labels to apply to this Image. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular licenses: @@ -518,6 +524,11 @@ spec: description: Size of the image when restored onto a persistent disk (in GB). type: number + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular family: description: |- The name of the image family to which this image belongs. You can @@ -536,7 +547,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -573,7 +584,10 @@ spec: labels: additionalProperties: type: string - description: Labels to apply to this Image. + description: |- + Labels to apply to this Image. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular licenses: @@ -641,6 +655,14 @@ spec: items: type: string type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml index de05cc4da..03c5e2ecb 100644 --- a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml @@ -139,12 +139,18 @@ spec: initializeParams: items: properties: + enableConfidentialCompute: + type: boolean image: type: string labels: additionalProperties: type: string type: object + provisionedIops: + type: number + provisionedThroughput: + type: number resourceManagerTags: additionalProperties: type: string @@ -244,6 +250,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: items: properties: @@ -265,6 +273,8 @@ spec: type: string type: object type: array + ipv6Address: + type: string network: type: string networkIp: @@ -513,6 +523,11 @@ spec: scratchDisk: items: properties: + deviceName: + description: |- + A unique name for the resource, required by GCE. + Changing this forces a new resource to be created. + type: string interface: type: string size: @@ -694,12 +709,18 @@ spec: initializeParams: items: properties: + enableConfidentialCompute: + type: boolean image: type: string labels: additionalProperties: type: string type: object + provisionedIops: + type: number + provisionedThroughput: + type: number resourceManagerTags: additionalProperties: type: string @@ -799,6 +820,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: items: properties: @@ -820,6 +843,8 @@ spec: type: string type: object type: array + ipv6Address: + type: string network: type: string networkIp: @@ -1068,6 +1093,11 @@ spec: scratchDisk: items: properties: + deviceName: + description: |- + A unique name for the resource, required by GCE. + Changing this forces a new resource to be created. + type: string interface: type: string size: @@ -1416,12 +1446,18 @@ spec: initializeParams: items: properties: + enableConfidentialCompute: + type: boolean image: type: string labels: additionalProperties: type: string type: object + provisionedIops: + type: number + provisionedThroughput: + type: number resourceManagerTags: additionalProperties: type: string @@ -1460,6 +1496,11 @@ spec: type: string desiredStatus: type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular enableDisplay: type: boolean guestAccelerator: @@ -1533,6 +1574,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: items: properties: @@ -1556,6 +1599,8 @@ spec: type: array ipv6AccessType: type: string + ipv6Address: + type: string name: description: |- A unique name for the resource, required by GCE. @@ -1661,6 +1706,11 @@ spec: scratchDisk: items: properties: + deviceName: + description: |- + A unique name for the resource, required by GCE. + Changing this forces a new resource to be created. + type: string interface: type: string size: @@ -1705,6 +1755,11 @@ spec: x-kubernetes-list-type: set tagsFingerprint: type: string + terraformLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular zone: description: |- The zone that the machine should be created in. If not diff --git a/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml b/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml index 3abef4386..acb7d4520 100644 --- a/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml +++ b/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml @@ -73,6 +73,30 @@ spec: type: string forProvider: properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + labels: + additionalProperties: + type: string + description: ', The label key-value pairs that you want + to patch onto the instance.' + type: object + x-kubernetes-map-type: granular + metadata: + additionalProperties: + type: string + description: ', The metadata key-value pairs that you want + to patch onto the instance. For more information, see + Project and instance metadata.' + type: object + x-kubernetes-map-type: granular + type: object + type: array autoHealingPolicies: description: |- The autohealing policies for this managed instance @@ -239,6 +263,50 @@ spec: type: string type: object type: array + statefulExternalIp: + description: External network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the external ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the external ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the external + Ip. Possible value: nic0' + type: string + type: object + type: array + statefulInternalIp: + description: Internal network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the internal ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the internal ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the internal + Ip. Possible value: nic0' + type: string + type: object + type: array targetPools: description: |- The full URL of all target pools to which new @@ -328,8 +396,9 @@ spec: targetSize: description: |- The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle. Defaults to 0. type: number updatePolicy: description: The update policy for this managed instance group. @@ -545,6 +614,30 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + labels: + additionalProperties: + type: string + description: ', The label key-value pairs that you want + to patch onto the instance.' + type: object + x-kubernetes-map-type: granular + metadata: + additionalProperties: + type: string + description: ', The metadata key-value pairs that you want + to patch onto the instance. For more information, see + Project and instance metadata.' + type: object + x-kubernetes-map-type: granular + type: object + type: array autoHealingPolicies: description: |- The autohealing policies for this managed instance @@ -711,6 +804,50 @@ spec: type: string type: object type: array + statefulExternalIp: + description: External network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the external ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the external ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the external + Ip. Possible value: nic0' + type: string + type: object + type: array + statefulInternalIp: + description: Internal network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the internal ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the internal ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the internal + Ip. Possible value: nic0' + type: string + type: object + type: array targetPools: description: |- The full URL of all target pools to which new @@ -800,8 +937,9 @@ spec: targetSize: description: |- The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle. Defaults to 0. type: number updatePolicy: description: The update policy for this managed instance group. @@ -1179,6 +1317,30 @@ spec: properties: atProvider: properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + labels: + additionalProperties: + type: string + description: ', The label key-value pairs that you want + to patch onto the instance.' + type: object + x-kubernetes-map-type: granular + metadata: + additionalProperties: + type: string + description: ', The metadata key-value pairs that you want + to patch onto the instance. For more information, see + Project and instance metadata.' + type: object + x-kubernetes-map-type: granular + type: object + type: array autoHealingPolicies: description: |- The autohealing policies for this managed instance @@ -1204,6 +1366,8 @@ spec: appending a hyphen and a random four-character string to the base instance name. type: string + creationTimestamp: + type: string description: description: |- An optional textual description of the instance @@ -1286,10 +1450,65 @@ spec: type: string type: object type: array + statefulExternalIp: + description: External network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the external ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the external ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the external + Ip. Possible value: nic0' + type: string + type: object + type: array + statefulInternalIp: + description: Internal network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the internal ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the internal ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the internal + Ip. Possible value: nic0' + type: string + type: object + type: array status: description: The status of this managed instance group. items: properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + effective: + type: boolean + type: object + type: array isStable: description: 'A bit indicating whether the managed instance group is in a stable state. A stable state means that: @@ -1353,8 +1572,9 @@ spec: targetSize: description: |- The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle. Defaults to 0. type: number updatePolicy: description: The update policy for this managed instance group. diff --git a/package/crds/compute.gcp.upbound.io_instances.yaml b/package/crds/compute.gcp.upbound.io_instances.yaml index 5f5d3710a..6a6391de4 100644 --- a/package/crds/compute.gcp.upbound.io_instances.yaml +++ b/package/crds/compute.gcp.upbound.io_instances.yaml @@ -193,6 +193,11 @@ spec: Structure is documented below. items: properties: + enableConfidentialCompute: + description: |- + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + type: boolean image: description: |- The image from which to initialize this disk. This can be @@ -282,9 +287,31 @@ spec: labels: additionalProperties: type: string - description: A map of key/value label pairs to assign - to the instance. + description: |- + A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object + provisionedIops: + description: |- + Indicates how many IOPS to provision for the disk. + This sets the number of I/O operations per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + you'll need to manually delete and recreate it. + type: number + provisionedThroughput: + description: |- + Indicates how much throughput to provision for the disk. + This sets the number of throughput mb per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of throughput every 4 hours. To update your hyperdisk more + frequently, you'll need to manually delete and recreate it. + type: number resourceManagerTags: additionalProperties: type: string @@ -301,8 +328,8 @@ spec: will inherit the size of its base image. type: number type: - description: The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. + description: The type of reservation from which this + instance can consume resources. type: string type: object type: array @@ -338,8 +365,9 @@ spec: properties: enableConfidentialCompute: description: Defines whether the instance should have confidential - compute enabled. on_host_maintenance has to be set to - TERMINATE or this will fail to create the VM. + compute enabled with AMD SEV. on_host_maintenance has + to be set to TERMINATE or this will fail to create the + VM. type: boolean type: object type: array @@ -391,7 +419,10 @@ spec: labels: additionalProperties: type: string - description: A map of key/value label pairs to assign to the instance. + description: |- + A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular machineType: @@ -480,6 +511,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: description: |- An array of IPv6 access configurations for this interface. @@ -515,6 +548,8 @@ spec: type: string type: object type: array + ipv6Address: + type: string network: description: |- The name or self_link of the network to attach this interface to. @@ -869,7 +904,7 @@ spec: provisioningModel: description: |- Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here type: string @@ -881,6 +916,11 @@ spec: specified multiple times for multiple scratch disks. Structure is documented below. items: properties: + deviceName: + description: |- + Name with which attached disk will be accessible. + On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. + type: string interface: description: The disk interface to use for attaching this disk; either SCSI or NVME. @@ -1119,6 +1159,11 @@ spec: Structure is documented below. items: properties: + enableConfidentialCompute: + description: |- + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + type: boolean image: description: |- The image from which to initialize this disk. This can be @@ -1208,9 +1253,31 @@ spec: labels: additionalProperties: type: string - description: A map of key/value label pairs to assign - to the instance. + description: |- + A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object + provisionedIops: + description: |- + Indicates how many IOPS to provision for the disk. + This sets the number of I/O operations per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + you'll need to manually delete and recreate it. + type: number + provisionedThroughput: + description: |- + Indicates how much throughput to provision for the disk. + This sets the number of throughput mb per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of throughput every 4 hours. To update your hyperdisk more + frequently, you'll need to manually delete and recreate it. + type: number resourceManagerTags: additionalProperties: type: string @@ -1227,8 +1294,8 @@ spec: will inherit the size of its base image. type: number type: - description: The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. + description: The type of reservation from which this + instance can consume resources. type: string type: object type: array @@ -1264,8 +1331,9 @@ spec: properties: enableConfidentialCompute: description: Defines whether the instance should have confidential - compute enabled. on_host_maintenance has to be set to - TERMINATE or this will fail to create the VM. + compute enabled with AMD SEV. on_host_maintenance has + to be set to TERMINATE or this will fail to create the + VM. type: boolean type: object type: array @@ -1317,7 +1385,10 @@ spec: labels: additionalProperties: type: string - description: A map of key/value label pairs to assign to the instance. + description: |- + A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular machineType: @@ -1406,6 +1477,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: description: |- An array of IPv6 access configurations for this interface. @@ -1441,6 +1514,8 @@ spec: type: string type: object type: array + ipv6Address: + type: string network: description: |- The name or self_link of the network to attach this interface to. @@ -1795,7 +1870,7 @@ spec: provisioningModel: description: |- Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here type: string @@ -1807,6 +1882,11 @@ spec: specified multiple times for multiple scratch disks. Structure is documented below. items: properties: + deviceName: + description: |- + Name with which attached disk will be accessible. + On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. + type: string interface: description: The disk interface to use for attaching this disk; either SCSI or NVME. @@ -2223,6 +2303,11 @@ spec: Structure is documented below. items: properties: + enableConfidentialCompute: + description: |- + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + type: boolean image: description: |- The image from which to initialize this disk. This can be @@ -2238,9 +2323,31 @@ spec: labels: additionalProperties: type: string - description: A map of key/value label pairs to assign - to the instance. + description: |- + A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object + provisionedIops: + description: |- + Indicates how many IOPS to provision for the disk. + This sets the number of I/O operations per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of IOPS every 4 hours. To update your hyperdisk more frequently, + you'll need to manually delete and recreate it. + type: number + provisionedThroughput: + description: |- + Indicates how much throughput to provision for the disk. + This sets the number of throughput mb per second that the disk can handle. + For more details,see the Hyperdisk documentation. + Note: Updating currently is only supported for hyperdisk skus via disk update + api/gcloud without the need to delete and recreate the disk, hyperdisk allows + for an update of throughput every 4 hours. To update your hyperdisk more + frequently, you'll need to manually delete and recreate it. + type: number resourceManagerTags: additionalProperties: type: string @@ -2257,8 +2364,8 @@ spec: will inherit the size of its base image. type: number type: - description: The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. + description: The type of reservation from which this + instance can consume resources. type: string type: object type: array @@ -2294,8 +2401,9 @@ spec: properties: enableConfidentialCompute: description: Defines whether the instance should have confidential - compute enabled. on_host_maintenance has to be set to - TERMINATE or this will fail to create the VM. + compute enabled with AMD SEV. on_host_maintenance has + to be set to TERMINATE or this will fail to create the + VM. type: boolean type: object type: array @@ -2322,6 +2430,11 @@ spec: Desired status of the instance. Either "RUNNING" or "TERMINATED". type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular enableDisplay: description: |- Enable Virtual Displays on this instance. @@ -2366,7 +2479,10 @@ spec: labels: additionalProperties: type: string - description: A map of key/value label pairs to assign to the instance. + description: |- + A map of key/value label pairs to assign to the instance. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular machineType: @@ -2458,6 +2574,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: description: |- An array of IPv6 access configurations for this interface. @@ -2498,6 +2616,8 @@ spec: One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. type: string + ipv6Address: + type: string name: description: |- A unique name for the resource, required by GCE. @@ -2709,7 +2829,7 @@ spec: provisioningModel: description: |- Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here type: string @@ -2721,6 +2841,11 @@ spec: specified multiple times for multiple scratch disks. Structure is documented below. items: properties: + deviceName: + description: |- + Name with which attached disk will be accessible. + On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. + type: string interface: description: The disk interface to use for attaching this disk; either SCSI or NVME. @@ -2792,6 +2917,13 @@ spec: tagsFingerprint: description: The unique fingerprint of the tags. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular zone: description: The zone that the machine should be created in. If it is not provided, the provider zone is used. diff --git a/package/crds/compute.gcp.upbound.io_instancetemplates.yaml b/package/crds/compute.gcp.upbound.io_instancetemplates.yaml index 8cb1c7563..57d519d60 100644 --- a/package/crds/compute.gcp.upbound.io_instancetemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_instancetemplates.yaml @@ -105,8 +105,9 @@ spec: properties: enableConfidentialCompute: description: Defines whether the instance should have confidential - compute enabled. on_host_maintenance has to be set to - TERMINATE or this will fail to create the VM. + compute enabled with AMD SEV. on_host_maintenance has + to be set to TERMINATE or this will fail to create the + VM. type: boolean type: object type: array @@ -183,6 +184,21 @@ spec: or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. type: string + provisionedIops: + description: |- + Indicates how many IOPS to provision for the disk. This + sets the number of I/O operations per second that the disk can handle. + Values must be between 10,000 and 120,000. For more details, see the + Extreme persistent disk documentation. + type: number + resourceManagerTags: + additionalProperties: + type: string + description: A set of key/value resource manager tag pairs + to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + type: object + x-kubernetes-map-type: granular resourcePolicies: description: '- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. @@ -441,6 +457,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: description: |- An array of IPv6 access configurations for this interface. @@ -455,6 +473,8 @@ spec: type: string type: object type: array + ipv6Address: + type: string network: description: |- The name or self_link of the network to attach this interface to. @@ -701,6 +721,14 @@ spec: type: string type: object type: array + resourceManagerTags: + additionalProperties: + type: string + description: A set of key/value resource manager tag pairs to + bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + type: object + x-kubernetes-map-type: granular resourcePolicies: description: '- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance @@ -791,7 +819,7 @@ spec: provisioningModel: description: |- Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here type: string @@ -970,8 +998,9 @@ spec: properties: enableConfidentialCompute: description: Defines whether the instance should have confidential - compute enabled. on_host_maintenance has to be set to - TERMINATE or this will fail to create the VM. + compute enabled with AMD SEV. on_host_maintenance has + to be set to TERMINATE or this will fail to create the + VM. type: boolean type: object type: array @@ -1048,6 +1077,21 @@ spec: or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. type: string + provisionedIops: + description: |- + Indicates how many IOPS to provision for the disk. This + sets the number of I/O operations per second that the disk can handle. + Values must be between 10,000 and 120,000. For more details, see the + Extreme persistent disk documentation. + type: number + resourceManagerTags: + additionalProperties: + type: string + description: A set of key/value resource manager tag pairs + to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + type: object + x-kubernetes-map-type: granular resourcePolicies: description: '- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. @@ -1306,6 +1350,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: description: |- An array of IPv6 access configurations for this interface. @@ -1320,6 +1366,8 @@ spec: type: string type: object type: array + ipv6Address: + type: string network: description: |- The name or self_link of the network to attach this interface to. @@ -1566,6 +1614,14 @@ spec: type: string type: object type: array + resourceManagerTags: + additionalProperties: + type: string + description: A set of key/value resource manager tag pairs to + bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + type: object + x-kubernetes-map-type: granular resourcePolicies: description: '- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance @@ -1656,7 +1712,7 @@ spec: provisioningModel: description: |- Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here type: string @@ -2003,8 +2059,9 @@ spec: properties: enableConfidentialCompute: description: Defines whether the instance should have confidential - compute enabled. on_host_maintenance has to be set to - TERMINATE or this will fail to create the VM. + compute enabled with AMD SEV. on_host_maintenance has + to be set to TERMINATE or this will fail to create the + VM. type: boolean type: object type: array @@ -2081,6 +2138,21 @@ spec: or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. type: string + provisionedIops: + description: |- + Indicates how many IOPS to provision for the disk. This + sets the number of I/O operations per second that the disk can handle. + Values must be between 10,000 and 120,000. For more details, see the + Extreme persistent disk documentation. + type: number + resourceManagerTags: + additionalProperties: + type: string + description: A set of key/value resource manager tag pairs + to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + type: object + x-kubernetes-map-type: granular resourcePolicies: description: '- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. @@ -2156,6 +2228,11 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular guestAccelerator: description: List of the type and count of accelerator cards attached to the instance. Structure documented below. @@ -2272,6 +2349,8 @@ spec: type: string type: object type: array + internalIpv6PrefixLength: + type: number ipv6AccessConfig: description: |- An array of IPv6 access configurations for this interface. @@ -2298,6 +2377,8 @@ spec: type: array ipv6AccessType: type: string + ipv6Address: + type: string name: description: The name of the instance template. type: string @@ -2399,6 +2480,14 @@ spec: type: string type: object type: array + resourceManagerTags: + additionalProperties: + type: string + description: A set of key/value resource manager tag pairs to + bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + type: object + x-kubernetes-map-type: granular resourcePolicies: description: '- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance @@ -2489,7 +2578,7 @@ spec: provisioningModel: description: |- Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT. If the value is STANDARD, there will be no discount. If this is set to SPOT, - preemptible should be true and auto_restart should be + preemptible should be true and automatic_restart should be false. For more info about SPOT, read here type: string @@ -2557,6 +2646,13 @@ spec: tagsFingerprint: description: The unique fingerprint of the tags. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml b/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml index 2af7d7477..87965d117 100644 --- a/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml +++ b/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml @@ -238,6 +238,14 @@ spec: type: string type: object type: object + stackType: + description: |- + The stack type for this interconnect attachment to identify whether the IPv6 + feature is enabled or not. If not specified, IPV4_ONLY will be used. + This field can be both set at interconnect attachments creation and update + interconnect attachment operations. + Possible values are: IPV4_IPV6, IPV4_ONLY. + type: string type: description: |- The type of InterconnectAttachment you wish to create. Defaults to @@ -426,6 +434,14 @@ spec: type: string type: object type: object + stackType: + description: |- + The stack type for this interconnect attachment to identify whether the IPv6 + feature is enabled or not. If not specified, IPV4_ONLY will be used. + This field can be both set at interconnect attachments creation and update + interconnect attachment operations. + Possible values are: IPV4_IPV6, IPV4_ONLY. + type: string type: description: |- The type of InterconnectAttachment you wish to create. Defaults to @@ -753,6 +769,14 @@ spec: selfLink: description: The URI of the created resource. type: string + stackType: + description: |- + The stack type for this interconnect attachment to identify whether the IPv6 + feature is enabled or not. If not specified, IPV4_ONLY will be used. + This field can be both set at interconnect attachments creation and update + interconnect attachment operations. + Possible values are: IPV4_IPV6, IPV4_ONLY. + type: string state: description: '[Output Only] The current state of this attachment''s functionality.' diff --git a/package/crds/compute.gcp.upbound.io_networkendpointgroups.yaml b/package/crds/compute.gcp.upbound.io_networkendpointgroups.yaml index 32940af9b..7356fe3ea 100644 --- a/package/crds/compute.gcp.upbound.io_networkendpointgroups.yaml +++ b/package/crds/compute.gcp.upbound.io_networkendpointgroups.yaml @@ -98,9 +98,9 @@ spec: that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or CONNECTION balancing modes. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value is GCE_VM_IP_PORT. - Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. type: string networkRef: description: Reference to a Network to populate network. @@ -302,9 +302,9 @@ spec: that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or CONNECTION balancing modes. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value is GCE_VM_IP_PORT. - Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. type: string networkRef: description: Reference to a Network to populate network. @@ -664,9 +664,9 @@ spec: that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or CONNECTION balancing modes. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value is GCE_VM_IP_PORT. - Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT. + Possible values are: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. type: string project: description: |- diff --git a/package/crds/compute.gcp.upbound.io_networkfirewallpolicies.yaml b/package/crds/compute.gcp.upbound.io_networkfirewallpolicies.yaml index 1b1344240..a1675ed2d 100644 --- a/package/crds/compute.gcp.upbound.io_networkfirewallpolicies.yaml +++ b/package/crds/compute.gcp.upbound.io_networkfirewallpolicies.yaml @@ -78,7 +78,9 @@ spec: this property when you create the resource. type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string type: object initProvider: @@ -99,7 +101,9 @@ spec: this property when you create the resource. type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string type: object managementPolicies: @@ -294,7 +298,9 @@ spec: is defined by the server. type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string ruleTupleCount: description: Total count of all firewall policy rule tuples. A diff --git a/package/crds/compute.gcp.upbound.io_networks.yaml b/package/crds/compute.gcp.upbound.io_networks.yaml index 7744018de..c607d1c01 100644 --- a/package/crds/compute.gcp.upbound.io_networks.yaml +++ b/package/crds/compute.gcp.upbound.io_networks.yaml @@ -431,6 +431,10 @@ spec: Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL. type: string + numericId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string project: description: |- The ID of the project in which the resource belongs. diff --git a/package/crds/compute.gcp.upbound.io_nodegroups.yaml b/package/crds/compute.gcp.upbound.io_nodegroups.yaml index 387535a47..494d4a816 100644 --- a/package/crds/compute.gcp.upbound.io_nodegroups.yaml +++ b/package/crds/compute.gcp.upbound.io_nodegroups.yaml @@ -77,6 +77,7 @@ spec: description: |- If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups. + One of initial_size or autoscaling_policy must be configured on resource creation. Structure is documented below. items: properties: @@ -100,7 +101,8 @@ spec: type: string initialSize: description: The initial number of nodes in the node group. One - of initial_size or size must be specified. + of initial_size or autoscaling_policy must be configured on + resource creation. type: number maintenancePolicy: description: 'Specifies how to handle instances when a node in @@ -388,10 +390,6 @@ spec: type: string type: object type: array - size: - description: The total number of nodes in the node group. One - of initial_size or size must be specified. - type: number zone: description: Zone where this node group is located type: string @@ -415,6 +413,7 @@ spec: description: |- If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups. + One of initial_size or autoscaling_policy must be configured on resource creation. Structure is documented below. items: properties: @@ -438,7 +437,8 @@ spec: type: string initialSize: description: The initial number of nodes in the node group. One - of initial_size or size must be specified. + of initial_size or autoscaling_policy must be configured on + resource creation. type: number maintenancePolicy: description: 'Specifies how to handle instances when a node in @@ -726,10 +726,6 @@ spec: type: string type: object type: array - size: - description: The total number of nodes in the node group. One - of initial_size or size must be specified. - type: number type: object managementPolicies: default: @@ -907,6 +903,7 @@ spec: description: |- If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups. + One of initial_size or autoscaling_policy must be configured on resource creation. Structure is documented below. items: properties: @@ -936,7 +933,8 @@ spec: type: string initialSize: description: The initial number of nodes in the node group. One - of initial_size or size must be specified. + of initial_size or autoscaling_policy must be configured on + resource creation. type: number maintenancePolicy: description: 'Specifies how to handle instances when a node in @@ -1000,8 +998,7 @@ spec: type: object type: array size: - description: The total number of nodes in the node group. One - of initial_size or size must be specified. + description: The total number of nodes in the node group. type: number zone: description: Zone where this node group is located diff --git a/package/crds/compute.gcp.upbound.io_perinstanceconfigs.yaml b/package/crds/compute.gcp.upbound.io_perinstanceconfigs.yaml index 6ddc69de5..449b3d0ba 100644 --- a/package/crds/compute.gcp.upbound.io_perinstanceconfigs.yaml +++ b/package/crds/compute.gcp.upbound.io_perinstanceconfigs.yaml @@ -284,6 +284,66 @@ spec: type: object type: object type: array + externalIp: + description: |- + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array + internalIp: + description: |- + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array metadata: additionalProperties: type: string @@ -298,6 +358,11 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + removeInstanceOnDestroy: + description: |- + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: boolean removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. @@ -608,6 +673,66 @@ spec: type: object type: object type: array + externalIp: + description: |- + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array + internalIp: + description: |- + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array metadata: additionalProperties: type: string @@ -622,6 +747,11 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + removeInstanceOnDestroy: + description: |- + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: boolean removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. @@ -947,6 +1077,66 @@ spec: type: string type: object type: array + externalIp: + description: |- + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array + internalIp: + description: |- + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array metadata: additionalProperties: type: string @@ -961,6 +1151,11 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + removeInstanceOnDestroy: + description: |- + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: boolean removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. diff --git a/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml b/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml index 45da05610..a3fdd8f09 100644 --- a/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml +++ b/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml @@ -162,10 +162,7 @@ spec: allowed. type: number mode: - description: |- - Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. + description: Defines operating mode for this policy. type: string scaleInControl: description: |- @@ -438,10 +435,7 @@ spec: allowed. type: number mode: - description: |- - Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. + description: Defines operating mode for this policy. type: string scaleInControl: description: |- @@ -873,10 +867,7 @@ spec: allowed. type: number mode: - description: |- - Defines operating mode for this policy. - Default value is ON. - Possible values are: OFF, ONLY_UP, ON. + description: Defines operating mode for this policy. type: string scaleInControl: description: |- diff --git a/package/crds/compute.gcp.upbound.io_regiondisks.yaml b/package/crds/compute.gcp.upbound.io_regiondisks.yaml index 46059d0b5..645d0f46f 100644 --- a/package/crds/compute.gcp.upbound.io_regiondisks.yaml +++ b/package/crds/compute.gcp.upbound.io_regiondisks.yaml @@ -880,6 +880,12 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular guestOsFeatures: description: |- A list of features to enable on the guest operating system. @@ -1002,6 +1008,14 @@ spec: snapshot ID would identify the exact version of the snapshot that was used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: |- URL of the disk type resource describing which disk type to use to diff --git a/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml b/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml index f52ce4e52..b891eabf5 100644 --- a/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml +++ b/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml @@ -74,6 +74,30 @@ spec: type: string forProvider: properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + labels: + additionalProperties: + type: string + description: ', The label key-value pairs that you want + to patch onto the instance.' + type: object + x-kubernetes-map-type: granular + metadata: + additionalProperties: + type: string + description: ', The metadata key-value pairs that you want + to patch onto the instance. For more information, see + Project and instance metadata.' + type: object + x-kubernetes-map-type: granular + type: object + type: array autoHealingPolicies: description: |- The autohealing policies for this managed instance @@ -267,6 +291,50 @@ spec: type: string type: object type: array + statefulExternalIp: + description: External network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the external ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the external ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the external + Ip. Possible value: nic0.' + type: string + type: object + type: array + statefulInternalIp: + description: Internal network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the internal ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the internal ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the internal + Ip. Possible value: nic0.' + type: string + type: object + type: array targetPools: description: |- The full URL of all target pools to which new @@ -356,8 +424,9 @@ spec: targetSize: description: |- The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle. Defaults to 0. type: number updatePolicy: description: The update policy for this managed instance group. @@ -579,6 +648,30 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + labels: + additionalProperties: + type: string + description: ', The label key-value pairs that you want + to patch onto the instance.' + type: object + x-kubernetes-map-type: granular + metadata: + additionalProperties: + type: string + description: ', The metadata key-value pairs that you want + to patch onto the instance. For more information, see + Project and instance metadata.' + type: object + x-kubernetes-map-type: granular + type: object + type: array autoHealingPolicies: description: |- The autohealing policies for this managed instance @@ -772,6 +865,50 @@ spec: type: string type: object type: array + statefulExternalIp: + description: External network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the external ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the external ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the external + Ip. Possible value: nic0.' + type: string + type: object + type: array + statefulInternalIp: + description: Internal network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the internal ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the internal ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the internal + Ip. Possible value: nic0.' + type: string + type: object + type: array targetPools: description: |- The full URL of all target pools to which new @@ -861,8 +998,9 @@ spec: targetSize: description: |- The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle. Defaults to 0. type: number updatePolicy: description: The update policy for this managed instance group. @@ -1261,6 +1399,30 @@ spec: properties: atProvider: properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + labels: + additionalProperties: + type: string + description: ', The label key-value pairs that you want + to patch onto the instance.' + type: object + x-kubernetes-map-type: granular + metadata: + additionalProperties: + type: string + description: ', The metadata key-value pairs that you want + to patch onto the instance. For more information, see + Project and instance metadata.' + type: object + x-kubernetes-map-type: granular + type: object + type: array autoHealingPolicies: description: |- The autohealing policies for this managed instance @@ -1286,6 +1448,8 @@ spec: appending a hyphen and a random four-character string to the base instance name. type: string + creationTimestamp: + type: string description: description: |- An optional textual description of the instance @@ -1308,7 +1472,7 @@ spec: description: The fingerprint of the instance group manager. type: string id: - description: an identifier for the resource with format {{disk.name}} + description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}} type: string instanceGroup: description: The full URL of the instance group created by the @@ -1393,9 +1557,64 @@ spec: type: string type: object type: array + statefulExternalIp: + description: External network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the external ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the external ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the external + Ip. Possible value: nic0.' + type: string + type: object + type: array + statefulInternalIp: + description: Internal network IPs assigned to the instances that + will be preserved on instance delete, update, etc. This map + is keyed with the network interface name. Structure is documented + below. + items: + properties: + deleteRule: + description: ', A value that prescribes what should happen + to the internal ip when the VM instance is deleted. The + available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. + NEVER - detach the ip when the VM is deleted, but do not + delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete + the internal ip when the VM is permanently deleted from + the instance group.' + type: string + interfaceName: + description: ', The network interface name of the internal + Ip. Possible value: nic0.' + type: string + type: object + type: array status: items: properties: + allInstancesConfig: + description: |- + Properties to set on all instances in the group. After setting + allInstancesConfig on the group, you must update the group's instances to + apply the configuration. + items: + properties: + effective: + type: boolean + type: object + type: array isStable: description: 'A bit indicating whether the managed instance group is in a stable state. A stable state means that: @@ -1459,8 +1678,9 @@ spec: targetSize: description: |- The target number of running instances for this managed - instance group. This value should always be explicitly set unless this resource is attached to - an autoscaler, in which case it should never be set. Defaults to 0. + instance group. This value will fight with autoscaler settings when set, and generally shouldn't be set + when using one. If a value is required, such as to specify a creation-time target size for the MIG, + lifecycle. Defaults to 0. type: number updatePolicy: description: The update policy for this managed instance group. diff --git a/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml b/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml index 1d155a518..5bd73d9dd 100644 --- a/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml +++ b/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml @@ -35,7 +35,8 @@ spec: schema: openAPIV3Schema: description: RegionNetworkEndpointGroup is the Schema for the RegionNetworkEndpointGroups - API. A regional NEG that can support Serverless Products. + API. A regional NEG that can support Serverless Products and proxying traffic + to external backends. properties: apiVersion: description: |- @@ -76,7 +77,7 @@ spec: properties: appEngine: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -107,7 +108,7 @@ spec: type: array cloudFunction: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -207,7 +208,7 @@ spec: type: array cloudRun: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -320,15 +321,15 @@ spec: type: string network: description: |- - This field is only used for PSC. + This field is only used for PSC and INTERNET NEGs. The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. type: string networkEndpointType: description: |- - Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value is SERVERLESS. - Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. type: string networkRef: description: Reference to a Network in compute to populate network. @@ -411,6 +412,7 @@ spec: type: string pscTargetService: description: |- + This field is only used for PSC and INTERNET NEGs. The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. type: string @@ -491,12 +493,12 @@ spec: type: object type: object region: - description: A reference to the region where the Serverless NEGs - Reside. + description: A reference to the region where the regional NEGs + reside. type: string subnetwork: description: |- - This field is only used for PSC. + This field is only used for PSC NEGs. Optional URL of the subnetwork to which all network endpoints in the NEG belong. type: string subnetworkRef: @@ -593,7 +595,7 @@ spec: properties: appEngine: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -624,7 +626,7 @@ spec: type: array cloudFunction: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -724,7 +726,7 @@ spec: type: array cloudRun: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -837,15 +839,15 @@ spec: type: string network: description: |- - This field is only used for PSC. + This field is only used for PSC and INTERNET NEGs. The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. type: string networkEndpointType: description: |- - Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value is SERVERLESS. - Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. type: string networkRef: description: Reference to a Network in compute to populate network. @@ -928,6 +930,7 @@ spec: type: string pscTargetService: description: |- + This field is only used for PSC and INTERNET NEGs. The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. type: string @@ -1009,7 +1012,7 @@ spec: type: object subnetwork: description: |- - This field is only used for PSC. + This field is only used for PSC NEGs. Optional URL of the subnetwork to which all network endpoints in the NEG belong. type: string subnetworkRef: @@ -1264,7 +1267,7 @@ spec: properties: appEngine: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -1295,7 +1298,7 @@ spec: type: array cloudFunction: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -1319,7 +1322,7 @@ spec: type: array cloudRun: description: |- - Only valid when networkEndpointType is "SERVERLESS". + This field is only used for SERVERLESS NEGs. Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. items: @@ -1359,15 +1362,15 @@ spec: type: string network: description: |- - This field is only used for PSC. + This field is only used for PSC and INTERNET NEGs. The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. type: string networkEndpointType: description: |- - Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value is SERVERLESS. - Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT. + Possible values are: SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT. type: string project: description: |- @@ -1376,19 +1379,20 @@ spec: type: string pscTargetService: description: |- + This field is only used for PSC and INTERNET NEGs. The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. type: string region: - description: A reference to the region where the Serverless NEGs - Reside. + description: A reference to the region where the regional NEGs + reside. type: string selfLink: description: The URI of the created resource. type: string subnetwork: description: |- - This field is only used for PSC. + This field is only used for PSC NEGs. Optional URL of the subnetwork to which all network endpoints in the NEG belong. type: string type: object diff --git a/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicies.yaml b/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicies.yaml index 6206a92df..fa3776fcf 100644 --- a/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicies.yaml +++ b/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicies.yaml @@ -79,10 +79,12 @@ spec: this property when you create the resource. type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string region: - description: The location of this resource. + description: The region of this resource. type: string type: object initProvider: @@ -103,7 +105,9 @@ spec: this property when you create the resource. type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string type: object managementPolicies: @@ -294,10 +298,12 @@ spec: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}} type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string region: - description: The location of this resource. + description: The region of this resource. type: string regionNetworkFirewallPolicyId: description: The unique identifier for the resource. This identifier diff --git a/package/crds/compute.gcp.upbound.io_regionperinstanceconfigs.yaml b/package/crds/compute.gcp.upbound.io_regionperinstanceconfigs.yaml index b6d6e0088..f1f66bda7 100644 --- a/package/crds/compute.gcp.upbound.io_regionperinstanceconfigs.yaml +++ b/package/crds/compute.gcp.upbound.io_regionperinstanceconfigs.yaml @@ -205,6 +205,66 @@ spec: type: object type: object type: array + externalIp: + description: |- + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array + internalIp: + description: |- + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array metadata: additionalProperties: type: string @@ -379,6 +439,11 @@ spec: type: string type: object type: object + removeInstanceOnDestroy: + description: |- + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: boolean removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. @@ -529,6 +594,66 @@ spec: type: object type: object type: array + externalIp: + description: |- + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array + internalIp: + description: |- + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array metadata: additionalProperties: type: string @@ -703,6 +828,11 @@ spec: type: string type: object type: object + removeInstanceOnDestroy: + description: |- + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: boolean removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. @@ -945,6 +1075,66 @@ spec: type: string type: object type: array + externalIp: + description: |- + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array + internalIp: + description: |- + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + Structure is documented below. + items: + properties: + autoDelete: + description: |- + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + Default value is NEVER. + Possible values are: NEVER, ON_PERMANENT_INSTANCE_DELETION. + type: string + interfaceName: + description: The identifier for this object. Format + specified above. + type: string + ipAddress: + description: |- + Ip address representation + Structure is documented below. + items: + properties: + address: + description: The URL of the reservation for + this IP address. + type: string + type: object + type: array + type: object + type: array metadata: additionalProperties: type: string @@ -967,6 +1157,11 @@ spec: description: The region instance group manager this instance config is part of. type: string + removeInstanceOnDestroy: + description: |- + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: boolean removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. diff --git a/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml b/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml index b6561e94f..6b3019cbd 100644 --- a/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml @@ -74,6 +74,15 @@ spec: type: string forProvider: properties: + certificateManagerCertificates: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + items: + type: string + type: array description: description: An optional description of this resource. type: string @@ -89,9 +98,9 @@ spec: type: string sslCertificates: description: |- - A list of RegionSslCertificate resources that are used to authenticate - connections between users and the load balancer. Currently, exactly - one SSL certificate must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. items: type: string type: array @@ -173,6 +182,12 @@ spec: type: string type: object type: object + sslPolicy: + description: |- + A reference to the Region SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + type: string urlMap: description: |- A reference to the RegionUrlMap resource that defines the mapping from URL @@ -270,6 +285,15 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + certificateManagerCertificates: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + items: + type: string + type: array description: description: An optional description of this resource. type: string @@ -280,9 +304,9 @@ spec: type: string sslCertificates: description: |- - A list of RegionSslCertificate resources that are used to authenticate - connections between users and the load balancer. Currently, exactly - one SSL certificate must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. items: type: string type: array @@ -364,6 +388,12 @@ spec: type: string type: object type: object + sslPolicy: + description: |- + A reference to the Region SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + type: string urlMap: description: |- A reference to the RegionUrlMap resource that defines the mapping from URL @@ -619,6 +649,15 @@ spec: properties: atProvider: properties: + certificateManagerCertificates: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + items: + type: string + type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string @@ -646,12 +685,18 @@ spec: type: string sslCertificates: description: |- - A list of RegionSslCertificate resources that are used to authenticate - connections between users and the load balancer. Currently, exactly - one SSL certificate must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. items: type: string type: array + sslPolicy: + description: |- + A reference to the Region SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + type: string urlMap: description: |- A reference to the RegionUrlMap resource that defines the mapping from URL diff --git a/package/crds/compute.gcp.upbound.io_routernats.yaml b/package/crds/compute.gcp.upbound.io_routernats.yaml index 6aed716ad..85520e22c 100644 --- a/package/crds/compute.gcp.upbound.io_routernats.yaml +++ b/package/crds/compute.gcp.upbound.io_routernats.yaml @@ -92,8 +92,8 @@ spec: type: boolean enableEndpointIndependentMapping: description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the official documentation. + Enable endpoint independent mapping. + For more information see the official documentation. type: boolean icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults @@ -122,7 +122,8 @@ spec: type: number minPortsPerVm: description: Minimum number of ports allocated to a VM from this - NAT. + NAT. Defaults to 64 for static port allocation and 32 dynamic + port allocation if not set. type: number natIpAllocateOption: description: |- @@ -452,8 +453,8 @@ spec: type: boolean enableEndpointIndependentMapping: description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the official documentation. + Enable endpoint independent mapping. + For more information see the official documentation. type: boolean icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults @@ -482,7 +483,8 @@ spec: type: number minPortsPerVm: description: Minimum number of ports allocated to a VM from this - NAT. + NAT. Defaults to 64 for static port allocation and 32 dynamic + port allocation if not set. type: number natIpAllocateOption: description: |- @@ -865,10 +867,6 @@ spec: - forProvider type: object x-kubernetes-validations: - - message: spec.forProvider.natIpAllocateOption is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.natIpAllocateOption) - || (has(self.initProvider) && has(self.initProvider.natIpAllocateOption))' - message: spec.forProvider.sourceSubnetworkIpRangesToNat is a required parameter rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies @@ -898,8 +896,8 @@ spec: type: boolean enableEndpointIndependentMapping: description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the official documentation. + Enable endpoint independent mapping. + For more information see the official documentation. type: boolean icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults @@ -931,7 +929,8 @@ spec: type: number minPortsPerVm: description: Minimum number of ports allocated to a VM from this - NAT. + NAT. Defaults to 64 for static port allocation and 32 dynamic + port allocation if not set. type: number natIpAllocateOption: description: |- diff --git a/package/crds/compute.gcp.upbound.io_routerpeers.yaml b/package/crds/compute.gcp.upbound.io_routerpeers.yaml index f1a476c32..b8fe160c3 100644 --- a/package/crds/compute.gcp.upbound.io_routerpeers.yaml +++ b/package/crds/compute.gcp.upbound.io_routerpeers.yaml @@ -83,7 +83,7 @@ spec: advertisedGroups: description: |- User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: + mode, which currently supports the following option: items: type: string type: array @@ -255,6 +255,40 @@ spec: If you do not specify the next hop addresses, Google Cloud automatically assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. type: string + md5AuthenticationKey: + items: + properties: + keySecretRef: + description: A SecretKeySelector is a reference to a secret + key in an arbitrary namespace. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + name: + description: |- + Name of this BGP peer. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + required: + - keySecretRef + type: object + type: array peerAsn: description: |- Peer BGP Autonomous System Number (ASN). @@ -613,7 +647,7 @@ spec: advertisedGroups: description: |- User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: + mode, which currently supports the following option: items: type: string type: array @@ -785,6 +819,20 @@ spec: If you do not specify the next hop addresses, Google Cloud automatically assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. type: string + md5AuthenticationKey: + items: + properties: + name: + description: |- + Name of this BGP peer. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + type: object + type: array peerAsn: description: |- Peer BGP Autonomous System Number (ASN). @@ -1229,7 +1277,7 @@ spec: advertisedGroups: description: |- User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: + mode, which currently supports the following option: items: type: string type: array @@ -1332,6 +1380,20 @@ spec: description: The resource that configures and manages this BGP peer. type: string + md5AuthenticationKey: + items: + properties: + name: + description: |- + Name of this BGP peer. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + type: object + type: array peerAsn: description: |- Peer BGP Autonomous System Number (ASN). diff --git a/package/crds/compute.gcp.upbound.io_securitypolicies.yaml b/package/crds/compute.gcp.upbound.io_securitypolicies.yaml index 066b05b3e..ada1b1d92 100644 --- a/package/crds/compute.gcp.upbound.io_securitypolicies.yaml +++ b/package/crds/compute.gcp.upbound.io_securitypolicies.yaml @@ -89,9 +89,7 @@ spec: detection. type: boolean ruleVisibility: - description: 'Rule visibility can be one of the following: - STANDARD - opaque rules. (default) PREMIUM - transparent - rules.' + description: 'Rule visibility can be one of the following:' type: string type: object type: array @@ -128,6 +126,14 @@ spec: logLevel: description: Log level to use. Defaults to NORMAL. type: string + userIpRequestHeaders: + description: An optional list of case-insensitive request + header names to use for resolving the callers client IP + address. + items: + type: string + type: array + x-kubernetes-list-type: set type: object type: array description: @@ -206,7 +212,10 @@ spec: items: properties: srcIpRanges: - description: field in config. + description: |- + Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation + to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs + (can be used to override the default behavior). items: type: string type: array @@ -245,21 +254,21 @@ spec: Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. type: number rateLimitOptions: - description: Must be specified if the action is "rate_based_ban" - or "throttle". Cannot be specified for other actions. - Structure is documented below. + description: Must be specified if the action is rate_based_ban + or throttle. Cannot be specified for other actions. Structure + is documented below. items: properties: banDurationSec: description: |- - Can only be specified if the action for the rule is "rate_based_ban". + Can only be specified if the action for the rule is rate_based_ban. If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. type: number banThreshold: description: |- - Can only be specified if the action for the rule is "rate_based_ban". - If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - exceed this 'ban_threshold'. Structure is documented below. + Can only be specified if the action for the rule is rate_based_ban. + If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + exceed this ban_threshold. Structure is documented below. items: properties: count: @@ -275,23 +284,20 @@ spec: conformAction: description: Action to take for requests that are under the configured rate limit threshold. Valid - option is "allow" only. + option is allow only. type: string enforceOnKey: description: Determines the key to enforce the rate_limit_threshold - on. If not specified, defaults to "ALL". + on. If not specified, defaults to ALL. type: string enforceOnKeyName: description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' + for the following key types:' type: string exceedAction: description: |- When a request is denied, returns the HTTP response code specified. - Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + Valid options are deny() where valid values for status are 403, 404, 429, and 502. type: string exceedRedirectOptions: description: 'block supports:' @@ -325,7 +331,7 @@ spec: type: object type: array redirectOptions: - description: Can be specified if the action is "redirect". + description: Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. items: @@ -376,9 +382,7 @@ spec: detection. type: boolean ruleVisibility: - description: 'Rule visibility can be one of the following: - STANDARD - opaque rules. (default) PREMIUM - transparent - rules.' + description: 'Rule visibility can be one of the following:' type: string type: object type: array @@ -415,6 +419,14 @@ spec: logLevel: description: Log level to use. Defaults to NORMAL. type: string + userIpRequestHeaders: + description: An optional list of case-insensitive request + header names to use for resolving the callers client IP + address. + items: + type: string + type: array + x-kubernetes-list-type: set type: object type: array description: @@ -493,7 +505,10 @@ spec: items: properties: srcIpRanges: - description: field in config. + description: |- + Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation + to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs + (can be used to override the default behavior). items: type: string type: array @@ -532,21 +547,21 @@ spec: Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. type: number rateLimitOptions: - description: Must be specified if the action is "rate_based_ban" - or "throttle". Cannot be specified for other actions. - Structure is documented below. + description: Must be specified if the action is rate_based_ban + or throttle. Cannot be specified for other actions. Structure + is documented below. items: properties: banDurationSec: description: |- - Can only be specified if the action for the rule is "rate_based_ban". + Can only be specified if the action for the rule is rate_based_ban. If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. type: number banThreshold: description: |- - Can only be specified if the action for the rule is "rate_based_ban". - If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - exceed this 'ban_threshold'. Structure is documented below. + Can only be specified if the action for the rule is rate_based_ban. + If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + exceed this ban_threshold. Structure is documented below. items: properties: count: @@ -562,23 +577,20 @@ spec: conformAction: description: Action to take for requests that are under the configured rate limit threshold. Valid - option is "allow" only. + option is allow only. type: string enforceOnKey: description: Determines the key to enforce the rate_limit_threshold - on. If not specified, defaults to "ALL". + on. If not specified, defaults to ALL. type: string enforceOnKeyName: description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' + for the following key types:' type: string exceedAction: description: |- When a request is denied, returns the HTTP response code specified. - Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + Valid options are deny() where valid values for status are 403, 404, 429, and 502. type: string exceedRedirectOptions: description: 'block supports:' @@ -612,7 +624,7 @@ spec: type: object type: array redirectOptions: - description: Can be specified if the action is "redirect". + description: Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. items: @@ -822,9 +834,7 @@ spec: detection. type: boolean ruleVisibility: - description: 'Rule visibility can be one of the following: - STANDARD - opaque rules. (default) PREMIUM - transparent - rules.' + description: 'Rule visibility can be one of the following:' type: string type: object type: array @@ -861,6 +871,14 @@ spec: logLevel: description: Log level to use. Defaults to NORMAL. type: string + userIpRequestHeaders: + description: An optional list of case-insensitive request + header names to use for resolving the callers client IP + address. + items: + type: string + type: array + x-kubernetes-list-type: set type: object type: array description: @@ -945,7 +963,10 @@ spec: items: properties: srcIpRanges: - description: field in config. + description: |- + Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation + to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of * matches all IPs + (can be used to override the default behavior). items: type: string type: array @@ -984,21 +1005,21 @@ spec: Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. type: number rateLimitOptions: - description: Must be specified if the action is "rate_based_ban" - or "throttle". Cannot be specified for other actions. - Structure is documented below. + description: Must be specified if the action is rate_based_ban + or throttle. Cannot be specified for other actions. Structure + is documented below. items: properties: banDurationSec: description: |- - Can only be specified if the action for the rule is "rate_based_ban". + Can only be specified if the action for the rule is rate_based_ban. If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. type: number banThreshold: description: |- - Can only be specified if the action for the rule is "rate_based_ban". - If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also - exceed this 'ban_threshold'. Structure is documented below. + Can only be specified if the action for the rule is rate_based_ban. + If specified, the key will be banned for the configured ban_duration_sec when the number of requests that exceed the rate_limit_threshold also + exceed this ban_threshold. Structure is documented below. items: properties: count: @@ -1014,23 +1035,20 @@ spec: conformAction: description: Action to take for requests that are under the configured rate limit threshold. Valid - option is "allow" only. + option is allow only. type: string enforceOnKey: description: Determines the key to enforce the rate_limit_threshold - on. If not specified, defaults to "ALL". + on. If not specified, defaults to ALL. type: string enforceOnKeyName: description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' + for the following key types:' type: string exceedAction: description: |- When a request is denied, returns the HTTP response code specified. - Valid options are "deny()" where valid values for status are 403, 404, 429, and 502. + Valid options are deny() where valid values for status are 403, 404, 429, and 502. type: string exceedRedirectOptions: description: 'block supports:' @@ -1064,7 +1082,7 @@ spec: type: object type: array redirectOptions: - description: Can be specified if the action is "redirect". + description: Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. items: diff --git a/package/crds/compute.gcp.upbound.io_serviceattachments.yaml b/package/crds/compute.gcp.upbound.io_serviceattachments.yaml index 5db96a12d..32db03138 100644 --- a/package/crds/compute.gcp.upbound.io_serviceattachments.yaml +++ b/package/crds/compute.gcp.upbound.io_serviceattachments.yaml @@ -214,7 +214,6 @@ spec: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - For newly created service attachment, this boolean defaults to true. type: boolean region: description: URL of the region where the resource resides. @@ -457,7 +456,6 @@ spec: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - For newly created service attachment, this boolean defaults to true. type: boolean targetService: description: |- @@ -814,7 +812,6 @@ spec: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. - For newly created service attachment, this boolean defaults to true. type: boolean region: description: URL of the region where the resource resides. diff --git a/package/crds/compute.gcp.upbound.io_snapshots.yaml b/package/crds/compute.gcp.upbound.io_snapshots.yaml index b74ae7435..b5d6ac7f5 100644 --- a/package/crds/compute.gcp.upbound.io_snapshots.yaml +++ b/package/crds/compute.gcp.upbound.io_snapshots.yaml @@ -88,7 +88,10 @@ spec: labels: additionalProperties: type: string - description: Labels to apply to this Snapshot. + description: |- + Labels to apply to this Snapshot. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -292,7 +295,10 @@ spec: labels: additionalProperties: type: string - description: Labels to apply to this Snapshot. + description: |- + Labels to apply to this Snapshot. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -618,6 +624,11 @@ spec: diskSizeGb: description: Size of the snapshot, specified in GB. type: number + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/global/snapshots/{{name}} type: string @@ -629,7 +640,10 @@ spec: labels: additionalProperties: type: string - description: Labels to apply to this Snapshot. + description: |- + Labels to apply to this Snapshot. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular licenses: @@ -714,6 +728,14 @@ spec: items: type: string type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular zone: description: A reference to the zone where the disk is hosted. type: string diff --git a/package/crds/compute.gcp.upbound.io_subnetworks.yaml b/package/crds/compute.gcp.upbound.io_subnetworks.yaml index 05e2ea280..40d1cfc43 100644 --- a/package/crds/compute.gcp.upbound.io_subnetworks.yaml +++ b/package/crds/compute.gcp.upbound.io_subnetworks.yaml @@ -80,6 +80,10 @@ spec: you create the resource. This field can be set only at resource creation time. type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned + by this subnetwork. + type: string ipCidrRange: description: |- The range of internal addresses that are owned by this subnetwork. @@ -96,9 +100,10 @@ spec: type: string logConfig: description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the purpose of this - subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet purpose field is set to subnetwork is + REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. Structure is documented below. items: properties: @@ -238,13 +243,13 @@ spec: type: string purpose: description: |- - The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the purpose defaults to PRIVATE_RFC_1918. - The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. type: string region: description: The GCP region for this subnetwork. @@ -252,10 +257,10 @@ spec: role: description: |- The role of subnetwork. + Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. - An ACTIVE subnetwork is one that is currently being used. + An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. Possible values are: ACTIVE, BACKUP. type: string secondaryIpRange: @@ -316,6 +321,10 @@ spec: you create the resource. This field can be set only at resource creation time. type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned + by this subnetwork. + type: string ipCidrRange: description: |- The range of internal addresses that are owned by this subnetwork. @@ -332,9 +341,10 @@ spec: type: string logConfig: description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the purpose of this - subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet purpose field is set to subnetwork is + REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. Structure is documented below. items: properties: @@ -474,21 +484,21 @@ spec: type: string purpose: description: |- - The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the purpose defaults to PRIVATE_RFC_1918. - The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. type: string role: description: |- The role of subnetwork. + Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. - An ACTIVE subnetwork is one that is currently being used. + An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. Possible values are: ACTIVE, BACKUP. type: string secondaryIpRange: @@ -728,6 +738,10 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/subnetworks/{{name}} type: string + internalIpv6Prefix: + description: The internal IPv6 address range that is assigned + to this subnetwork. + type: string ipCidrRange: description: |- The range of internal addresses that are owned by this subnetwork. @@ -748,9 +762,10 @@ spec: type: string logConfig: description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the purpose of this - subnetwork is INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet purpose field is set to subnetwork is + REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. Structure is documented below. items: properties: @@ -816,13 +831,13 @@ spec: type: string purpose: description: |- - The purpose of the resource. This field can be either PRIVATE_RFC_1918, INTERNAL_HTTPS_LOAD_BALANCER, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY or PRIVATE_SERVICE_CONNECT. - A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. - A subnetwork in a given region with purpose set to REGIONAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. + A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. + Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the purpose defaults to PRIVATE_RFC_1918. - The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY. type: string region: description: The GCP region for this subnetwork. @@ -830,10 +845,10 @@ spec: role: description: |- The role of subnetwork. + Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. - An ACTIVE subnetwork is one that is currently being used. + An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. - Subnetwork role must be specified when purpose is set to INTERNAL_HTTPS_LOAD_BALANCER or REGIONAL_MANAGED_PROXY. Possible values are: ACTIVE, BACKUP. type: string secondaryIpRange: diff --git a/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml b/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml index eebb2c769..e60d4aa36 100644 --- a/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml @@ -74,6 +74,15 @@ spec: type: string forProvider: properties: + certificateManagerCertificates: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + items: + type: string + type: array certificateMap: description: |- A reference to the CertificateMap resource uri that identifies a certificate map @@ -111,10 +120,23 @@ spec: Default value is NONE. Possible values are: NONE, ENABLE, DISABLE. type: string + serverTlsPolicy: + description: |- + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + type: string sslCertificates: description: |- - A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - connections between users and the load balancer. At least one resource must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates can not be defined together. items: type: string type: array @@ -295,6 +317,15 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + certificateManagerCertificates: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + items: + type: string + type: array certificateMap: description: |- A reference to the CertificateMap resource uri that identifies a certificate map @@ -332,10 +363,23 @@ spec: Default value is NONE. Possible values are: NONE, ENABLE, DISABLE. type: string + serverTlsPolicy: + description: |- + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + type: string sslCertificates: description: |- - A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - connections between users and the load balancer. At least one resource must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates can not be defined together. items: type: string type: array @@ -675,6 +719,15 @@ spec: properties: atProvider: properties: + certificateManagerCertificates: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName} or just the self_link projects/{project}/locations/{location}/certificates/{resourceName} + items: + type: string + type: array certificateMap: description: |- A reference to the CertificateMap resource uri that identifies a certificate map @@ -724,10 +777,23 @@ spec: selfLink: description: The URI of the created resource. type: string + serverTlsPolicy: + description: |- + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + type: string sslCertificates: description: |- - A list of SslCertificate resource URLs or Certificate Manager certificate URLs that are used to authenticate - connections between users and the load balancer. At least one resource must be specified. + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates can not be defined together. items: type: string type: array diff --git a/package/crds/compute.gcp.upbound.io_vpntunnels.yaml b/package/crds/compute.gcp.upbound.io_vpntunnels.yaml index b6c401e50..d889cbed3 100644 --- a/package/crds/compute.gcp.upbound.io_vpntunnels.yaml +++ b/package/crds/compute.gcp.upbound.io_vpntunnels.yaml @@ -81,6 +81,15 @@ spec: peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. type: number + labels: + additionalProperties: + type: string + description: |- + Labels to apply to this VpnTunnel. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular localTrafficSelector: description: |- Local traffic selector to use when establishing the VPN tunnel with @@ -490,6 +499,15 @@ spec: peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. type: number + labels: + additionalProperties: + type: string + description: |- + Labels to apply to this VpnTunnel. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular localTrafficSelector: description: |- Local traffic selector to use when establishing the VPN tunnel with @@ -1036,6 +1054,11 @@ spec: detailedStatus: description: Detailed status message for the VPN tunnel. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}} type: string @@ -1045,6 +1068,20 @@ spec: peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. type: number + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + labels: + additionalProperties: + type: string + description: |- + Labels to apply to this VpnTunnel. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular localTrafficSelector: description: |- Local traffic selector to use when establishing the VPN tunnel with @@ -1107,6 +1144,14 @@ spec: URL of the Target VPN gateway with which this VPN tunnel is associated. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular tunnelId: description: The unique identifier for the resource. This identifier is defined by the server. diff --git a/package/crds/container.gcp.upbound.io_clusters.yaml b/package/crds/container.gcp.upbound.io_clusters.yaml index 78b849bd9..dfdbcf75e 100644 --- a/package/crds/container.gcp.upbound.io_clusters.yaml +++ b/package/crds/container.gcp.upbound.io_clusters.yaml @@ -121,7 +121,7 @@ spec: gcePersistentDiskCsiDriverConfig: description: |- . - Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. items: properties: enabled: @@ -145,7 +145,9 @@ spec: description: |- The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. - It is disabled by default; set enabled = true to enable. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + See Enable the Cloud Storage FUSE CSI driver for more information. items: properties: enabled: @@ -246,8 +248,7 @@ spec: evaluationMode: description: |- Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - deprecated enable_binary_authorization parameter being set to true. + and PROJECT_SINGLETON_POLICY_ENFORCE. type: string type: object type: array @@ -419,6 +420,13 @@ spec: type: array type: object type: array + autoscalingProfile: + description: |- + Configuration + options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string enabled: description: |- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied @@ -455,7 +463,7 @@ spec: The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - only work for routes-based clusters, where ip_allocation_policy is not defined. + default a new cluster to routes-based, where ip_allocation_policy is not defined. type: string confidentialNodes: description: Configuration for Confidential Nodes feature. Structure @@ -463,7 +471,9 @@ spec: items: properties: enabled: - description: Enable Confidential Nodes for this cluster. + description: |- + Enable Confidential GKE Nodes for this cluster, to + enforce encryption of data in-use. type: boolean type: object type: array @@ -520,6 +530,8 @@ spec: type: boolean type: object type: array + deletionProtection: + type: boolean description: description: Description of the cluster. type: string @@ -549,12 +561,6 @@ spec: See the official documentation for available features. type: boolean - enableBinaryAuthorization: - description: |- - (DEPRECATED) Enable Binary Authorization for this cluster. - If enabled, all container images will be validated by Google Binary Authorization. - Deprecated in favor of binary_authorization. - type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -604,6 +610,17 @@ spec: Whether to enable Cloud TPU resources in this cluster. See the official documentation. type: boolean + fleet: + description: Fleet configuration for the cluster. Structure is + documented below. + items: + properties: + project: + description: The name of the Fleet host project where this + cluster will be registered. + type: string + type: object + type: array gatewayApiConfig: description: Configuration for GKE Gateway API controller. Structure is documented below. @@ -615,6 +632,16 @@ spec: type: string type: object type: array + identityServiceConfig: + description: . Structure is documented below. + items: + properties: + enabled: + description: Whether to enable the Identity Service component. + It is disabled by default. Set enabled=true to enable. + type: boolean + type: object + type: array initialNodeCount: description: |- The number of nodes to create in this @@ -627,11 +654,26 @@ spec: ipAllocationPolicy: description: |- Configuration of cluster IP allocation for - VPC-native clusters. Adding this block enables IP aliasing, - making the cluster VPC-native instead of routes-based. Structure is documented - below. + VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + Structure is documented below. items: properties: + additionalPodRangesConfig: + description: |- + The configuration for additional pod secondary ranges at + the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. + items: + properties: + podRangeNames: + description: The names of the Pod ranges to add to + the cluster. + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array clusterIpv4CidrBlock: description: |- The IP address range for the cluster pod IPs. @@ -844,11 +886,29 @@ spec: Structure is documented below. items: properties: + advancedDatapathObservabilityConfig: + description: Configuration for Advanced Datapath Monitoring. + Structure is documented below. + items: + properties: + enableMetrics: + description: Whether or not to enable advanced datapath + metrics. + type: boolean + enableRelay: + description: Whether or not Relay is enabled. + type: boolean + relayMode: + description: Mode used to make Relay available. + type: string + type: object + type: array enableComponents: description: 'The GKE components exposing metrics. Supported - values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, - and SCHEDULER. In beta provider, WORKLOADS is supported - on top of those 4 values. (WORKLOADS is deprecated and + values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, + CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT + and STATEFULSET. In beta provider, WORKLOADS is supported + on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.)' items: type: string @@ -974,8 +1034,7 @@ spec: networkingMode: description: |- Determines whether alias IPs or routes will be used for pod IPs in the cluster. - Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. type: string nodeConfig: description: Parameters used in creating the default node pool. @@ -1004,6 +1063,16 @@ spec: For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption' type: string + confidentialNodes: + description: Configuration for Confidential Nodes feature. + Structure is documented below documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array diskSizeGb: description: |- Size of the disk attached to each node, specified @@ -1014,6 +1083,10 @@ spec: Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' type: string + enableConfidentialStorage: + description: Enabling Confidential Storage will create boot + disk with confidential mode. It is disabled by default. + type: boolean ephemeralStorageLocalSsdConfig: description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot @@ -1027,6 +1100,19 @@ spec: type: number type: object type: array + fastSocket: + description: |- + Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + Node Pool must enable gvnic. + GKE version 1.25.2-gke.1700 or later. + Structure is documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array gcfsConfig: description: |- Parameters for the Google Container Filesystem (GCFS). @@ -1161,19 +1247,23 @@ spec: type: object x-kubernetes-map-type: granular linuxNodeConfig: - description: |- - Linux node configuration, currently supported attributes can be found here. - Note that validations happen all server side. All attributes are optional. - Structure is documented below. + description: Parameters that can be configured on Linux + nodes. Structure is documented below. items: properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string sysctls: additionalProperties: type: string description: |- The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as - net.core.wmem_max, to a string value. + net.core.wmem_max, to a string value. Currently supported attributes can be found here. + Note that validations happen all server side. All attributes are optional. type: object x-kubernetes-map-type: granular type: object @@ -1273,6 +1363,19 @@ spec: for how these labels are applied to clusters, node pools and nodes. type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and values + to be attached to the nodes for managing Compute Engine + firewalls using Network Firewall Policies. Tags must be + according to specifications found here. A maximum of 5 + tag key-value pairs can be specified. Existing tags will + be replaced with new values. Tags must be in one of the + following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular serviceAccount: description: |- The service account to be used by the Node VMs. @@ -1409,13 +1512,9 @@ spec: type: array taint: description: |- - A list of Kubernetes taints - to apply to nodes. GKE's API can only set this field on cluster creation. - However, GKE will add taints to your nodes if you enable certain features such - as GPUs. Taint values can be updated safely in - Kubernetes (eg. through kubectl), and it's recommended that you do not use - this field to manage taints. If you do, lifecycle.ignore_changes is - recommended. Structure is documented below. + A list of + Kubernetes taints + to apply to nodes. Structure is documented below. items: properties: effect: @@ -1455,6 +1554,28 @@ spec: type: string type: array x-kubernetes-list-type: set + nodePoolAutoConfig: + description: |- + Node pool configs that apply to auto-provisioned node pools in + autopilot clusters and + node auto-provisioning-enabled clusters. Structure is documented below. + items: + properties: + networkTags: + description: The network tag config for the cluster's automatically + provisioned node pools. + items: + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: array + type: object + type: array nodePoolDefaults: description: Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool @@ -1660,7 +1781,8 @@ spec: vulnerabilityMode: description: Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options - include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and + VULNERABILITY_ENTERPRISE. type: string type: object type: array @@ -1843,7 +1965,7 @@ spec: gcePersistentDiskCsiDriverConfig: description: |- . - Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. items: properties: enabled: @@ -1867,7 +1989,9 @@ spec: description: |- The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. - It is disabled by default; set enabled = true to enable. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + See Enable the Cloud Storage FUSE CSI driver for more information. items: properties: enabled: @@ -1968,8 +2092,7 @@ spec: evaluationMode: description: |- Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - deprecated enable_binary_authorization parameter being set to true. + and PROJECT_SINGLETON_POLICY_ENFORCE. type: string type: object type: array @@ -2141,6 +2264,13 @@ spec: type: array type: object type: array + autoscalingProfile: + description: |- + Configuration + options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string enabled: description: |- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied @@ -2177,7 +2307,7 @@ spec: The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - only work for routes-based clusters, where ip_allocation_policy is not defined. + default a new cluster to routes-based, where ip_allocation_policy is not defined. type: string confidentialNodes: description: Configuration for Confidential Nodes feature. Structure @@ -2185,7 +2315,9 @@ spec: items: properties: enabled: - description: Enable Confidential Nodes for this cluster. + description: |- + Enable Confidential GKE Nodes for this cluster, to + enforce encryption of data in-use. type: boolean type: object type: array @@ -2242,6 +2374,8 @@ spec: type: boolean type: object type: array + deletionProtection: + type: boolean description: description: Description of the cluster. type: string @@ -2271,12 +2405,6 @@ spec: See the official documentation for available features. type: boolean - enableBinaryAuthorization: - description: |- - (DEPRECATED) Enable Binary Authorization for this cluster. - If enabled, all container images will be validated by Google Binary Authorization. - Deprecated in favor of binary_authorization. - type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -2326,6 +2454,17 @@ spec: Whether to enable Cloud TPU resources in this cluster. See the official documentation. type: boolean + fleet: + description: Fleet configuration for the cluster. Structure is + documented below. + items: + properties: + project: + description: The name of the Fleet host project where this + cluster will be registered. + type: string + type: object + type: array gatewayApiConfig: description: Configuration for GKE Gateway API controller. Structure is documented below. @@ -2337,6 +2476,16 @@ spec: type: string type: object type: array + identityServiceConfig: + description: . Structure is documented below. + items: + properties: + enabled: + description: Whether to enable the Identity Service component. + It is disabled by default. Set enabled=true to enable. + type: boolean + type: object + type: array initialNodeCount: description: |- The number of nodes to create in this @@ -2349,11 +2498,26 @@ spec: ipAllocationPolicy: description: |- Configuration of cluster IP allocation for - VPC-native clusters. Adding this block enables IP aliasing, - making the cluster VPC-native instead of routes-based. Structure is documented - below. + VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + Structure is documented below. items: properties: + additionalPodRangesConfig: + description: |- + The configuration for additional pod secondary ranges at + the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. + items: + properties: + podRangeNames: + description: The names of the Pod ranges to add to + the cluster. + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array clusterIpv4CidrBlock: description: |- The IP address range for the cluster pod IPs. @@ -2557,11 +2721,29 @@ spec: Structure is documented below. items: properties: + advancedDatapathObservabilityConfig: + description: Configuration for Advanced Datapath Monitoring. + Structure is documented below. + items: + properties: + enableMetrics: + description: Whether or not to enable advanced datapath + metrics. + type: boolean + enableRelay: + description: Whether or not Relay is enabled. + type: boolean + relayMode: + description: Mode used to make Relay available. + type: string + type: object + type: array enableComponents: description: 'The GKE components exposing metrics. Supported - values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, - and SCHEDULER. In beta provider, WORKLOADS is supported - on top of those 4 values. (WORKLOADS is deprecated and + values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, + CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT + and STATEFULSET. In beta provider, WORKLOADS is supported + on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.)' items: type: string @@ -2687,8 +2869,7 @@ spec: networkingMode: description: |- Determines whether alias IPs or routes will be used for pod IPs in the cluster. - Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. type: string nodeConfig: description: Parameters used in creating the default node pool. @@ -2717,6 +2898,16 @@ spec: For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption' type: string + confidentialNodes: + description: Configuration for Confidential Nodes feature. + Structure is documented below documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array diskSizeGb: description: |- Size of the disk attached to each node, specified @@ -2727,6 +2918,10 @@ spec: Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' type: string + enableConfidentialStorage: + description: Enabling Confidential Storage will create boot + disk with confidential mode. It is disabled by default. + type: boolean ephemeralStorageLocalSsdConfig: description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot @@ -2740,6 +2935,19 @@ spec: type: number type: object type: array + fastSocket: + description: |- + Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + Node Pool must enable gvnic. + GKE version 1.25.2-gke.1700 or later. + Structure is documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array gcfsConfig: description: |- Parameters for the Google Container Filesystem (GCFS). @@ -2874,19 +3082,23 @@ spec: type: object x-kubernetes-map-type: granular linuxNodeConfig: - description: |- - Linux node configuration, currently supported attributes can be found here. - Note that validations happen all server side. All attributes are optional. - Structure is documented below. + description: Parameters that can be configured on Linux + nodes. Structure is documented below. items: properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string sysctls: additionalProperties: type: string description: |- The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as - net.core.wmem_max, to a string value. + net.core.wmem_max, to a string value. Currently supported attributes can be found here. + Note that validations happen all server side. All attributes are optional. type: object x-kubernetes-map-type: granular type: object @@ -2986,6 +3198,19 @@ spec: for how these labels are applied to clusters, node pools and nodes. type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and values + to be attached to the nodes for managing Compute Engine + firewalls using Network Firewall Policies. Tags must be + according to specifications found here. A maximum of 5 + tag key-value pairs can be specified. Existing tags will + be replaced with new values. Tags must be in one of the + following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular serviceAccount: description: |- The service account to be used by the Node VMs. @@ -3122,13 +3347,9 @@ spec: type: array taint: description: |- - A list of Kubernetes taints - to apply to nodes. GKE's API can only set this field on cluster creation. - However, GKE will add taints to your nodes if you enable certain features such - as GPUs. Taint values can be updated safely in - Kubernetes (eg. through kubectl), and it's recommended that you do not use - this field to manage taints. If you do, lifecycle.ignore_changes is - recommended. Structure is documented below. + A list of + Kubernetes taints + to apply to nodes. Structure is documented below. items: properties: effect: @@ -3168,6 +3389,28 @@ spec: type: string type: array x-kubernetes-list-type: set + nodePoolAutoConfig: + description: |- + Node pool configs that apply to auto-provisioned node pools in + autopilot clusters and + node auto-provisioning-enabled clusters. Structure is documented below. + items: + properties: + networkTags: + description: The network tag config for the cluster's automatically + provisioned node pools. + items: + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: array + type: object + type: array nodePoolDefaults: description: Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool @@ -3373,7 +3616,8 @@ spec: vulnerabilityMode: description: Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options - include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and + VULNERABILITY_ENTERPRISE. type: string type: object type: array @@ -3713,7 +3957,7 @@ spec: gcePersistentDiskCsiDriverConfig: description: |- . - Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled. + Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. items: properties: enabled: @@ -3737,7 +3981,9 @@ spec: description: |- The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. - It is disabled by default; set enabled = true to enable. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. + See Enable the Cloud Storage FUSE CSI driver for more information. items: properties: enabled: @@ -3838,8 +4084,7 @@ spec: evaluationMode: description: |- Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED - and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the - deprecated enable_binary_authorization parameter being set to true. + and PROJECT_SINGLETON_POLICY_ENFORCE. type: string type: object type: array @@ -4023,6 +4268,13 @@ spec: type: array type: object type: array + autoscalingProfile: + description: |- + Configuration + options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string enabled: description: |- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied @@ -4059,7 +4311,7 @@ spec: The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will - only work for routes-based clusters, where ip_allocation_policy is not defined. + default a new cluster to routes-based, where ip_allocation_policy is not defined. type: string confidentialNodes: description: Configuration for Confidential Nodes feature. Structure @@ -4067,7 +4319,9 @@ spec: items: properties: enabled: - description: Enable Confidential Nodes for this cluster. + description: |- + Enable Confidential GKE Nodes for this cluster, to + enforce encryption of data in-use. type: boolean type: object type: array @@ -4124,6 +4378,8 @@ spec: type: boolean type: object type: array + deletionProtection: + type: boolean description: description: Description of the cluster. type: string @@ -4153,12 +4409,6 @@ spec: See the official documentation for available features. type: boolean - enableBinaryAuthorization: - description: |- - (DEPRECATED) Enable Binary Authorization for this cluster. - If enabled, all container images will be validated by Google Binary Authorization. - Deprecated in favor of binary_authorization. - type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -4211,6 +4461,34 @@ spec: endpoint: description: The IP address of this cluster's Kubernetes master. type: string + fleet: + description: Fleet configuration for the cluster. Structure is + documented below. + items: + properties: + membership: + description: The resource name of the fleet Membership resource + associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. + See the official doc for fleet management. + type: string + membershipId: + description: The short name of the fleet membership, extracted + from fleet.0.membership. You can use this field to configure + membership_id under google_gkehub_feature_membership. + type: string + membershipLocation: + description: The location of the fleet membership, extracted + from fleet.0.membership. You can use this field to configure + membership_location under google_gkehub_feature_membership. + type: string + preRegistered: + type: boolean + project: + description: The name of the Fleet host project where this + cluster will be registered. + type: string + type: object + type: array gatewayApiConfig: description: Configuration for GKE Gateway API controller. Structure is documented below. @@ -4225,6 +4503,16 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/locations/{{zone}}/clusters/{{name}} type: string + identityServiceConfig: + description: . Structure is documented below. + items: + properties: + enabled: + description: Whether to enable the Identity Service component. + It is disabled by default. Set enabled=true to enable. + type: boolean + type: object + type: array initialNodeCount: description: |- The number of nodes to create in this @@ -4237,11 +4525,26 @@ spec: ipAllocationPolicy: description: |- Configuration of cluster IP allocation for - VPC-native clusters. Adding this block enables IP aliasing, - making the cluster VPC-native instead of routes-based. Structure is documented - below. + VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. + Structure is documented below. items: properties: + additionalPodRangesConfig: + description: |- + The configuration for additional pod secondary ranges at + the cluster level. Used for Autopilot clusters and Standard clusters with which control of the + secondary Pod IP address assignment to node pools isn't needed. Structure is documented below. + items: + properties: + podRangeNames: + description: The names of the Pod ranges to add to + the cluster. + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array clusterIpv4CidrBlock: description: |- The IP address range for the cluster pod IPs. @@ -4479,11 +4782,29 @@ spec: Structure is documented below. items: properties: + advancedDatapathObservabilityConfig: + description: Configuration for Advanced Datapath Monitoring. + Structure is documented below. + items: + properties: + enableMetrics: + description: Whether or not to enable advanced datapath + metrics. + type: boolean + enableRelay: + description: Whether or not Relay is enabled. + type: boolean + relayMode: + description: Mode used to make Relay available. + type: string + type: object + type: array enableComponents: description: 'The GKE components exposing metrics. Supported - values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, - and SCHEDULER. In beta provider, WORKLOADS is supported - on top of those 4 values. (WORKLOADS is deprecated and + values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, + CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT + and STATEFULSET. In beta provider, WORKLOADS is supported + on top of those 10 values. (WORKLOADS is deprecated and removed in GKE 1.24.)' items: type: string @@ -4535,8 +4856,7 @@ spec: networkingMode: description: |- Determines whether alias IPs or routes will be used for pod IPs in the cluster. - Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, - and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster. + Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. type: string nodeConfig: description: Parameters used in creating the default node pool. @@ -4565,6 +4885,16 @@ spec: For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption' type: string + confidentialNodes: + description: Configuration for Confidential Nodes feature. + Structure is documented below documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array diskSizeGb: description: |- Size of the disk attached to each node, specified @@ -4575,6 +4905,27 @@ spec: Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' type: string + effectiveTaints: + description: List of kubernetes taints applied to each node. + Structure is documented above. + items: + properties: + effect: + description: Effect for taint. Accepted values are + NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. + type: string + key: + description: Key for taint. + type: string + value: + description: Value for taint. + type: string + type: object + type: array + enableConfidentialStorage: + description: Enabling Confidential Storage will create boot + disk with confidential mode. It is disabled by default. + type: boolean ephemeralStorageLocalSsdConfig: description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot @@ -4588,6 +4939,19 @@ spec: type: number type: object type: array + fastSocket: + description: |- + Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + Node Pool must enable gvnic. + GKE version 1.25.2-gke.1700 or later. + Structure is documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array gcfsConfig: description: |- Parameters for the Google Container Filesystem (GCFS). @@ -4722,19 +5086,23 @@ spec: type: object x-kubernetes-map-type: granular linuxNodeConfig: - description: |- - Linux node configuration, currently supported attributes can be found here. - Note that validations happen all server side. All attributes are optional. - Structure is documented below. + description: Parameters that can be configured on Linux + nodes. Structure is documented below. items: properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string sysctls: additionalProperties: type: string description: |- The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as - net.core.wmem_max, to a string value. + net.core.wmem_max, to a string value. Currently supported attributes can be found here. + Note that validations happen all server side. All attributes are optional. type: object x-kubernetes-map-type: granular type: object @@ -4834,6 +5202,19 @@ spec: for how these labels are applied to clusters, node pools and nodes. type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and values + to be attached to the nodes for managing Compute Engine + firewalls using Network Firewall Policies. Tags must be + according to specifications found here. A maximum of 5 + tag key-value pairs can be specified. Existing tags will + be replaced with new values. Tags must be in one of the + following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular serviceAccount: description: |- The service account to be used by the Node VMs. @@ -4894,13 +5275,9 @@ spec: type: array taint: description: |- - A list of Kubernetes taints - to apply to nodes. GKE's API can only set this field on cluster creation. - However, GKE will add taints to your nodes if you enable certain features such - as GPUs. Taint values can be updated safely in - Kubernetes (eg. through kubectl), and it's recommended that you do not use - this field to manage taints. If you do, lifecycle.ignore_changes is - recommended. Structure is documented below. + A list of + Kubernetes taints + to apply to nodes. Structure is documented below. items: properties: effect: @@ -5023,6 +5400,16 @@ spec: have RFC 1918 private addresses and communicate with the master's private endpoint via private networking. type: boolean + networkPerformanceConfig: + description: Network bandwidth tier configuration. + items: + properties: + totalEgressBandwidthTier: + description: Specifies the total network bandwidth + tier for the NodePool. + type: string + type: object + type: array podCidrOverprovisionConfig: items: properties: @@ -5066,6 +5453,17 @@ spec: For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption' type: string + confidentialNodes: + description: Configuration for Confidential Nodes + feature. Structure is documented below documented + below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array diskSizeGb: description: |- Size of the disk attached to each node, specified @@ -5076,6 +5474,28 @@ spec: Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard' type: string + effectiveTaints: + description: List of kubernetes taints applied to + each node. Structure is documented above. + items: + properties: + effect: + description: Effect for taint. Accepted values + are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. + type: string + key: + description: Key for taint. + type: string + value: + description: Value for taint. + type: string + type: object + type: array + enableConfidentialStorage: + description: Enabling Confidential Storage will create + boot disk with confidential mode. It is disabled + by default. + type: boolean ephemeralStorageLocalSsdConfig: description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is @@ -5090,6 +5510,19 @@ spec: type: number type: object type: array + fastSocket: + description: |- + Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. + Node Pool must enable gvnic. + GKE version 1.25.2-gke.1700 or later. + Structure is documented below. + items: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object + type: array gcfsConfig: description: The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. @@ -5222,19 +5655,23 @@ spec: type: object x-kubernetes-map-type: granular linuxNodeConfig: - description: |- - Linux node configuration, currently supported attributes can be found here. - Note that validations happen all server side. All attributes are optional. - Structure is documented below. + description: Parameters that can be configured on + Linux nodes. Structure is documented below. items: properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string sysctls: additionalProperties: type: string description: |- The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as - net.core.wmem_max, to a string value. + net.core.wmem_max, to a string value. Currently supported attributes can be found here. + Note that validations happen all server side. All attributes are optional. type: object x-kubernetes-map-type: granular type: object @@ -5336,6 +5773,20 @@ spec: pairs) to be applied to the cluster. type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and + values to be attached to the nodes for managing + Compute Engine firewalls using Network Firewall + Policies. Tags must be according to specifications + found here. A maximum of 5 tag key-value pairs can + be specified. Existing tags will be replaced with + new values. Tags must be in one of the following + formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular serviceAccount: description: |- The service account to be used by the Node VMs. @@ -5395,13 +5846,9 @@ spec: type: array taint: description: |- - A list of Kubernetes taints - to apply to nodes. GKE's API can only set this field on cluster creation. - However, GKE will add taints to your nodes if you enable certain features such - as GPUs. Taint values can be updated safely in - Kubernetes (eg. through kubectl), and it's recommended that you do not use - this field to manage taints. If you do, lifecycle.ignore_changes is - recommended. Structure is documented below. + A list of + Kubernetes taints + to apply to nodes. Structure is documented below. items: properties: effect: @@ -5451,6 +5898,8 @@ spec: The name of the cluster, unique within the project and location. type: string + tpuTopology: + type: string type: description: The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. @@ -5526,6 +5975,28 @@ spec: type: string type: object type: array + nodePoolAutoConfig: + description: |- + Node pool configs that apply to auto-provisioned node pools in + autopilot clusters and + node auto-provisioning-enabled clusters. Structure is documented below. + items: + properties: + networkTags: + description: The network tag config for the cluster's automatically + provisioned node pools. + items: + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: array + type: object + type: array nodePoolDefaults: description: Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool @@ -5745,7 +6216,8 @@ spec: vulnerabilityMode: description: Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options - include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and + VULNERABILITY_ENTERPRISE. type: string type: object type: array diff --git a/package/crds/container.gcp.upbound.io_nodepools.yaml b/package/crds/container.gcp.upbound.io_nodepools.yaml index 905901c44..6855965db 100644 --- a/package/crds/container.gcp.upbound.io_nodepools.yaml +++ b/package/crds/container.gcp.upbound.io_nodepools.yaml @@ -207,9 +207,11 @@ spec: properties: autoRepair: description: Whether the nodes will be automatically repaired. + Enabled by default. type: boolean autoUpgrade: description: Whether the nodes will be automatically upgraded. + Enabled by default. type: boolean type: object type: array @@ -236,6 +238,13 @@ spec: enablePrivateNodes: description: Whether nodes have internal IP addresses only. type: boolean + networkPerformanceConfig: + items: + properties: + totalEgressBandwidthTier: + type: string + type: object + type: array podCidrOverprovisionConfig: items: properties: @@ -274,10 +283,23 @@ spec: type: array bootDiskKmsKey: type: string + confidentialNodes: + description: Configuration for Confidential Nodes feature. + Structure is documented below. + items: + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object + type: array diskSizeGb: type: number diskType: type: string + enableConfidentialStorage: + type: boolean ephemeralStorageLocalSsdConfig: items: properties: @@ -285,10 +307,21 @@ spec: type: number type: object type: array + fastSocket: + items: + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object + type: array gcfsConfig: items: properties: enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. type: boolean type: object type: array @@ -331,6 +364,8 @@ spec: items: properties: enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. type: boolean type: object type: array @@ -372,6 +407,8 @@ spec: google_container_cluster for schema. items: properties: + cgroupMode: + type: string sysctls: additionalProperties: type: string @@ -427,6 +464,11 @@ spec: type: string type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular serviceAccount: type: string serviceAccountRef: @@ -588,6 +630,10 @@ spec: The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned. type: string + tpuTopology: + description: The TPU placement topology for pod slice node + pool. + type: string type: description: |- The type of the policy. Supports a single value: COMPACT. @@ -728,9 +774,11 @@ spec: properties: autoRepair: description: Whether the nodes will be automatically repaired. + Enabled by default. type: boolean autoUpgrade: description: Whether the nodes will be automatically upgraded. + Enabled by default. type: boolean type: object type: array @@ -757,6 +805,13 @@ spec: enablePrivateNodes: description: Whether nodes have internal IP addresses only. type: boolean + networkPerformanceConfig: + items: + properties: + totalEgressBandwidthTier: + type: string + type: object + type: array podCidrOverprovisionConfig: items: properties: @@ -795,10 +850,23 @@ spec: type: array bootDiskKmsKey: type: string + confidentialNodes: + description: Configuration for Confidential Nodes feature. + Structure is documented below. + items: + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object + type: array diskSizeGb: type: number diskType: type: string + enableConfidentialStorage: + type: boolean ephemeralStorageLocalSsdConfig: items: properties: @@ -806,10 +874,21 @@ spec: type: number type: object type: array + fastSocket: + items: + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object + type: array gcfsConfig: items: properties: enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. type: boolean type: object type: array @@ -852,6 +931,8 @@ spec: items: properties: enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. type: boolean type: object type: array @@ -893,6 +974,8 @@ spec: google_container_cluster for schema. items: properties: + cgroupMode: + type: string sysctls: additionalProperties: type: string @@ -948,6 +1031,11 @@ spec: type: string type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular serviceAccount: type: string serviceAccountRef: @@ -1109,6 +1197,10 @@ spec: The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned. type: string + tpuTopology: + description: The TPU placement topology for pod slice node + pool. + type: string type: description: |- The type of the policy. Supports a single value: COMPACT. @@ -1432,9 +1524,11 @@ spec: properties: autoRepair: description: Whether the nodes will be automatically repaired. + Enabled by default. type: boolean autoUpgrade: description: Whether the nodes will be automatically upgraded. + Enabled by default. type: boolean type: object type: array @@ -1461,6 +1555,13 @@ spec: enablePrivateNodes: description: Whether nodes have internal IP addresses only. type: boolean + networkPerformanceConfig: + items: + properties: + totalEgressBandwidthTier: + type: string + type: object + type: array podCidrOverprovisionConfig: items: properties: @@ -1499,10 +1600,34 @@ spec: type: array bootDiskKmsKey: type: string + confidentialNodes: + description: Configuration for Confidential Nodes feature. + Structure is documented below. + items: + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object + type: array diskSizeGb: type: number diskType: type: string + effectiveTaints: + items: + properties: + effect: + type: string + key: + type: string + value: + type: string + type: object + type: array + enableConfidentialStorage: + type: boolean ephemeralStorageLocalSsdConfig: items: properties: @@ -1510,10 +1635,21 @@ spec: type: number type: object type: array + fastSocket: + items: + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object + type: array gcfsConfig: items: properties: enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. type: boolean type: object type: array @@ -1556,6 +1692,8 @@ spec: items: properties: enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. type: boolean type: object type: array @@ -1597,6 +1735,8 @@ spec: google_container_cluster for schema. items: properties: + cgroupMode: + type: string sysctls: additionalProperties: type: string @@ -1652,6 +1792,11 @@ spec: type: string type: object x-kubernetes-map-type: granular + resourceManagerTags: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular serviceAccount: type: string shieldedInstanceConfig: @@ -1739,6 +1884,10 @@ spec: The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned. type: string + tpuTopology: + description: The TPU placement topology for pod slice node + pool. + type: string type: description: |- The type of the policy. Supports a single value: COMPACT. diff --git a/package/crds/containeraws.gcp.upbound.io_clusters.yaml b/package/crds/containeraws.gcp.upbound.io_clusters.yaml index 8a3821c96..107d23f2f 100644 --- a/package/crds/containeraws.gcp.upbound.io_clusters.yaml +++ b/package/crds/containeraws.gcp.upbound.io_clusters.yaml @@ -89,6 +89,19 @@ spec: description: Configuration related to the cluster RBAC settings. items: properties: + adminGroups: + description: Groups of users that can perform operations + as a cluster admin. A managed ClusterRoleBinding will + be created to grant the cluster-admin ClusterRole to the + groups. Up to ten admin groups can be provided. For more + info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + properties: + group: + description: The name of the group, e.g. my-group@domain.com. + type: string + type: object + type: array adminUsers: description: Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant @@ -110,6 +123,17 @@ spec: call to list all supported AWS regions within a given Google Cloud region. type: string + binaryAuthorization: + description: Configuration options for the Binary Authorization + feature. + items: + properties: + evaluationMode: + description: 'Mode of operation for Binary Authorization + policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE' + type: string + type: object + type: array controlPlane: description: Configuration related to the cluster control plane. items: @@ -194,7 +218,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -244,7 +270,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -383,6 +411,19 @@ spec: description: Configuration related to the cluster RBAC settings. items: properties: + adminGroups: + description: Groups of users that can perform operations + as a cluster admin. A managed ClusterRoleBinding will + be created to grant the cluster-admin ClusterRole to the + groups. Up to ten admin groups can be provided. For more + info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + properties: + group: + description: The name of the group, e.g. my-group@domain.com. + type: string + type: object + type: array adminUsers: description: Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant @@ -404,6 +445,17 @@ spec: call to list all supported AWS regions within a given Google Cloud region. type: string + binaryAuthorization: + description: Configuration options for the Binary Authorization + feature. + items: + properties: + evaluationMode: + description: 'Mode of operation for Binary Authorization + policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE' + type: string + type: object + type: array controlPlane: description: Configuration related to the cluster control plane. items: @@ -488,7 +540,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -538,7 +592,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -852,6 +908,19 @@ spec: description: Configuration related to the cluster RBAC settings. items: properties: + adminGroups: + description: Groups of users that can perform operations + as a cluster admin. A managed ClusterRoleBinding will + be created to grant the cluster-admin ClusterRole to the + groups. Up to ten admin groups can be provided. For more + info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + properties: + group: + description: The name of the group, e.g. my-group@domain.com. + type: string + type: object + type: array adminUsers: description: Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant @@ -873,6 +942,17 @@ spec: call to list all supported AWS regions within a given Google Cloud region. type: string + binaryAuthorization: + description: Configuration options for the Binary Authorization + feature. + items: + properties: + evaluationMode: + description: 'Mode of operation for Binary Authorization + policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE' + type: string + type: object + type: array controlPlane: description: Configuration related to the cluster control plane. items: @@ -957,7 +1037,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -1007,7 +1089,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -1067,6 +1151,11 @@ spec: description: Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular endpoint: description: Output only. The endpoint of the cluster's API server. type: string diff --git a/package/crds/containeraws.gcp.upbound.io_nodepools.yaml b/package/crds/containeraws.gcp.upbound.io_nodepools.yaml index a58c678f0..ff068f19a 100644 --- a/package/crds/containeraws.gcp.upbound.io_nodepools.yaml +++ b/package/crds/containeraws.gcp.upbound.io_nodepools.yaml @@ -273,7 +273,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -332,6 +334,16 @@ spec: location: description: The location for the resource type: string + management: + description: The Management configuration for this node pool. + items: + properties: + autoRepair: + description: Optional. Whether or not the nodes will be + automatically repaired. + type: boolean + type: object + type: array maxPodsConstraint: description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. @@ -349,6 +361,30 @@ spec: subnetId: description: The subnet where the node pool node run. type: string + updateSettings: + description: Optional. Update settings control the speed and disruption + of the node pool update. + items: + properties: + surgeSettings: + description: Optional. Settings for surge update. + items: + properties: + maxSurge: + description: Optional. The maximum number of nodes + that can be created beyond the current size of the + node pool during the update process. + type: number + maxUnavailable: + description: Optional. The maximum number of nodes + that can be simultaneously unavailable during the + update process. A node is considered unavailable + if its status is not Ready. + type: number + type: object + type: array + type: object + type: array version: description: The Kubernetes version to run on this node pool (e.g. 1.19.10-gke.1000). You can list all supported versions on a @@ -493,7 +529,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -549,6 +587,16 @@ spec: type: array type: object type: array + management: + description: The Management configuration for this node pool. + items: + properties: + autoRepair: + description: Optional. Whether or not the nodes will be + automatically repaired. + type: boolean + type: object + type: array maxPodsConstraint: description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. @@ -566,6 +614,30 @@ spec: subnetId: description: The subnet where the node pool node run. type: string + updateSettings: + description: Optional. Update settings control the speed and disruption + of the node pool update. + items: + properties: + surgeSettings: + description: Optional. Settings for surge update. + items: + properties: + maxSurge: + description: Optional. The maximum number of nodes + that can be created beyond the current size of the + node pool during the update process. + type: number + maxUnavailable: + description: Optional. The maximum number of nodes + that can be simultaneously unavailable during the + update process. A node is considered unavailable + if its status is not Ready. + type: number + type: object + type: array + type: object + type: array version: description: The Kubernetes version to run on this node pool (e.g. 1.19.10-gke.1000). You can list all supported versions on a @@ -891,7 +963,9 @@ spec: throughput: description: Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume - type is GP3. + type is GP3. If volume type is gp3 and throughput + is not specified, the throughput will defaults to + 125. type: number volumeType: description: 'Optional. Type of the EBS volume. When @@ -951,6 +1025,11 @@ spec: description: Output only. The time at which this node pool was created. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular etag: description: Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update @@ -963,6 +1042,16 @@ spec: location: description: The location for the resource type: string + management: + description: The Management configuration for this node pool. + items: + properties: + autoRepair: + description: Optional. Whether or not the nodes will be + automatically repaired. + type: boolean + type: object + type: array maxPodsConstraint: description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. @@ -993,6 +1082,30 @@ spec: description: Output only. A globally unique identifier for the node pool. type: string + updateSettings: + description: Optional. Update settings control the speed and disruption + of the node pool update. + items: + properties: + surgeSettings: + description: Optional. Settings for surge update. + items: + properties: + maxSurge: + description: Optional. The maximum number of nodes + that can be created beyond the current size of the + node pool during the update process. + type: number + maxUnavailable: + description: Optional. The maximum number of nodes + that can be simultaneously unavailable during the + update process. A node is considered unavailable + if its status is not Ready. + type: number + type: object + type: array + type: object + type: array updateTime: description: Output only. The time at which this node pool was last updated. diff --git a/package/crds/containerazure.gcp.upbound.io_clusters.yaml b/package/crds/containerazure.gcp.upbound.io_clusters.yaml index 5230c62ea..8b611740c 100644 --- a/package/crds/containerazure.gcp.upbound.io_clusters.yaml +++ b/package/crds/containerazure.gcp.upbound.io_clusters.yaml @@ -89,6 +89,19 @@ spec: description: Configuration related to the cluster RBAC settings. items: properties: + adminGroups: + description: Groups of users that can perform operations + as a cluster admin. A managed ClusterRoleBinding will + be created to grant the cluster-admin ClusterRole to the + groups. Up to ten admin groups can be provided. For more + info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + properties: + group: + description: The name of the group, e.g. my-group@domain.com. + type: string + type: object + type: array adminUsers: description: Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant @@ -336,6 +349,19 @@ spec: description: Configuration related to the cluster RBAC settings. items: properties: + adminGroups: + description: Groups of users that can perform operations + as a cluster admin. A managed ClusterRoleBinding will + be created to grant the cluster-admin ClusterRole to the + groups. Up to ten admin groups can be provided. For more + info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + properties: + group: + description: The name of the group, e.g. my-group@domain.com. + type: string + type: object + type: array adminUsers: description: Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant @@ -762,6 +788,19 @@ spec: description: Configuration related to the cluster RBAC settings. items: properties: + adminGroups: + description: Groups of users that can perform operations + as a cluster admin. A managed ClusterRoleBinding will + be created to grant the cluster-admin ClusterRole to the + groups. Up to ten admin groups can be provided. For more + info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + properties: + group: + description: The name of the group, e.g. my-group@domain.com. + type: string + type: object + type: array adminUsers: description: Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant @@ -929,6 +968,11 @@ spec: description: Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular endpoint: description: Output only. The endpoint of the cluster's API server. type: string diff --git a/package/crds/containerazure.gcp.upbound.io_nodepools.yaml b/package/crds/containerazure.gcp.upbound.io_nodepools.yaml index f7c818b19..355944199 100644 --- a/package/crds/containerazure.gcp.upbound.io_nodepools.yaml +++ b/package/crds/containerazure.gcp.upbound.io_nodepools.yaml @@ -184,6 +184,15 @@ spec: description: The node configuration of the node pool. items: properties: + labels: + additionalProperties: + type: string + description: 'Optional. The initial labels assigned to nodes + of this node pool. An object containing a list of "key": + value pairs. Example: { "name": "wrench", "mass": "1.3kg", + "count": "3" }.' + type: object + x-kubernetes-map-type: granular proxyConfig: description: Proxy configuration for outbound HTTP(S) traffic. items: @@ -246,6 +255,16 @@ spec: location: description: The location for the resource type: string + management: + description: The Management configuration for this node pool. + items: + properties: + autoRepair: + description: Optional. Whether or not the nodes will be + automatically repaired. + type: boolean + type: object + type: array maxPodsConstraint: description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. @@ -319,6 +338,15 @@ spec: description: The node configuration of the node pool. items: properties: + labels: + additionalProperties: + type: string + description: 'Optional. The initial labels assigned to nodes + of this node pool. An object containing a list of "key": + value pairs. Example: { "name": "wrench", "mass": "1.3kg", + "count": "3" }.' + type: object + x-kubernetes-map-type: granular proxyConfig: description: Proxy configuration for outbound HTTP(S) traffic. items: @@ -378,6 +406,16 @@ spec: type: string type: object type: array + management: + description: The Management configuration for this node pool. + items: + properties: + autoRepair: + description: Optional. Whether or not the nodes will be + automatically repaired. + type: boolean + type: object + type: array maxPodsConstraint: description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. @@ -632,6 +670,15 @@ spec: description: The node configuration of the node pool. items: properties: + labels: + additionalProperties: + type: string + description: 'Optional. The initial labels assigned to nodes + of this node pool. An object containing a list of "key": + value pairs. Example: { "name": "wrench", "mass": "1.3kg", + "count": "3" }.' + type: object + x-kubernetes-map-type: granular proxyConfig: description: Proxy configuration for outbound HTTP(S) traffic. items: @@ -695,6 +742,11 @@ spec: description: Output only. The time at which this node pool was created. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular etag: description: Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update @@ -707,6 +759,16 @@ spec: location: description: The location for the resource type: string + management: + description: The Management configuration for this node pool. + items: + properties: + autoRepair: + description: Optional. Whether or not the nodes will be + automatically repaired. + type: boolean + type: object + type: array maxPodsConstraint: description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool. diff --git a/package/crds/dataflow.gcp.upbound.io_jobs.yaml b/package/crds/dataflow.gcp.upbound.io_jobs.yaml index 5625c9e4d..41c72c501 100644 --- a/package/crds/dataflow.gcp.upbound.io_jobs.yaml +++ b/package/crds/dataflow.gcp.upbound.io_jobs.yaml @@ -35,7 +35,11 @@ spec: schema: openAPIV3Schema: description: Job is the Schema for the Jobs API. Creates a job in Dataflow - according to a provided config file. + according to a provided config file. Dataflow jobs are different from most + other Google resources. The Dataflow resource is considered 'existing' while + it is in a nonterminal state. If it reaches a terminal state (e.g. 'FAILED', + 'COMPLETE', 'CANCELLED'), it will be recreated on the next 'reconcile'. + This resource does not support import properties: apiVersion: description: |- @@ -100,8 +104,7 @@ spec: description: |- User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. - NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. type: object machineType: description: The machine type to use for the job. @@ -205,8 +208,7 @@ spec: description: |- User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. - NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. type: object machineType: description: The machine type to use for the job. @@ -462,6 +464,11 @@ spec: type: string type: array x-kubernetes-list-type: set + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular enableStreamingEngine: description: Enable/disable the use of Streaming Engine for the job. Note that Streaming Engine is enabled by default for pipelines @@ -487,8 +494,7 @@ spec: description: |- User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. - NOTE: Google-provided Dataflow templates often provide default labels that begin with goog-dataflow-provided. - Unless explicitly set in config, these labels will be ignored to prevent diffs on re-apply. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. type: object machineType: description: The machine type to use for the job. @@ -543,6 +549,13 @@ spec: templateGcsPath: description: The GCS path to the Dataflow job template. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular transformNameMapping: additionalProperties: type: string diff --git a/package/crds/datafusion.gcp.upbound.io_instances.yaml b/package/crds/datafusion.gcp.upbound.io_instances.yaml index 005023ab4..4cf3afb77 100644 --- a/package/crds/datafusion.gcp.upbound.io_instances.yaml +++ b/package/crds/datafusion.gcp.upbound.io_instances.yaml @@ -870,6 +870,12 @@ spec: displayName: description: Display name for an instance. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular enableRbac: description: Option to enable granular role-based access control. type: boolean @@ -966,6 +972,14 @@ spec: tenantProjectId: description: The name of the tenant project. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: |- Represents the type of Data Fusion instance. Each type is configured with diff --git a/package/crds/datalossprevention.gcp.upbound.io_jobtriggers.yaml b/package/crds/datalossprevention.gcp.upbound.io_jobtriggers.yaml index 9d0daa11c..0496a18e9 100644 --- a/package/crds/datalossprevention.gcp.upbound.io_jobtriggers.yaml +++ b/package/crds/datalossprevention.gcp.upbound.io_jobtriggers.yaml @@ -87,7 +87,7 @@ spec: properties: actions: description: |- - A task to execute on the completion of a job. + Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. Structure is documented below. items: properties: @@ -1288,7 +1288,7 @@ spec: type: array timespanConfig: description: |- - Information on where to inspect + Configuration of the timespan of the items to include in scanning Structure is documented below. items: properties: @@ -1296,20 +1296,22 @@ spec: description: |- When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will - be based on the time of the execution of the last run of the JobTrigger. + be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + used in the last run of the JobTrigger. type: boolean endTime: - description: Exclude files or rows newer than - this value. If set to zero, no upper time - limit is applied. + description: Exclude files, tables, or rows + newer than this value. If not set, no upper + time limit is applied. type: string startTime: - description: Exclude files or rows older than - this value. + description: Exclude files, tables, or rows + older than this value. If not set, no lower + time limit is applied. type: string timestampField: description: |- - Information on where to inspect + Specification of the field containing the timestamp of scanned items. Structure is documented below. items: properties: @@ -1404,7 +1406,7 @@ spec: properties: actions: description: |- - A task to execute on the completion of a job. + Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. Structure is documented below. items: properties: @@ -2605,7 +2607,7 @@ spec: type: array timespanConfig: description: |- - Information on where to inspect + Configuration of the timespan of the items to include in scanning Structure is documented below. items: properties: @@ -2613,20 +2615,22 @@ spec: description: |- When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will - be based on the time of the execution of the last run of the JobTrigger. + be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + used in the last run of the JobTrigger. type: boolean endTime: - description: Exclude files or rows newer than - this value. If set to zero, no upper time - limit is applied. + description: Exclude files, tables, or rows + newer than this value. If not set, no upper + time limit is applied. type: string startTime: - description: Exclude files or rows older than - this value. + description: Exclude files, tables, or rows + older than this value. If not set, no lower + time limit is applied. type: string timestampField: description: |- - Information on where to inspect + Specification of the field containing the timestamp of scanned items. Structure is documented below. items: properties: @@ -2896,7 +2900,7 @@ spec: properties: actions: description: |- - A task to execute on the completion of a job. + Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in attribute-as-blocks mode. Structure is documented below. items: properties: @@ -3946,7 +3950,7 @@ spec: type: array timespanConfig: description: |- - Information on where to inspect + Configuration of the timespan of the items to include in scanning Structure is documented below. items: properties: @@ -3954,20 +3958,22 @@ spec: description: |- When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will - be based on the time of the execution of the last run of the JobTrigger. + be based on the time of the execution of the last run of the JobTrigger or the timespan endTime + used in the last run of the JobTrigger. type: boolean endTime: - description: Exclude files or rows newer than - this value. If set to zero, no upper time - limit is applied. + description: Exclude files, tables, or rows + newer than this value. If not set, no upper + time limit is applied. type: string startTime: - description: Exclude files or rows older than - this value. + description: Exclude files, tables, or rows + older than this value. If not set, no lower + time limit is applied. type: string timestampField: description: |- - Information on where to inspect + Specification of the field containing the timestamp of scanned items. Structure is documented below. items: properties: diff --git a/package/crds/dataplex.gcp.upbound.io_assets.yaml b/package/crds/dataplex.gcp.upbound.io_assets.yaml index 382cf8f12..5f7a24fe4 100644 --- a/package/crds/dataplex.gcp.upbound.io_assets.yaml +++ b/package/crds/dataplex.gcp.upbound.io_assets.yaml @@ -337,6 +337,12 @@ spec: lake. For example: projects/{project_number}/buckets/{bucket_id} projects/{project_number}/datasets/{dataset_id}' type: string + readAccessMode: + description: 'Optional. Determines how read permissions + are handled for each asset and their associated tables. + Only available to storage buckets assets. Possible values: + DIRECT, MANAGED' + type: string type: description: 'Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET' @@ -467,6 +473,12 @@ spec: lake. For example: projects/{project_number}/buckets/{bucket_id} projects/{project_number}/datasets/{dataset_id}' type: string + readAccessMode: + description: 'Optional. Determines how read permissions + are handled for each asset and their associated tables. + Only available to storage buckets assets. Possible values: + DIRECT, MANAGED' + type: string type: description: 'Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET' @@ -784,6 +796,11 @@ spec: displayName: description: Optional. User friendly display name. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}} type: string @@ -813,6 +830,12 @@ spec: lake. For example: projects/{project_number}/buckets/{bucket_id} projects/{project_number}/datasets/{dataset_id}' type: string + readAccessMode: + description: 'Optional. Determines how read permissions + are handled for each asset and their associated tables. + Only available to storage buckets assets. Possible values: + DIRECT, MANAGED' + type: string type: description: 'Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET' @@ -859,6 +882,13 @@ spec: description: 'Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED' type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted diff --git a/package/crds/dataplex.gcp.upbound.io_lakes.yaml b/package/crds/dataplex.gcp.upbound.io_lakes.yaml index 3b1b8c0ef..0fa8fc741 100644 --- a/package/crds/dataplex.gcp.upbound.io_lakes.yaml +++ b/package/crds/dataplex.gcp.upbound.io_lakes.yaml @@ -342,6 +342,11 @@ spec: displayName: description: Optional. User friendly display name. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{name}} type: string @@ -397,6 +402,13 @@ spec: description: 'Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED' type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted diff --git a/package/crds/dataplex.gcp.upbound.io_zones.yaml b/package/crds/dataplex.gcp.upbound.io_zones.yaml index d2efaee28..af1bf5a14 100644 --- a/package/crds/dataplex.gcp.upbound.io_zones.yaml +++ b/package/crds/dataplex.gcp.upbound.io_zones.yaml @@ -685,6 +685,11 @@ spec: displayName: description: Optional. User friendly display name. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}} type: string @@ -720,6 +725,13 @@ spec: description: 'Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED' type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: 'Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED' diff --git a/package/crds/dataproc.gcp.upbound.io_clusters.yaml b/package/crds/dataproc.gcp.upbound.io_clusters.yaml index e4da7570c..a8f62b497 100644 --- a/package/crds/dataproc.gcp.upbound.io_clusters.yaml +++ b/package/crds/dataproc.gcp.upbound.io_clusters.yaml @@ -92,6 +92,93 @@ spec: type: string type: object type: array + auxiliaryNodeGroups: + description: |- + A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + Structure defined below. + items: + properties: + nodeGroup: + description: Node group configuration. + items: + properties: + nodeGroupConfig: + description: The node group instance group configuration. + items: + properties: + accelerators: + description: The Compute Engine accelerator + configuration for these instances. Can + be specified multiple times. + items: + properties: + acceleratorCount: + description: The number of the accelerator + cards of this type exposed to + this instance. Often restricted + to one of 1, 2, 4, or 8. + type: number + acceleratorType: + description: The short name of the + accelerator type to expose to + this instance. For example, nvidia-tesla-k80. + type: string + type: object + type: array + diskConfig: + description: Disk Config + items: + properties: + bootDiskSizeGb: + description: |- + Size of the primary disk attached to each node, specified + in GB. The primary disk contains the boot volume and system libraries, and the + smallest allowed disk size is 10GB. GCP will default to a predetermined + computed value if not set (currently 500GB). Note: If SSDs are not + attached, it also contains the HDFS data blocks and Hadoop working directories. + type: number + bootDiskType: + description: |- + The disk type of the primary disk attached to each node. + One of "pd-ssd" or "pd-standard". Defaults to "pd-standard". + type: string + numLocalSsds: + description: |- + The amount of local SSD disks that will be + attached to each master cluster node. Defaults to 0. + type: number + type: object + type: array + machineType: + description: The name of a Compute Engine + machine type. + type: string + minCpuPlatform: + description: |- + Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or a newer CPU platform. + Specify the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge". + type: string + numInstances: + description: |- + Specifies the number of master nodes to create. + Please set a number greater than 0. Node Group must have at least 1 instance. + type: number + type: object + type: array + roles: + description: |- + The roles associated with the GKE node pool. + One of "DEFAULT", "CONTROLLER", "SPARK_DRIVER" or "SPARK_EXECUTOR". + items: + type: string + type: array + type: object + type: array + nodeGroupId: + type: string + type: object + type: array dataprocMetricConfig: description: |- The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. @@ -494,6 +581,37 @@ spec: type: number type: object type: array + instanceFlexibilityPolicy: + description: Instance flexibility Policy allowing + a mixture of VM shapes and provisioning models. + items: + properties: + instanceSelectionList: + description: List of instance selection options + that the group will use when creating new + VMs. + items: + properties: + machineTypes: + description: Full machine-type names, + e.g. "n1-standard-16". + items: + type: string + type: array + rank: + description: Preference of this instance + selection. A lower number means higher + preference. Dataproc will first try + to create a VM based on the machine-type + with priority rank and fallback to next + rank based on availability. Machine + types and instance selections with the + same priority have the same preference. + type: number + type: object + type: array + type: object + type: array numInstances: description: |- Specifies the number of preemptible nodes to create. @@ -709,6 +827,13 @@ spec: for each zone. See the guide for details about which CPU families are available (and defaulted) for each zone. type: string + minNumInstances: + description: The minimum number of primary worker + instances to create. If min_num_instances is set, + cluster creation will succeed if the number of primary + workers created is at least equal to the min_num_instances + number. + type: number numInstances: description: |- Specifies the number of worker nodes to create. @@ -736,10 +861,10 @@ spec: labels: additionalProperties: type: string - description: |- - The list of labels (key/value pairs) to be applied to - instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - which is the name of the cluster. + description: 'Note: This field is non-authoritative, and will + only manage the labels present in your configuration. Please + refer to the field effective_labels for all of the labels present + on the resource.' type: object x-kubernetes-map-type: granular name: @@ -980,6 +1105,93 @@ spec: type: string type: object type: array + auxiliaryNodeGroups: + description: |- + A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + Structure defined below. + items: + properties: + nodeGroup: + description: Node group configuration. + items: + properties: + nodeGroupConfig: + description: The node group instance group configuration. + items: + properties: + accelerators: + description: The Compute Engine accelerator + configuration for these instances. Can + be specified multiple times. + items: + properties: + acceleratorCount: + description: The number of the accelerator + cards of this type exposed to + this instance. Often restricted + to one of 1, 2, 4, or 8. + type: number + acceleratorType: + description: The short name of the + accelerator type to expose to + this instance. For example, nvidia-tesla-k80. + type: string + type: object + type: array + diskConfig: + description: Disk Config + items: + properties: + bootDiskSizeGb: + description: |- + Size of the primary disk attached to each node, specified + in GB. The primary disk contains the boot volume and system libraries, and the + smallest allowed disk size is 10GB. GCP will default to a predetermined + computed value if not set (currently 500GB). Note: If SSDs are not + attached, it also contains the HDFS data blocks and Hadoop working directories. + type: number + bootDiskType: + description: |- + The disk type of the primary disk attached to each node. + One of "pd-ssd" or "pd-standard". Defaults to "pd-standard". + type: string + numLocalSsds: + description: |- + The amount of local SSD disks that will be + attached to each master cluster node. Defaults to 0. + type: number + type: object + type: array + machineType: + description: The name of a Compute Engine + machine type. + type: string + minCpuPlatform: + description: |- + Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or a newer CPU platform. + Specify the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge". + type: string + numInstances: + description: |- + Specifies the number of master nodes to create. + Please set a number greater than 0. Node Group must have at least 1 instance. + type: number + type: object + type: array + roles: + description: |- + The roles associated with the GKE node pool. + One of "DEFAULT", "CONTROLLER", "SPARK_DRIVER" or "SPARK_EXECUTOR". + items: + type: string + type: array + type: object + type: array + nodeGroupId: + type: string + type: object + type: array dataprocMetricConfig: description: |- The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times. @@ -1382,6 +1594,37 @@ spec: type: number type: object type: array + instanceFlexibilityPolicy: + description: Instance flexibility Policy allowing + a mixture of VM shapes and provisioning models. + items: + properties: + instanceSelectionList: + description: List of instance selection options + that the group will use when creating new + VMs. + items: + properties: + machineTypes: + description: Full machine-type names, + e.g. "n1-standard-16". + items: + type: string + type: array + rank: + description: Preference of this instance + selection. A lower number means higher + preference. Dataproc will first try + to create a VM based on the machine-type + with priority rank and fallback to next + rank based on availability. Machine + types and instance selections with the + same priority have the same preference. + type: number + type: object + type: array + type: object + type: array numInstances: description: |- Specifies the number of preemptible nodes to create. @@ -1597,6 +1840,13 @@ spec: for each zone. See the guide for details about which CPU families are available (and defaulted) for each zone. type: string + minNumInstances: + description: The minimum number of primary worker + instances to create. If min_num_instances is set, + cluster creation will succeed if the number of primary + workers created is at least equal to the min_num_instances + number. + type: number numInstances: description: |- Specifies the number of worker nodes to create. @@ -1624,10 +1874,10 @@ spec: labels: additionalProperties: type: string - description: |- - The list of labels (key/value pairs) to be applied to - instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - which is the name of the cluster. + description: 'Note: This field is non-authoritative, and will + only manage the labels present in your configuration. Please + refer to the field effective_labels for all of the labels present + on the resource.' type: object x-kubernetes-map-type: granular name: @@ -2032,6 +2282,105 @@ spec: type: string type: object type: array + auxiliaryNodeGroups: + description: |- + A Dataproc NodeGroup resource is a group of Dataproc cluster nodes that execute an assigned role. + Structure defined below. + items: + properties: + nodeGroup: + description: Node group configuration. + items: + properties: + name: + description: |- + The name of the cluster, unique within the project and + zone. + type: string + nodeGroupConfig: + description: The node group instance group configuration. + items: + properties: + accelerators: + description: The Compute Engine accelerator + configuration for these instances. Can + be specified multiple times. + items: + properties: + acceleratorCount: + description: The number of the accelerator + cards of this type exposed to + this instance. Often restricted + to one of 1, 2, 4, or 8. + type: number + acceleratorType: + description: The short name of the + accelerator type to expose to + this instance. For example, nvidia-tesla-k80. + type: string + type: object + type: array + diskConfig: + description: Disk Config + items: + properties: + bootDiskSizeGb: + description: |- + Size of the primary disk attached to each node, specified + in GB. The primary disk contains the boot volume and system libraries, and the + smallest allowed disk size is 10GB. GCP will default to a predetermined + computed value if not set (currently 500GB). Note: If SSDs are not + attached, it also contains the HDFS data blocks and Hadoop working directories. + type: number + bootDiskType: + description: |- + The disk type of the primary disk attached to each node. + One of "pd-ssd" or "pd-standard". Defaults to "pd-standard". + type: string + numLocalSsds: + description: |- + The amount of local SSD disks that will be + attached to each master cluster node. Defaults to 0. + type: number + type: object + type: array + instanceNames: + description: |- + List of worker instance names which have been assigned + to the cluster. + items: + type: string + type: array + machineType: + description: The name of a Compute Engine + machine type. + type: string + minCpuPlatform: + description: |- + Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or a newer CPU platform. + Specify the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge". + type: string + numInstances: + description: |- + Specifies the number of master nodes to create. + Please set a number greater than 0. Node Group must have at least 1 instance. + type: number + type: object + type: array + roles: + description: |- + The roles associated with the GKE node pool. + One of "DEFAULT", "CONTROLLER", "SPARK_DRIVER" or "SPARK_EXECUTOR". + items: + type: string + type: array + type: object + type: array + nodeGroupId: + type: string + type: object + type: array bucket: description: |- The name of the cloud storage bucket ultimately used to house the staging data @@ -2384,6 +2733,48 @@ spec: type: number type: object type: array + instanceFlexibilityPolicy: + description: Instance flexibility Policy allowing + a mixture of VM shapes and provisioning models. + items: + properties: + instanceSelectionList: + description: List of instance selection options + that the group will use when creating new + VMs. + items: + properties: + machineTypes: + description: Full machine-type names, + e.g. "n1-standard-16". + items: + type: string + type: array + rank: + description: Preference of this instance + selection. A lower number means higher + preference. Dataproc will first try + to create a VM based on the machine-type + with priority rank and fallback to next + rank based on availability. Machine + types and instance selections with the + same priority have the same preference. + type: number + type: object + type: array + instanceSelectionResults: + items: + properties: + machineType: + description: The name of a Compute Engine + machine type. + type: string + vmCount: + type: number + type: object + type: array + type: object + type: array instanceNames: description: |- List of worker instance names which have been assigned @@ -2620,6 +3011,13 @@ spec: for each zone. See the guide for details about which CPU families are available (and defaulted) for each zone. type: string + minNumInstances: + description: The minimum number of primary worker + instances to create. If min_num_instances is set, + cluster creation will succeed if the number of primary + workers created is at least equal to the min_num_instances + number. + type: number numInstances: description: |- Specifies the number of worker nodes to create. @@ -2634,6 +3032,15 @@ spec: type: array type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: |- + (Computed) The list of labels (key/value pairs) to be applied to + instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name + which is the name of the cluster. + type: object + x-kubernetes-map-type: granular gracefulDecommissionTimeout: description: |- Does not affect auto scaling decomissioning from an autoscaling policy. @@ -2649,10 +3056,10 @@ spec: labels: additionalProperties: type: string - description: |- - The list of labels (key/value pairs) to be applied to - instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name - which is the name of the cluster. + description: 'Note: This field is non-authoritative, and will + only manage the labels present in your configuration. Please + refer to the field effective_labels for all of the labels present + on the resource.' type: object x-kubernetes-map-type: granular name: @@ -2670,6 +3077,13 @@ spec: The region in which the cluster and associated nodes will be created in. Defaults to global. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular virtualClusterConfig: description: |- Allows you to configure a virtual Dataproc on GKE cluster. diff --git a/package/crds/dataproc.gcp.upbound.io_jobs.yaml b/package/crds/dataproc.gcp.upbound.io_jobs.yaml index 16219df51..44fa1f21b 100644 --- a/package/crds/dataproc.gcp.upbound.io_jobs.yaml +++ b/package/crds/dataproc.gcp.upbound.io_jobs.yaml @@ -196,8 +196,10 @@ spec: labels: additionalProperties: type: string - description: The list of labels (key/value pairs) to add to the - job. + description: |- + The list of labels (key/value pairs) to add to the job. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular pigConfig: @@ -822,8 +824,10 @@ spec: labels: additionalProperties: type: string - description: The list of labels (key/value pairs) to add to the - job. + description: |- + The list of labels (key/value pairs) to add to the job. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular pigConfig: @@ -1499,6 +1503,11 @@ spec: description: A URI pointing to the location of the stdout of the job's driver program. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular forceDelete: description: |- By default, you can only delete inactive jobs within @@ -1624,8 +1633,10 @@ spec: labels: additionalProperties: type: string - description: The list of labels (key/value pairs) to add to the - job. + description: |- + The list of labels (key/value pairs) to add to the job. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field 'effective_labels' for all of the labels present on the resource. type: object x-kubernetes-map-type: granular pigConfig: @@ -1987,6 +1998,13 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml index c9ec7e099..a1f5195ee 100644 --- a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml +++ b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml @@ -175,6 +175,33 @@ spec: Structure is documented below. items: properties: + auxiliaryVersions: + description: |- + A mapping of Hive metastore version to the auxiliary version configuration. + When specified, a secondary Hive metastore service is created along with the primary service. + All auxiliary versions must be less than the service's primary version. + The key is the auxiliary service name and it must match the regular expression a-z?. + This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + Structure is documented below. + items: + properties: + configOverrides: + additionalProperties: + type: string + description: |- + A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + The mappings override system defaults (some keys cannot be overridden) + type: object + x-kubernetes-map-type: granular + key: + description: The identifier for this object. Format + specified above. + type: string + version: + description: The Hive metastore schema version. + type: string + type: object + type: array configOverrides: additionalProperties: type: string @@ -183,6 +210,12 @@ spec: The mappings override system defaults (some keys cannot be overridden) type: object x-kubernetes-map-type: granular + endpointProtocol: + description: |- + The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. + Default value is THRIFT. + Possible values are: THRIFT, GRPC. + type: string kerberosConfig: description: |- Information used to configure the Hive metastore service as a service principal in a Kerberos realm. @@ -224,7 +257,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the metastore service. + description: |- + User-defined labels for the metastore service. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -250,6 +286,28 @@ spec: type: number type: object type: array + metadataIntegration: + description: |- + The setting that defines how metastore metadata should be integrated with external services and systems. + Structure is documented below. + items: + properties: + dataCatalogConfig: + description: |- + The integration config for the Data Catalog service. + Structure is documented below. + items: + properties: + enabled: + description: Defines whether the metastore metadata + should be synced to Data Catalog. The default value + is to disable syncing metastore metadata to Data + Catalog. + type: boolean + type: object + type: array + type: object + type: array network: description: |- The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: @@ -369,6 +427,24 @@ spec: Default value is STABLE. Possible values are: CANARY, STABLE. type: string + scalingConfig: + description: |- + Represents the scaling configuration of a metastore service. + Structure is documented below. + items: + properties: + instanceSize: + description: |- + Metastore instance sizes. + Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + type: string + scalingFactor: + description: Scaling factor, in increments of 0.1 for values + less than 1.0, and increments of 1.0 for values greater + than 1.0. + type: number + type: object + type: array telemetryConfig: description: |- The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. @@ -504,6 +580,33 @@ spec: Structure is documented below. items: properties: + auxiliaryVersions: + description: |- + A mapping of Hive metastore version to the auxiliary version configuration. + When specified, a secondary Hive metastore service is created along with the primary service. + All auxiliary versions must be less than the service's primary version. + The key is the auxiliary service name and it must match the regular expression a-z?. + This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + Structure is documented below. + items: + properties: + configOverrides: + additionalProperties: + type: string + description: |- + A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + The mappings override system defaults (some keys cannot be overridden) + type: object + x-kubernetes-map-type: granular + key: + description: The identifier for this object. Format + specified above. + type: string + version: + description: The Hive metastore schema version. + type: string + type: object + type: array configOverrides: additionalProperties: type: string @@ -512,6 +615,12 @@ spec: The mappings override system defaults (some keys cannot be overridden) type: object x-kubernetes-map-type: granular + endpointProtocol: + description: |- + The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. + Default value is THRIFT. + Possible values are: THRIFT, GRPC. + type: string kerberosConfig: description: |- Information used to configure the Hive metastore service as a service principal in a Kerberos realm. @@ -553,7 +662,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the metastore service. + description: |- + User-defined labels for the metastore service. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular maintenanceWindow: @@ -574,6 +686,28 @@ spec: type: number type: object type: array + metadataIntegration: + description: |- + The setting that defines how metastore metadata should be integrated with external services and systems. + Structure is documented below. + items: + properties: + dataCatalogConfig: + description: |- + The integration config for the Data Catalog service. + Structure is documented below. + items: + properties: + enabled: + description: Defines whether the metastore metadata + should be synced to Data Catalog. The default value + is to disable syncing metastore metadata to Data + Catalog. + type: boolean + type: object + type: array + type: object + type: array network: description: |- The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: @@ -693,6 +827,24 @@ spec: Default value is STABLE. Possible values are: CANARY, STABLE. type: string + scalingConfig: + description: |- + Represents the scaling configuration of a metastore service. + Structure is documented below. + items: + properties: + instanceSize: + description: |- + Metastore instance sizes. + Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + type: string + scalingFactor: + description: Scaling factor, in increments of 0.1 for values + less than 1.0, and increments of 1.0 for values greater + than 1.0. + type: number + type: object + type: array telemetryConfig: description: |- The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. @@ -895,6 +1047,11 @@ spec: Default value is MYSQL. Possible values are: MYSQL, SPANNER. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular encryptionConfig: description: |- Information used to configure the Dataproc Metastore service to encrypt @@ -919,6 +1076,33 @@ spec: Structure is documented below. items: properties: + auxiliaryVersions: + description: |- + A mapping of Hive metastore version to the auxiliary version configuration. + When specified, a secondary Hive metastore service is created along with the primary service. + All auxiliary versions must be less than the service's primary version. + The key is the auxiliary service name and it must match the regular expression a-z?. + This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + Structure is documented below. + items: + properties: + configOverrides: + additionalProperties: + type: string + description: |- + A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + The mappings override system defaults (some keys cannot be overridden) + type: object + x-kubernetes-map-type: granular + key: + description: The identifier for this object. Format + specified above. + type: string + version: + description: The Hive metastore schema version. + type: string + type: object + type: array configOverrides: additionalProperties: type: string @@ -927,6 +1111,12 @@ spec: The mappings override system defaults (some keys cannot be overridden) type: object x-kubernetes-map-type: granular + endpointProtocol: + description: |- + The protocol to use for the metastore service endpoint. If unspecified, defaults to THRIFT. + Default value is THRIFT. + Possible values are: THRIFT, GRPC. + type: string kerberosConfig: description: |- Information used to configure the Hive metastore service as a service principal in a Kerberos realm. @@ -971,7 +1161,10 @@ spec: labels: additionalProperties: type: string - description: User-defined labels for the metastore service. + description: |- + User-defined labels for the metastore service. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -997,6 +1190,28 @@ spec: type: number type: object type: array + metadataIntegration: + description: |- + The setting that defines how metastore metadata should be integrated with external services and systems. + Structure is documented below. + items: + properties: + dataCatalogConfig: + description: |- + The integration config for the Data Catalog service. + Structure is documented below. + items: + properties: + enabled: + description: Defines whether the metastore metadata + should be synced to Data Catalog. The default value + is to disable syncing metastore metadata to Data + Catalog. + type: boolean + type: object + type: array + type: object + type: array name: description: The relative resource name of the metastore service. type: string @@ -1018,9 +1233,8 @@ spec: items: properties: endpointUri: - description: |- - (Output) - The URI of the endpoint used to access the metastore service. + description: The URI of the endpoint used to access + the metastore service. type: string subnetwork: description: |- @@ -1048,6 +1262,24 @@ spec: Default value is STABLE. Possible values are: CANARY, STABLE. type: string + scalingConfig: + description: |- + Represents the scaling configuration of a metastore service. + Structure is documented below. + items: + properties: + instanceSize: + description: |- + Metastore instance sizes. + Possible values are: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE. + type: string + scalingFactor: + description: Scaling factor, in increments of 0.1 for values + less than 1.0, and increments of 1.0 for values greater + than 1.0. + type: number + type: object + type: array state: description: The current state of the metastore service. type: string @@ -1069,6 +1301,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular tier: description: |- The tier of the service. diff --git a/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml b/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml index 6ccd7f079..d48c62640 100644 --- a/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml +++ b/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml @@ -3128,6 +3128,11 @@ spec: if the workflow was running on a (/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/workflowTemplates/{{name}} type: string @@ -4679,6 +4684,11 @@ spec: project: description: The project for the resource type: string + terraformLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular updateTime: description: Output only. The time template was last updated. type: string diff --git a/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml b/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml index de633106b..b0e3e3f86 100644 --- a/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml +++ b/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml @@ -154,7 +154,10 @@ spec: labels: additionalProperties: type: string - description: Labels. + description: |- + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -735,7 +738,10 @@ spec: labels: additionalProperties: type: string - description: Labels. + description: |- + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular mysqlProfile: @@ -1313,6 +1319,11 @@ spec: displayName: description: Display name. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular forwardSshConnectivity: description: |- Forward SSH tunnel connectivity. @@ -1350,7 +1361,10 @@ spec: labels: additionalProperties: type: string - description: Labels. + description: |- + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -1463,6 +1477,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/datastream.gcp.upbound.io_privateconnections.yaml b/package/crds/datastream.gcp.upbound.io_privateconnections.yaml index 85c99fecd..1db7c1df8 100644 --- a/package/crds/datastream.gcp.upbound.io_privateconnections.yaml +++ b/package/crds/datastream.gcp.upbound.io_privateconnections.yaml @@ -80,7 +80,10 @@ spec: labels: additionalProperties: type: string - description: Labels. + description: |- + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -207,7 +210,10 @@ spec: labels: additionalProperties: type: string - description: Labels. + description: |- + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular project: @@ -493,6 +499,11 @@ spec: displayName: description: Display name. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular error: description: |- The PrivateConnection error in case of failure. @@ -517,7 +528,10 @@ spec: labels: additionalProperties: type: string - description: Labels. + description: |- + Labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular location: @@ -535,6 +549,14 @@ spec: state: description: State of the PrivateConnection. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular vpcPeeringConfig: description: |- The VPC Peering configuration is used to create VPC peering diff --git a/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml b/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml index 58dd4a373..a469662a8 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml @@ -74,6 +74,54 @@ spec: type: string forProvider: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + audioExportGcsDestination: + description: 'If present, incoming audio is exported by + Dialogflow to the configured Google Cloud Storage destination. + Exposed at the following levels:' + items: + properties: + uri: + description: |- + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + type: string + type: object + type: array + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array avatarUri: description: The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. @@ -99,6 +147,59 @@ spec: description: Determines whether this agent should log conversation queries. type: boolean + gitIntegrationSettings: + description: |- + Git integration settings for this agent. + Structure is documented below. + items: + properties: + githubSettings: + description: |- + Settings of integration with GitHub. + Structure is documented below. + items: + properties: + accessTokenSecretRef: + description: |- + The access token used to authenticate the access to the GitHub repository. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + branches: + description: A list of branches configured to be used + from Dialogflow. + items: + type: string + type: array + displayName: + description: The unique repository display name for + the GitHub repository. + type: string + repositoryUri: + description: The GitHub repository URI related to + the agent. + type: string + trackingBranch: + description: The branch of the GitHub repository tracked + for this agent. + type: string + type: object + type: array + type: object + type: array location: description: |- The name of the location this agent is located in. @@ -133,6 +234,19 @@ spec: items: type: string type: array + textToSpeechSettings: + description: |- + Settings related to speech synthesizing. + Structure is documented below. + items: + properties: + synthesizeSpeechConfigs: + description: |- + Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + These settings affect: + type: string + type: object + type: array timeZone: description: |- The time zone of this agent from the time zone database, e.g., America/New_York, @@ -152,6 +266,54 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + audioExportGcsDestination: + description: 'If present, incoming audio is exported by + Dialogflow to the configured Google Cloud Storage destination. + Exposed at the following levels:' + items: + properties: + uri: + description: |- + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + type: string + type: object + type: array + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array avatarUri: description: The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. @@ -177,6 +339,40 @@ spec: description: Determines whether this agent should log conversation queries. type: boolean + gitIntegrationSettings: + description: |- + Git integration settings for this agent. + Structure is documented below. + items: + properties: + githubSettings: + description: |- + Settings of integration with GitHub. + Structure is documented below. + items: + properties: + branches: + description: A list of branches configured to be used + from Dialogflow. + items: + type: string + type: array + displayName: + description: The unique repository display name for + the GitHub repository. + type: string + repositoryUri: + description: The GitHub repository URI related to + the agent. + type: string + trackingBranch: + description: The branch of the GitHub repository tracked + for this agent. + type: string + type: object + type: array + type: object + type: array location: description: |- The name of the location this agent is located in. @@ -211,6 +407,19 @@ spec: items: type: string type: array + textToSpeechSettings: + description: |- + Settings related to speech synthesizing. + Structure is documented below. + items: + properties: + synthesizeSpeechConfigs: + description: |- + Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + These settings affect: + type: string + type: object + type: array timeZone: description: |- The time zone of this agent from the time zone database, e.g., America/New_York, @@ -406,6 +615,54 @@ spec: properties: atProvider: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + audioExportGcsDestination: + description: 'If present, incoming audio is exported by + Dialogflow to the configured Google Cloud Storage destination. + Exposed at the following levels:' + items: + properties: + uri: + description: |- + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + type: string + type: object + type: array + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array avatarUri: description: The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. @@ -431,6 +688,40 @@ spec: description: Determines whether this agent should log conversation queries. type: boolean + gitIntegrationSettings: + description: |- + Git integration settings for this agent. + Structure is documented below. + items: + properties: + githubSettings: + description: |- + Settings of integration with GitHub. + Structure is documented below. + items: + properties: + branches: + description: A list of branches configured to be used + from Dialogflow. + items: + type: string + type: array + displayName: + description: The unique repository display name for + the GitHub repository. + type: string + repositoryUri: + description: The GitHub repository URI related to + the agent. + type: string + trackingBranch: + description: The branch of the GitHub repository tracked + for this agent. + type: string + type: object + type: array + type: object + type: array id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/agents/{{name}} type: string @@ -476,6 +767,19 @@ spec: items: type: string type: array + textToSpeechSettings: + description: |- + Settings related to speech synthesizing. + Structure is documented below. + items: + properties: + synthesizeSpeechConfigs: + description: |- + Configuration of how speech should be synthesized, mapping from language to SynthesizeSpeechConfig. + These settings affect: + type: string + type: object + type: array timeZone: description: |- The time zone of this agent from the time zone database, e.g., America/New_York, diff --git a/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml b/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml index 3f1d7b206..5992ae543 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml @@ -73,6 +73,54 @@ spec: type: string forProvider: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + audioExportGcsDestination: + description: 'If present, incoming audio is exported by + Dialogflow to the configured Google Cloud Storage destination. + Exposed at the following levels:' + items: + properties: + uri: + description: |- + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + type: string + type: object + type: array + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array description: description: The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. @@ -108,12 +156,101 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -139,6 +276,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -151,6 +303,11 @@ spec: type: array type: object type: array + isDefaultStartFlow: + description: |- + Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. + type: boolean languageCode: description: |- The language of the following fields in flow: @@ -296,6 +453,82 @@ spec: The target flow to transition to. Format: projects//locations//agents//flows/. type: string + targetFlowRef: + description: Reference to a Agent in dialogflowcx to populate + targetFlow. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + targetFlowSelector: + description: Selector for a Agent in dialogflowcx to populate + targetFlow. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object targetPage: description: |- The target page to transition to. @@ -307,12 +540,101 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -338,6 +660,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -364,6 +701,54 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + audioExportGcsDestination: + description: 'If present, incoming audio is exported by + Dialogflow to the configured Google Cloud Storage destination. + Exposed at the following levels:' + items: + properties: + uri: + description: |- + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + type: string + type: object + type: array + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array description: description: The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. @@ -399,12 +784,101 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -430,6 +904,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -442,6 +931,11 @@ spec: type: array type: object type: array + isDefaultStartFlow: + description: |- + Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. + type: boolean languageCode: description: |- The language of the following fields in flow: @@ -587,6 +1081,82 @@ spec: The target flow to transition to. Format: projects//locations//agents//flows/. type: string + targetFlowRef: + description: Reference to a Agent in dialogflowcx to populate + targetFlow. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + targetFlowSelector: + description: Selector for a Agent in dialogflowcx to populate + targetFlow. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object targetPage: description: |- The target page to transition to. @@ -598,12 +1168,101 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -629,6 +1288,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -819,6 +1493,54 @@ spec: properties: atProvider: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + audioExportGcsDestination: + description: 'If present, incoming audio is exported by + Dialogflow to the configured Google Cloud Storage destination. + Exposed at the following levels:' + items: + properties: + uri: + description: |- + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + type: string + type: object + type: array + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array description: description: The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. @@ -859,12 +1581,111 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -895,6 +1716,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -910,6 +1746,11 @@ spec: id: description: an identifier for the resource with format {{parent}}/flows/{{name}} type: string + isDefaultStartFlow: + description: |- + Marks this as the Default Start Flow for an agent. When you create an agent, the Default Start Flow is created automatically. + The Default Start Flow cannot be deleted; deleting the google_dialogflow_cx_flow resource does nothing to the underlying GCP resources. + type: boolean languageCode: description: |- The language of the following fields in flow: @@ -1000,12 +1841,111 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -1036,6 +1976,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is diff --git a/package/crds/dialogflowcx.gcp.upbound.io_intents.yaml b/package/crds/dialogflowcx.gcp.upbound.io_intents.yaml index a1c29e15a..43c2c3f5e 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_intents.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_intents.yaml @@ -82,10 +82,21 @@ spec: description: The human-readable name of the intent, unique within the agent. type: string + isDefaultNegativeIntent: + description: |- + Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + type: boolean + isDefaultWelcomeIntent: + description: |- + Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + type: boolean isFallback: description: |- Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + To manage the fallback intent, set is_default_negative_intent = true type: boolean labels: additionalProperties: @@ -272,10 +283,21 @@ spec: description: The human-readable name of the intent, unique within the agent. type: string + isDefaultNegativeIntent: + description: |- + Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + type: boolean + isDefaultWelcomeIntent: + description: |- + Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + type: boolean isFallback: description: |- Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + To manage the fallback intent, set is_default_negative_intent = true type: boolean labels: additionalProperties: @@ -626,13 +648,30 @@ spec: description: The human-readable name of the intent, unique within the agent. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format {{parent}}/intents/{{name}} type: string + isDefaultNegativeIntent: + description: |- + Marks this as the Default Negative Intent for an agent. When you create an agent, a Default Negative Intent is created automatically. + The Default Negative Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + type: boolean + isDefaultWelcomeIntent: + description: |- + Marks this as the Default Welcome Intent for an agent. When you create an agent, a Default Welcome Intent is created automatically. + The Default Welcome Intent cannot be deleted; deleting the google_dialogflow_cx_intent resource does nothing to the underlying GCP resources. + type: boolean isFallback: description: |- Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + To manage the fallback intent, set is_default_negative_intent = true type: boolean labels: additionalProperties: @@ -691,6 +730,14 @@ spec: If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. If the supplied value is negative, the intent is ignored in runtime detect intent requests. type: number + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular trainingPhrases: description: |- The collection of training phrases the agent is trained on to identify the intent. diff --git a/package/crds/dialogflowcx.gcp.upbound.io_pages.yaml b/package/crds/dialogflowcx.gcp.upbound.io_pages.yaml index 614a297b6..7afe85ba4 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_pages.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_pages.yaml @@ -73,6 +73,41 @@ spec: type: string forProvider: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array displayName: description: The human-readable name of the page, unique within the agent. @@ -83,12 +118,99 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -113,6 +235,21 @@ spec: may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if @@ -148,12 +285,101 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -179,6 +405,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -203,6 +444,50 @@ spec: Structure is documented below. items: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + dtmfSettings: + description: 'Define behaviors for DTMF (dual + tone multi frequency). DTMF settings does + not override each other. DTMF settings set + at different levels define DTMF detections + running in parallel. Exposed at the following + levels:' + items: + properties: + enabled: + description: If true, incoming audio is + processed for DTMF (dual tone multi + frequency) events. For example, if the + caller presses a button on their telephone + keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. + a "3" was pressed) in the incoming audio + and pass the event to the bot to drive + business logic (e.g. when 3 is pressed, + return the account balance). + type: boolean + finishDigit: + description: The digit that terminates + a DTMF digit sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array + defaultValue: + description: The default value of an optional parameter. + If the parameter is required, the default value + will be ignored. + type: string displayName: description: The human-readable name of the parameter, unique within the form. @@ -224,12 +509,110 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the + response is associated with. Clients + can specify the channel via QueryParameters.channel, + and only associated channel response + will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. + Dialogflow doesn't impose + any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. + Dialogflow doesn't impose + any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text + to be synthesized. For more + information, see SSML. + type: string + text: + description: A collection + of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio + clip. Dialogflow does not + impose any validation on + this value. It is specific + to the client that reads + it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the + call to a phone number in + E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. @@ -260,6 +643,23 @@ spec: to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the + parameter. + type: string + value: + description: The new JSON-encoded + value of the parameter. A null + value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being @@ -272,6 +672,438 @@ spec: type: string type: object type: array + repromptEventHandlers: + description: 'The handlers for parameter-level + events, used to provide reprompt for the parameter + or transition to a different page/flow. The + supported events are:' + items: + properties: + event: + description: The name of the event to + handle. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetFlowRef: + description: Reference to a Agent in dialogflowcx + to populate targetFlow. + properties: + name: + description: Name of the referenced + object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + targetFlowSelector: + description: Selector for a Agent in dialogflowcx + to populate targetFlow. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an + object with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + targetPageRef: + description: Reference to a Page in dialogflowcx + to populate targetPage. + properties: + name: + description: Name of the referenced + object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + targetPageSelector: + description: Selector for a Page in dialogflowcx + to populate targetPage. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an + object with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + triggerFulfillment: + description: |- + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + Structure is documented below. + items: + properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array + messages: + description: |- + The list of rich message responses to present to the user. + Structure is documented below. + items: + properties: + channel: + description: The channel which + the response is associated + with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel + response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom + metadata. Dialogflow + doesn't impose any + structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom + metadata. Dialogflow + doesn't impose any + structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML + text to be synthesized. + For more information, + see SSML. + type: string + text: + description: A collection + of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of + the audio clip. Dialogflow + does not impose any + validation on this + value. It is specific + to the client that + reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer + the call to a phone + number in E.164 format. + type: string + type: object + type: array + text: + description: A collection + of text responses. + items: + properties: + text: + description: A collection + of text responses. + items: + type: string + type: array + type: object + type: array + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow + should return currently queued + fulfillment response messages + in streaming APIs. If a webhook + is specified, it happens before + Dialogflow invokes webhook. Warning: + 1) This flag only affects streaming + API. Responses are still queued + and returned once in non-streaming + API. 2) The flag can be enabled + in any fulfillment but only the + first 3 partial responses will + be returned. You may only want + to apply it to fulfillments that + have slow webhooks.' + type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name + of the parameter. + type: string + value: + description: The new JSON-encoded + value of the parameter. + A null value clears the + parameter. + type: string + type: object + type: array + tag: + description: The tag used by the + webhook to identify which fulfillment + is being called. This field is + required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. + Format: projects//locations//agents//webhooks/.' + type: string + webhookRef: + description: Reference to a Webhook + in dialogflowcx to populate webhook. + properties: + name: + description: Name of the referenced + object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + webhookSelector: + description: Selector for a Webhook + in dialogflowcx to populate webhook. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures + an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + type: object + type: array type: object type: array isList: @@ -508,16 +1340,105 @@ spec: type: object triggerFulfillment: description: |- - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -543,9 +1464,24 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean - tag: - description: The tag used by the webhook to identify - which fulfillment is being called. This field is + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field is required if webhook is specified. type: string webhook: @@ -569,6 +1505,41 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array displayName: description: The human-readable name of the page, unique within the agent. @@ -579,12 +1550,99 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -609,6 +1667,21 @@ spec: may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if @@ -644,12 +1717,101 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -675,6 +1837,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -699,6 +1876,50 @@ spec: Structure is documented below. items: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + dtmfSettings: + description: 'Define behaviors for DTMF (dual + tone multi frequency). DTMF settings does + not override each other. DTMF settings set + at different levels define DTMF detections + running in parallel. Exposed at the following + levels:' + items: + properties: + enabled: + description: If true, incoming audio is + processed for DTMF (dual tone multi + frequency) events. For example, if the + caller presses a button on their telephone + keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. + a "3" was pressed) in the incoming audio + and pass the event to the bot to drive + business logic (e.g. when 3 is pressed, + return the account balance). + type: boolean + finishDigit: + description: The digit that terminates + a DTMF digit sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array + defaultValue: + description: The default value of an optional parameter. + If the parameter is required, the default value + will be ignored. + type: string displayName: description: The human-readable name of the parameter, unique within the form. @@ -720,12 +1941,110 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the + response is associated with. Clients + can specify the channel via QueryParameters.channel, + and only associated channel response + will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. + Dialogflow doesn't impose + any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. + Dialogflow doesn't impose + any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML text + to be synthesized. For more + information, see SSML. + type: string + text: + description: A collection + of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio + clip. Dialogflow does not + impose any validation on + this value. It is specific + to the client that reads + it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the + call to a phone number in + E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. @@ -756,6 +2075,23 @@ spec: to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the + parameter. + type: string + value: + description: The new JSON-encoded + value of the parameter. A null + value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being @@ -768,6 +2104,438 @@ spec: type: string type: object type: array + repromptEventHandlers: + description: 'The handlers for parameter-level + events, used to provide reprompt for the parameter + or transition to a different page/flow. The + supported events are:' + items: + properties: + event: + description: The name of the event to + handle. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetFlowRef: + description: Reference to a Agent in dialogflowcx + to populate targetFlow. + properties: + name: + description: Name of the referenced + object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + targetFlowSelector: + description: Selector for a Agent in dialogflowcx + to populate targetFlow. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an + object with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + targetPageRef: + description: Reference to a Page in dialogflowcx + to populate targetPage. + properties: + name: + description: Name of the referenced + object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + targetPageSelector: + description: Selector for a Page in dialogflowcx + to populate targetPage. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an + object with matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + triggerFulfillment: + description: |- + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + Structure is documented below. + items: + properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array + messages: + description: |- + The list of rich message responses to present to the user. + Structure is documented below. + items: + properties: + channel: + description: The channel which + the response is associated + with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel + response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom + metadata. Dialogflow + doesn't impose any + structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom + metadata. Dialogflow + doesn't impose any + structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + ssml: + description: The SSML + text to be synthesized. + For more information, + see SSML. + type: string + text: + description: A collection + of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of + the audio clip. Dialogflow + does not impose any + validation on this + value. It is specific + to the client that + reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer + the call to a phone + number in E.164 format. + type: string + type: object + type: array + text: + description: A collection + of text responses. + items: + properties: + text: + description: A collection + of text responses. + items: + type: string + type: array + type: object + type: array + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow + should return currently queued + fulfillment response messages + in streaming APIs. If a webhook + is specified, it happens before + Dialogflow invokes webhook. Warning: + 1) This flag only affects streaming + API. Responses are still queued + and returned once in non-streaming + API. 2) The flag can be enabled + in any fulfillment but only the + first 3 partial responses will + be returned. You may only want + to apply it to fulfillments that + have slow webhooks.' + type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name + of the parameter. + type: string + value: + description: The new JSON-encoded + value of the parameter. + A null value clears the + parameter. + type: string + type: object + type: array + tag: + description: The tag used by the + webhook to identify which fulfillment + is being called. This field is + required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. + Format: projects//locations//agents//webhooks/.' + type: string + webhookRef: + description: Reference to a Webhook + in dialogflowcx to populate webhook. + properties: + name: + description: Name of the referenced + object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + webhookSelector: + description: Selector for a Webhook + in dialogflowcx to populate webhook. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures + an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + type: object + type: array type: object type: array isList: @@ -1004,41 +2772,145 @@ spec: type: object triggerFulfillment: description: |- - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: - text: - description: A collection of text responses. + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. items: properties: + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string text: description: A collection of text responses. - items: - type: string - type: array + type: string type: object type: array - type: object - type: array - returnPartialResponses: - description: 'Whether Dialogflow should return currently - queued fulfillment response messages in streaming - APIs. If a webhook is specified, it happens before - Dialogflow invokes webhook. Warning: 1) This flag - only affects streaming API. Responses are still - queued and returned once in non-streaming API. 2) + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array + text: + description: A collection of text responses. + items: + properties: + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: array + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -1229,6 +3101,41 @@ spec: properties: atProvider: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + dtmfSettings: + description: 'Define behaviors for DTMF (dual tone multi + frequency). DTMF settings does not override each other. + DTMF settings set at different levels define DTMF detections + running in parallel. Exposed at the following levels:' + items: + properties: + enabled: + description: If true, incoming audio is processed + for DTMF (dual tone multi frequency) events. For + example, if the caller presses a button on their + telephone keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. a "3" was + pressed) in the incoming audio and pass the event + to the bot to drive business logic (e.g. when 3 + is pressed, return the account balance). + type: boolean + finishDigit: + description: The digit that terminates a DTMF digit + sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array displayName: description: The human-readable name of the page, unique within the agent. @@ -1239,12 +3146,109 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -1274,6 +3278,21 @@ spec: may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if @@ -1314,12 +3333,111 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -1350,6 +3468,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is @@ -1374,6 +3507,50 @@ spec: Structure is documented below. items: properties: + advancedSettings: + description: |- + Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + Structure is documented below. + items: + properties: + dtmfSettings: + description: 'Define behaviors for DTMF (dual + tone multi frequency). DTMF settings does + not override each other. DTMF settings set + at different levels define DTMF detections + running in parallel. Exposed at the following + levels:' + items: + properties: + enabled: + description: If true, incoming audio is + processed for DTMF (dual tone multi + frequency) events. For example, if the + caller presses a button on their telephone + keypad and DTMF processing is enabled, + Dialogflow will detect the event (e.g. + a "3" was pressed) in the incoming audio + and pass the event to the bot to drive + business logic (e.g. when 3 is pressed, + return the account balance). + type: boolean + finishDigit: + description: The digit that terminates + a DTMF digit sequence. + type: string + maxDigits: + description: Max length of DTMF digits. + type: number + type: object + type: array + type: object + type: array + defaultValue: + description: The default value of an optional parameter. + If the parameter is required, the default value + will be ignored. + type: string displayName: description: The human-readable name of the parameter, unique within the form. @@ -1395,12 +3572,120 @@ spec: Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the + response is associated with. Clients + can specify the channel via QueryParameters.channel, + and only associated channel response + will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. + Dialogflow doesn't impose + any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. + Dialogflow doesn't impose + any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text + to be synthesized. For more + information, see SSML. + type: string + text: + description: A collection + of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio + clip. Dialogflow does not + impose any validation on + this value. It is specific + to the client that reads + it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the + call to a phone number in + E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. @@ -1436,6 +3721,23 @@ spec: to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the + parameter. + type: string + value: + description: The new JSON-encoded + value of the parameter. A null + value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being @@ -1448,6 +3750,226 @@ spec: type: string type: object type: array + repromptEventHandlers: + description: 'The handlers for parameter-level + events, used to provide reprompt for the parameter + or transition to a different page/flow. The + supported events are:' + items: + properties: + event: + description: The name of the event to + handle. + type: string + name: + description: |- + (Output) + The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: |- + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + Structure is documented below. + items: + properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array + messages: + description: |- + The list of rich message responses to present to the user. + Structure is documented below. + items: + properties: + channel: + description: The channel which + the response is associated + with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel + response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom + metadata. Dialogflow + doesn't impose any + structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom + metadata. Dialogflow + doesn't impose any + structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML + text to be synthesized. + For more information, + see SSML. + type: string + text: + description: A collection + of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of + the audio clip. Dialogflow + does not impose any + validation on this + value. It is specific + to the client that + reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer + the call to a phone + number in E.164 format. + type: string + type: object + type: array + text: + description: A collection + of text responses. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + text: + description: A collection + of text responses. + items: + type: string + type: array + type: object + type: array + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow + should return currently queued + fulfillment response messages + in streaming APIs. If a webhook + is specified, it happens before + Dialogflow invokes webhook. Warning: + 1) This flag only affects streaming + API. Responses are still queued + and returned once in non-streaming + API. 2) The flag can be enabled + in any fulfillment but only the + first 3 partial responses will + be returned. You may only want + to apply it to fulfillments that + have slow webhooks.' + type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name + of the parameter. + type: string + value: + description: The new JSON-encoded + value of the parameter. + A null value clears the + parameter. + type: string + type: object + type: array + tag: + description: The tag used by the + webhook to identify which fulfillment + is being called. This field is + required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. + Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: array + type: object + type: array type: object type: array isList: @@ -1545,16 +4067,115 @@ spec: type: string triggerFulfillment: description: |- - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. Structure is documented below. items: properties: + conditionalCases: + description: |- + Conditional cases for this fulfillment. + Structure is documented below. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See Case for the schema. + type: string + type: object + type: array messages: description: |- The list of rich message responses to present to the user. Structure is documented below. items: properties: + channel: + description: The channel which the response + is associated with. Clients can specify the + channel via QueryParameters.channel, and only + associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + items: + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + type: array + outputAudioText: + description: |- + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: A collection of text responses. + type: string + type: object + type: array + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: |- + Specifies an audio clip to be played by the client as part of the response. + Structure is documented below. + items: + properties: + allowPlaybackInterruption: + description: |- + (Output) + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + type: object + type: array + telephonyTransferCall: + description: |- + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + Structure is documented below. + items: + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + type: object + type: array text: description: A collection of text responses. items: @@ -1585,6 +4206,21 @@ spec: You may only want to apply it to fulfillments that have slow webhooks.' type: boolean + setParameterActions: + description: |- + Set parameter values before executing the webhook. + Structure is documented below. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the + parameter. A null value clears the parameter. + type: string + type: object + type: array tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is diff --git a/package/crds/dns.gcp.upbound.io_managedzones.yaml b/package/crds/dns.gcp.upbound.io_managedzones.yaml index 7e697381e..c5be2d887 100644 --- a/package/crds/dns.gcp.upbound.io_managedzones.yaml +++ b/package/crds/dns.gcp.upbound.io_managedzones.yaml @@ -288,7 +288,7 @@ spec: privateVisibilityConfig: description: |- For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. + resources that the zone is visible from. At least one of gke_clusters or networks must be specified. Structure is documented below. items: properties: @@ -717,7 +717,7 @@ spec: privateVisibilityConfig: description: |- For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. + resources that the zone is visible from. At least one of gke_clusters or networks must be specified. Structure is documented below. items: properties: @@ -1173,6 +1173,12 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular forceDestroy: description: Set this true to delete all records in the zone. type: boolean @@ -1253,7 +1259,7 @@ spec: privateVisibilityConfig: description: |- For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. + resources that the zone is visible from. At least one of gke_clusters or networks must be specified. Structure is documented below. items: properties: @@ -1294,6 +1300,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular visibility: description: |- The zone's visibility: public zones are exposed to the Internet, diff --git a/package/crds/dns.gcp.upbound.io_recordsets.yaml b/package/crds/dns.gcp.upbound.io_recordsets.yaml index 79dc41407..ba004a967 100644 --- a/package/crds/dns.gcp.upbound.io_recordsets.yaml +++ b/package/crds/dns.gcp.upbound.io_recordsets.yaml @@ -202,7 +202,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -276,7 +277,7 @@ spec: description: 'The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", - "regionalL7ilb"]' + "regionalL7ilb", "globalL7ilb"]' type: string networkUrl: description: The fully qualified @@ -420,7 +421,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -715,7 +717,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -909,7 +912,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -983,7 +987,7 @@ spec: description: 'The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", - "regionalL7ilb"]' + "regionalL7ilb", "globalL7ilb"]' type: string networkUrl: description: The fully qualified @@ -1127,7 +1131,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -1422,7 +1427,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -1713,7 +1719,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -1787,7 +1794,7 @@ spec: description: 'The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", - "regionalL7ilb"]' + "regionalL7ilb", "globalL7ilb"]' type: string networkUrl: description: The fully qualified @@ -1854,7 +1861,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of @@ -1918,7 +1926,8 @@ spec: loadBalancerType: description: 'The type of load balancer. This value is case-sensitive. Possible - values: ["regionalL4ilb", "regionalL7ilb"]' + values: ["regionalL4ilb", "regionalL7ilb", + "globalL7ilb"]' type: string networkUrl: description: The fully qualified url of diff --git a/package/crds/eventarc.gcp.upbound.io_triggers.yaml b/package/crds/eventarc.gcp.upbound.io_triggers.yaml index d83d497ee..0c3705a28 100644 --- a/package/crds/eventarc.gcp.upbound.io_triggers.yaml +++ b/package/crds/eventarc.gcp.upbound.io_triggers.yaml @@ -84,11 +84,6 @@ spec: should be sent to. items: properties: - cloudFunction: - description: '[WARNING] Configuring a Cloud Function in - Trigger is not supported as of today. The Cloud Function - resource name. Format: projects/{project}/locations/{location}/functions/{function}' - type: string cloudRunService: description: Cloud Run fully-managed service that receives the events. The service should be running in the same @@ -219,6 +214,36 @@ spec: - location type: object type: array + httpEndpoint: + description: An HTTP endpoint destination described by an + URI. + items: + properties: + uri: + description: 'Required. The URI of the HTTP enpdoint. + The value must be a RFC2396 URI string. Examples: + http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. + Only HTTP and HTTPS protocols are supported. The + host can be either a static IP addressable from + the VPC specified by the network config, or an internal + DNS hostname of the service resolvable via Cloud + DNS.' + type: string + type: object + type: array + networkConfig: + description: Optional. Network config is used to configure + how Eventarc resolves and connect to a destination. This + should only be used with HttpEndpoint destination type. + items: + properties: + networkAttachment: + description: 'Required. Name of the NetworkAttachment + that allows access to the destination VPC. Format: + projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}' + type: string + type: object + type: array workflow: description: 'The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should @@ -228,6 +253,10 @@ spec: type: object type: array eventDataContentType: + description: Optional. EventDataContentType specifies the type + of payload in MIME format that is expected from the CloudEvent + data field. This is set to application/json if the value is + not defined. type: string labels: additionalProperties: @@ -331,11 +360,6 @@ spec: should be sent to. items: properties: - cloudFunction: - description: '[WARNING] Configuring a Cloud Function in - Trigger is not supported as of today. The Cloud Function - resource name. Format: projects/{project}/locations/{location}/functions/{function}' - type: string cloudRunService: description: Cloud Run fully-managed service that receives the events. The service should be running in the same @@ -461,6 +485,36 @@ spec: type: string type: object type: array + httpEndpoint: + description: An HTTP endpoint destination described by an + URI. + items: + properties: + uri: + description: 'Required. The URI of the HTTP enpdoint. + The value must be a RFC2396 URI string. Examples: + http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. + Only HTTP and HTTPS protocols are supported. The + host can be either a static IP addressable from + the VPC specified by the network config, or an internal + DNS hostname of the service resolvable via Cloud + DNS.' + type: string + type: object + type: array + networkConfig: + description: Optional. Network config is used to configure + how Eventarc resolves and connect to a destination. This + should only be used with HttpEndpoint destination type. + items: + properties: + networkAttachment: + description: 'Required. Name of the NetworkAttachment + that allows access to the destination VPC. Format: + projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}' + type: string + type: object + type: array workflow: description: 'The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should @@ -470,6 +524,10 @@ spec: type: object type: array eventDataContentType: + description: Optional. EventDataContentType specifies the type + of payload in MIME format that is expected from the CloudEvent + data field. This is set to application/json if the value is + not defined. type: string labels: additionalProperties: @@ -747,9 +805,12 @@ spec: items: properties: cloudFunction: - description: '[WARNING] Configuring a Cloud Function in - Trigger is not supported as of today. The Cloud Function - resource name. Format: projects/{project}/locations/{location}/functions/{function}' + description: The Cloud Function resource name. Only Cloud + Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} + This is a read-only field. [WARNING] Creating Cloud Functions + V2 triggers is only supported via the Cloud Functions + product. An error will be returned if the user sets this + value. type: string cloudRunService: description: Cloud Run fully-managed service that receives @@ -803,6 +864,36 @@ spec: type: string type: object type: array + httpEndpoint: + description: An HTTP endpoint destination described by an + URI. + items: + properties: + uri: + description: 'Required. The URI of the HTTP enpdoint. + The value must be a RFC2396 URI string. Examples: + http://10.10.10.8:80/route, http://svc.us-central1.p.local:8080/. + Only HTTP and HTTPS protocols are supported. The + host can be either a static IP addressable from + the VPC specified by the network config, or an internal + DNS hostname of the service resolvable via Cloud + DNS.' + type: string + type: object + type: array + networkConfig: + description: Optional. Network config is used to configure + how Eventarc resolves and connect to a destination. This + should only be used with HttpEndpoint destination type. + items: + properties: + networkAttachment: + description: 'Required. Name of the NetworkAttachment + that allows access to the destination VPC. Format: + projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}' + type: string + type: object + type: array workflow: description: 'The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should @@ -811,6 +902,11 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular etag: description: Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on @@ -818,6 +914,10 @@ spec: before proceeding. type: string eventDataContentType: + description: Optional. EventDataContentType specifies the type + of payload in MIME format that is expected from the CloudEvent + data field. This is set to application/json if the value is + not defined. type: string id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/triggers/{{name}} @@ -872,6 +972,13 @@ spec: In order to create Audit Log triggers, the service account should also have roles/eventarc.eventReceiver IAM role. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular transport: description: Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field diff --git a/package/crds/filestore.gcp.upbound.io_backups.yaml b/package/crds/filestore.gcp.upbound.io_backups.yaml index 03629dc0c..42392715b 100644 --- a/package/crds/filestore.gcp.upbound.io_backups.yaml +++ b/package/crds/filestore.gcp.upbound.io_backups.yaml @@ -487,6 +487,12 @@ spec: description: Amount of bytes that will be downloaded if the backup is restored. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/backups/{{name}} type: string @@ -529,6 +535,14 @@ spec: share storage, this number is expected to change with backup creation/deletion. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/filestore.gcp.upbound.io_instances.yaml b/package/crds/filestore.gcp.upbound.io_instances.yaml index 00fd3df47..6ea047919 100644 --- a/package/crds/filestore.gcp.upbound.io_instances.yaml +++ b/package/crds/filestore.gcp.upbound.io_instances.yaml @@ -134,6 +134,12 @@ spec: type: string type: object type: array + sourceBackup: + description: |- + The resource name of the backup, in the format + projects/{projectId}/locations/{locationId}/backups/{backupId}, + that this file share has been restored from. + type: string type: object type: array kmsKeyName: @@ -266,7 +272,7 @@ spec: tier: description: |- The service tier of the instance. - Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE type: string zone: description: The name of the Filestore zone of the instance. @@ -346,6 +352,12 @@ spec: type: string type: object type: array + sourceBackup: + description: |- + The resource name of the backup, in the format + projects/{projectId}/locations/{locationId}/backups/{backupId}, + that this file share has been restored from. + type: string type: object type: array kmsKeyName: @@ -474,7 +486,7 @@ spec: tier: description: |- The service tier of the instance. - Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE type: string zone: description: The name of the Filestore zone of the instance. @@ -671,6 +683,11 @@ spec: description: description: A description of the instance. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular etag: description: |- Server-specified ETag for the instance resource to prevent @@ -736,7 +753,6 @@ spec: type: array sourceBackup: description: |- - (Output) The resource name of the backup, in the format projects/{projectId}/locations/{locationId}/backups/{backupId}, that this file share has been restored from. @@ -806,10 +822,18 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular tier: description: |- The service tier of the instance. - Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE type: string zone: description: The name of the Filestore zone of the instance. diff --git a/package/crds/filestore.gcp.upbound.io_snapshots.yaml b/package/crds/filestore.gcp.upbound.io_snapshots.yaml index 97d586b9a..234adce7c 100644 --- a/package/crds/filestore.gcp.upbound.io_snapshots.yaml +++ b/package/crds/filestore.gcp.upbound.io_snapshots.yaml @@ -383,6 +383,12 @@ spec: description: A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular filesystemUsedBytes: description: The amount of bytes needed to allocate a full copy of the snapshot content. @@ -411,6 +417,14 @@ spec: state: description: The snapshot state. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml b/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml index 88e2dbf2f..a7198e8dc 100644 --- a/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml +++ b/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml @@ -968,6 +968,12 @@ spec: description: description: User specified descriptive string for this BackupPlan. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular etag: description: |- etag is used for optimistic concurrency control as a way to help prevent simultaneous @@ -1044,6 +1050,14 @@ spec: description: Detailed description of why BackupPlan is in its current state. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uid: description: Server generated, unique identifier of UUID format. type: string diff --git a/package/crds/gkehub.gcp.upbound.io_membershipiammembers.yaml b/package/crds/gkehub.gcp.upbound.io_membershipiammembers.yaml index 60c0f4bea..a988e26fa 100644 --- a/package/crds/gkehub.gcp.upbound.io_membershipiammembers.yaml +++ b/package/crds/gkehub.gcp.upbound.io_membershipiammembers.yaml @@ -84,6 +84,8 @@ spec: type: string type: object type: array + location: + type: string member: type: string membershipId: @@ -191,6 +193,8 @@ spec: type: string type: object type: array + location: + type: string member: type: string membershipId: @@ -470,6 +474,8 @@ spec: type: string id: type: string + location: + type: string member: type: string membershipId: diff --git a/package/crds/gkehub.gcp.upbound.io_memberships.yaml b/package/crds/gkehub.gcp.upbound.io_memberships.yaml index 84094de60..2a9e7d6a1 100644 --- a/package/crds/gkehub.gcp.upbound.io_memberships.yaml +++ b/package/crds/gkehub.gcp.upbound.io_memberships.yaml @@ -193,6 +193,11 @@ spec: description: Labels to apply to this membership. type: object x-kubernetes-map-type: granular + location: + description: |- + Location of the membership. + The default value is global. + type: string project: description: |- The ID of the project in which the resource belongs. @@ -525,6 +530,12 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular endpoint: description: |- If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. @@ -549,7 +560,7 @@ spec: type: object type: array id: - description: an identifier for the resource with format projects/{{project}}/locations/global/memberships/{{membership_id}} + description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} type: string labels: additionalProperties: @@ -557,6 +568,11 @@ spec: description: Labels to apply to this membership. type: object x-kubernetes-map-type: granular + location: + description: |- + Location of the membership. + The default value is global. + type: string name: description: The unique identifier of the membership. type: string @@ -565,6 +581,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/healthcare.gcp.upbound.io_consentstores.yaml b/package/crds/healthcare.gcp.upbound.io_consentstores.yaml index 776af1ce5..35b75468a 100644 --- a/package/crds/healthcare.gcp.upbound.io_consentstores.yaml +++ b/package/crds/healthcare.gcp.upbound.io_consentstores.yaml @@ -494,6 +494,12 @@ spec: Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular enableConsentCreateOnUpdate: description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist. @@ -520,6 +526,14 @@ spec: The name of this ConsentStore, for example: "consent1" type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml b/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml index e07c50583..19042d493 100644 --- a/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml +++ b/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml @@ -94,7 +94,7 @@ spec: x-kubernetes-map-type: granular aws: description: |- - An Amazon Web Services identity provider. Not compatible with the property oidc. + An Amazon Web Services identity provider. Not compatible with the property oidc or saml. Structure is documented below. items: properties: @@ -118,7 +118,7 @@ spec: type: string oidc: description: |- - An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. Structure is documented below. items: properties: @@ -153,6 +153,18 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + saml: + description: |- + An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + Structure is documented below. + items: + properties: + idpMetadataXml: + description: SAML Identity provider configuration metadata + xml doc. + type: string + type: object + type: array workloadIdentityPoolId: description: |- The ID used for the pool, which is the final component of the pool resource name. This @@ -269,7 +281,7 @@ spec: x-kubernetes-map-type: granular aws: description: |- - An Amazon Web Services identity provider. Not compatible with the property oidc. + An Amazon Web Services identity provider. Not compatible with the property oidc or saml. Structure is documented below. items: properties: @@ -293,7 +305,7 @@ spec: type: string oidc: description: |- - An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. Structure is documented below. items: properties: @@ -328,6 +340,18 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + saml: + description: |- + An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + Structure is documented below. + items: + properties: + idpMetadataXml: + description: SAML Identity provider configuration metadata + xml doc. + type: string + type: object + type: array type: object managementPolicies: default: @@ -522,7 +546,7 @@ spec: x-kubernetes-map-type: granular aws: description: |- - An Amazon Web Services identity provider. Not compatible with the property oidc. + An Amazon Web Services identity provider. Not compatible with the property oidc or saml. Structure is documented below. items: properties: @@ -554,7 +578,7 @@ spec: type: string oidc: description: |- - An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. Structure is documented below. items: properties: @@ -589,6 +613,18 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + saml: + description: |- + An SAML 2.0 identity provider. Not compatible with the property oidc or aws. + Structure is documented below. + items: + properties: + idpMetadataXml: + description: SAML Identity provider configuration metadata + xml doc. + type: string + type: object + type: array state: description: The state of the provider. type: string diff --git a/package/crds/kms.gcp.upbound.io_cryptokeys.yaml b/package/crds/kms.gcp.upbound.io_cryptokeys.yaml index f5900e610..941c4a1bd 100644 --- a/package/crds/kms.gcp.upbound.io_cryptokeys.yaml +++ b/package/crds/kms.gcp.upbound.io_cryptokeys.yaml @@ -449,6 +449,12 @@ spec: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format {{key_ring}}/cryptoKeys/{{name}} type: string @@ -467,6 +473,25 @@ spec: resource. type: object x-kubernetes-map-type: granular + primary: + description: |- + A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. + Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. + Structure is documented below. + items: + properties: + name: + description: |- + (Output) + The resource name for this CryptoKeyVersion. + type: string + state: + description: |- + (Output) + The current state of the CryptoKeyVersion. + type: string + type: object + type: array purpose: description: |- The immutable purpose of this CryptoKey. See the @@ -486,6 +511,14 @@ spec: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the google_kms_key_ring_import_job resource to import the CryptoKeyVersion. type: boolean + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular versionTemplate: description: |- A template describing settings for new crypto key versions. diff --git a/package/crds/logging.gcp.upbound.io_folderbucketconfigs.yaml b/package/crds/logging.gcp.upbound.io_folderbucketconfigs.yaml index 328e6b029..7eecd9e4e 100644 --- a/package/crds/logging.gcp.upbound.io_folderbucketconfigs.yaml +++ b/package/crds/logging.gcp.upbound.io_folderbucketconfigs.yaml @@ -168,6 +168,23 @@ spec: type: string type: object type: object + indexConfigs: + description: A list of indexed fields and related configuration + data. Structure is documented below. + items: + properties: + fieldPath: + description: |- + The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + type: string + type: + description: The type of data in this index. Allowed types + include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and + INDEX_TYPE_INTEGER. + type: string + type: object + type: array location: description: The location of the bucket. type: string @@ -208,6 +225,23 @@ spec: description: description: Describes this bucket. type: string + indexConfigs: + description: A list of indexed fields and related configuration + data. Structure is documented below. + items: + properties: + fieldPath: + description: |- + The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + type: string + type: + description: The type of data in this index. Allowed types + include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and + INDEX_TYPE_INTEGER. + type: string + type: object + type: array retentionDays: description: Logs will be retained by default for this amount of time, after which they will automatically be deleted. The @@ -423,6 +457,23 @@ spec: id: description: an identifier for the resource with format folders/{{folder}}/locations/{{location}}/buckets/{{bucket_id}} type: string + indexConfigs: + description: A list of indexed fields and related configuration + data. Structure is documented below. + items: + properties: + fieldPath: + description: |- + The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + type: string + type: + description: The type of data in this index. Allowed types + include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and + INDEX_TYPE_INTEGER. + type: string + type: object + type: array lifecycleState: description: The bucket's lifecycle such as active or deleted. See LifecycleState. diff --git a/package/crds/logging.gcp.upbound.io_foldersinks.yaml b/package/crds/logging.gcp.upbound.io_foldersinks.yaml index ab19bebe9..ff1bd1004 100644 --- a/package/crds/logging.gcp.upbound.io_foldersinks.yaml +++ b/package/crds/logging.gcp.upbound.io_foldersinks.yaml @@ -92,9 +92,10 @@ spec: the description is 8000 characters. type: string destination: - description: |- - The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + description: 'The destination of the sink (or, in other words, + where logs are written to). Can be a Cloud Storage bucket, a + PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or + a Google Cloud project. Examples:' type: string disabled: description: If set to True, then this sink is disabled and it @@ -253,9 +254,10 @@ spec: the description is 8000 characters. type: string destination: - description: |- - The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + description: 'The destination of the sink (or, in other words, + where logs are written to). Can be a Cloud Storage bucket, a + PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or + a Google Cloud project. Examples:' type: string disabled: description: If set to True, then this sink is disabled and it @@ -497,9 +499,10 @@ spec: the description is 8000 characters. type: string destination: - description: |- - The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket. Examples: + description: 'The destination of the sink (or, in other words, + where logs are written to). Can be a Cloud Storage bucket, a + PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or + a Google Cloud project. Examples:' type: string disabled: description: If set to True, then this sink is disabled and it diff --git a/package/crds/logging.gcp.upbound.io_projectbucketconfigs.yaml b/package/crds/logging.gcp.upbound.io_projectbucketconfigs.yaml index 70958681a..155f91c53 100644 --- a/package/crds/logging.gcp.upbound.io_projectbucketconfigs.yaml +++ b/package/crds/logging.gcp.upbound.io_projectbucketconfigs.yaml @@ -181,6 +181,23 @@ spec: buckets with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled. type: boolean + indexConfigs: + description: A list of indexed fields and related configuration + data. Structure is documented below. + items: + properties: + fieldPath: + description: |- + The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + type: string + type: + description: The type of data in this index. Allowed types + include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and + INDEX_TYPE_INTEGER. + type: string + type: object + type: array location: description: The location of the bucket. type: string @@ -396,6 +413,23 @@ spec: buckets with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled. type: boolean + indexConfigs: + description: A list of indexed fields and related configuration + data. Structure is documented below. + items: + properties: + fieldPath: + description: |- + The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + type: string + type: + description: The type of data in this index. Allowed types + include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and + INDEX_TYPE_INTEGER. + type: string + type: object + type: array locked: description: Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only @@ -634,6 +668,23 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}} type: string + indexConfigs: + description: A list of indexed fields and related configuration + data. Structure is documented below. + items: + properties: + fieldPath: + description: |- + The LogEntry field path to index. + Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation for details. + type: string + type: + description: The type of data in this index. Allowed types + include INDEX_TYPE_UNSPECIFIED, INDEX_TYPE_STRING and + INDEX_TYPE_INTEGER. + type: string + type: object + type: array lifecycleState: description: The bucket's lifecycle such as active or deleted. See LifecycleState. diff --git a/package/crds/logging.gcp.upbound.io_projectsinks.yaml b/package/crds/logging.gcp.upbound.io_projectsinks.yaml index 4dd0e4081..9dc44088d 100644 --- a/package/crds/logging.gcp.upbound.io_projectsinks.yaml +++ b/package/crds/logging.gcp.upbound.io_projectsinks.yaml @@ -87,14 +87,98 @@ spec: type: boolean type: object type: array + customWriterIdentity: + description: |- + A user managed service account that will be used to write + the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + routing logs to a destination outside this sink's project. If not specified, a Logging service account + will automatically be generated. + type: string + customWriterIdentityRef: + description: Reference to a ServiceAccount in cloudplatform to + populate customWriterIdentity. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + customWriterIdentitySelector: + description: Selector for a ServiceAccount in cloudplatform to + populate customWriterIdentity. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object description: description: A description of this sink. The maximum length of the description is 8000 characters. type: string destination: - description: |- - The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: + description: 'The destination of the sink (or, in other words, + where logs are written to). Can be a Cloud Storage bucket, a + PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or + a Google Cloud project. Examples:' type: string disabled: description: If set to True, then this sink is disabled and it @@ -141,8 +225,7 @@ spec: type: string uniqueWriterIdentity: description: |- - Whether or not to create a unique identity associated with this sink. If false - (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, + Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize bigquery_options, you must set unique_writer_identity to true. type: boolean @@ -174,14 +257,98 @@ spec: type: boolean type: object type: array + customWriterIdentity: + description: |- + A user managed service account that will be used to write + the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + routing logs to a destination outside this sink's project. If not specified, a Logging service account + will automatically be generated. + type: string + customWriterIdentityRef: + description: Reference to a ServiceAccount in cloudplatform to + populate customWriterIdentity. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + customWriterIdentitySelector: + description: Selector for a ServiceAccount in cloudplatform to + populate customWriterIdentity. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object description: description: A description of this sink. The maximum length of the description is 8000 characters. type: string destination: - description: |- - The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: + description: 'The destination of the sink (or, in other words, + where logs are written to). Can be a Cloud Storage bucket, a + PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or + a Google Cloud project. Examples:' type: string disabled: description: If set to True, then this sink is disabled and it @@ -228,8 +395,7 @@ spec: type: string uniqueWriterIdentity: description: |- - Whether or not to create a unique identity associated with this sink. If false - (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, + Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize bigquery_options, you must set unique_writer_identity to true. type: boolean @@ -425,14 +591,22 @@ spec: type: boolean type: object type: array + customWriterIdentity: + description: |- + A user managed service account that will be used to write + the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are + routing logs to a destination outside this sink's project. If not specified, a Logging service account + will automatically be generated. + type: string description: description: A description of this sink. The maximum length of the description is 8000 characters. type: string destination: - description: |- - The destination of the sink (or, in other words, where logs are written to). Can be a - Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket . Examples: + description: 'The destination of the sink (or, in other words, + where logs are written to). Can be a Cloud Storage bucket, a + PubSub topic, a BigQuery dataset, a Cloud Logging bucket, or + a Google Cloud project. Examples:' type: string disabled: description: If set to True, then this sink is disabled and it @@ -482,8 +656,7 @@ spec: type: string uniqueWriterIdentity: description: |- - Whether or not to create a unique identity associated with this sink. If false - (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, + Whether or not to create a unique identity associated with this sink. If false, then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (the default), then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize bigquery_options, you must set unique_writer_identity to true. type: boolean diff --git a/package/crds/memcache.gcp.upbound.io_instances.yaml b/package/crds/memcache.gcp.upbound.io_instances.yaml index e938523ac..d970979fe 100644 --- a/package/crds/memcache.gcp.upbound.io_instances.yaml +++ b/package/crds/memcache.gcp.upbound.io_instances.yaml @@ -244,7 +244,7 @@ spec: Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically determined by our system based on the latest supported minor version. Default value is MEMCACHE_1_5. - Possible values are: MEMCACHE_1_5. + Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. type: string name: description: The resource name of the instance. @@ -276,6 +276,14 @@ spec: description: The region of the Memcache instance. If it is not provided, the provider region is used. type: string + reservedIpRangeId: + description: |- + Contains the name of allocated IP address ranges associated with + the private service access connection for example, "test-default" + associated with IP range 10.0.0.0/29. + items: + type: string + type: array zones: description: |- Zones where memcache nodes should be provisioned. If not @@ -469,7 +477,7 @@ spec: Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically determined by our system based on the latest supported minor version. Default value is MEMCACHE_1_5. - Possible values are: MEMCACHE_1_5. + Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. type: string name: description: The resource name of the instance. @@ -501,6 +509,14 @@ spec: description: The region of the Memcache instance. If it is not provided, the provider region is used. type: string + reservedIpRangeId: + description: |- + Contains the name of allocated IP address ranges associated with + the private service access connection for example, "test-default" + associated with IP range 10.0.0.0/29. + items: + type: string + type: array zones: description: |- Zones where memcache nodes should be provisioned. If not @@ -709,6 +725,11 @@ spec: displayName: description: A user-visible name for the instance. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}} type: string @@ -885,7 +906,7 @@ spec: Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically determined by our system based on the latest supported minor version. Default value is MEMCACHE_1_5. - Possible values are: MEMCACHE_1_5. + Possible values are: MEMCACHE_1_5, MEMCACHE_1_6_15. type: string name: description: The resource name of the instance. @@ -917,6 +938,22 @@ spec: description: The region of the Memcache instance. If it is not provided, the provider region is used. type: string + reservedIpRangeId: + description: |- + Contains the name of allocated IP address ranges associated with + the private service access connection for example, "test-default" + associated with IP range 10.0.0.0/29. + items: + type: string + type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular zones: description: |- Zones where memcache nodes should be provisioned. If not diff --git a/package/crds/mlengine.gcp.upbound.io_models.yaml b/package/crds/mlengine.gcp.upbound.io_models.yaml index a65b4bef8..db39e481d 100644 --- a/package/crds/mlengine.gcp.upbound.io_models.yaml +++ b/package/crds/mlengine.gcp.upbound.io_models.yaml @@ -93,8 +93,10 @@ spec: labels: additionalProperties: type: string - description: One or more labels that you can add, to organize - your models. + description: |- + One or more labels that you can add, to organize your models. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular name: @@ -154,8 +156,10 @@ spec: labels: additionalProperties: type: string - description: One or more labels that you can add, to organize - your models. + description: |- + One or more labels that you can add, to organize your models. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular name: @@ -376,14 +380,21 @@ spec: description: The description specified for the model when it was created. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/models/{{name}} type: string labels: additionalProperties: type: string - description: One or more labels that you can add, to organize - your models. + description: |- + One or more labels that you can add, to organize your models. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular name: @@ -409,6 +420,14 @@ spec: items: type: string type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml b/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml index 416779393..3b1110560 100644 --- a/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml +++ b/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml @@ -418,7 +418,6 @@ spec: type: array conditionPrometheusQueryLanguage: description: |- - A Monitoring Query Language query that outputs a boolean stream A condition type that allows alert policies to be defined using Prometheus Query Language (PromQL). The PrometheusQueryLanguageCondition message contains information @@ -490,9 +489,7 @@ spec: in order to refer to the original Prometheus configuration file. The rule group name and the alert name are necessary to update the relevant AlertPolicies in case the definition of the rule group changes - in the future. - This field is optional. If this field is not empty, then it must be a - valid Prometheus label name. + in the future. This field is optional. type: string type: object type: array @@ -889,6 +886,13 @@ spec: The format of the content field. Presently, only the value "text/markdown" is supported. type: string + subject: + description: |- + The subject line of the notification. The subject line may not + exceed 10,240 bytes. In notifications generated by this policy the contents + of the subject line after variable expansion will be truncated to 255 bytes + or shorter at the latest UTF-8 character boundary. + type: string type: object type: array enabled: @@ -912,6 +916,13 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + severity: + description: |- + The severity of an alert policy indicates how important incidents generated + by that policy are. The severity level will be displayed on the Incident + detail page and in notifications. + Possible values are: CRITICAL, ERROR, WARNING. + type: string userLabels: additionalProperties: type: string @@ -1281,7 +1292,6 @@ spec: type: array conditionPrometheusQueryLanguage: description: |- - A Monitoring Query Language query that outputs a boolean stream A condition type that allows alert policies to be defined using Prometheus Query Language (PromQL). The PrometheusQueryLanguageCondition message contains information @@ -1353,9 +1363,7 @@ spec: in order to refer to the original Prometheus configuration file. The rule group name and the alert name are necessary to update the relevant AlertPolicies in case the definition of the rule group changes - in the future. - This field is optional. If this field is not empty, then it must be a - valid Prometheus label name. + in the future. This field is optional. type: string type: object type: array @@ -1752,6 +1760,13 @@ spec: The format of the content field. Presently, only the value "text/markdown" is supported. type: string + subject: + description: |- + The subject line of the notification. The subject line may not + exceed 10,240 bytes. In notifications generated by this policy the contents + of the subject line after variable expansion will be truncated to 255 bytes + or shorter at the latest UTF-8 character boundary. + type: string type: object type: array enabled: @@ -1775,6 +1790,13 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + severity: + description: |- + The severity of an alert policy indicates how important incidents generated + by that policy are. The severity level will be displayed on the Incident + detail page and in notifications. + Possible values are: CRITICAL, ERROR, WARNING. + type: string userLabels: additionalProperties: type: string @@ -2316,7 +2338,6 @@ spec: type: array conditionPrometheusQueryLanguage: description: |- - A Monitoring Query Language query that outputs a boolean stream A condition type that allows alert policies to be defined using Prometheus Query Language (PromQL). The PrometheusQueryLanguageCondition message contains information @@ -2388,9 +2409,7 @@ spec: in order to refer to the original Prometheus configuration file. The rule group name and the alert name are necessary to update the relevant AlertPolicies in case the definition of the rule group changes - in the future. - This field is optional. If this field is not empty, then it must be a - valid Prometheus label name. + in the future. This field is optional. type: string type: object type: array @@ -2817,6 +2836,13 @@ spec: The format of the content field. Presently, only the value "text/markdown" is supported. type: string + subject: + description: |- + The subject line of the notification. The subject line may not + exceed 10,240 bytes. In notifications generated by this policy the contents + of the subject line after variable expansion will be truncated to 255 bytes + or shorter at the latest UTF-8 character boundary. + type: string type: object type: array enabled: @@ -2848,6 +2874,13 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + severity: + description: |- + The severity of an alert policy indicates how important incidents generated + by that policy are. The severity level will be displayed on the Incident + detail page and in notifications. + Possible values are: CRITICAL, ERROR, WARNING. + type: string userLabels: additionalProperties: type: string diff --git a/package/crds/monitoring.gcp.upbound.io_customservices.yaml b/package/crds/monitoring.gcp.upbound.io_customservices.yaml index 47b91d23d..d70219235 100644 --- a/package/crds/monitoring.gcp.upbound.io_customservices.yaml +++ b/package/crds/monitoring.gcp.upbound.io_customservices.yaml @@ -36,7 +36,7 @@ spec: openAPIV3Schema: description: CustomService is the Schema for the CustomServices API. A Service is a discrete, autonomous, and network-accessible unit, designed to solve - an individual concern (Wikipedia). + an individual concern. properties: apiVersion: description: |- diff --git a/package/crds/monitoring.gcp.upbound.io_services.yaml b/package/crds/monitoring.gcp.upbound.io_services.yaml index 7feaefa11..ec120ddfc 100644 --- a/package/crds/monitoring.gcp.upbound.io_services.yaml +++ b/package/crds/monitoring.gcp.upbound.io_services.yaml @@ -36,7 +36,7 @@ spec: openAPIV3Schema: description: Service is the Schema for the Services API. A Service is a discrete, autonomous, and network-accessible unit, designed to solve an individual - concern (Wikipedia). + concern. properties: apiVersion: description: |- diff --git a/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml b/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml index 52cf7874b..655a9786f 100644 --- a/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml +++ b/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml @@ -75,7 +75,7 @@ spec: properties: checkerType: description: |- - The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. type: string contentMatchers: @@ -177,19 +177,27 @@ spec: type: array body: description: The request body associated with the HTTP POST - request. If contentType is URL_ENCODED, the body passed + request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If - the requestMethod is GET and body is not empty, the API + the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are - base64 encoded. e.g. "foo=bar" in URL-encoded form is - "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar + and in base64 encoding is Zm9vJTI1M0RiYXI=. type: string contentType: description: |- The content type to use for the check. - Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. + Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. + type: string + customContentType: + description: A user provided content type header to use + for the check. The invalid configurations outlined in + the content_type field apply to custom_content_type, as + well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis + set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` + is not set. type: string headers: additionalProperties: @@ -198,11 +206,10 @@ spec: uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of - all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same - key in a Create call will cause the first to be overwritten - by the second. The maximum number of headers allowed is - 100. + all the desired values as described in RFC 2616 (page + 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by + the second. The maximum number of headers allowed is 100. type: object x-kubernetes-map-type: granular maskHeaders: @@ -211,25 +218,37 @@ spec: related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, - if mask_headers is set to True then the headers will be + if mask_headers is set to true then the headers will be obscured with ******. type: boolean path: description: The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path - does not begin with "/", a "/" will be prepended automatically. - Optional (defaults to "/"). + does not begin with /, a / will be prepended automatically. + Optional (defaults to /). type: string + pingConfig: + description: |- + Contains information needed to add pings to an HTTP check. + Structure is documented below. + items: + properties: + pingsCount: + description: Number of ICMP pings. A maximum of 3 + ICMP pings is currently supported. + type: number + type: object + type: array port: description: The port to the page to run the check against. - Will be combined with host (specified within the MonitoredResource) + Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). type: number requestMethod: description: |- - The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. + The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. type: string @@ -240,16 +259,18 @@ spec: validateSsl: description: Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies - to checks where monitoredResource is set to uptime_url. - If useSsl is false, setting validateSsl to true has no - effect. + to checks where monitored_resource is set to uptime_url. + If use_ssl is false, setting validate_ssl to true has + no effect. type: boolean type: object type: array monitoredResource: description: |- - The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - Structure is documented below. + The [monitored resource] + (https://cloud.google.com/monitoring/api/resources) associated with the + configuration. The following monitored resource types are supported for + uptime checks: items: properties: labels: @@ -257,18 +278,16 @@ spec: type: string description: Values for all of the labels listed in the associated monitored resource descriptor. For example, - Compute Engine VM instances use the labels "project_id", - "instance_id", and "zone". + Compute Engine VM instances use the labels project_id, + instance_id, and zone. type: object x-kubernetes-map-type: granular type: description: The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor - (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource - types (https://cloud.google.com/monitoring/api/resources) - and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + types and Logging resource types. type: string type: object type: array @@ -386,24 +405,143 @@ spec: items: type: string type: array + syntheticMonitor: + description: |- + A Synthetic Monitor deployed to a Cloud Functions V2 instance. + Structure is documented below. + items: + properties: + cloudFunctionV2: + description: |- + Target a Synthetic Monitor GCFv2 Instance + Structure is documented below. + items: + properties: + name: + description: The fully qualified name of the cloud + function resource. + type: string + nameRef: + description: Reference to a Function in cloudfunctions2 + to populate name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + nameSelector: + description: Selector for a Function in cloudfunctions2 + to populate name. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + type: object + type: array tcpCheck: description: |- Contains information needed to make a TCP check. Structure is documented below. items: properties: + pingConfig: + description: |- + Contains information needed to add pings to a TCP check. + Structure is documented below. + items: + properties: + pingsCount: + description: Number of ICMP pings. A maximum of 3 + ICMP pings is currently supported. + type: number + type: object + type: array port: description: The port to the page to run the check against. - Will be combined with host (specified within the MonitoredResource) + Will be combined with host (specified within the monitored_resource) to construct the full URL. type: number type: object type: array timeout: description: The maximum amount of time to wait for the request - to complete (must be between 1 and 60 seconds). Accepted formats - https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + to complete (must be between 1 and 60 seconds). See the accepted + formats type: string + userLabels: + additionalProperties: + type: string + description: User-supplied key/value data to be used for organizing + and identifying the UptimeCheckConfig objects. The field can + contain up to 64 entries. Each key and value is limited to 63 + Unicode characters or 128 bytes, whichever is smaller. Labels + and values can contain only lowercase letters, numerals, underscores, + and dashes. Keys must begin with a letter. + type: object + x-kubernetes-map-type: granular type: object initProvider: description: |- @@ -420,7 +558,7 @@ spec: properties: checkerType: description: |- - The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. type: string contentMatchers: @@ -501,19 +639,27 @@ spec: type: array body: description: The request body associated with the HTTP POST - request. If contentType is URL_ENCODED, the body passed + request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If - the requestMethod is GET and body is not empty, the API + the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are - base64 encoded. e.g. "foo=bar" in URL-encoded form is - "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar + and in base64 encoding is Zm9vJTI1M0RiYXI=. type: string contentType: description: |- The content type to use for the check. - Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. + Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. + type: string + customContentType: + description: A user provided content type header to use + for the check. The invalid configurations outlined in + the content_type field apply to custom_content_type, as + well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis + set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` + is not set. type: string headers: additionalProperties: @@ -522,11 +668,10 @@ spec: uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of - all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same - key in a Create call will cause the first to be overwritten - by the second. The maximum number of headers allowed is - 100. + all the desired values as described in RFC 2616 (page + 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by + the second. The maximum number of headers allowed is 100. type: object x-kubernetes-map-type: granular maskHeaders: @@ -535,25 +680,37 @@ spec: related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, - if mask_headers is set to True then the headers will be + if mask_headers is set to true then the headers will be obscured with ******. type: boolean path: description: The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path - does not begin with "/", a "/" will be prepended automatically. - Optional (defaults to "/"). + does not begin with /, a / will be prepended automatically. + Optional (defaults to /). type: string + pingConfig: + description: |- + Contains information needed to add pings to an HTTP check. + Structure is documented below. + items: + properties: + pingsCount: + description: Number of ICMP pings. A maximum of 3 + ICMP pings is currently supported. + type: number + type: object + type: array port: description: The port to the page to run the check against. - Will be combined with host (specified within the MonitoredResource) + Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). type: number requestMethod: description: |- - The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. + The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. type: string @@ -564,16 +721,18 @@ spec: validateSsl: description: Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies - to checks where monitoredResource is set to uptime_url. - If useSsl is false, setting validateSsl to true has no - effect. + to checks where monitored_resource is set to uptime_url. + If use_ssl is false, setting validate_ssl to true has + no effect. type: boolean type: object type: array monitoredResource: description: |- - The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - Structure is documented below. + The [monitored resource] + (https://cloud.google.com/monitoring/api/resources) associated with the + configuration. The following monitored resource types are supported for + uptime checks: items: properties: labels: @@ -581,18 +740,16 @@ spec: type: string description: Values for all of the labels listed in the associated monitored resource descriptor. For example, - Compute Engine VM instances use the labels "project_id", - "instance_id", and "zone". + Compute Engine VM instances use the labels project_id, + instance_id, and zone. type: object x-kubernetes-map-type: granular type: description: The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor - (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource - types (https://cloud.google.com/monitoring/api/resources) - and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + types and Logging resource types. type: string type: object type: array @@ -710,24 +867,143 @@ spec: items: type: string type: array + syntheticMonitor: + description: |- + A Synthetic Monitor deployed to a Cloud Functions V2 instance. + Structure is documented below. + items: + properties: + cloudFunctionV2: + description: |- + Target a Synthetic Monitor GCFv2 Instance + Structure is documented below. + items: + properties: + name: + description: The fully qualified name of the cloud + function resource. + type: string + nameRef: + description: Reference to a Function in cloudfunctions2 + to populate name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + nameSelector: + description: Selector for a Function in cloudfunctions2 + to populate name. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + type: object + type: array tcpCheck: description: |- Contains information needed to make a TCP check. Structure is documented below. items: properties: + pingConfig: + description: |- + Contains information needed to add pings to a TCP check. + Structure is documented below. + items: + properties: + pingsCount: + description: Number of ICMP pings. A maximum of 3 + ICMP pings is currently supported. + type: number + type: object + type: array port: description: The port to the page to run the check against. - Will be combined with host (specified within the MonitoredResource) + Will be combined with host (specified within the monitored_resource) to construct the full URL. type: number type: object type: array timeout: description: The maximum amount of time to wait for the request - to complete (must be between 1 and 60 seconds). Accepted formats - https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + to complete (must be between 1 and 60 seconds). See the accepted + formats type: string + userLabels: + additionalProperties: + type: string + description: User-supplied key/value data to be used for organizing + and identifying the UptimeCheckConfig objects. The field can + contain up to 64 entries. Each key and value is limited to 63 + Unicode characters or 128 bytes, whichever is smaller. Labels + and values can contain only lowercase letters, numerals, underscores, + and dashes. Keys must begin with a letter. + type: object + x-kubernetes-map-type: granular type: object managementPolicies: default: @@ -912,7 +1188,7 @@ spec: properties: checkerType: description: |- - The checker type to use for the check. If the monitored resource type is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + The checker type to use for the check. If the monitored resource type is servicedirectory_service, checker_type must be set to VPC_CHECKERS. Possible values are: STATIC_IP_CHECKERS, VPC_CHECKERS. type: string contentMatchers: @@ -993,19 +1269,27 @@ spec: type: array body: description: The request body associated with the HTTP POST - request. If contentType is URL_ENCODED, the body passed + request. If content_type is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a Content-Length header via the headers field or the API will do so. If - the requestMethod is GET and body is not empty, the API + the request_method is GET and body is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are - base64 encoded. e.g. "foo=bar" in URL-encoded form is - "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + base64 encoded. e.g. foo=bar in URL-encoded form is foo%3Dbar + and in base64 encoding is Zm9vJTI1M0RiYXI=. type: string contentType: description: |- The content type to use for the check. - Possible values are: TYPE_UNSPECIFIED, URL_ENCODED. + Possible values are: TYPE_UNSPECIFIED, URL_ENCODED, USER_PROVIDED. + type: string + customContentType: + description: A user provided content type header to use + for the check. The invalid configurations outlined in + the content_type field apply to custom_content_type, as + well as the following 1. content_typeisURL_ENCODEDandcustom_content_typeis + set. 2.content_typeisUSER_PROVIDEDandcustom_content_type` + is not set. type: string headers: additionalProperties: @@ -1014,11 +1298,10 @@ spec: uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of - all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same - key in a Create call will cause the first to be overwritten - by the second. The maximum number of headers allowed is - 100. + all the desired values as described in RFC 2616 (page + 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by + the second. The maximum number of headers allowed is 100. type: object x-kubernetes-map-type: granular maskHeaders: @@ -1027,25 +1310,37 @@ spec: related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, - if mask_headers is set to True then the headers will be + if mask_headers is set to true then the headers will be obscured with ******. type: boolean path: description: The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path - does not begin with "/", a "/" will be prepended automatically. - Optional (defaults to "/"). + does not begin with /, a / will be prepended automatically. + Optional (defaults to /). type: string + pingConfig: + description: |- + Contains information needed to add pings to an HTTP check. + Structure is documented below. + items: + properties: + pingsCount: + description: Number of ICMP pings. A maximum of 3 + ICMP pings is currently supported. + type: number + type: object + type: array port: description: The port to the page to run the check against. - Will be combined with host (specified within the MonitoredResource) + Will be combined with host (specified within the monitored_resource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). type: number requestMethod: description: |- - The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then requestMethod defaults to GET. + The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. type: string @@ -1056,9 +1351,9 @@ spec: validateSsl: description: Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies - to checks where monitoredResource is set to uptime_url. - If useSsl is false, setting validateSsl to true has no - effect. + to checks where monitored_resource is set to uptime_url. + If use_ssl is false, setting validate_ssl to true has + no effect. type: boolean type: object type: array @@ -1067,8 +1362,10 @@ spec: type: string monitoredResource: description: |- - The monitored resource (https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance aws_elb_load_balancer k8s_service servicedirectory_service - Structure is documented below. + The [monitored resource] + (https://cloud.google.com/monitoring/api/resources) associated with the + configuration. The following monitored resource types are supported for + uptime checks: items: properties: labels: @@ -1076,18 +1373,16 @@ spec: type: string description: Values for all of the labels listed in the associated monitored resource descriptor. For example, - Compute Engine VM instances use the labels "project_id", - "instance_id", and "zone". + Compute Engine VM instances use the labels project_id, + instance_id, and zone. type: object x-kubernetes-map-type: granular type: description: The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor - (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see Monitoring resource - types (https://cloud.google.com/monitoring/api/resources) - and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + types and Logging resource types. type: string type: object type: array @@ -1133,27 +1428,70 @@ spec: items: type: string type: array + syntheticMonitor: + description: |- + A Synthetic Monitor deployed to a Cloud Functions V2 instance. + Structure is documented below. + items: + properties: + cloudFunctionV2: + description: |- + Target a Synthetic Monitor GCFv2 Instance + Structure is documented below. + items: + properties: + name: + description: The fully qualified name of the cloud + function resource. + type: string + type: object + type: array + type: object + type: array tcpCheck: description: |- Contains information needed to make a TCP check. Structure is documented below. items: properties: + pingConfig: + description: |- + Contains information needed to add pings to a TCP check. + Structure is documented below. + items: + properties: + pingsCount: + description: Number of ICMP pings. A maximum of 3 + ICMP pings is currently supported. + type: number + type: object + type: array port: description: The port to the page to run the check against. - Will be combined with host (specified within the MonitoredResource) + Will be combined with host (specified within the monitored_resource) to construct the full URL. type: number type: object type: array timeout: description: The maximum amount of time to wait for the request - to complete (must be between 1 and 60 seconds). Accepted formats - https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration + to complete (must be between 1 and 60 seconds). See the accepted + formats type: string uptimeCheckId: description: The id of the uptime check type: string + userLabels: + additionalProperties: + type: string + description: User-supplied key/value data to be used for organizing + and identifying the UptimeCheckConfig objects. The field can + contain up to 64 entries. Each key and value is limited to 63 + Unicode characters or 128 bytes, whichever is smaller. Labels + and values can contain only lowercase letters, numerals, underscores, + and dashes. Keys must begin with a letter. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml b/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml index 2c921acdf..e8a2fee5b 100644 --- a/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml +++ b/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml @@ -305,6 +305,11 @@ spec: description: description: An optional description of the hub. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/global/hubs/{{name}} type: string @@ -339,6 +344,13 @@ spec: description: 'Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uniqueId: description: Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted diff --git a/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml b/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml index a7942e7ec..52a501240 100644 --- a/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml +++ b/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml @@ -283,6 +283,97 @@ spec: type: boolean type: object type: array + linkedVpcNetwork: + description: VPC network that is associated with the spoke. + items: + properties: + excludeExportRanges: + description: IP ranges encompassing the subnets to be excluded + from peering. + items: + type: string + type: array + uri: + description: The URI of the VPC network resource. + type: string + uriRef: + description: Reference to a Network in compute to populate + uri. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + uriSelector: + description: Selector for a Network in compute to populate + uri. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array linkedVpnTunnels: description: The URIs of linked VPN tunnel resources items: @@ -533,6 +624,97 @@ spec: type: boolean type: object type: array + linkedVpcNetwork: + description: VPC network that is associated with the spoke. + items: + properties: + excludeExportRanges: + description: IP ranges encompassing the subnets to be excluded + from peering. + items: + type: string + type: array + uri: + description: The URI of the VPC network resource. + type: string + uriRef: + description: Reference to a Network in compute to populate + uri. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + uriSelector: + description: Selector for a Network in compute to populate + uri. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array linkedVpnTunnels: description: The URIs of linked VPN tunnel resources items: @@ -747,6 +929,11 @@ spec: description: description: An optional description of the spoke. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular hub: description: Immutable. The URI of the hub that this spoke is attached to. @@ -805,6 +992,21 @@ spec: type: boolean type: object type: array + linkedVpcNetwork: + description: VPC network that is associated with the spoke. + items: + properties: + excludeExportRanges: + description: IP ranges encompassing the subnets to be excluded + from peering. + items: + type: string + type: array + uri: + description: The URI of the VPC network resource. + type: string + type: object + type: array linkedVpnTunnels: description: The URIs of linked VPN tunnel resources items: @@ -836,6 +1038,13 @@ spec: spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular uniqueId: description: Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke diff --git a/package/crds/networkmanagement.gcp.upbound.io_connectivitytests.yaml b/package/crds/networkmanagement.gcp.upbound.io_connectivitytests.yaml index b7a276457..f826a439c 100644 --- a/package/crds/networkmanagement.gcp.upbound.io_connectivitytests.yaml +++ b/package/crds/networkmanagement.gcp.upbound.io_connectivitytests.yaml @@ -1796,6 +1796,11 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/global/connectivityTests/{{name}} type: string @@ -1878,6 +1883,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/notebooks.gcp.upbound.io_instances.yaml b/package/crds/notebooks.gcp.upbound.io_instances.yaml index 05ab9b554..61c04a591 100644 --- a/package/crds/notebooks.gcp.upbound.io_instances.yaml +++ b/package/crds/notebooks.gcp.upbound.io_instances.yaml @@ -136,6 +136,11 @@ spec: Possible disk types for notebook instances. Possible values are: DISK_TYPE_UNSPECIFIED, PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. type: string + desiredState: + description: Desired state of the Notebook Instance. Set this + field to ACTIVE to start the Instance, and STOPPED to stop the + Instance. + type: string diskEncryption: description: |- Disk encryption method used on the boot and data disks, defaults to GMEK. @@ -391,6 +396,11 @@ spec: Possible disk types for notebook instances. Possible values are: DISK_TYPE_UNSPECIFIED, PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. type: string + desiredState: + description: Desired state of the Notebook Instance. Set this + field to ACTIVE to start the Instance, and STOPPED to stop the + Instance. + type: string diskEncryption: description: |- Disk encryption method used on the boot and data disks, defaults to GMEK. @@ -808,11 +818,22 @@ spec: Possible disk types for notebook instances. Possible values are: DISK_TYPE_UNSPECIFIED, PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. type: string + desiredState: + description: Desired state of the Notebook Instance. Set this + field to ACTIVE to start the Instance, and STOPPED to stop the + Instance. + type: string diskEncryption: description: |- Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values are: DISK_ENCRYPTION_UNSPECIFIED, GMEK, CMEK. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}} type: string @@ -975,6 +996,14 @@ spec: items: type: string type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: Instance update time. type: string diff --git a/package/crds/notebooks.gcp.upbound.io_runtimes.yaml b/package/crds/notebooks.gcp.upbound.io_runtimes.yaml index 72fbf9d78..785d420fb 100644 --- a/package/crds/notebooks.gcp.upbound.io_runtimes.yaml +++ b/package/crds/notebooks.gcp.upbound.io_runtimes.yaml @@ -91,6 +91,18 @@ spec: type: string type: object type: array + labels: + additionalProperties: + type: string + description: |- + The labels to associate with this runtime. Label keys must + contain 1 to 63 characters, and must conform to [RFC 1035] + (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + empty, but, if present, must contain 1 to 63 characters, and must + conform to RFC 1035. No + more than 32 labels can be associated with a cluster. + type: object + x-kubernetes-map-type: granular location: description: A reference to the zone where the machine resides. type: string @@ -440,6 +452,18 @@ spec: type: string type: object type: array + labels: + additionalProperties: + type: string + description: |- + The labels to associate with this runtime. Label keys must + contain 1 to 63 characters, and must conform to [RFC 1035] + (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + empty, but, if present, must contain 1 to 63 characters, and must + conform to RFC 1035. No + more than 32 labels can be associated with a cluster. + type: object + x-kubernetes-map-type: granular project: description: |- The ID of the project in which the resource belongs. @@ -948,6 +972,12 @@ spec: type: string type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular healthState: description: |- The health state of this runtime. For a list of possible output @@ -956,6 +986,18 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/runtimes/{{name}} type: string + labels: + additionalProperties: + type: string + description: |- + The labels to associate with this runtime. Label keys must + contain 1 to 63 characters, and must conform to [RFC 1035] + (https://www.ietf.org/rfc/rfc1035.txt). Label values may be + empty, but, if present, must contain 1 to 63 characters, and must + conform to RFC 1035. No + more than 32 labels can be associated with a cluster. + type: object + x-kubernetes-map-type: granular location: description: A reference to the zone where the machine resides. type: string @@ -1053,6 +1095,14 @@ spec: state: description: The state of this runtime. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular virtualMachine: description: |- Use a Compute Engine VM image to start the managed notebook instance. diff --git a/package/crds/osconfig.gcp.upbound.io_ospolicyassignments.yaml b/package/crds/osconfig.gcp.upbound.io_ospolicyassignments.yaml index 2ce6f7537..61ac3c8d2 100644 --- a/package/crds/osconfig.gcp.upbound.io_ospolicyassignments.yaml +++ b/package/crds/osconfig.gcp.upbound.io_ospolicyassignments.yaml @@ -35,7 +35,8 @@ spec: schema: openAPIV3Schema: description: OsPolicyAssignment is the Schema for the OsPolicyAssignments - API. + API. OS policy assignment is an API resource that is used to apply a set + of OS policies to a dynamically targeted group of Compute Engine VM instances. properties: apiVersion: description: |- diff --git a/package/crds/osconfig.gcp.upbound.io_patchdeployments.yaml b/package/crds/osconfig.gcp.upbound.io_patchdeployments.yaml index 102a88119..72ec04bbc 100644 --- a/package/crds/osconfig.gcp.upbound.io_patchdeployments.yaml +++ b/package/crds/osconfig.gcp.upbound.io_patchdeployments.yaml @@ -541,6 +541,11 @@ spec: IANA Time Zone Database time zone, e.g. "America/New_York". Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. type: string + dayOffset: + description: Represents the number of days before + or after the given week day of month that + the patch deployment is scheduled for. + type: number weekOrdinal: description: Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates @@ -1127,6 +1132,11 @@ spec: IANA Time Zone Database time zone, e.g. "America/New_York". Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. type: string + dayOffset: + description: Represents the number of days before + or after the given week day of month that + the patch deployment is scheduled for. + type: number weekOrdinal: description: Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates @@ -1901,6 +1911,11 @@ spec: IANA Time Zone Database time zone, e.g. "America/New_York". Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. type: string + dayOffset: + description: Represents the number of days before + or after the given week day of month that + the patch deployment is scheduled for. + type: number weekOrdinal: description: Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates diff --git a/package/crds/privateca.gcp.upbound.io_capools.yaml b/package/crds/privateca.gcp.upbound.io_capools.yaml index b78bde375..a1da95ca7 100644 --- a/package/crds/privateca.gcp.upbound.io_capools.yaml +++ b/package/crds/privateca.gcp.upbound.io_capools.yaml @@ -1171,6 +1171,12 @@ spec: properties: atProvider: properties: + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/caPools/{{name}} type: string @@ -1626,6 +1632,14 @@ spec: type: boolean type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular tier: description: |- The Tier of this CaPool. diff --git a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml index 6881bcc95..cf50cde22 100644 --- a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml @@ -1861,6 +1861,11 @@ spec: description: Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular gcsBucket: description: |- The name of a Cloud Storage bucket where this CertificateAuthority will publish content, @@ -1987,6 +1992,14 @@ spec: type: array type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: description: |- The Type of this CertificateAuthority. diff --git a/package/crds/privateca.gcp.upbound.io_certificates.yaml b/package/crds/privateca.gcp.upbound.io_certificates.yaml index 248f43420..1965f2fb0 100644 --- a/package/crds/privateca.gcp.upbound.io_certificates.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificates.yaml @@ -449,49 +449,41 @@ spec: items: properties: certSign: - description: |- - (Output) - The key may be used to sign certificates. + description: The key may be used to sign + certificates. type: boolean contentCommitment: - description: |- - (Output) - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + description: The key may be used for cryptographic + commitments. Note that this may also + be referred to as "non-repudiation". type: boolean crlSign: - description: |- - (Output) - The key may be used sign certificate revocation lists. + description: The key may be used sign + certificate revocation lists. type: boolean dataEncipherment: - description: |- - (Output) - The key may be used to encipher data. + description: The key may be used to encipher + data. type: boolean decipherOnly: - description: |- - (Output) - The key may be used to decipher only. + description: The key may be used to decipher + only. type: boolean digitalSignature: - description: |- - (Output) - The key may be used for digital signatures. + description: The key may be used for digital + signatures. type: boolean encipherOnly: - description: |- - (Output) - The key may be used to encipher only. + description: The key may be used to encipher + only. type: boolean keyAgreement: - description: |- - (Output) - The key may be used in a key agreement protocol. + description: The key may be used in a + key agreement protocol. type: boolean keyEncipherment: - description: |- - (Output) - The key may be used to encipher other keys. + description: The key may be used to encipher + other keys. type: boolean type: object type: array @@ -1131,49 +1123,41 @@ spec: items: properties: certSign: - description: |- - (Output) - The key may be used to sign certificates. + description: The key may be used to sign + certificates. type: boolean contentCommitment: - description: |- - (Output) - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + description: The key may be used for cryptographic + commitments. Note that this may also + be referred to as "non-repudiation". type: boolean crlSign: - description: |- - (Output) - The key may be used sign certificate revocation lists. + description: The key may be used sign + certificate revocation lists. type: boolean dataEncipherment: - description: |- - (Output) - The key may be used to encipher data. + description: The key may be used to encipher + data. type: boolean decipherOnly: - description: |- - (Output) - The key may be used to decipher only. + description: The key may be used to decipher + only. type: boolean digitalSignature: - description: |- - (Output) - The key may be used for digital signatures. + description: The key may be used for digital + signatures. type: boolean encipherOnly: - description: |- - (Output) - The key may be used to encipher only. + description: The key may be used to encipher + only. type: boolean keyAgreement: - description: |- - (Output) - The key may be used in a key agreement protocol. + description: The key may be used in a + key agreement protocol. type: boolean keyEncipherment: - description: |- - (Output) - The key may be used to encipher other keys. + description: The key may be used to encipher + other keys. type: boolean type: object type: array @@ -1583,151 +1567,6 @@ spec: type: string type: object type: array - configValues: - description: |- - (Output, Deprecated) - Describes some of the technical fields in a certificate. - Structure is documented below. - items: - properties: - keyUsage: - description: |- - (Output) - Indicates the intended use for keys that correspond to a certificate. - Structure is documented below. - items: - properties: - baseKeyUsage: - description: |- - Describes high-level ways in which a key may be used. - Structure is documented below. - items: - properties: - keyUsageOptions: - description: |- - (Output) - Describes high-level ways in which a key may be used. - Structure is documented below. - items: - properties: - certSign: - description: |- - (Output) - The key may be used to sign certificates. - type: boolean - contentCommitment: - description: |- - (Output) - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: |- - (Output) - The key may be used sign certificate revocation lists. - type: boolean - dataEncipherment: - description: |- - (Output) - The key may be used to encipher data. - type: boolean - decipherOnly: - description: |- - (Output) - The key may be used to decipher only. - type: boolean - digitalSignature: - description: |- - (Output) - The key may be used for digital signatures. - type: boolean - encipherOnly: - description: |- - (Output) - The key may be used to encipher only. - type: boolean - keyAgreement: - description: |- - (Output) - The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: |- - (Output) - The key may be used to encipher other keys. - type: boolean - type: object - type: array - type: object - type: array - extendedKeyUsage: - description: |- - Describes high-level ways in which a key may be used. - Structure is documented below. - items: - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client - authentication", though regularly used - for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of - downloadable executable code client - authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP - responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server - authentication", though regularly used - for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the - hash of an object to a time". - type: boolean - type: object - type: array - unknownExtendedKeyUsages: - description: |- - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - Structure is documented below. - items: - properties: - obectId: - description: |- - (Output) - Required. Describes how some of the technical fields in a certificate should be populated. - Structure is documented below. - items: - properties: - objectIdPath: - description: An ObjectId specifies - an object identifier (OID). These - provide context and describe types - in ASN.1 messages. - items: - type: number - type: array - type: object - type: array - type: object - type: array - type: object - type: array - type: object - type: array crlDistributionPoints: description: |- (Output) @@ -1842,7 +1681,7 @@ spec: obectId: description: |- (Output) - Required. Describes how some of the technical fields in a certificate should be populated. + Describes how some of the technical fields in a certificate should be populated. Structure is documented below. items: properties: @@ -1985,49 +1824,41 @@ spec: items: properties: certSign: - description: |- - (Output) - The key may be used to sign certificates. + description: The key may be used to sign + certificates. type: boolean contentCommitment: - description: |- - (Output) - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + description: The key may be used for cryptographic + commitments. Note that this may also + be referred to as "non-repudiation". type: boolean crlSign: - description: |- - (Output) - The key may be used sign certificate revocation lists. + description: The key may be used sign + certificate revocation lists. type: boolean dataEncipherment: - description: |- - (Output) - The key may be used to encipher data. + description: The key may be used to encipher + data. type: boolean decipherOnly: - description: |- - (Output) - The key may be used to decipher only. + description: The key may be used to decipher + only. type: boolean digitalSignature: - description: |- - (Output) - The key may be used for digital signatures. + description: The key may be used for digital + signatures. type: boolean encipherOnly: - description: |- - (Output) - The key may be used to encipher only. + description: The key may be used to encipher + only. type: boolean keyAgreement: - description: |- - (Output) - The key may be used in a key agreement protocol. + description: The key may be used in a + key agreement protocol. type: boolean keyEncipherment: - description: |- - (Output) - The key may be used to encipher other keys. + description: The key may be used to encipher + other keys. type: boolean type: object type: array @@ -2388,49 +2219,41 @@ spec: items: properties: certSign: - description: |- - (Output) - The key may be used to sign certificates. + description: The key may be used to sign + certificates. type: boolean contentCommitment: - description: |- - (Output) - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + description: The key may be used for cryptographic + commitments. Note that this may also + be referred to as "non-repudiation". type: boolean crlSign: - description: |- - (Output) - The key may be used sign certificate revocation lists. + description: The key may be used sign + certificate revocation lists. type: boolean dataEncipherment: - description: |- - (Output) - The key may be used to encipher data. + description: The key may be used to encipher + data. type: boolean decipherOnly: - description: |- - (Output) - The key may be used to decipher only. + description: The key may be used to decipher + only. type: boolean digitalSignature: - description: |- - (Output) - The key may be used for digital signatures. + description: The key may be used for digital + signatures. type: boolean encipherOnly: - description: |- - (Output) - The key may be used to encipher only. + description: The key may be used to encipher + only. type: boolean keyAgreement: - description: |- - (Output) - The key may be used in a key agreement protocol. + description: The key may be used in a + key agreement protocol. type: boolean keyEncipherment: - description: |- - (Output) - The key may be used to encipher other keys. + description: The key may be used to encipher + other keys. type: boolean type: object type: array @@ -2602,6 +2425,12 @@ spec: The time that this resource was created on the server. This is in RFC3339 text format. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}} type: string @@ -2636,13 +2465,6 @@ spec: items: type: string type: array - pemCertificates: - description: |- - (Deprecated) - Required. Expected to be in leaf-to-root order according to RFC 5246. - items: - type: string - type: array pemCsr: description: Immutable. A pem-encoded X.509 certificate signing request (CSR). @@ -2674,6 +2496,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: |- Output only. The time at which this CertificateAuthority was updated. diff --git a/package/crds/privateca.gcp.upbound.io_certificatetemplates.yaml b/package/crds/privateca.gcp.upbound.io_certificatetemplates.yaml index a3204f146..c1cc3bf4d 100644 --- a/package/crds/privateca.gcp.upbound.io_certificatetemplates.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificatetemplates.yaml @@ -826,6 +826,11 @@ spec: description: Optional. A human-readable description of scenarios this template is intended for. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}} type: string @@ -1104,6 +1109,13 @@ spec: project: description: The project for the resource type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: Output only. The time at which this CertificateTemplate was updated. diff --git a/package/crds/pubsub.gcp.upbound.io_schemas.yaml b/package/crds/pubsub.gcp.upbound.io_schemas.yaml index a150a6ec6..b776ee7e0 100644 --- a/package/crds/pubsub.gcp.upbound.io_schemas.yaml +++ b/package/crds/pubsub.gcp.upbound.io_schemas.yaml @@ -78,7 +78,11 @@ spec: description: |- The definition of the schema. This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. + that is a valid schema definition of the type specified in type. Changes + to the definition commit new schema revisions. + A schema can only have up to 20 revisions, so updates that fail with an + error indicating that the limit has been reached require manually + deleting old revisions. type: string project: description: |- @@ -109,7 +113,11 @@ spec: description: |- The definition of the schema. This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. + that is a valid schema definition of the type specified in type. Changes + to the definition commit new schema revisions. + A schema can only have up to 20 revisions, so updates that fail with an + error indicating that the limit has been reached require manually + deleting old revisions. type: string project: description: |- @@ -299,7 +307,11 @@ spec: description: |- The definition of the schema. This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. + that is a valid schema definition of the type specified in type. Changes + to the definition commit new schema revisions. + A schema can only have up to 20 revisions, so updates that fail with an + error indicating that the limit has been reached require manually + deleting old revisions. type: string id: description: an identifier for the resource with format projects/{{project}}/schemas/{{name}} diff --git a/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml b/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml index 9ede7a743..c8d2caff9 100644 --- a/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml +++ b/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml @@ -95,23 +95,30 @@ spec: bigqueryConfig: description: |- If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. Structure is documented below. items: properties: dropUnknownFields: description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + and any messages with extra fields are not written and remain in the subscription's backlog. type: boolean table: description: The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} type: string + useTableSchema: + description: |- + When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. + type: boolean useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. + description: |- + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. type: boolean writeMetadata: description: |- @@ -120,6 +127,53 @@ spec: type: boolean type: object type: array + cloudStorageConfig: + description: |- + If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + Structure is documented below. + items: + properties: + avroConfig: + description: |- + If set, message data will be written to Cloud Storage in Avro format. + Structure is documented below. + items: + properties: + writeMetadata: + description: |- + When true, writes the Pub/Sub message metadata to + x-goog-pubsub-: headers of the HTTP request. Writes the + Pub/Sub message attributes to : headers of the HTTP request. + type: boolean + type: object + type: array + bucket: + description: User-provided name for the Cloud Storage bucket. + The bucket must be created by the user. The bucket name + must be without any prefix like "gs://". + type: string + filenamePrefix: + description: User-provided prefix for Cloud Storage filename. + type: string + filenameSuffix: + description: User-provided suffix for Cloud Storage filename. + Must not end in "/". + type: string + maxBytes: + description: |- + The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + The maxBytes limit may be exceeded in cases where messages are larger than the limit. + type: number + maxDuration: + description: |- + The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + May not exceed the subscription's acknowledgement deadline. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + type: object + type: array deadLetterPolicy: description: |- A policy that specifies the conditions for dead lettering messages in @@ -402,7 +456,10 @@ spec: type: object type: array topic: - description: A reference to a Topic resource. + description: |- + A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + (as in the id property of a google_pubsub_topic), or just a topic name if + the topic is in the same project as the subscription. type: string topicRef: description: Reference to a Topic to populate topic. @@ -513,23 +570,30 @@ spec: bigqueryConfig: description: |- If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. Structure is documented below. items: properties: dropUnknownFields: description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + and any messages with extra fields are not written and remain in the subscription's backlog. type: boolean table: description: The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} type: string + useTableSchema: + description: |- + When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. + type: boolean useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. + description: |- + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. type: boolean writeMetadata: description: |- @@ -538,6 +602,53 @@ spec: type: boolean type: object type: array + cloudStorageConfig: + description: |- + If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + Structure is documented below. + items: + properties: + avroConfig: + description: |- + If set, message data will be written to Cloud Storage in Avro format. + Structure is documented below. + items: + properties: + writeMetadata: + description: |- + When true, writes the Pub/Sub message metadata to + x-goog-pubsub-: headers of the HTTP request. Writes the + Pub/Sub message attributes to : headers of the HTTP request. + type: boolean + type: object + type: array + bucket: + description: User-provided name for the Cloud Storage bucket. + The bucket must be created by the user. The bucket name + must be without any prefix like "gs://". + type: string + filenamePrefix: + description: User-provided prefix for Cloud Storage filename. + type: string + filenameSuffix: + description: User-provided suffix for Cloud Storage filename. + Must not end in "/". + type: string + maxBytes: + description: |- + The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + The maxBytes limit may be exceeded in cases where messages are larger than the limit. + type: number + maxDuration: + description: |- + The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + May not exceed the subscription's acknowledgement deadline. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + type: object + type: array deadLetterPolicy: description: |- A policy that specifies the conditions for dead lettering messages in @@ -820,7 +931,10 @@ spec: type: object type: array topic: - description: A reference to a Topic resource. + description: |- + A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + (as in the id property of a google_pubsub_topic), or just a topic name if + the topic is in the same project as the subscription. type: string topicRef: description: Reference to a Topic to populate topic. @@ -1090,23 +1204,30 @@ spec: bigqueryConfig: description: |- If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. Structure is documented below. items: properties: dropUnknownFields: description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that + are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync + and any messages with extra fields are not written and remain in the subscription's backlog. type: boolean table: description: The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} type: string + useTableSchema: + description: |- + When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages + must be published in JSON format. Only one of use_topic_schema and use_table_schema can be set. + type: boolean useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. + description: |- + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. type: boolean writeMetadata: description: |- @@ -1115,6 +1236,58 @@ spec: type: boolean type: object type: array + cloudStorageConfig: + description: |- + If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + Structure is documented below. + items: + properties: + avroConfig: + description: |- + If set, message data will be written to Cloud Storage in Avro format. + Structure is documented below. + items: + properties: + writeMetadata: + description: |- + When true, writes the Pub/Sub message metadata to + x-goog-pubsub-: headers of the HTTP request. Writes the + Pub/Sub message attributes to : headers of the HTTP request. + type: boolean + type: object + type: array + bucket: + description: User-provided name for the Cloud Storage bucket. + The bucket must be created by the user. The bucket name + must be without any prefix like "gs://". + type: string + filenamePrefix: + description: User-provided prefix for Cloud Storage filename. + type: string + filenameSuffix: + description: User-provided suffix for Cloud Storage filename. + Must not end in "/". + type: string + maxBytes: + description: |- + The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + The maxBytes limit may be exceeded in cases where messages are larger than the limit. + type: number + maxDuration: + description: |- + The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + May not exceed the subscription's acknowledgement deadline. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + state: + description: |- + (Output) + An output-only field that indicates whether or not the subscription can receive messages. + type: string + type: object + type: array deadLetterPolicy: description: |- A policy that specifies the conditions for dead lettering messages in @@ -1152,6 +1325,12 @@ spec: type: number type: object type: array + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular enableExactlyOnceDelivery: description: |- If true, Pub/Sub provides the following guarantees for the delivery @@ -1323,8 +1502,19 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular topic: - description: A reference to a Topic resource. + description: |- + A reference to a Topic resource, of the form projects/{project}/topics/{{name}} + (as in the id property of a google_pubsub_topic), or just a topic name if + the topic is in the same project as the subscription. type: string type: object conditions: diff --git a/package/crds/pubsub.gcp.upbound.io_topics.yaml b/package/crds/pubsub.gcp.upbound.io_topics.yaml index a341a1145..d4032b3b0 100644 --- a/package/crds/pubsub.gcp.upbound.io_topics.yaml +++ b/package/crds/pubsub.gcp.upbound.io_topics.yaml @@ -170,7 +170,8 @@ spec: For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. + The rotation period has the format of a decimal number, followed by the + letter s (seconds). Cannot be more than 31 days or less than 10 minutes. type: string messageStoragePolicy: description: |- @@ -330,7 +331,8 @@ spec: For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. + The rotation period has the format of a decimal number, followed by the + letter s (seconds). Cannot be more than 31 days or less than 10 minutes. type: string messageStoragePolicy: description: |- @@ -552,6 +554,12 @@ spec: properties: atProvider: properties: + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/topics/{{name}} type: string @@ -578,7 +586,8 @@ spec: For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. + The rotation period has the format of a decimal number, followed by the + letter s (seconds). Cannot be more than 31 days or less than 10 minutes. type: string messageStoragePolicy: description: |- @@ -627,6 +636,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/redis.gcp.upbound.io_instances.yaml b/package/crds/redis.gcp.upbound.io_instances.yaml index 48b672f9c..7e4a9ed77 100644 --- a/package/crds/redis.gcp.upbound.io_instances.yaml +++ b/package/crds/redis.gcp.upbound.io_instances.yaml @@ -92,6 +92,80 @@ spec: instance is connected. If left unspecified, the default network will be used. type: string + authorizedNetworkRef: + description: Reference to a Network in compute to populate authorizedNetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + authorizedNetworkSelector: + description: Selector for a Network in compute to populate authorizedNetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object connectMode: description: |- The connection mode of the Redis instance. @@ -184,7 +258,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels to represent user provided metadata. + description: |- + Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular locationId: @@ -370,6 +447,80 @@ spec: instance is connected. If left unspecified, the default network will be used. type: string + authorizedNetworkRef: + description: Reference to a Network in compute to populate authorizedNetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + authorizedNetworkSelector: + description: Selector for a Network in compute to populate authorizedNetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object connectMode: description: |- The connection mode of the Redis instance. @@ -462,7 +613,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels to represent user provided metadata. + description: |- + Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular locationId: @@ -835,6 +989,11 @@ spec: description: An arbitrary and optional user-provided name for the instance. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular host: description: |- Hostname or IP address of the exposed Redis endpoint used by clients @@ -846,7 +1005,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels to represent user provided metadata. + description: |- + Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular locationId: @@ -1121,6 +1283,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular tier: description: 'The service tier of the instance. Must be one of these values:' diff --git a/package/crds/secretmanager.gcp.upbound.io_secrets.yaml b/package/crds/secretmanager.gcp.upbound.io_secrets.yaml index e82e1fffb..0af71852b 100644 --- a/package/crds/secretmanager.gcp.upbound.io_secrets.yaml +++ b/package/crds/secretmanager.gcp.upbound.io_secrets.yaml @@ -73,10 +73,27 @@ spec: type: string forProvider: properties: + annotations: + additionalProperties: + type: string + description: |- + Custom metadata about the secret. + Annotations are distinct from various forms of labels. Annotations exist to allow + client tools to store their own state information without requiring a database. + Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + symbols. + The total size of annotation keys and values must be less than 16KiB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular expireTime: description: |- Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Only one of expire_time or ttl can be provided. type: string labels: additionalProperties: @@ -104,10 +121,27 @@ spec: Structure is documented below. items: properties: - automatic: - description: The Secret will automatically be replicated - without any restrictions. - type: boolean + auto: + description: |- + The Secret will automatically be replicated without any restrictions. + Structure is documented below. + items: + properties: + customerManagedEncryption: + description: |- + Customer Managed Encryption for the secret. + Structure is documented below. + items: + properties: + kmsKeyName: + description: Describes the Cloud KMS encryption + key that will be used to protect destination + secret. + type: string + type: object + type: array + type: object + type: array userManaged: description: |- The Secret will be replicated to the regions specified by the user. @@ -178,7 +212,21 @@ spec: description: |- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + Only one of ttl or expire_time can be provided. type: string + versionAliases: + additionalProperties: + type: string + description: |- + Mapping from version alias to version name. + A version alias is a string with a maximum length of 63 characters and can contain + uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + characters. An alias string must start with a letter and cannot be the string + 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular type: object initProvider: description: |- @@ -193,10 +241,27 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + annotations: + additionalProperties: + type: string + description: |- + Custom metadata about the secret. + Annotations are distinct from various forms of labels. Annotations exist to allow + client tools to store their own state information without requiring a database. + Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + symbols. + The total size of annotation keys and values must be less than 16KiB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular expireTime: description: |- Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Only one of expire_time or ttl can be provided. type: string labels: additionalProperties: @@ -224,10 +289,27 @@ spec: Structure is documented below. items: properties: - automatic: - description: The Secret will automatically be replicated - without any restrictions. - type: boolean + auto: + description: |- + The Secret will automatically be replicated without any restrictions. + Structure is documented below. + items: + properties: + customerManagedEncryption: + description: |- + Customer Managed Encryption for the secret. + Structure is documented below. + items: + properties: + kmsKeyName: + description: Describes the Cloud KMS encryption + key that will be used to protect destination + secret. + type: string + type: object + type: array + type: object + type: array userManaged: description: |- The Secret will be replicated to the regions specified by the user. @@ -298,7 +380,21 @@ spec: description: |- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + Only one of ttl or expire_time can be provided. type: string + versionAliases: + additionalProperties: + type: string + description: |- + Mapping from version alias to version name. + A version alias is a string with a maximum length of 63 characters and can contain + uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + characters. An alias string must start with a letter and cannot be the string + 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular type: object managementPolicies: default: @@ -477,13 +573,40 @@ spec: properties: atProvider: properties: + annotations: + additionalProperties: + type: string + description: |- + Custom metadata about the secret. + Annotations are distinct from various forms of labels. Annotations exist to allow + client tools to store their own state information without requiring a database. + Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + symbols. + The total size of annotation keys and values must be less than 16KiB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular createTime: description: The time at which the Secret was created. type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular expireTime: description: |- Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Only one of expire_time or ttl can be provided. type: string id: description: an identifier for the resource with format projects/{{project}}/secrets/{{secret_id}} @@ -519,10 +642,27 @@ spec: Structure is documented below. items: properties: - automatic: - description: The Secret will automatically be replicated - without any restrictions. - type: boolean + auto: + description: |- + The Secret will automatically be replicated without any restrictions. + Structure is documented below. + items: + properties: + customerManagedEncryption: + description: |- + Customer Managed Encryption for the secret. + Structure is documented below. + items: + properties: + kmsKeyName: + description: Describes the Cloud KMS encryption + key that will be used to protect destination + secret. + type: string + type: object + type: array + type: object + type: array userManaged: description: |- The Secret will be replicated to the regions specified by the user. @@ -576,6 +716,14 @@ spec: type: string type: object type: array + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular topics: description: |- A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. @@ -593,7 +741,21 @@ spec: description: |- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + Only one of ttl or expire_time can be provided. type: string + versionAliases: + additionalProperties: + type: string + description: |- + Mapping from version alias to version name. + A version alias is a string with a maximum length of 63 characters and can contain + uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + characters. An alias string must start with a letter and cannot be the string + 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml b/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml index 39499d7ab..fef314d41 100644 --- a/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml +++ b/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml @@ -73,9 +73,19 @@ spec: type: string forProvider: properties: + deletionPolicy: + description: |- + The deletion policy for the secret version. Setting ABANDON allows the resource + to be abandoned rather than deleted. Setting DISABLE allows the resource to be + disabled rather than deleted. Default is DELETE. Possible values are: + type: string enabled: description: The current state of the SecretVersion. type: boolean + isSecretDataBase64: + description: If set to 'true', the secret data is expected to + be base64-encoded string and would be sent as is. + type: boolean secret: description: Secret Manager secret resource type: string @@ -184,9 +194,19 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + deletionPolicy: + description: |- + The deletion policy for the secret version. Setting ABANDON allows the resource + to be abandoned rather than deleted. Setting DISABLE allows the resource to be + disabled rather than deleted. Default is DELETE. Possible values are: + type: string enabled: description: The current state of the SecretVersion. type: boolean + isSecretDataBase64: + description: If set to 'true', the secret data is expected to + be base64-encoded string and would be sent as is. + type: boolean secret: description: Secret Manager secret resource type: string @@ -444,6 +464,12 @@ spec: createTime: description: The time at which the Secret was created. type: string + deletionPolicy: + description: |- + The deletion policy for the secret version. Setting ABANDON allows the resource + to be abandoned rather than deleted. Setting DISABLE allows the resource to be + disabled rather than deleted. Default is DELETE. Possible values are: + type: string destroyTime: description: The time at which the Secret was destroyed. Only present if state is DESTROYED. @@ -454,6 +480,10 @@ spec: id: description: an identifier for the resource with format {{name}} type: string + isSecretDataBase64: + description: If set to 'true', the secret data is expected to + be base64-encoded string and would be sent as is. + type: boolean name: description: |- The resource name of the SecretVersion. Format: diff --git a/package/crds/servicenetworking.gcp.upbound.io_connections.yaml b/package/crds/servicenetworking.gcp.upbound.io_connections.yaml index 052239ddf..3c091b762 100644 --- a/package/crds/servicenetworking.gcp.upbound.io_connections.yaml +++ b/package/crds/servicenetworking.gcp.upbound.io_connections.yaml @@ -73,6 +73,11 @@ spec: type: string forProvider: properties: + deletionPolicy: + description: The deletion policy for the service networking connection. + Setting to ABANDON allows the resource to be abandoned rather + than deleted. Use with care as it can lead to dangling resources. + type: string network: description: Name of VPC network connected with service producers using VPC peering. @@ -258,6 +263,11 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + deletionPolicy: + description: The deletion policy for the service networking connection. + Setting to ABANDON allows the resource to be abandoned rather + than deleted. Use with care as it can lead to dangling resources. + type: string network: description: Name of VPC network connected with service producers using VPC peering. @@ -607,6 +617,11 @@ spec: properties: atProvider: properties: + deletionPolicy: + description: The deletion policy for the service networking connection. + Setting to ABANDON allows the resource to be abandoned rather + than deleted. Use with care as it can lead to dangling resources. + type: string id: type: string network: diff --git a/package/crds/spanner.gcp.upbound.io_instances.yaml b/package/crds/spanner.gcp.upbound.io_instances.yaml index f358e66b7..b91213271 100644 --- a/package/crds/spanner.gcp.upbound.io_instances.yaml +++ b/package/crds/spanner.gcp.upbound.io_instances.yaml @@ -73,6 +73,72 @@ spec: type: string forProvider: properties: + autoscalingConfig: + description: |- + The autoscaling configuration. Autoscaling is enabled if this field is set. + When autoscaling is enabled, num_nodes and processing_units are treated as, + OUTPUT_ONLY fields and reflect the current compute capacity allocated to + the instance. + Structure is documented below. + items: + properties: + autoscalingLimits: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. Users can define the minimum and + maximum compute capacity allocated to the instance, and the autoscaler will + only scale within that range. Users can either use nodes or processing + units to specify the limits, but should use the same unit to set both the + min_limit and max_limit. + Structure is documented below. + items: + properties: + maxNodes: + description: |- + Specifies maximum number of nodes allocated to the instance. If set, this number + should be greater than or equal to min_nodes. + type: number + maxProcessingUnits: + description: |- + Specifies maximum number of processing units allocated to the instance. + If set, this number should be multiples of 1000 and be greater than or equal to + min_processing_units. + type: number + minNodes: + description: |- + Specifies number of nodes allocated to the instance. If set, this number + should be greater than or equal to 1. + type: number + minProcessingUnits: + description: |- + Specifies minimum number of processing units allocated to the instance. + If set, this number should be multiples of 1000. + type: number + type: object + type: array + autoscalingTargets: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + Structure is documented below. + items: + properties: + highPriorityCpuUtilizationPercent: + description: |- + Specifies the target high priority cpu utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization).. + type: number + storageUtilizationPercent: + description: |- + Specifies the target storage utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization). + type: number + type: object + type: array + type: object + type: array config: description: |- The name of the instance's configuration (similar but not @@ -126,6 +192,72 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + autoscalingConfig: + description: |- + The autoscaling configuration. Autoscaling is enabled if this field is set. + When autoscaling is enabled, num_nodes and processing_units are treated as, + OUTPUT_ONLY fields and reflect the current compute capacity allocated to + the instance. + Structure is documented below. + items: + properties: + autoscalingLimits: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. Users can define the minimum and + maximum compute capacity allocated to the instance, and the autoscaler will + only scale within that range. Users can either use nodes or processing + units to specify the limits, but should use the same unit to set both the + min_limit and max_limit. + Structure is documented below. + items: + properties: + maxNodes: + description: |- + Specifies maximum number of nodes allocated to the instance. If set, this number + should be greater than or equal to min_nodes. + type: number + maxProcessingUnits: + description: |- + Specifies maximum number of processing units allocated to the instance. + If set, this number should be multiples of 1000 and be greater than or equal to + min_processing_units. + type: number + minNodes: + description: |- + Specifies number of nodes allocated to the instance. If set, this number + should be greater than or equal to 1. + type: number + minProcessingUnits: + description: |- + Specifies minimum number of processing units allocated to the instance. + If set, this number should be multiples of 1000. + type: number + type: object + type: array + autoscalingTargets: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + Structure is documented below. + items: + properties: + highPriorityCpuUtilizationPercent: + description: |- + Specifies the target high priority cpu utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization).. + type: number + storageUtilizationPercent: + description: |- + Specifies the target storage utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization). + type: number + type: object + type: array + type: object + type: array config: description: |- The name of the instance's configuration (similar but not @@ -347,6 +479,72 @@ spec: properties: atProvider: properties: + autoscalingConfig: + description: |- + The autoscaling configuration. Autoscaling is enabled if this field is set. + When autoscaling is enabled, num_nodes and processing_units are treated as, + OUTPUT_ONLY fields and reflect the current compute capacity allocated to + the instance. + Structure is documented below. + items: + properties: + autoscalingLimits: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. Users can define the minimum and + maximum compute capacity allocated to the instance, and the autoscaler will + only scale within that range. Users can either use nodes or processing + units to specify the limits, but should use the same unit to set both the + min_limit and max_limit. + Structure is documented below. + items: + properties: + maxNodes: + description: |- + Specifies maximum number of nodes allocated to the instance. If set, this number + should be greater than or equal to min_nodes. + type: number + maxProcessingUnits: + description: |- + Specifies maximum number of processing units allocated to the instance. + If set, this number should be multiples of 1000 and be greater than or equal to + min_processing_units. + type: number + minNodes: + description: |- + Specifies number of nodes allocated to the instance. If set, this number + should be greater than or equal to 1. + type: number + minProcessingUnits: + description: |- + Specifies minimum number of processing units allocated to the instance. + If set, this number should be multiples of 1000. + type: number + type: object + type: array + autoscalingTargets: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + Structure is documented below. + items: + properties: + highPriorityCpuUtilizationPercent: + description: |- + Specifies the target high priority cpu utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization).. + type: number + storageUtilizationPercent: + description: |- + Specifies the target storage utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization). + type: number + type: object + type: array + type: object + type: array config: description: |- The name of the instance's configuration (similar but not @@ -361,6 +559,12 @@ spec: The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular forceDestroy: description: |- When deleting a spanner instance, this boolean option will delete all backups of this instance. @@ -392,6 +596,14 @@ spec: state: description: 'Instance status: CREATING or READY.' type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml index d84979236..2a18952c4 100644 --- a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml @@ -98,6 +98,12 @@ spec: description: The timestamp of the point in time that should be restored. type: string + preferredZone: + description: (Point-in-time recovery for PostgreSQL only) + Clone to an instance in the specified zone. If no zone + is specified, clone to the same zone as the source instance. + clone-unavailable-instance + type: string sourceInstanceName: description: Name of the source instance which will be cloned. type: string @@ -214,6 +220,7 @@ spec: - namespace type: object sslCipher: + description: Permissible ciphers for use in SSL encryption. type: string username: description: Username for replication connection. @@ -364,9 +371,9 @@ spec: items: properties: dataCacheEnabled: - description: |- - Whether data cache is enabled for the instance. Defaults to false - Can only be used with MYSQL. + description: Whether data cache is enabled for the + instance. Defaults to false. Can be used with MYSQL + and PostgreSQL only. type: boolean type: object type: array @@ -591,10 +598,39 @@ spec: type: string type: object type: object + pscConfig: + items: + properties: + allowedConsumerProjects: + description: List of consumer projects that + are allow-listed for PSC connections to this + instance. This instance can be connected to + with PSC from any network in these projects. + Each consumer project in this list may be + represented by a project number (numeric) + or by a project id (alphanumeric). + items: + type: string + type: array + x-kubernetes-list-type: set + pscEnabled: + description: Whether PSC connectivity is enabled + for this instance. + type: boolean + type: object + type: array requireSsl: description: Whether SSL connections over IP are enforced - or not. + or not. To change this field, also set the corresponding + value in ssl_mode. type: boolean + sslMode: + description: Specify how SSL connection should be + enforced in DB connections. This field provides + more SSL enforcment options compared to require_ssl. + To change this field, also set the correspoding + value in require_ssl. + type: string type: object type: array locationPreference: @@ -745,6 +781,12 @@ spec: description: The timestamp of the point in time that should be restored. type: string + preferredZone: + description: (Point-in-time recovery for PostgreSQL only) + Clone to an instance in the specified zone. If no zone + is specified, clone to the same zone as the source instance. + clone-unavailable-instance + type: string sourceInstanceName: description: Name of the source instance which will be cloned. type: string @@ -844,6 +886,7 @@ spec: heartbeats. type: number sslCipher: + description: Permissible ciphers for use in SSL encryption. type: string username: description: Username for replication connection. @@ -976,9 +1019,9 @@ spec: items: properties: dataCacheEnabled: - description: |- - Whether data cache is enabled for the instance. Defaults to false - Can only be used with MYSQL. + description: Whether data cache is enabled for the + instance. Defaults to false. Can be used with MYSQL + and PostgreSQL only. type: boolean type: object type: array @@ -1203,10 +1246,39 @@ spec: type: string type: object type: object + pscConfig: + items: + properties: + allowedConsumerProjects: + description: List of consumer projects that + are allow-listed for PSC connections to this + instance. This instance can be connected to + with PSC from any network in these projects. + Each consumer project in this list may be + represented by a project number (numeric) + or by a project id (alphanumeric). + items: + type: string + type: array + x-kubernetes-list-type: set + pscEnabled: + description: Whether PSC connectivity is enabled + for this instance. + type: boolean + type: object + type: array requireSsl: description: Whether SSL connections over IP are enforced - or not. + or not. To change this field, also set the corresponding + value in ssl_mode. type: boolean + sslMode: + description: Specify how SSL connection should be + enforced in DB connections. This field provides + more SSL enforcment options compared to require_ssl. + To change this field, also set the correspoding + value in require_ssl. + type: string type: object type: array locationPreference: @@ -1527,6 +1599,12 @@ spec: description: The timestamp of the point in time that should be restored. type: string + preferredZone: + description: (Point-in-time recovery for PostgreSQL only) + Clone to an instance in the specified zone. If no zone + is specified, clone to the same zone as the source instance. + clone-unavailable-instance + type: string sourceInstanceName: description: Name of the source instance which will be cloned. type: string @@ -1552,6 +1630,11 @@ spec: deletionProtection: description: Defaults to true. type: boolean + dnsName: + description: |- + The name of the instance. This is done because after a name is used, it cannot be reused for + up to one week. + type: string encryptionKeyName: description: |- The full path to the encryption key used for the CMEK disk encryption. @@ -1611,6 +1694,10 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + pscServiceAttachmentLink: + description: the URI that points to the service attachment of + the instance. + type: string publicIpAddress: description: The first public (PRIMARY) IPv4 address assigned. type: string @@ -1664,6 +1751,7 @@ spec: heartbeats. type: number sslCipher: + description: Permissible ciphers for use in SSL encryption. type: string username: description: Username for replication connection. @@ -1697,29 +1785,6 @@ spec: selfLink: description: The URI of the created resource. type: string - serverCaCert: - items: - properties: - cert: - description: The CA Certificate used to connect to the SQL - Instance via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: |- - The RFC 3339 - formatted date time string indicating when this whitelist expires. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - type: array serviceAccountEmailAddress: description: |- The service account email address assigned to the @@ -1827,9 +1892,9 @@ spec: items: properties: dataCacheEnabled: - description: |- - Whether data cache is enabled for the instance. Defaults to false - Can only be used with MYSQL. + description: Whether data cache is enabled for the + instance. Defaults to false. Can be used with MYSQL + and PostgreSQL only. type: boolean type: object type: array @@ -1978,10 +2043,39 @@ spec: At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set. type: string + pscConfig: + items: + properties: + allowedConsumerProjects: + description: List of consumer projects that + are allow-listed for PSC connections to this + instance. This instance can be connected to + with PSC from any network in these projects. + Each consumer project in this list may be + represented by a project number (numeric) + or by a project id (alphanumeric). + items: + type: string + type: array + x-kubernetes-list-type: set + pscEnabled: + description: Whether PSC connectivity is enabled + for this instance. + type: boolean + type: object + type: array requireSsl: description: Whether SSL connections over IP are enforced - or not. + or not. To change this field, also set the corresponding + value in ssl_mode. type: boolean + sslMode: + description: Specify how SSL connection should be + enforced in DB connections. This field provides + more SSL enforcment options compared to require_ssl. + To change this field, also set the correspoding + value in require_ssl. + type: string type: object type: array locationPreference: diff --git a/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml b/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml index e7f5b65af..8fd84b1b3 100644 --- a/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml @@ -99,8 +99,9 @@ spec: the external server. type: string host: - description: The externally accessible IPv4 address for the source - database server. + description: The IPv4 address and port for the external server, + or the the DNS address for the external server. If the external + server is hosted on Cloud SQL, the port is 5432. type: string passwordSecretRef: description: |- @@ -177,8 +178,9 @@ spec: the external server. type: string host: - description: The externally accessible IPv4 address for the source - database server. + description: The IPv4 address and port for the external server, + or the the DNS address for the external server. If the external + server is hosted on Cloud SQL, the port is 5432. type: string port: description: |- @@ -405,8 +407,9 @@ spec: the external server. type: string host: - description: The externally accessible IPv4 address for the source - database server. + description: The IPv4 address and port for the external server, + or the the DNS address for the external server. If the external + server is hosted on Cloud SQL, the port is 5432. type: string id: description: an identifier for the resource with format projects/{{project}}/instances/{{name}} diff --git a/package/crds/sql.gcp.upbound.io_sslcerts.yaml b/package/crds/sql.gcp.upbound.io_sslcerts.yaml index 5be2128cd..752e19bf2 100644 --- a/package/crds/sql.gcp.upbound.io_sslcerts.yaml +++ b/package/crds/sql.gcp.upbound.io_sslcerts.yaml @@ -443,9 +443,6 @@ spec: properties: atProvider: properties: - cert: - description: The actual certificate data for this client certificate. - type: string certSerialNumber: description: The serial number extracted from the certificate data. @@ -477,10 +474,6 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string sha1Fingerprint: description: The SHA1 Fingerprint of the certificate. type: string diff --git a/package/crds/sql.gcp.upbound.io_users.yaml b/package/crds/sql.gcp.upbound.io_users.yaml index c23543469..36ed484dc 100644 --- a/package/crds/sql.gcp.upbound.io_users.yaml +++ b/package/crds/sql.gcp.upbound.io_users.yaml @@ -216,7 +216,7 @@ spec: description: |- The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". type: string type: object initProvider: @@ -354,7 +354,7 @@ spec: description: |- The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". type: string type: object managementPolicies: @@ -603,7 +603,7 @@ spec: description: |- The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT". type: string type: object conditions: diff --git a/package/crds/storage.gcp.upbound.io_bucketobjects.yaml b/package/crds/storage.gcp.upbound.io_bucketobjects.yaml index f94ba15c1..1acc5cb8d 100644 --- a/package/crds/storage.gcp.upbound.io_bucketobjects.yaml +++ b/package/crds/storage.gcp.upbound.io_bucketobjects.yaml @@ -230,6 +230,22 @@ spec: description: The name of the object. If you're interpolating the name of this object, see output_name instead. type: string + retention: + description: The object retention settings for the object. The + retention settings allow an object to be retained until a provided + date. Structure is documented below. + items: + properties: + mode: + description: The retention policy mode. Either Locked or + Unlocked. + type: string + retainUntilTime: + description: The time to retain the object until in RFC + 3339 format, for example 2012-11-15T16:19:00.094Z. + type: string + type: object + type: array source: description: |- A path to the data you want to upload. Must be defined @@ -397,6 +413,22 @@ spec: description: The name of the object. If you're interpolating the name of this object, see output_name instead. type: string + retention: + description: The object retention settings for the object. The + retention settings allow an object to be retained until a provided + date. Structure is documented below. + items: + properties: + mode: + description: The retention policy mode. Either Locked or + Unlocked. + type: string + retainUntilTime: + description: The time to retain the object until in RFC + 3339 format, for example 2012-11-15T16:19:00.094Z. + type: string + type: object + type: array source: description: |- A path to the data you want to upload. Must be defined @@ -670,6 +702,22 @@ spec: (Computed) The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated. type: string + retention: + description: The object retention settings for the object. The + retention settings allow an object to be retained until a provided + date. Structure is documented below. + items: + properties: + mode: + description: The retention policy mode. Either Locked or + Unlocked. + type: string + retainUntilTime: + description: The time to retain the object until in RFC + 3339 format, for example 2012-11-15T16:19:00.094Z. + type: string + type: object + type: array selfLink: description: (Computed) A url reference to this object. type: string diff --git a/package/crds/storage.gcp.upbound.io_buckets.yaml b/package/crds/storage.gcp.upbound.io_buckets.yaml index dd863fc43..98fb00b21 100644 --- a/package/crds/storage.gcp.upbound.io_buckets.yaml +++ b/package/crds/storage.gcp.upbound.io_buckets.yaml @@ -83,6 +83,11 @@ spec: transitions objects in your bucket to appropriate storage classes based on each object's access pattern. type: boolean + terminalStorageClass: + description: 'The storage class that objects in the bucket + eventually transition to if they are not read for a certain + length of time. Supported values include: NEARLINE, ARCHIVE.' + type: string type: object type: array cors: @@ -141,6 +146,9 @@ spec: description: Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. type: boolean + enableObjectRetention: + description: Enables object retention on a storage bucket. + type: boolean encryption: description: The bucket's encryption configuration. Structure is documented below. @@ -240,6 +248,11 @@ spec: items: type: string type: array + noAge: + description: While set true, age value will be omitted. + Note Required to set true when age is unset in the + config file. + type: boolean noncurrentTimeBefore: description: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the @@ -312,6 +325,16 @@ spec: type: number type: object type: array + rpo: + description: The recovery point objective for cross-region replication + of the bucket. Applicable only for dual and multi-region buckets. + "DEFAULT" sets default replication. "ASYNC_TURBO" value enables + turbo replication, valid for dual-region buckets only. See Turbo + Replication for more information. If rpo is not specified at + bucket creation, it defaults to "DEFAULT" for dual and multi-region + buckets. NOTE If used with single-region bucket, It will throw + an error. + type: string storageClass: description: 'The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, @@ -372,6 +395,11 @@ spec: transitions objects in your bucket to appropriate storage classes based on each object's access pattern. type: boolean + terminalStorageClass: + description: 'The storage class that objects in the bucket + eventually transition to if they are not read for a certain + length of time. Supported values include: NEARLINE, ARCHIVE.' + type: string type: object type: array cors: @@ -430,6 +458,9 @@ spec: description: Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. type: boolean + enableObjectRetention: + description: Enables object retention on a storage bucket. + type: boolean encryption: description: The bucket's encryption configuration. Structure is documented below. @@ -529,6 +560,11 @@ spec: items: type: string type: array + noAge: + description: While set true, age value will be omitted. + Note Required to set true when age is unset in the + config file. + type: boolean noncurrentTimeBefore: description: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the @@ -601,6 +637,16 @@ spec: type: number type: object type: array + rpo: + description: The recovery point objective for cross-region replication + of the bucket. Applicable only for dual and multi-region buckets. + "DEFAULT" sets default replication. "ASYNC_TURBO" value enables + turbo replication, valid for dual-region buckets only. See Turbo + Replication for more information. If rpo is not specified at + bucket creation, it defaults to "DEFAULT" for dual and multi-region + buckets. NOTE If used with single-region bucket, It will throw + an error. + type: string storageClass: description: 'The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, @@ -825,6 +871,11 @@ spec: transitions objects in your bucket to appropriate storage classes based on each object's access pattern. type: boolean + terminalStorageClass: + description: 'The storage class that objects in the bucket + eventually transition to if they are not read for a certain + length of time. Supported values include: NEARLINE, ARCHIVE.' + type: string type: object type: array cors: @@ -883,6 +934,15 @@ spec: description: Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. type: boolean + effectiveLabels: + additionalProperties: + type: string + description: A map of key/value label pairs to assign to the bucket. + type: object + x-kubernetes-map-type: granular + enableObjectRetention: + description: Enables object retention on a storage bucket. + type: boolean encryption: description: The bucket's encryption configuration. Structure is documented below. @@ -984,6 +1044,11 @@ spec: items: type: string type: array + noAge: + description: While set true, age value will be omitted. + Note Required to set true when age is unset in the + config file. + type: boolean noncurrentTimeBefore: description: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the @@ -1056,6 +1121,16 @@ spec: type: number type: object type: array + rpo: + description: The recovery point objective for cross-region replication + of the bucket. Applicable only for dual and multi-region buckets. + "DEFAULT" sets default replication. "ASYNC_TURBO" value enables + turbo replication, valid for dual-region buckets only. See Turbo + Replication for more information. If rpo is not specified at + bucket creation, it defaults to "DEFAULT" for dual and multi-region + buckets. NOTE If used with single-region bucket, It will throw + an error. + type: string selfLink: description: The URI of the created resource. type: string @@ -1064,6 +1139,12 @@ spec: include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' type: string + terraformLabels: + additionalProperties: + type: string + description: A map of key/value label pairs to assign to the bucket. + type: object + x-kubernetes-map-type: granular uniformBucketLevelAccess: description: Enables Uniform bucket-level access access to a bucket. type: boolean diff --git a/package/crds/tpu.gcp.upbound.io_nodes.yaml b/package/crds/tpu.gcp.upbound.io_nodes.yaml index 790e3e2fc..125281cb3 100644 --- a/package/crds/tpu.gcp.upbound.io_nodes.yaml +++ b/package/crds/tpu.gcp.upbound.io_nodes.yaml @@ -94,7 +94,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels to represent user provided metadata. + description: |- + Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular network: @@ -248,7 +251,10 @@ spec: labels: additionalProperties: type: string - description: Resource labels to represent user provided metadata. + description: |- + Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular network: @@ -561,13 +567,21 @@ spec: description: The user-supplied description of the TPU. Maximum of 512 characters. type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{zone}}/nodes/{{name}} type: string labels: additionalProperties: type: string - description: Resource labels to represent user provided metadata. + description: |- + Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular network: @@ -623,6 +637,14 @@ spec: tensorflowVersion: description: The version of Tensorflow running in the Node. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular useServiceNetworking: description: |- Whether the VPC peering for the node is set up through Service Networking API. diff --git a/package/crds/vertexai.gcp.upbound.io_datasets.yaml b/package/crds/vertexai.gcp.upbound.io_datasets.yaml index a1150336b..c308c6740 100644 --- a/package/crds/vertexai.gcp.upbound.io_datasets.yaml +++ b/package/crds/vertexai.gcp.upbound.io_datasets.yaml @@ -357,6 +357,12 @@ spec: be up to 128 characters long and can be consist of any UTF-8 characters. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular encryptionSpec: description: |- Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key. @@ -398,6 +404,14 @@ spec: region: description: The region of the dataset. eg us-central1 type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The timestamp of when the dataset was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and diff --git a/package/crds/vertexai.gcp.upbound.io_featurestoreentitytypes.yaml b/package/crds/vertexai.gcp.upbound.io_featurestoreentitytypes.yaml index 79652a7b2..965a89bba 100644 --- a/package/crds/vertexai.gcp.upbound.io_featurestoreentitytypes.yaml +++ b/package/crds/vertexai.gcp.upbound.io_featurestoreentitytypes.yaml @@ -636,6 +636,12 @@ spec: description: description: Optional. Description of the EntityType. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular etag: description: Used to perform consistent read-modify-write updates. type: string @@ -748,6 +754,14 @@ spec: type: string region: type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and diff --git a/package/crds/vertexai.gcp.upbound.io_featurestores.yaml b/package/crds/vertexai.gcp.upbound.io_featurestores.yaml index be9523e3d..f2e0e3280 100644 --- a/package/crds/vertexai.gcp.upbound.io_featurestores.yaml +++ b/package/crds/vertexai.gcp.upbound.io_featurestores.yaml @@ -403,6 +403,12 @@ spec: in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular encryptionSpec: description: |- If set, both of the online and offline data storage will be secured by this key. @@ -478,6 +484,14 @@ spec: region: description: The region of the dataset. eg us-central1 type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and diff --git a/package/crds/vertexai.gcp.upbound.io_tensorboards.yaml b/package/crds/vertexai.gcp.upbound.io_tensorboards.yaml index 1e3ab3c42..d7c6e87fd 100644 --- a/package/crds/vertexai.gcp.upbound.io_tensorboards.yaml +++ b/package/crds/vertexai.gcp.upbound.io_tensorboards.yaml @@ -334,6 +334,12 @@ spec: description: description: Description of this Tensorboard. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular encryptionSpec: description: |- Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key. @@ -371,6 +377,14 @@ spec: runCount: description: The number of Runs stored in this Tensorboard. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The timestamp of when the Tensorboard was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and diff --git a/package/crds/workflows.gcp.upbound.io_workflows.yaml b/package/crds/workflows.gcp.upbound.io_workflows.yaml index 484dd9c90..b94527d65 100644 --- a/package/crds/workflows.gcp.upbound.io_workflows.yaml +++ b/package/crds/workflows.gcp.upbound.io_workflows.yaml @@ -73,6 +73,13 @@ spec: type: string forProvider: properties: + callLogLevel: + description: |- + Describes the level of platform logging to apply to calls and call responses during + executions of this workflow. If both the workflow and the execution specify a logging level, + the execution level takes precedence. + Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. + type: string cryptoKeyName: description: |- The KMS key used to encrypt workflow and execution data. @@ -192,8 +199,17 @@ spec: type: object type: object sourceContents: - description: Workflow code to be executed. The size limit is 32KB. + description: Workflow code to be executed. The size limit is 128KB. type: string + userEnvVars: + additionalProperties: + type: string + description: User-defined environment variables associated with + this workflow revision. This map has a maximum length of 20. + Each string can take up to 4KiB. Keys cannot be empty strings + and cannot start with “GOOGLE” or “WORKFLOWS". + type: object + x-kubernetes-map-type: granular type: object initProvider: description: |- @@ -208,6 +224,13 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + callLogLevel: + description: |- + Describes the level of platform logging to apply to calls and call responses during + executions of this workflow. If both the workflow and the execution specify a logging level, + the execution level takes precedence. + Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. + type: string cryptoKeyName: description: |- The KMS key used to encrypt workflow and execution data. @@ -327,8 +350,17 @@ spec: type: object type: object sourceContents: - description: Workflow code to be executed. The size limit is 32KB. + description: Workflow code to be executed. The size limit is 128KB. type: string + userEnvVars: + additionalProperties: + type: string + description: User-defined environment variables associated with + this workflow revision. This map has a maximum length of 20. + Each string can take up to 4KiB. Keys cannot be empty strings + and cannot start with “GOOGLE” or “WORKFLOWS". + type: object + x-kubernetes-map-type: granular type: object managementPolicies: default: @@ -502,6 +534,13 @@ spec: properties: atProvider: properties: + callLogLevel: + description: |- + Describes the level of platform logging to apply to calls and call responses during + executions of this workflow. If both the workflow and the execution specify a logging level, + the execution level takes precedence. + Possible values are: CALL_LOG_LEVEL_UNSPECIFIED, LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE. + type: string createTime: description: The timestamp of when the workflow was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up @@ -516,6 +555,12 @@ spec: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long. type: string + effectiveLabels: + additionalProperties: + type: string + description: for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular id: description: an identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}} type: string @@ -557,16 +602,33 @@ spec: Modifying this field for an existing workflow results in a new workflow revision. type: string sourceContents: - description: Workflow code to be executed. The size limit is 32KB. + description: Workflow code to be executed. The size limit is 128KB. type: string state: description: State of the workflow deployment. type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular updateTime: description: The timestamp of when the workflow was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string + userEnvVars: + additionalProperties: + type: string + description: User-defined environment variables associated with + this workflow revision. This map has a maximum length of 20. + Each string can take up to 4KiB. Keys cannot be empty strings + and cannot start with “GOOGLE” or “WORKFLOWS". + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource.